Let’s talk of application vs network in relations to your data.
Network security is easier to implement, as you have much less technologies to deal with.
However, dealing only with network security is like picking the low hanging fruit. It attempts to solve only the data-in-transit issue, and does not, cannot, deal with data-at-rest or data-in-process.
Application security, on the other hand, deals with the entire data processing stack, and when properly done can help you deal with untrusted and extended networks and de-perimeterisation of networks. See work done by the Jericho Forum.
I recommend putting your efforts and dollars into Application security. Application and platform hardening, SDLC, enterprise security guidelines and developer security awareness will take you today a longer way towards security and compliance than more network tools.