Firstly, the kind of encryption they're talking about in the article, as implemented by BitLocker on Windows and third-party products on many operating systems, is transparent to operating system processes.
Erm
* you must provide a meaningful key management
Depending on the size of the organisation and the purposes for using encryption, key management may not be necessary, though you still need a capable and reliable lost-passphrase-recovery helpdesk which is going to cost.
* you lose speed of your machines for number crunching
I think you need to review just how much time you think computers spend reading and preparing data from the hard drive. If you're in the middle of a number-crunching job, it's pretty much negligible. And besides that, most business laptop users (the target users of full-disk encryption) are trying to read e-mail and write Powerpoint slides, they aren't trying to simulate protein folding.
* you can easily lose data in the event of hardware corruption
* access to data is a bit harder even for legitimate purposes
Yes, that's the whole point. It's usually only a bit harder (you have to authenticate before the operating system will boot) but in return for that, the confidentiality of your data is protected. Security is about risk management and if the risk of publicising your company's secrets is more significant than the risk of users losing time by forgetting their passwords, then the trade-off is worth making.
* many systems (for example Active Directory domain controller
.vs. ipsec) doesn't work well with encryption
Firstly, the kind of encryption they're talking about in the article, as implemented by BitLocker on Windows and third-party products on many operating systems, is transparent to operating system processes.
skills of your systems management must be higher
Oh noes! I pay my systems managers to manage my systems but don't want to pay people who know what they're doing!
It is impossible, IMO, to do many functions without these privileges.
I currently work in an environment where I don't usually need admin. I'm a self-employed Mac developer, and do all of my dev work in an unprivileged account. However that account is a member of the _developer group, which gives the debugger the right to attach to processes. That's frequently all I need. When I've worked in $bigcorp networks where developers do need admin or root, IT have typically created a sandbox network for developer machines to sit in which have access to SCM, the bug tracker, build environment front-end and so on but limited access to business systems and internet facilities.
Developers administering PROD boxes?
Apparently you do NOT go through any SOX or HIPPA audits
The moon is made of green cheese. -- John Heywood