Blog

Category: News

Fasoo zero-trust data security platform showcased at Gartner summitA major focus at this year’s Gartner Security & Risk Management Summit in National Harbor, MD was on reframing and simplifying security to drive your business, not inhibit it.  There was a lot of talk about Zero Trust architectures and how they are critical to real security as more of us work from home and the threats to our sensitive data grow exponentially.

One area of concern is how to find and protect sensitive data without impacting how employees, business partners, and customers work.  With a hybrid workplace becoming the norm for many, this has taken on a new urgency.

At the Fasoo booth, a lot of people talked about the challenges of combining different technologies to address data security in the cloud, in the office, working at home, and sharing with partners and customers.  Companies are looking to consolidate capabilities to fewer tools and focus on more of a platform approach to address their needs.  A constant problem is setting different policies in many tools that still focus more on protecting the location of data rather than the data itself. 

One executive from a manufacturing company talked about how difficult it is to manage all the systems to protect identity and data in so many places.  She has one set of rules for her DLP system that alerts when sensitive documents are shared outside the company.  She has another set of policies to govern CASB to manage cloud access.  And a third set of policies for partner access to data repositories.  But none of them really protect the data since once a user has access, they can do whatever they want with it.

Fasoo Presentation on True Zero Trust

On Wednesday, June 8, 2022, Anthony Juliano, CTO & General Partner of Landmark Ventures; John Herring, President & CEO of Fasoo, Inc.; and Ron Arden, Executive Vice President, CTO, and COO of Fasoo, Inc., presented “Fasoo: Build a True Zero-Trust Data Security Platform“.  John talked about the challenges we’ve had in the last few years as people moved to hybrid work and the threats to sensitive data keep growing.  Documents have a habit of multiplying and getting into all sorts of places without security that protects the data itself. 

Anthony focused on data security platforms (DSP) and Gartner’s research on the need to eliminate the patchwork of silo-specific controls that actually increase risk rather than minimize it.  Simpler policy enforcement and unified approaches will prevail as companies choose a DSP with high levels of flexibility that work throughout the entire data lifecycle.  This includes eliminating redundant, obsolete, and trivial (ROT) data to minimize the threat surface and simplify protection.

Fasoo zero-trust data security platform showcased at Gartner summit

Ron talked about the capabilities of a true zero-trust platform that enables universal control of data at rest, in transit, and especially in use, while continuously validating that a user should have access to that data every time they use it.  Rather than focusing on pieces of a solution, the Fasoo Data Security Platform helps organizations discover, classify, manage, protect, share, audit, monitor, and analyze sensitive data.  Since the fundamental principle is to protect first by encrypting and controlling the use of the data, it removes many of the concerns of protecting every location the data travels.

Gartner Presentations Reinforce Fasoo Approach

There were a lot of  Gartner Analyst presentations that focused on zero-trust, data security, and data security platforms.  One session highlighted that “60% of organizations will embrace Zero Trust as a starting point for security by 2025.” Many of the sessions directly reinforced Fasoo’s approach to zero-trust and below are some of the highlights:

 

Andrew Bales: Outlook for Data Security

  • Andrew addressed Gartner’s prediction that “By 2025, 30% of organizations will adopt a Data Security Platform (DSP), due to the pent-up demand for higher levels of data security and the rapid increase in product capabilities.” The presentation reviewed the evolution of data security capabilities and their convergence into a centralized platform.  Fasoo leads the industry in unstructured data product consolidation with its Zero Trust DSP.
  •  

Michael Hoeck: How to Secure Your Data Using Data Security Platforms

  • Michael identified a category of DSPs that are more narrowly focused on use-case driven needs, in particular for unstructured data, that do a better job than more broad-spectrum platforms.  Fasoo’s DSP specifically addresses unstructured data security and privacy use cases.
  •  

Neil McDonald: A Pragmatic Approach to Implementing a Zero Trust Security Architecture

  • Neil highlighted the importance of data encryption at rest and in transit in a zero-trust architecture. Fasoo extends this to control over data in use and is a critical element of evolving security service edge (SSE) architectures, which focus more on security capabilities and less on network connectivity and infrastructure.
  •  

Anthony Carpino: Technical Insights: Dark Data, Data Security’s Biggest Miss

  • Anthony reported that “Dark data could be between 52 to 90% of the data our business stores and know very little about its content including the risk that could be lurking within it.” He identified discovery, classification, auditing, and data protection as key features to shed light on dark data, all of which are core processes in Fasoo’s DSP.
  •  

Fasoo booth at GSRM 2022 showing data protectionDuring the course of the summit, a lot of attendees and analysts came to the Fasoo booth to understand how Fasoo’s Zero Trust Data Security can meet security and privacy regulations and protect sensitive data from both internal and external threats. 

