Sometimes security related projects are all or nothing, while other times they might be more about defense in depth. Is it possible for this project to be developed/deployed in smaller steps that may not be 100% secure rather than a big one time thing (kind of how I interpret it right now)?