3rd party trust is not a joke. Why should they drop what they're doing to go and audit a new critical vendor?

Because the old “trusted” vendor is now absurdly expensive and switching to another one helps increase profit? E.g. why did organizations switch from bare metal to virtualization in the first place?

Because the old vendor started charging 10x the price

This. This always gets them. Just a matter of time.

Because those policies didn’t account for the workflows of engineering and dev teams. And I’m not even really asking for them to trust 3rd parties but to instead have a workflow to escalate and petition tools and workflows to become supported in house.

For example Docker Desktop being disallowed with vigor for Windows machines because it’s a virtualization tool. But Docker is fine for Linux users. And confirmed it’s not a licensing or purchasing issue.

> We have the DevOps knowledge on our team to go to containers, prepackaged dev environments, etc.

This is lovely to strive towards and going all in on containers (albeit not with Kubernetes) has worked out great for where I work; their resistance to the approach sucks, I'm sorry you have to deal with that. Hope it works out in the end.

Im in the same boat, and it sucks. CyberSec rules the roost but have little to no care or knowledge of good DevOps, or process management considerations, so the result is tpu wind up talking to a human firewall whose response is always "no.". Organisationally we wonder why nothing improves.