As the Chief Information Security Officer (CISO) of a multinational company, you've been approached by a business unit that wants to employ a novel method for processing data, potentially bypassing standard security controls. What would be your main criterion for determining whether to approve this?