Headquartered in the Netherlands, Greenpeace is a well-known environmental organization with a global presence in over 55 countries. While better-known for its environmental positions, Greenpeace has been innovating on the technological front since the organization was founded.
The nature of its work necessitates that Greenpeace be security-conscious, both from a physical security standpoint and a data security standpoint. The organization has been hacked a number of times and has discovered malicious keylogger campaigns aimed towards disrupting its operations. Consequently, the Greenpeace IT team is hyper-focused on protecting data. This is accomplished through encrypted communications, regular software updates, preventative hacking campaigns to discover weak spots, and ongoing internal security training.
Its own people are a part of Greenpeace’s security strategy, as overly burdensome and slow IT solutions lead to users subverting security controls. Known as shadow IT, users try to implement their own solutions, which ultimately backfire as users create insecure, unapproved workarounds in favor of speed and ease of use. Like most well-managed organizations, Greenpeace aims to prevent the causes of shadow IT and strike a balance between security and convenience. Selecting a password manager - an implementation that would further its data security goals - was no exception to this rule.
Why Greenpeace chose Bitwarden for password management
Visit opensourcesecuritysummit.com to learn more about this annual conference.
In evaluating password managers, Greenpeace prioritized solutions that offered robust, well-respected security and were easy to use. The organization had already implemented multi-factor authentication and was looking for a password management tool that would complement existing infrastructure. Greenpeace narrowed down its list to three solutions and after trial periods, settled on Bitwarden.
Greenpeace currently has about 450 active users relying on Bitwarden. The solution has been implemented for the Greenpeace infrastructure teams and to better protect external communications, including social media campaigns. Greenpeace expects it will see a steady increase in the number of Bitwarden users, especially as more employees grow comfortable with password management tools.
Said Berger, “We are not a security organization. We are a campaigning organization. We want to have this effect and this impact in the world. But for that we need our systems to be secure. We need to protect the people who are working with us.”