How do you approach problem resolution when a security control causes operational issues in a constrained environment?