One IT manager wanted an easy way to protect IP from going out the door when employees left the company and also needed to share sensitive information securely with customers.  He liked how the Fasoo Data Security Platform could help with both in one solution.

A number of visitors commented that Fasoo technology is very robust, balances security with usability, and integrates with an organization’s existing infrastructure.  A common strategy is to make the technology almost invisible to users unless they try to violate a security policy.  I remember one person saying, “I was a little skeptical during your presentation, but convinced once I saw it in action.” 

Fasoo shows unstructured data security at Gartner SRM 2018

This year at the Gartner Security & Risk Management Summit in National Harbor, MD there was a lot of focus on reducing business risk through improved cybersecurity that focuses on protecting data as users create and share it.  One area of concern to many organizations is how to find and protect sensitive data without impacting how employees and customers work.  Data protection regulations, like GDPR, are making things more complicated, but companies need to balance security with productivity.

At the Fasoo booth, a lot of people talked about issues with combining different technologies that still focus more on protecting the location of data rather than the data itself.  One executive from a manufacturing company talked about how her DLP system can tell them that sensitive documents were shared with external parties, but can’t really control their access or stop them from going out.  This is a common concern as companies use DLP, CASB and other technologies that can’t control access everywhere.

On Tuesday, June 5, 2018, John Herring, President & CEO of Fasoo, Inc. and Ron Arden, Executive Vice President and COO of Fasoo, Inc., presented “Unstructured Data Solutions Journey”.  John talked about the challenges of balancing data security and productivity and how many of the traditional approaches of securing the data perimeter haven’t met the hype.  By securing the data itself, you don’t need to worry about where it goes, since it’s always protected and tracked.  He presented how some of Fasoo’s customers have overcome the challenges with a holistic approach to discover, classify, protect and track sensitive manufacturing data and information subject to regulatory control using Fasoo Data Radar and Wrapsody.

Fasoo presentation on protecting unstructured data at GSRM 2018

Ron showed how in three quick steps with Wrapsody an organization can securely collaborate when creating a product quote while limiting access to specific people and making it easy to ensure they each have the latest version.  With a few clicks of a mouse a sales manager encrypted a spreadsheet, applied access control to it, provided an audit trail and automatically synchronized the latest version to a central location.  As the operations manager updates the quote and shares it with a customer, the process is easy for all parties to get the latest information and ensure the entire process is secure regardless of who has the document and where they open it.

During the course of the summit, a lot of attendees and analysts came to the Fasoo booth to understand the best ways to comply with new regulations and how to protect sensitive data from both internal and external threats.  Visitors were very impressed by how the Fasoo Data Security Framework can help them achieve those goals by discovering, encrypting and controlling their sensitive data.

Attendees at the session and at the booth were excited to see that Fasoo technology is very robust, balances security with usability and integrates with an organization’s existing infrastructure.  A common strategy is to make the technology almost invisible to users unless they try to violate a security policy.  I remember one person saying, “I was a little skeptical during your presentation, but convinced once I saw it in action.”

Ron Arden presenting on NYDFS compliance at RSS 2017Ron Arden, Executive Vice President & COO, Fasoo, Inc. spoke to security professionals and executives on how to meet the data-centric requirements of the NYDFS 23 NYCRR 500 cybersecurity regulations for financial services organizations at the 2017 Rochester Security Summit at the Rochester Hyatt in Rochester, NY.

