Bitwarden case studies at the Open Source Security Summit 2024
- Blog
- Bitwarden case studies at the Open Source Security Summit 2024
Learn more about the annual Open Source Security Summit.
The annual Open Source Security Summit brought together participants worldwide with industry expert-led discussions on how open source tools lead to security through collaboration, trust, and transparency. Highlights from this year included a look at how to keep your team secure with best practices, how cybersecurity habits crossover between work and home, and how to overcome security challenges in open source software.
Explore previous summit recordings for 2023, 2022, 2021, and 2020 at opensourcesecuritysummit.com or on the Bitwarden YouTube channel.
Chris Clai, director of information security at GTI Grows, shared four keys to creating an approachable team: accessibility, encouragement, education, and collaboration. Clai states it’s important to know your culture with the same dedication and prioritization you would apply to knowing your customers. Set the tone from the top down and ensure one voice comes from the business around security protocols and expectations.
Accessibility: Offer multiple, anonymous ways for people to reach out to IT or leadership to reduce any friction in that process.
Encouragement: Provide empathy and support through every engagement. Avoid blame and focus on actionable takeaways.
Collaboration: Bring people into the process early on so that when a new policy or tool is introduced, you have a group of champions throughout the company ready to help encourage adoption.
“How you respond to people with encouragement and education will help the continuous feedback loop you need, and ensure that when something happens, people are confident enough to reach out to you and tell you what's going on, that way your team can respond quickly and appropriately to any situation.” ~ Chris Clai, GTI Grows
The best way to connect the dots? Focus on awareness and actively tie security to actions employees can take to show how it benefits them across the board.
“Relate business security to personal security. There are very few things in our business worlds that do not translate to someone's personal life. Making sure that their information stays off the internet, that they use strong passwords, that they use password managers like Bitwarden is critical for them to be secure at home and also at work."
Brianna J. Grantham, founder and executive consultant at BJG Consulting, shared how Bitwarden helps her team build a strong culture around the documentation of access management. She spoke about the overlap of cybersecurity habits at home and at work, and urged everyone to kindly, gently educate anyone they see leveraging an insecure method - like storing a password on a sticky note or in a spreadsheet.
“Your habits at home actually do impact the cybersecurity environment at your workplace as well. It's your coworkers, your families, and your greater communities that you are impacting.” ~ Brianna Grantham, BJG Consulting
Grantham states that she chose Bitwarden primarily because “it’s so easy” and “it is secure, because it has such a phenomenal user-friendly app. It syncs across everything. It checks all of the boxes from a cybersecurity standpoint.” When selecting her password management platform, Grantham focused on ease of use and frictionless adoption. With Bitwarden Password Manager, Grantham can ensure everyone knows where to go for access, how to create and store strong credentials, and how to engage access-level controls.
“Bitwarden gives you the ability to better control that. It's the responsibility of the entire organization to ensure that only the people who truly need access to something have access to it. The more people who have access, the more likely you're going to have issues. You have to cultivate this culture of continuous improvement, starting at the top.”
Gergely Brautigam, software engineer at Kubermatic, discussed open source software supply chain challenges. Brautigam is an open source maintainer on a Cloud Native Computing Foundation (CNCF) project called External Secrets. He explained the XZ utils backdoor attack is an example of why it is so important to have a strong testing workflow, how social engineering can affect any project, and how critical large, engaged community support is to open source projects. Brautigam’s solution is to automate as much as possible using Bitwarden Secrets Manager. Utilizing features like SBOM checks, rollback ability, and secret rotation to reduce exposure mitigation. Even if there is an attack, the bad actor won’t have access to all the information.
“We have to be vigilant. The wolf has to be lucky only once, while you have to be lucky all the time.”
Get started protecting your team and your family with a business trial or a free individual account.
Connect with the Bitwarden community to stay informed about future events and recieve additional cybersecurity resources!
See you at the Open Source Security Summit in 2025!