"Dev and QA treat infra as a black box."

Company-wide Terraform registry with versioned modules, plus IaC training for dev and QA. Teams consume infra as code on their own. Same idea with Zero Trust: Cloudflare + IaC + CI/CD so access and boundaries are explicit and auditable.