Ron delivered a presentation entitled “Do You Have a Pathway to Data Security and Compliance?” as part of the risk and compliance track during the October 19 – 20, 2017 event.  With deadlines approaching for some of the more challenging components of the NYDFS cybersecurity regulations, timing was right as Ron reviewed results from the recent Ponemon Institute survey on NYDFS readiness and Fasoo’s approach to help meet the technical challenges of protecting unstructured data or data stored in files.  This is an area that most organizations are struggling with, since about 80 percent of their information is not in databases, but is in office documents.

Conversations during the presentation ran from concerns about meeting regulatory compliance to those trying to protect intellectual property from walking out the door.  One financial services company is in process of locating and classifying all files trying to decide what is sensitive and what is not.  Ron suggested thinking about all files as sensitive and encrypting them upon creation.  If you spend a lot of time determining what is and what is not sensitive, you may miss something and cause more problems.  If you need to remove the encryption to share with someone externally, it’s easier to make an exception for that rather than expecting users to decide on the sensitivity of a file.  That causes breakdowns in workflows and burdens users unnecessarily.  Plus you may not meet the NYDFS requirement to encrypt all nonpublic information.

Bill Blake, Senior Vice President of Fasoo, and Ron joined security partner Brite Computers in a booth during the vendor focused times during the 2-day event.  Brite and Fasoo have had great 
RSS 2017 after party
success over the years bringing security technology and a customer-focused approach to solving business problems to numerous customers in a variety of industries.  The initiatives helping customers become compliant with the NYDFS regulations is the just latest.

Brite also had an RSS after party on Thursday evening to meet with customers and partners in a more relaxed setting.  It was held in the newly renovated Center City Terrace & Lounge and allowed everyone to take advantage of the unseasonably warm weather.  It was great to get to meet a lot of Brite’s current customers and talk to them about how Fasoo can help them address many of their security and compliance issues.

The event this year showed the continuing need for data-centric security solutions as companies try to mitigate the risk of both external hackers and insider threats to their most sensitive data.  Complying with regulations is important, but the main goal of these regulations is to protect sensitive data from leaking or being stolen by unauthorized people.  Stopping this has become a main focus of many CISOs and boards.

Fasoo Moderates Panel on Cybersecurity and Your CompanyBill Blake, Senior Vice President and CCO (Chief Customer Officer) of Fasoo, moderated a panel discussion on Cybersecurity on September 13, 2017 at Harter Secrest & Emery LLP in Rochester, NY.  The event entitled Cyber Security & Your Company – What You Need to Know Now featured industry leaders and experts from The Bonadio Group, Fasoo, Lawley, and Harter Secrest & Emery LLP discuss how, when, and why to plan for a cyber attack.

The event was part of a continuing dialog with organizations on the needs for stricter cybersecurity controls in the wake of the ever growing threat of data breaches and threats to business operations.  Recent data breaches at Equifax, Verizon and others show that any organization is vulnerable to external attacks or insider threats.  Regulations and legislation, such as the New York NYDFS 23 NYCRR 500 cybersecurity regulations and GDPR in Europe, are causing businesses to improve their security posture to protect business and customer information.

Paul Greene, an attorney with Harter Secrest & Emery LLP, started the event with some opening remarks and Bill Blake got right into the discussion questions which hit on a number of cybersecurity topics, including how to prepare for a cyber attack, the role of insurance in your incident response plan and how the newest cybersecurity regulations and laws affect your business.

High on the list was a discussion of the recent Equifax data breach and how it affects businesses and consumers.  This lead to a discussion and questions about risk assessments and how they are critical to improving your cyber security posture.

Carl Cadregari, an Executive Vice President at The Bonadio Group, talked about the frequency of doing a risk assessment.  This is not something you can do once.  The threat landscape is constantly changing and the needs of your business are evolving, so you need to continually assess your risk and the best ways to mitigate it.  Carl said that finding your most sensitive data and encrypting it is one of the best ways to ensure you are protected.  If a hacker gets encrypted files, they won’t be able to use them.  In many cases this may not be considered a data breach, so you don’t need to report it.

While most of us think about technical solutions, legal ones are as important as well, since a cybersecurity event is not a breach until your attorney says it is.  Paul Greene mentioned “It’s important to involve counsel in your Risk Assessment process because it allows you to have a full and frank discussion about any shortcomings you may find, without worrying that those discussions can be used against you.  That’s the protection of the attorney-client privilege, it allows for that “oh [expletive]” moment when you discover something that may be really bad, without the worry that those communications will be used against you.”

