The director of strategic development at Franklin, Tenn.-based AIM Healthcare Services Inc. has savvy database administrators who encrypt all data that's archived or traveling through the network and who monitor database usage with auditing tools built in-house.

Still, Solesby said he has recently started to test third-party database security tools.

Why? "We have implemented policies and procedures like crazy here," Solesby said. "But databases are not hardened. They are still on the low end of the spectrum in terms of security."

Solesby isn't alone. Even though their licenses cost tens of thousands of dollars, big commercial databases aren't meeting user demand for increased data security and privacy, analysts said.

While database vendors are beefing up security in their products, "companies should look to third-party vendors to supplement additional requirements that are not yet met by DBMS vendors, such as database firewalls, assessment, simplified encryption and granular auditing solutions," Forrester Research Inc. analyst Noel Yuhanna wrote in a Nov. 29 report.