Tell me about a time you had to enforce a security policy that was unpopular with the development or IT team.