5 lessons from banking & finance: Why we need zero trust secrets management

This post draws on banking and finance industry case studies to explain why zero trust secrets management is critical for modern organizations.

• •Poor secrets management practices include hard-coded credentials, long-lived secrets, excessive privileges, secrets sprawl, accidental leakage, and manual rotation processes
• •The 2019 Capital One breach and 2023 Toyota breach are cited as real-world consequences of inadequate secrets governance
• •ABN AMRO adopted dynamic/short-lived secrets integrated into platform engineering to eliminate manual credential passing
• •Basler Kantonalbank centralized secrets governance to meet FINMA regulatory compliance requirements
• •Five recommended mitigations: stop hard-coding secrets, centralize in a secure vault, shorten TTL and automate rotation, apply least privilege, and continuously audit usage