Reggie Dejean, a Specialty Insurance Director from Lawley Insurance, talked about the crucial role of insurance in any cyber compliance program.  He said, “Cybersecurity insurance can help mitigate the financial loss that occurs when, not if, a data breach happens to a company. These policies can help cover some of the costs which include forensics, credit monitoring, notifying those affected, public relations and more. In today’s world, any size company is susceptible to a cyber breach, so cyber intrusion insurance can help reduce your risk and costs.”

Bill Blake brought up printing as a risk that many organizations don’t think about.  There tends to be a focus on digital assets, but if someone prints sensitive information, there is still the same liability when it comes to regulation and the law.  Numerous audience members asked if protection of sensitive data extends to paper files and the general consensus is that it does.  Preventing printing to minimize risk is clearly a good strategy when applicable, but masking sensitive data and applying visible watermarks are also good strategies to help eliminate sensitive data on paper and allow you to trace the information back to the person that printed it.

Another big discussion was around risk in the supply chain.  An audience member from a bank said they share a lot of information with Equifax and was wondering if the bank is liable because of the Equifax data breach.  Under the NYDFS 23 NYCRR 500 cybersecurity regulations an organization is responsible for the security of data it shares with its supply chain.  Whether the bank needs to inform authorities of a breach in its supply chain is unclear, but it is ultimately responsible for its data.  Third and fourth party protection will come from both technical and legal remedies.  You need air tight legal agreements to mitigate your risk, but encrypting and controlling your shared information is the best solution to supply chain risk.

The event finished with questions from attendees on the most challenging areas in their companies for compliance.  One bit of advice from the panel was to remember that companies should focus on protecting their sensitive information.  While many can get caught up in the minutiae of plans and reporting, it is imperative to focus on protecting the data which drives the business.

Fasoo helps customers comply with GDPR and NYDFS 23 NYCRR 500This year at the Gartner Security & Risk Management Summit in National Harbor, MD there was a lot of focus on managing and mitigating risk to a business and how to  improve cybersecurity through data-centric protection.  One area of concern to many organizations is how to comply with some of the newer cybersecurity and data protection regulations, like GDPR, as governments are trying to improve customer and business data security.

With all the recent malware, ransomware and data breaches, there was obviously a focus on how to prevent harm to one’s business.  As businesses move more into the realm of digital business, the concept of trust is becoming a larger issue.  If your customers do not trust you with their data, they will be less likely to do business with you.

On Tuesday June 12, 2017, John Herring, President & CEO of Fasoo, Inc., Dr. Larry Ponemon of the Ponemon Institute, and Ron Arden, Executive Vice President and COO of Fasoo, Inc., presented “Do You Have a Pathway to Data Security Compliance?”John talked about the challenges of complying with the new NYDFS 23 NYCRR 500 cybersecurity regulation that affects any business regulated under banking, insurance and financial services laws in New York.  This applies to organizations doing business in NY and also affects third party service providers of those organizations.

John Herring, Larry Ponemon and Ron Arden present at Gartner summitDr. Ponemon presented recent research from his study “Countdown to Compliance: Are financial services firms prepared for NYDFS 23 NYCRR 500?”.  Some of the key findings from the survey include:

  • 60 percent of respondents believe this regulation will be more difficult to implement than GLBA, HIPAA, PCI DSS and SOX
  • Over 50 percent do not have a formal cybersecurity program
  • 68 percent believe that the inability to know where high value data assets are located will pose a significant challenge

Ron discussed a six step plan to encrypt and control unstructured data or data in files that is a key component of meeting the NYDFS, GDPR and other data protection and privacy regulations.  The session had about 150 people in it and many of them asked specific questions about who is affected, how do you work with your service providers to ensure they are protecting your sensitive data, and how to really provide complete control of your information regardless of its location.

During the course of the summit, a lot of attendees and analysts came to the Fasoo booth to understand the best ways to comply with these new regulations and how to protect sensitive data from both internal and external threats.  Visitors were very impressed by how the Fasoo Data Security Framework can help them achieve those goals by discovering, encrypting and controlling their sensitive data.

