Your global organization is rapidly expanding its use of Google Cloud, adding new teams and projects at a fast pace. You are concerned about potential issues with inconsistent security policy enforcement and permission sprawl. To maintain consistent security practices while still giving regional teams some autonomy, you need to develop a strategy for scalable management of IAM and organization policies. What approach should you take?