In an enterprise company where each internal business unit manages its Google Cloud projects and network using folders, what action should be taken to centrally manage all Google Cloud firewall rules and enforce the denial of incoming requests to the business unit's Compute Engine VMs?