Hybrid Cloud: Centralized Firewall Management versus Distributed Ownership?

I've really been thinking about centralized network security lately, especially with things like AWS Network Firewall and Transit Gateway in hybrid clouds. It just seems so nice, having one spot for firewall rules, logging, and monitoring across EVS, other VPCs, and even our own data centers. That would make things so much more consistent and cut down on a ton of work. But I keep wondering, could putting all our eggs in one basket, so to speak, cause problems like bottlenecks or arguments over who owns what in big companies? If one central security team handles all the firewall rules, does that just naturally slow down application teams when they need quick changes? Or are there smart ways to let others help create or approve policies within a centralized system without losing all the good stuff that comes with unified control? I'd love to hear what other people have actually gone through trying to find this balance in their hybrid setups.