NASA Goddard Space Flight Center Soars with Bitwarden

When LINUX systems engineer Mark Miller first joined the NASA Goddard Space Flight Center, NASA Goddard was managing passwords with a tool called Cryptvault. While a ‘good enough’ tool, it was written in ColdFusion (CFML), over 15 years old, and created by a developer who had long since left the organisation. It was also locked into one system and had associated encryption that was written for a limited 32-bit code base. When the time came for NASA Goddard to migrate away from other legacy systems, the IT team started looking for a replacement password management solution. 

Identifying a secure, comprehensive way to share sensitive information and passwords was a critical task for teams at NASA Goddard. While government agencies have always been targets of cybercrime, particularly by nation-state actors, the 2022 SonicWall Cyber Threat Report showed a large increase in all forms of cyber attacks against the US government. And, the link between weak passwords and data breaches is undeniable, with a succession of Verizon Data Breach Reports highlighting the connection. Real-world examples also prove illustrative: just look at SolarWinds and Colonial Pipeline for more evidence.

Mark’s team at NASA Goddard looked for a site that could support multiple users, offered an intuitive web UI, and was easy to share. Also critical was a platform that enabled local data storage. While cloud technology offers extensive benefits, it doesn’t give organisations control over their own local data. The need for local storage eliminated a lot of contenders because many password management vendors are only available in the cloud.

While the team considered building a password management tool in-house, it lacked the security experience and coding expertise to pull something together. Additionally, the development team was already committed to existing projects and didn’t have the capacity to take on more. Cost was also a major consideration. Enter Bitwarden.

Bitwarden met all of the requirements NASA needed. It offered new, unexpected features – such as search and a password generator/passphrase generator/username generator, – and encrypted storage, along with a management back end. 

In the event someone leaves the organisation, Bitwarden offers an excellent way to transfer information to the replacement employee. It also created a culture of ‘process’, a huge boon for the IT team. Putting a process into password management means that it becomes second nature for the team, as they grow accustomed to inputting their passwords into the password manager in a coherent and organised manner. It also removed the need to save credentials across systems and browsers.

In the future, the team is eager to make use of the Bitwarden SSO enterprise integration. It is also considering whether organisation devices – such as phones used on-site – are eligible for Bitwarden. Lastly, it is considering expansion possibilities for other NASA divisions. 

“Passwords are here to stay,” said Miller. “They are not going anywhere. There are just too many service accounts or API keys or other secure credentials that need to be shared within an organisation in order to keep that organisation operational.”

Visit opensourcesecuritysummit.com to learn more about this annual conference.

Ready to get started with Bitwarden? Sign up for a free Bitwarden account, or register for a 7-day free trial of our business plans to help keep your business and team safe online.