Maybe the correct response here is an open source version of CipherCloud, built on open/published principles (to make it easy to verify the level of security provided).
I would be happy to post my code, but honestly the process is so embarrassingly simple, I'm sure other could do it better. Setting up the squid proxy with SSL bump was more difficult than the code, as there are some great libraries out there. Using a reverse proxy and Icap server, you need to parse all content using something like jsoup (regex if you really wanna hack). Jsoup grabs the element and you then run it through a great encryption library like bouncy castle you then add some unique identifiers arounds it (!!) so that you can decrypt it using simple parsing to get the encrypted content. Plop it back into the content using your trusty greasy spoon. And walla magic! All persisted data is encrypted. When data is pulled out you simply parse for the unique tag, and then run it through the decryption side. There are a number of things that you can do to increase the security of this implementation, with a little tweaking it works for searching, and the such, so gmail is no problem. An app like SFDC with joins between records would be significantly more difficult to do properly. Doing it improperly is trivial, as you could just just all of the same keys and IVs per org (the unit of work in SFDC).