How do you balance strict security compliance requirements with the operational needs of software development teams?