A couple of things strike me here...
Having security, system administration and operations siloed invariably means the duck gets well and truly shoved.
From my own experience dealing the various concerns of each as a unified whole leads to more optimal prioritization of rectification task with some symbioses - shooting more than one duck with a single round. Also a single reporting structure limits the quantity of duck shoving possible.
The complaint about the ever increasing number of applications installed on "end points" outrunning the capability of securing and maintaing them also makes me question whether the system architecture is well matched to these objectives.
In this context "end point" seems to mean both desktop and server machines (cf OSI End System (ES) v. Intermediate System (IS)) but the desktop systems are likely the most problematic which leaves me wondering whether dumb clients that basically just do I/O over secured channels might be ready for a renaissance. Places almost all the load on servers (these days likely to be cloud/cluster anyway) but does significantly increase manageability and potentially security.