“The standard thought is when someone sits down at the server, it’s compromised, end of story. Things only get worse if they grab the hard drive and take it to a lab for opening up and analysis.”

Ditto.

Once an attacker has permanent physical access (i.e., he walked out of the building with your hard drive in his briefcase), the jig is up – assume that in time the data will be compromised. From there, the scenario is the cost of the delaying tactic vs. the ability to slow down the attacker.

It’s a little different if the attacker is an insider, or had only temporary access. In those cases, you might be able to slow him down enough, or force accountability such that the attack becomes infeasible.

Hard drive encryption is a delaying tactic – it will give protection that matches the strength of the algorithm, strength of the key, and strength of the password locking access to the key (or the ability to insert hardware with the key stored separately). Even with encryption the assumption is that it’s a delaying tactic. Sooner or later, the attacker will get through the key space and figure out what key decrypts the system.

Tamperproofing is another option – finding a way to electronically erase the hard drive under certain conditions (like physically removing it from the case).

Figure that once physical access is granted, the attacker can work around your passwords – however strong they are – without resorting to brute force. The first one that comes to mind is using the “fix the password” techniques that most systems have built in to help sys admins that have locked out & lost passwords.

Any and all protections come with a price – tamperproofing is expensive, since you need speciality hardware. Encryption can be cheaper, but it affects boot time. Also, I’ve seen some nasty surprises with how encryption plays with applications – you never really know until you try to use it.