Maintaining Compliance and Security

By Gary Orenstein

As a leading global password manager, Bitwarden enables customers all over the world to protect, store, and share their sensitive data. Protecting customer data is also paramount to the Bitwarden company mission, which is why Bitwarden complies with industry standards including the General Data Protection Regulation (GDPR).

Remaining in compliance with the GDPR gives Bitwarden customers the assurance that data is handled with the proper precautions. Beyond the business and ethical considerations that make this an imperative, there are practical considerations, too: password managers like Bitwarden enable businesses themselves to protect data under GDPR.

How password managers empower data protection

GDPR Article 32 requires businesses to “implement appropriate technical and organisational measures” to ensure data is processed securely. Password managers help fulfill this requirement. Among other recommendations, this includes “the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.”  Simply put, organisations need to ensure the data they store and process is secure. One way to do that is to utilize an enterprise-wide password manager.

Password managers serve as a simple and fundamental tool to secure sensitive data. In a world that revolves around passwords, businesses must remain vigilant in mandating the use of strong and unique passwords for all systems that might hold critical customer data. But, remembering them all without help can get quite challenging. That’s where a password manager comes in. Bitwarden, for example, generates, stores, and secures credentials to user data in an end-to-end encrypted vault.

fundamental tool to secure sensitive data

An enterprise password management solution ensures both productivity and security by enabling teams to share passwords among colleagues easily and securely. It establishes a first line of defense against data breaches by enforcing strong password policies for employees. It can also integrate with existing SSO and directory services, to help keep workflows seamless and efficient.

The data security reality

In the 2023 Bitwarden Password Decisions Survey, which polled independent IT decision makers globally, 84% reported using password management software at work. A majority (60%) also said ‘security’ was the most important attribute for a good password manager. The findings are encouraging, especially when considering the 60% who also reported their organisation had experienced a cyberattack.

One need only look to the endless parade of data breaches to understand why high-profile senior executives and government officials worldwide continue to characterize the likelihood of cyberattacks as a matter of ‘when, not if’. Organisations that fail to pay heed to this reality and engage in sloppy data security practices will be met with consequences. According to the GDPR Fines and Data Breach Survey from the major global law firm DLA Piper, in 2022 data protection authorities in Europe issued a total of EUR 1.64bn in fines for data breach violations.

fundamental tool to secure sensitive data

There are thousands of cybersecurity tools available to organisations seeking to protect their data and comply with the GDPR. With the advent of AI and machine learning, one can reasonably expect to see thousands more in short order. They fall under various umbrellas such as network security monitoring, antivirus, penetration testing, and more. Picking the must-have tools from this landscape can be challenging. However, simple facts help guide the decision-making process: Passwords are prolific, they are used to protect sensitive data, and the best way to ensure that protection is as robust as possible is to use a password manager.

About the Author

Gary Orenstein

Gary Orenstein is the chief customer officer at Bitwarden leading the go to market efforts across customer success, marketing, and sales. Before Bitwarden, Gary served in executive marketing and product roles at enterprise infrastructure companies Yellowbrick Data and MemSQL, and flash memory pioneer, Fusion-io which went public during his tenure there. Earlier in his career he led marketing at Compellent which after its IPO was acquired by Dell. Gary holds a bachelor’s degree from Dartmouth College and a master’s in business administration from The Wharton School at the University of Pennsylvania.

LEAVE A REPLY

Please enter your comment!
Please enter your name here