Opportunities for incremental improvement

Insufficient security controls lead to unacceptable risks; excessive controls add unnecessary complexity and drive up costs. Achieving the right level of security is challenging, especially when existing applications are involved. Sometimes perfect really is the enemy of the good enough.

You can read the full article here.