The goal of information security systems in an enterprise is to make the right information available to the right entities at the right times and in the right formats while ensuring only authorized information flows occur. The standard approach is to purchase a new system to meet current needs. Patches, work-arounds, and added components satisfy the changing future needs while creating an increasingly complex system, and operational capability slowly degrades over time as complexity builds. The system is then rebuilt from the ground up, at great cost and inconvenience, and the cycle repeats. This paper describes an approach for constant change. Instead of building the best system possible based on today’s needs, only to replace it in the future, the goal is a system that is capable of evolving toward a better future in a consistent and directed way. This prevents one-off fixes from lingering, and it keeps the distributed decision-making process aligned toward a common enterprise goal. Components not consistent with future goals are identified and scheduled for replacement. Current practices chosen for expedience are assigned expiration dates to prevent them from becoming solidified in the future architecture. The replacement cycle is applied to components of the system instead of the entire system. This stops the cycle of complete replacements by allowing constant change, which reduces overall cost and maintains a more consistent operational capability.