One interesting presentation by John Girard and Brian Reed from Gartner focused on information-centric security practices and the best ways to protect your business information.  While Gartner and most of the security industry recommends a layered approach to security, when it comes to protecting information in files, John and Brian said that EDRM is the only solution that can really protect it.  This is an important recognition that in the game of information protection and thwarting malicious or inadvertent attempts to steal sensitive data, perimeter solutions cannot meet the requirements as well as EDRM.

Attendees at the session and at the booth were excited to see that Fasoo technology is very robust, balances security with usability and integrates with an organization’s existing infrastructure.  I remember one person saying, “I was a little skeptical during your presentation, but convinced once I saw it in action.”

Ron Arden Talks About NYDFS and Cybersecurity at FinCyberSec 2017Ron Arden, Executive Vice President and COO of Fasoo, Inc., presented Countdown to Compliance with NYDFS 23 NYCRR 500 during FinCyberSec 2017 at the Stevens Institute of Technology in Hoboken, NJ on May 31, 2017.  Ron was part of a day long event that focused on technical, regulatory, process and human dimensions of cyber threats faced by financial systems and markets.

Dr. Paul Rohmeyer, who organized the conference, started the day with opening remarks that set the stage for how the world of business and cybersecurity has changed in the last year.  With constant attacks, like the WannaCry ransomware attack and the ever changing business and technology landscape, financial services companies have a lot to address as they look to safely promote new business models.

Dinesh Kumar, CTO from Mitovia, started the presentations by discussing security effectiveness.  Collectively companies spend upwards of $100 billion annually on cybersecurity, yet data breaches are a daily occurrence.  Dinesh focused on using a business model to determine outcomes of cybersecurity rather than focusing on tasks or events.  If you ask a typical cybersecurity professional what she or he does, they might tell you they monitor something or try to prevent something.  If you ask a sales person, they will say I increased revenue by xx dollars or I brought in five new customers.  They don’t tell you they made 20 phone calls or had eight lunches to get the outcomes.  Understanding that cybersecurity is a means to a business outcome helps focus resources and activities.

Fasoo sponsors FinCyberSec 2017Ron Arden was up next and focused on the new NYDFS 23 NYCRR 500 cybersecurity regulations for financial services companies doing business in NY.  Ron cited numerous statistics from the recent Ponemon survey on “Countdown to Compliance” that showed many organizations are not ready for the regulations and will need help to meet the compliance deadlines.  A big focus of the presentation talked about understanding that the purpose of the regulation is to protect financial businesses and their customers.  Ron advised the audience to not get caught up in the minutiae of the technical and governance details without focusing on the real point which is to protect nonpublic information from unauthorized access.  There were numerous audience questions about third-party service provider security readiness and how financial organizations can ensure they are covered.  It will take a combination of legal, process and technology solutions to address this.  Ron spoke about Fasoo’s six step plan to address the data-centric security and encryption requirements in the regulation which address the main information protection points of the regulation for both the covered entity and it’s service providers.

Michael Frank, President of Secure Business Strategies, finished out the morning presentations by comparing our brave new world and its cybersecurity practitioners to an Eagle Scout and how we need to think differently.  He cited the scout motto and oath and how with a few changes to wording they are very relevant to our cybersecurity fight.  Key to Michael’s presentation was that cybersecurity equals business today.  New business models from Quicken Loans, Amazon and many others are turning financial services on its head.  Key to their success is the notion of trust, which is reliant on providing a secure, end-to-end business process.  We as consumers of goods and services need to trust these providers to keep our information secure as we do business.  Without it, these businesses will fail.

The afternoon continued with numerous technical presentations and ended with a great panel discussion with a CISO and two technical practitioners.  Discussions went back to some of the morning’s topics on security effectiveness and business outcomes.  The often cited Target data breach emerged as an area to discuss that compliant does not mean secure.  Focusing on business effectiveness allows an organization to understand and prioritize its investments in security policy, process and technology.  While a cybersecurity strategy should support the business strategy, it’s amazing how many companies do not do this.

