Developers like to forget about security and simply leave the security issues to the database administrators. However, it is much harder for a DBA to tighten the security for a database where developers did not plan and design for security. To secure your data, you must understand the potential threats as well as the security mechanisms provided by SQL Server and the other components your application is using, including the operating system and programming language.
When talking about securing SQL Server, we are actually talking about defending data access to the database platform and guaranteeing the integrity of that access. In addition, you have to protect all SQL Server components included in your solution. Remember that your system is only as secure as the least secure component. As a defender, you have to close all holes, while an attacker only has to find a single hole. However, dealing with all aspects of security would be out of the scope of this...