Comment by chronid

I worked in finance on the other side of the pond - developers wanted to constantly bring in and use new services but also didn't want any of the responsibility or the work needed to make compliance happy (or even in that particular company shoulder the costs). When me and other folks where brought in it to fix the "cloud strategy" it was a complete shitshow and heads actually rolled when we wrote a tool to assign costs to applications. But we had to start almost from scratch and limit usable services as we developed strategies and blueprints for each...

The complete, unapologetic desire of devs and security teams (but also many infra teams) to not have any kind of ownership was horrifying to me.

In the end there's not a single solution or strategy, it really goes back to the organization and where your weaknesses and strength are as an org. If you have a gazillion consultants following the "best practice" of the day and exceptions on top of exceptions you are dead, devops or otherwise. You will still make billions if you are the right company though regardless of your software practices, so...