Components such as applications, databases, web servers, directories, and operating systems rely mostly on built-in security features. But passwords and privileges are hardly enough, considering that many users have elevated privileges and fail to follow established corporate procedures.