Bitwarden Raises $100M to Go Passwordless, Defend Developers

A password manager startup has raised $100 million to expand into new product areas including developer secrets, passwordless and privileged access management.

See Also: Webinar | Prevent, Detect & Restore: Data Security Backup Systems Made Easy

Bitwarden says its first publicly disclosed financing round will allow the Santa Barbara, California-based company to debut new features for individual and business users and expand its footprint in Japan, Germany, France and South America, says Chief Customer Officer Gary Orenstein. The investment was led by PSG, which Orenstein says can help Bitwarden conduct a market analysis and increase the scale of its recruiting efforts.

“We didn’t need to raise the money, but looking ahead at the market and what is possible and the opportunity, we met the right group at PSG who understood the Bitwarden business model and wanted to help us achieve some of our long-term goals faster,” Orenstein tells Information Security Media Group.

From Password Management to Secrets Management

Bitwarden wants to help clients protect both their existing SaaS systems with password management as well as the application development process with a new developer secrets offering. Developers end up using lots of passwords and secrets in their application infrastructure when building new applications, and he says Bitwarden’s move into developer security will safeguard the cloud app migration process.

The development and migration of applications into the cloud has been a megatrend in the enterprise space, but Orenstein says many businesses have inadequate technology to protect their developer secrets. In smaller companies, IT or security leaders typically handle developer secrets, while larger companies have different people overseeing internal use cases and app development use cases.

Bitwarden rival 1Password moved into the developer secrets market through its purchase of SecretHub in April, and Orenstein says the other category leader, LastPass, doesn’t have a secrets management offering of its own. Bitwarden’s self-hosting options, use of open-source architecture and willingness to provide a full-featured free version of password manager to individuals differentiate the firm from its larger rivals, Orenstein says (see: Hacker Steals Source Code, Proprietary Data From LastPass)

From a passwordless perspective, Orenstein says, the company’s investments will enable customers to take advantage of existing tools such as biometrics and FIDO security keys and more easily integrate with systems they’ve already deployed, such as single sign-on. Bitwarden is also pursuing more activities in new areas of passwordless, such as passkeys, according to Orenstein.

In the broader identity and access management space, Orenstein says Bitwarden has received feedback from current customers that their needs aren’t being met by existing privileged access management technology. Bitwarden wants to right-size existing PAM tools with its playbook of working first with individual users and then expanding into offerings for businesses, Orenstein says.

Addressing a ‘Global and Universal’ Need

From a geographic standpoint, roughly half of Bitwarden’s business comes from outside North America, and Orenstein expects international activity to make up a greater share of business over time. Bitwarden has offered translation services around its password management app since the company’s 2015 founding, and the app is now available in more than 50 languages, according to Orenstein.

“That need for password management is global and universal,” Orenstein says. “It really is a collective advancement across the globe.”

Bitwarden is actively pursuing expansion in major markets across Asia and Europe, including Japan, Germany and France, and Orenstein says the company also wants to expand further in South America and Australia. In addition to making the product available in the local language, he says Bitwarden is investing in channel partners in the respective markets and compiling resources to help customers.

From a metrics standpoint, Orenstein says Bitwarden tracks revenue for itself as well as individual and business customers. Certain markets will desire password management capabilities for computers, tablets and mobile devices while other geographies focus on just mobile devices, and Orenstein says Bitwarden plans to figure out which devices and platforms people gravitate to in different markets.

“We are unfortunately seeing too many breaches that involve the use of a weak or reused password by an employee,” Orenstein says. “Empowering employees with the knowledge and the tools to make strong and unique passwords for everything they use will put them in a good spot to help keep their companies secure.”