For startups, the primary business driver is time to market, not security, operations, stability, or SLAs. The goal for them is to go to market with a product. Therefore, a dev-centric approach in a startup might be ideal because developers can focus on agility and speed, which is what a startup needs. They can roll features out as fast as possible. This approach does not consider (in many ways) security and SLAs, which is acceptable from a startup.
However, the same might not work with enterprise features. Enterprises can't run dev-centric. They need to be tri-centric i.e. the stakeholders and bailiwick of ops and security must be baked in with development. Enterprise businesses are not driven by the objective of being sold. You cannot afford to damage the brand, not comply with regulatory provisions, or damage NPS - which are things that enterprises survive on over decades.
Startups are recommended to be dev-centric and focused on going to market with as many features as possible. The same, however, cannot be true for an enterprise. If you take a dev-centric approach, you stand to damage a brand that's worth billions. Hence, my recommendation is to go tri-centric – bringing together the operational bailiwick and expertise, the security bailiwick and expertise, and involvement within the CI/CD process through security fitness or conformance, within the orchestration layer. Through these, you can achieve regulatory requirements, governance, and operational excellence.