Are you talking about full-disk encryption on your workstations and vpns from remote sites?? I was kind of confused as to which you meant.

Scucci,

I've only got limited experience as I've only used one of the products that you mention, and only from an end-user perspective. My employer recently rolled out CheckPoint PointSec, and I managed to get it to hose my laptop within a week. Hard-drive would not boot past the PointSec login, obviously HDD is encrypted, so recovering data was not possible. Thank goodness for good backup policies.

It seems the system didn't like being booted from a USB stick into BackTrack (disclaimr: may not have been the pen drive, however ran Windows [I know...], booted to Backtrack, back to Windows, dead box)

However, with the exception of my box, the system was successfully rolled out to many users without issue. Buyer beware, in this case backups and system restores covered my a$$.

One thing I will add to this discussion, just incase it gets overlooked.
The objective here is to secure and safeguard the information on the device in the event of its loss or theft.

Also it is worth considering the approach you will take to this encrypted device in the event of a forensic investigation. If forensics is something your organisation has / or will require then it might be worth scoping this into the testing plan.

The last thing you want is an incident, and go to do a forensic investigation only to find no one knows how to proceed.

Just food for thought as it were.

Don't forget about the Princeton attack on FDE:

http://citp.princeton.edu/memory/

This has the potential to reduce such measures to a "keep the honest folks out" level.