key-storage

My company is going to be storing sensitive data for our customers, and will be encrypting data using one of the managed .NET encryption algorithm classes. Most of the work is done, but we haven't figured out how/where to store the key. I've done some light searching and reading, and it seems like a hardware solution might be the most secure. Does anyone have any recommendations on a key storage solution or method? Thanks for your replies, everyone. spoulson, the issue is actually both the "scopes" that you mentioned. I suppose I should have been clearer. The data itself, as well as the logic

In order to prevent somebody from grabbing my data easily, I cache data from my service as encrypted files (copy protection, basically). However, in order to do this, I must store the encryption key within the .NET assembly so it is able to encrypt and decrypt these files. Being aware of tools like Red Gate's .NET Reflector which can pull my key right out, I get a feeling that this is not a very safe way of doing it... are there any best practices to doing this? You have to decide what is an acceptable level of risk. There is no "safe" way of doing this. If the risk of someone using reflector,