Search a topic like "Business Intelligence" and you will get an idea of what others are doing.
At a high level, you have a central database which collects data from different systems, then you have reporting tools which either you or your user community can write their own reports. Also, sometimes you can have these reports run on a scheduled basis and have their output delivered to whoever needs it.
The cost of implementing such a system can be quite high.
You might want to implement some pieces of this.
1) Build a tool which will load your data extracts (xml files) into a central database.
2) Create views or stored procedures which "normalize" your data
3) Use a reporting tool to generate the reports you need or show your users how they can connect to the central database via Excel to get their own data. (See topics like Microsoft Query)
Empower the user to access the data and you will spend less time on maintenance.
Best as I can tell from your question you are asking for something that is impossible.
SQL Server normally installs as an application. Thus it is ALWAYS visible on the client machine.
Now you could re-architect your application to use the embedded version of SQL Server (I think.) Then it would appear that only your application existed. I suspect this would require a bit of work. There are limitations to that approach.
Note as well that this has nothing to do with security. Security means something completely different.