I don't think that Microsoft can be faulted for insecure data. The database, network, and operating system framework that Microsoft has provided us is solid when it comes to security. For example, I've heard from security experts that SQL Server is much easier to lock down and has had fewer security holes when compared to Oracle and other products.

Data security is also not about decisions made by the board of directors at the organzation.

Really, if you look at news stories about data breaches, the plot is the same:

1. Some guy who couldn't be trusted had unrestricted access to the database

2. SQL injection

3. Some developer copied down the database to their laptop and then lost it.

These things can be prevented using role based security, properly coded SQL in the application, and enforcing restriction policies on the windows workstations. Microsoft has given is the tools we need.

I hate to say it, but it's mostly about ignorance on the part of IT staff, primarily the developers and DBA.