Battery initially invested in Bitwarden*, an open-source, password-management platform, in the company’s Series A financing round back in 2019—before most people had ever heard of Covid-19 and most of us were still working in an office five days a week.
Fast forward to today, and it’s clear the need for the company’s technology is greater than ever. Today, more and more employees are logging into password-protected company systems—and accessing confidential information–not only outside in-office, corporate firewalls, but from personal computers, cellphones and tablets, often from coffee shops or co-working facilities outside their homes. Internal corporate systems are suddenly much more open to hacks, and stealing a password is still the number one way that a hacker accesses these systems.
Unfortunately, while password-management software is nothing new to consumers, only an estimated one in five individuals is actually using a password manager. Not surprisingly, the percentage of businesses using this technology is even lower. A consumer will often start his or her password-management journey as an individual, or through their family’s website logins, and then bring that tool to work to manage professional logins as well. While any password-management adoption at a company is generally a good thing, individual employees bringing their own tools to work can lead to password- management sprawl and a lack of centralized security governance, leaving companies still vulnerable to hacks and other outside threats.
To add to this problem, many corporate IT and security departments think they have solved most of the password problem through the implementation of a Single Sign-On (SSO) or Active Directory system. However, there is still a long tail of systems that don’t have native SSO integrations—many of which live within the workflows of developers and other technical teams. Examples of these systems include team-specific GitHub or GitLab repositories and many of the databases that hold valuable customer or production data. This leaves them still, potentially, exposed to outside security threats.
This is where Bitwarden and its open-source system thrives. Kyle Spearrin, the CTO and founder of Bitwarden, is a developer himself and built the product to be open source out of frustration with the rigidity of existing products on the market. Since the beginning, Bitwarden has had a developer-led, bottoms-up business model driven by its vibrant community. Open source creates more trust in the product and allows anyone — including enterprise security teams and researchers — to view the source code transparently, so no one needs to wonder how their sensitive data is being protected. Much of the product’s initial traction still happens at the consumer or family tier, but because developers are both technical and security-conscious, they quickly bring Bitwarden to their corporate IT and security teams, which allows it to proliferate quickly across the entire company.
Bitwarden’s business offerings include a suite of additional, enterprise-ready features to the standard consumer password-management tools. Bitwarden Send was one of the company’s first business applications; it enables encrypted document, password, or text transfers from one individual to another, with additional security features like auto-deletion date or additional password protection if needed. Other enterprise functionality includes the ability to self- or cloud-host Bitwarden, depending on security concerns, as well as to leverage password vault health reports and event logging; integrations into existing infrastructure, like SSO and directory services; and third-party security audits of Bitwarden itself to ensure a company’s information is safe.
All these features allow enterprises to centralize their password-management efforts into one tool instead of multiple ones, and to better onboard and protect their employees. René Bonvanie, the former CMO of Palo Alto Networks who is now an executive-in-residence at Battery, is on the board of directors of Bitwarden and has been impressed with the pace of innovation despite the enterprise market being early in its adoption cycle. “When I joined the Bitwarden board of directors 18 months ago, (CEO) Michael Crandell, Kyle, and (Chief Customer Officer) Gary Orenstein had just started their enterprise go-to-market motion, and I have been very impressed by the success that it’s had. It’s rare to see that happen in security and even rarer at a time that many enterprises took a pause in spending. It shows how differentiated the company’s technology is and how important a role it plays in enterprise security strategies.”
Battery is excited to deepen its involvement with Bitwarden by participating in the company’s Series B financing, which was led by growth-equity firm PSG and announced today. Look out for a ton of exciting features and announcements coming in the next few quarters that should further Bitwarden’s enterprise story. Passwords will never be killed, just better protected!
Battery Ventures provides investment advisory services solely to privately offered funds. Battery Ventures neither solicits nor makes its services available to the public or other advisory clients. For more information about Battery Ventures’ potential financing capabilities for prospective portfolio companies, please refer to our website.
*Denotes a past or present Battery portfolio company. For a full list of all Battery investments, please click here. No assumptions should be made that any investments identified above were or will be profitable. It should not be assumed that recommendations in the future will be profitable or equal the performance of the companies identified above.
Content obtained from third-party sources, although believed to be reliable, has not been independently verified as to its accuracy or completeness and cannot be guaranteed. Battery Ventures has no obligation to update, modify or amend the content of this post nor notify its readers in the event that any information, opinion, projection, forecast or estimate included, changes or subsequently becomes inaccurate.