The extended enterprise is here, but current security architectures are ill-suited for the task of securing the extended ecosystem. Security and risk professionals must adopt a new mindset for security; you must learn to abstract security away from business logic, decouple protection from the infrastructure, leverage security analytics and context, proactively manage your APIs, and ultimately deliver security assurance downstream to customers and upstream to suppliers.