I've often compared DevOps environments to the old PC vs. Mac security debate - in that Mac was always considered more secure because it was simply less utilized. That's obviously changed. But now as we see DevOps rise in popularity, I believe while it is still the less popular model for developing internal IT - it has some considerable security advantages. In addition to the quite below, I's argue DevOps is the way to go because it typically:

-Leverages a faster dev time and thus makes it harder for attackers to "map on" to vulnerabilities. 

-Uses distributed systems in a positive way, making it hard for attackers to hide or even find a primary area of weakness.

_Tends to rely less of "SaaS only" providers at the software layer, given the need for more control in an iterative environment, and allows for even greater security measures/controls to be placed.

Again, while no system is perfect - right now it seems DevOps approaches have some unique security advantages in their favor...