There is a real need for dedicated IT staff.Especially if your building customers environments.
I'd hate to say it but I have seen this first hand. Firstly security is ignored, and secondly there has to e a level of over site.
Im a systems admin for a fortune 500 and in charge of security, you don't even know how many times "staff" have setup a replica of the customers environment and missed the security aspect or even forgot huge parts of the environment or even misconfigured half of it and we could not replicate bugs. My team goes in and notices this stuff off the bat.
There needs to be dedicated staff because core infrastructure should not be pieced together, It should be engineered, when not properly engineered and just thrown together based on what people want.... This usually ends up ina giant mess, which dedicated staff are called in to unravel and repair.