Three options:

1.) Give up. It's hard and you're not really protecting that much anyway. Just your company & its clients data. (Sounds like many of you already have.)

2.) Spend some money - $$$ Guardium or http://www.imperva.com/Products/DatabaseSecurity

3.) Invest time & effort in SQL Audit, SQL Policy, and automation. It's not an easy solution but the tools are there. You can use SQL Audit to monitor the key pieces of your business that you want to watch/protect the most & then leverage the EPM Framework (free on CodePlex) and policies to deliver key indicators letting you know if anything looks out of place.