The focus shouldn’t be on threats, but rather on how those threats might change. At the technology level, this focus on change shifts the focus from a static “locked door” approach to security to the immune system metaphor I discussed last year. But there’s more to architecting for security than the technology. At the organizational level, effective EA will help resolve shadow IT issues which can lead to unmanaged security threats as an example. At the process level, EA will address social engineering challenges like phishing attacks. Securing your technology without applying a comprehensive, best practice approach to organizational and process security is tantamount to leaving some of your doors unlocked.