multilayered Use of allowlists is not enough Security should be multilayered, and use of allowlists is appropriate as one of the security levels.