You want to encrypt everything across the boards, regardless of level of classification or how many people need to access it.
In essence, that is going to create an environment where everything is as secure as they are on a password protected environment with much more computational overhead.
The reason for this is that there is no classification between what should be encrypted and what shouldn't be encrypted. Those that need uniform access to unspecified, disparate data across the network (i.e. system administrators) are going to need some easy-to-use convention to get access to debug issues.
Either there needs to be some sort of root/administrator access or you are going to destroy the supportability of your systems. Maybe the user just gives his encryption key to the IT help desk on a regular basis... that couldn't be broken through simple social engineering.
Maybe that isn't necessary... maybe there is a feature that allows unauthenticated access to the encrypted data that only your teckies know.
Basically, too much security equals too little usablility. Thus, too much of the wrong security backfires and becomes bypassed because of the need for maintaining usability.