  Apply privileged session monitoring to log, audit, and monitor all privileged sessions (for accounts,
               users, scripts, automation tools, etc.) to improve oversight and accountability. This can also entail
               capturing keystrokes and screens (allowing for live view and playback). Some enterprise privilege
               session  management  solutions  also  enable  IT  teams  to  pinpoint  suspicious  session  activity  in-
               progress, and pause, lock, or terminate the session until the activity can be adequately evaluated.
              Extend secrets management to third-parties and ensure partners and vendors conform to best
               practices in using and managing secrets.
              Leverage threat analytics to continuously analyze secrets usage to detect anomalies and potential
               threats. The more integrated and centralized your secrets management, the better you will be able to
               report on accounts, keys applications, containers, and systems exposed to risk.
              Embrace DevSecOps – With the speed and scale of DevOps, it’s crucial to build security into both
               the  culture  and  the  DevOps  lifecycle  (from  inception,  design,  build,  test,  release,  support,
               maintenance).  Embracing  a DevSecOps culture  means  that  everyone  shares  responsibility  for
               security, helping ensure accountability and alignment across teams. In practice, this should entail
               ensuring secrets management best practices are in place and that code does not contain embedded
               passwords in it.


            The right secrets management policies, buttressed by effective processes and tools, can make it much
            easier to manage, transmit, and secure secrets and other privileged information. By applying the 7 best
            practices in secrets management, you can not only support DevOps security, but tighter security across
            the enterprise.





                About the Author

                                          With  more  than  20  years  of  IT  industry  experience  and  author  of
                                          Privileged Attack Vectors, Mr. Haber joined BeyondTrust in 2012 as a part
                                          of  the  eEye  Digital  Security  acquisition.  He  currently  oversees
                                          BeyondTrust  technology  for  both  vulnerability  and  privileged  access
                                          management solutions. In 2004, Mr. Haber joined eEye as the Director of
                                          Security  Engineering  and  was  responsible  for  strategic  business
                                          discussions and vulnerability management architectures in Fortune 500
                                          clients.  Prior  to  eEye,  he  was  a  Development  Manager  for  Computer
                                          Associates, Inc. (CA), responsible for new product beta cycles and named
                                          customer  accounts.  Mr.  Haber  began  his  career  as  a  Reliability  and
                                          Maintainability Engineer for a government contractor building flight and
                                          training  simulators.  He  earned  a  Bachelors  of  Science  in  Electrical
                                          Engineering from the State University of New York at Stony Brook.










                                 20