I've often compared DevOps environments to the old PC vs. Mac security debate - in that Mac was always considered more secure because it was simply less utilized. That's obviously changed. But now as we see DevOps rise in popularity, I believe while it is still the less popular model for developing internal IT - it has some considerable security advantages. In addition to the quite below, I's argue DevOps is the way to go because it typically:
-Leverages a faster dev time and thus makes it harder for attackers to "map on" to vulnerabilities.
-Uses distributed systems in a positive way, making it hard for attackers to hide or even find a primary area of weakness.
_Tends to rely less of "SaaS only" providers at the software layer, given the need for more control in an iterative environment, and allows for even greater security measures/controls to be placed.
Again, while no system is perfect - right now it seems DevOps approaches have some unique security advantages in their favor...
In a traditional system, with manually configured servers that are all different, there might be vulnerabilities on different systems, and attackers can see admins trying to track or block them. “They're exceptional measures going on in the static slow moving network, but with DevOps you have a very fast automated release pipeline, you're constantly redeploying,” says Guckenheimer. “If you are deploying everywhere on your net it doesn't look like a special action taken against the attackers.”