Standardization by centralized administration, reduction of rogue external and DIY options, concentrating efforts on delivering managed services based on a common and repeatable platform, strict change control, clear training enumerating what is and what is not allowed, and a security team that actually digs in to make cross-cutting concerns more audited automatically, practical recommendations, least privilege continuously ratcheted down, and advise on new features and new projects.