Do internal applications now need the same kind of due diligence toward hardening that external/Web-facing applications do? My thinking is that it's now trivial for attackers to breach the network perimeter, meaning an internal application tied into our database could be an even more tempting target.