NYDFS 23 NYCRR 500 – Why CASB and IAM are key to NYDFS compliance
Updated: Aug 13
(Final post in a three-part series)
Three weeks ago we started a three-part series on the adoption of the NY Department of Financial Services (NYDFS) 23 NY Codes, Rules, and Regulations (NYCRR) Part 500. We discussed key steps businesses need to consider and the challenges they’ll face on the road to compliance. To view the first two posts click here. In today’s post, we’re going to showcase the role of Cloud Access Security Broker (CASB) and Identity and Access Management (IAM) – how they protect NPI (Non-Public Information) and support NYDFS compliance.
CASB is a key security technology for NYDFS compliance
CASB provides critical features necessary in the control strategy for cloud applications:
Discover what cloud applications are in use as well as where specific data is going in cloud applications, such as PII, PHI, or NPI
Invoke actions such as alerting the user or blocking a specific app or action, like upload or download, based upon unusual behavior through user behavior analytics
Detect data compromises and anomalies and take action while informing other security systems like Security Information and Event Management (SIEM) for event correlation and forensics
Provide vendor risk analysis and ranking including important items such as recent breaches and incidents, infrastructure used to serve the application, and the vendor’s policies around data ownership and destruction
Control access over critical cloud apps and data using the context of device, data, location, or other behavioral risk information
Monitor authorized users to track their application use
Want to find out more? View our on-demand webinar “The Road to CASB: Compliance Challenges & Key Business Requirements” and download our Road to CASB: Key Business Requirements 2.0 Whitepaper, designed to provide you with requirements that you can use as input consideration for your CASB initiative. Have more questions? Contact us to find out how we can help with your security and compliance needs.
Kyle Watson Partner, Information Security at Cedrus Digital