Of course encrypting CDs, DVDs and media cards is a wise idea! As with any other storage medium, there is always a risk that someone in your company could put sensitive data on a DVD and then lose the disk. An enterprise should have controls in place to mitigate that risk, and the best control you can put in place is encryption.
The first step in implementing a more comprehensive encryption program is conducting due diligence. I would suggest beginning with the path of least resistance, and invite your current encryption vendor (or vendors) in to discuss expanding the scope of your encryption program beyond USB, to all writable media. You may find that you are already paying for this functionality, or that getting the extra functionality simply requires purchasing an additional module for one of your current products. Better yet, as an existing customer, it may be reasonably priced to boot. I would also highly recommend including all desktops in the encryption program as well. The highest probability of data loss is from an employee.
If your current vendor's product can't do this, consider migrating to a different vendor product that does it all. Finally, perhaps as a long-term goal for organizations that do use multiple encryption products, I would suggest migrating to a single multipurpose encryption product. This product should be able to disable all USB media and CD/DVD burners, encrypt media and be policy based.
Bear in mind that the more products the organization uses, the more client-based agents are running on every user's machine, requiring resource overhead to maintain.
This was first published in October 2008