How do you ensure security checks are effective without becoming a bottleneck for development speed at SAS?