Securing a SQL Server is an extremely vast topic and requires a comprehensive approach not limited to just worrying about who has access to the instance as a sysadmin or the data files, but everything from those items to the code running on the instance, the features that are enabled, and where and how the backups are stored, among many other things. Here is a good place to start to get a view of what you need to consider:

SQL Server 2005 Security Best Practices

Outline your security goals and go from there. Every environment is different and while "protecting the data" has to be the first priority that phrase can take on many different meanings depending on the type of data and things unique to the environment.