I always tell people three things they need to do to get started. First, figure out what sensitive information your business handles -- what it takes in, what it processes and what it puts out. Second, find out where it's located. And third, analyze how it's at risk.
Check out the entire Storage Encryption FAQ guide.