top of page
  • Kyle Watson

NYDFS 23 NYCRR 500 – Why CASB and IAM are key to NYDFS compliance

Updated: Aug 13, 2020

(Final post in a three-part series)

Three weeks ago we started a three-part series on the adoption of the NY Department of Financial Services (NYDFS) 23 NY Codes, Rules, and Regulations (NYCRR) Part 500. We discussed key steps businesses need to consider and the challenges they’ll face on the road to compliance. To view the first two posts click here. In today’s post, we’re going to showcase the role of Cloud Access Security Broker (CASB) and Identity and Access Management (IAM) – how they protect NPI (Non-Public Information) and support NYDFS compliance.

CASB is a key security technology for NYDFS compliance

CASB provides critical features necessary in the control strategy for cloud applications:

  • Discover what cloud applications are in use as well as where specific data is going in cloud applications, such as PII, PHI, or NPI

  • Invoke actions such as alerting the user or blocking a specific app or action, like upload or download, based upon unusual behavior through user behavior analytics

  • Detect data compromises and anomalies and take action while informing other security systems like Security Information and Event Management (SIEM) for event correlation and forensics

  • Provide vendor risk analysis and ranking including important items such as recent breaches and incidents, infrastructure used to serve the application, and the vendor’s policies around data ownership and destruction

  • Control access over critical cloud apps and data using the context of device, data, location, or other behavioral risk information

  • Monitor authorized users to track their application use

Want to find out more? View our on-demand webinar “The Road to CASB: Compliance Challenges & Key Business Requirements” and download our Road to CASB: Key Business Requirements 2.0 Whitepaper, designed to provide you with requirements that you can use as input consideration for your CASB initiative. Have more questions? Contact us to find out how we can help with your security and compliance needs.

Kyle Watson Partner, Information Security at Cedrus Digital

14 views0 comments

Recent Posts

See All

Cedrus Achieves AWS Well-Architected Partner Status

[January 12, 2021]– Cedrus, a highly sought-after digital transformation solutions provider and AWS Consulting Partner, announced today that it has achieved the AWS Well-Architected Partner status, wh


bottom of page