Encryption at rest ensures that data is encrypted when it is written to a storage medium. Hard drives or volumes on virtualized storage must be encrypted, and backup tapes also need to be encrypted. It is important to encrypt all removable media, including hard drives and USB sticks.
Encryption of the data at rest ensures that if the drives or tapes were stolen or lost, that the data would not be accessible to whomever is in possession of storage media.
Organizations dealing with highly sensitive data will require all data stored on non-volatile storage, hard drives, solid state drives, USB drives/sticks, network attached storage, or other such devices needs to be encrypted.
Most organizations will require devices such as laptops, external hard drives, and USB sticks to be encrypted, as these are the most often lost or stolen devices.
Additionally, if backup tapes are stored off site, or transported to a different site within the organization, these are also vulnerable to loss or theft and should be encrypted.