Data is information. So a Chief Information Security Officer should be responsible for securing data, right? And while securing data is definitely a team sport that spans across engineering, DevOps, product, security, GRC, and other departments, it’s often the CISO who is up at night, worrying about potential data breaches, exorbitant fines, legal implications, and […]

Jamie Gale 07 Feb, 2023

Protecting sensitive or personal data of employees and customers is one of – if not the – most important responsibility of any business. While most of the world is adopting data protection laws, there are misconceptions about who needs to comply with which regulations and what information or data is actually covered.  The first step […]

Jamie Gale 27 Jan, 2023

Today, we’re pleased to announce a partnership with the industry leader in cloud security, Wiz to provide next-generation Cloud and Application Security. The Wiz + Bionic partnership will help customers manage security and business risk that comes with two of the greatest challenges in technology: ephemeral, cloud-native services and highly dynamic, rapidly changing applications in […]

Jamie Gale 11 Jan, 2023

Shifting left is proven to help DevSecOps teams create more secure applications by earlier inclusion of security testing practices in the application development lifecycle and CI/CD pipeline. The Cloud Security Alliance estimates that about 90 percent of organizations are in various stages of adopting DevSecOps. IBM’s 2022 Cost of a Data Breach report notes that, among […]

Jamie Gale 06 Dec, 2022

Today we’re talking about CVE-2022-42889 aka Text4Shell. We’ll walk you through what it is, what you need to know and do to protect your applications, and dive into how Bionic is helping customers understand their overall risk related to this vulnerability. What is Text4Shell? Text4Shell is a vulnerability within the widely used Apache Commons Text […]

Jamie Gale 26 Oct, 2022

Companies innovate through applications to reach new customers and markets with greater speed. This blog discusses what applications were, how applications have evolved, and why Application Security Posture Management (ASPM) is a must-have for organizations that run modern apps in the cloud.  What was an Application? Before we get into modern applications, let’s take a […]

Jamie Gale 13 Oct, 2022

Many security solutions assign numerical scores to indicate the risk that a threat poses so that customers can prioritize which issues to fix first. Teams work through endless tickets, trusting blindly that the assigned score accurately represents the (business) risk that a threat poses.  If all risk scores were created equal (and accurate), then this […]

Jamie Gale 03 Oct, 2022

Over the last several years, targeted, “boutique” cloud security solutions have consolidated into one-stop shops, known as Cloud-Native Application Protection Platforms (CNAPPs).  This blog discusses the evolution of the CNAPP and its predecessors: Cloud Access Security Broker (CASB) Cloud Workload Protection Platform (CWPP) Cloud Security Posture Management (CSPM) Cloud Infrastructure Entitlement Management (CIEM). We’ll then […]

Jamie Gale 14 Sep, 2022