[From Yankee Group
Every week there are reports about remote intruders penetrating enterprise security defenses to retrieve sensitive information. The information that most hackers want (such as confidential business data, customer lists, account balances, and private consumer information) is on database servers.
Web-facing applications often interact with a back-end databasethe application controls the session and data formatting, and the database provides the raw material. IT departments must balance the need for controlling secured systems with the increasing corporate liability against inadvertent disclosures.
The article continues at