Lock down your BizTalk system by using different security context when accessing sensitive information, you can achieve this by running your hosts and host instances with different Windows Groups and Users. Reducing the surface of attack with this approach will make your environment less prone to attacks.
Security is a very important topic when integrating with highly critical applications inside and across organizations. Planning and implementing security is a demanding task. In BizTalk you will have to assign permissions to receive, send and query against your most important applications giving the BizTalk environment a considerable amount of power and at the same time risk of getting compromised.
An approach recommended is to limit the permissions needed by BizTalk to just exactly where they are needed, so if my receive host need to be able to pool a particular SQL Table I should create a BizTalk user account and corresponding Windows Group to assign to the Host and Host Instance that needs that privilege while at the same time only running artifacts in the same host that share the same level of permissions. Read more the BizTalk Security