Although the basic idea of "rolling" is good (keep all systems up-to-date, do not let one-off things dminate the whole infrastructure management by hanging on to the concept that you can have isolated systems), I have not seen any advertisements where the leaders of the IT are supposed to pre-empt issues at the design stage.
Many IoT projects etc. will therefore remain on the order of "marketing wants these faetures, managemeent wants these features, users have complained about these featurres and OH can you use some kind of standard-modulees for security and whip something up". Followed by a couple of months later: "Oh some customers have complained that they can just change the URL-in the web-management interface and become admins. etc. etc.".
Basically: If you define operation and development both as bleu-collar "production" work where any development work that wobbles can be solved by manual intervention by ops who canbe expected to have the levels of sytem-knowledge of the devs then oversight may recede more and more until the shit really hits the fan and someone actually has to accept responsibility.
It will be interesting to see when the dev-world matures to the level where they function on top of systems that are kept operational by others.