This conference was a very successful event and I expect it will continue as more emphasis is placed on practical approaches to increasing security in the financial industry.

Panel at PwC discussing NYDFS 23 NYCRR 500 Cybersecurity RegulationThe third in a series of NYDFS 23 NYCRR 500 roadshow events at PwC in New York, NY on May 18, 2017, was a great success as a room full of executives, legal, IT and security professionals discussed ways to help financial services organizations meet the new cybersecurity regulations that went into effect on March 1, 2017.  Pathway to compliance with NYDFS Part 500 was part of a continuing series of forums to assist entities regulated by the New York Division of Financial Services (NYDFS) comply with a strict and wide-ranging regulation.

The event started with Joe Nocera, PwC principal and Cybersecurity Financial Services Industry Leader, giving an overview of 23 N.Y.C.R.R. Part 500 and many of the implications this has for financial institutions doing business in New York.  Joe talked about some anticipated challenges to meet encryption of nonpublic information, multi-factor authentication, incident reporting and annual certification.  While technologies and processes to meet these requirements are not new, there are a lot of questions about how to do it.  For example, is using end-point encryption good enough to protect data at rest and in transit?  What happens when you email a file with nonpublic information from your PC to someone else?  The file is no longer encrypted, so you are vulnerable.

Dr. Larry Ponemon of the Ponemon Institute followed with a review of his latest survey, “Countdown to Compliance: Is the Financial Services Industry Ready for New York State’s Cybersecurity Regulations?”.  Sponsored by Fasoo, this survey helped understand the current state of readiness to comply with the new regulations.  One key finding from the survey is that while most organizations believe this regulation will be harder to implement than GLBA, HIPAA or SOX, 65 percent believe it will improve their cybersecurity posture.

Dr. Ponemon’s keynote was followed by a panel discussion on Pathway to DFS Compliance.  Panel members included Dr. Ponemon, John Horn from Harter Secrest, and Ron Arden from Fasoo.  Some of the items discussed by the panel included eliminating information you no longer need, automatically protecting information downloaded from databases and information repositories and the best way to ensure you have a legally defensible environment when the auditors come calling.  Another major discussion point was around third party service provider security policies.  NYDFS gives covered entities two years to comply, since they realize this will be a major challenge.  If you need to meet these requirements, why wouldn’t you make your service providers meet the same requirements?

The panel was followed by three presentations from security vendors Fasoo, ForgeRock, and Securonix that highlighted technologies that can help financial companies become compliant with the new regulation.  Fasoo focused on its 6 Steps to Compliance that features finding and protecting nonpublic information through encryption, audit trails, access control and secure disposal of information no longer needed by the business.  ForgeRock focused on its identity and access management platform that helps meet the requirements for access control, auditing and multi-factor authentication.  Securonix focused on its behavioral analytics platform that can help understand and mitigate the risk of cybersecurity events.

Lunch followed and allowed attendees to discuss their challenges with the speakers and panel members.  The feedback was that a lot of great information was shared and helped give executives and practitioners good ammunition to move their cybersecurity programs forward.

Practical Advice At Buffalo NYDFS 23 NYCRR 500 Pathways to Compliance EventFollowing our successful event in Rochester, the second of the NYDFS 23 NYCRR 500 roadshow events at Phillips Lytle LLP in Buffalo, NY on May 17, 2017 brought together executives, insurance, legal, and security professionals in a great forum to discuss challenges for financial services organizations to meet the new cybersecurity regulations that went into effect on March 1, 2017.  A full house heard some practical advice designed to assist entities regulated by the New York Division of Financial Services (NYDFS) comply with the new regulations.

Jennifer Beckage of Phillips Lytle LLP started with her “Survival Guide to Navigating the NYDFS Cybersecurity Regulation”.  Jennifer talked about the challenges covered entities face not only developing their own cybersecurity programs, but how those spill over to their service providers.  Developing, implementing and monitoring vendor management programs will affect contracts, day-to-day operations and the technology used to secure and control information shared.

Dr. Larry Ponemon of the Ponemon Institute followed with a review of his latest survey, “Countdown to Compliance: Is the Financial Services Industry Ready for New York State’s Cybersecurity Regulations?”.  Sponsored by Fasoo, this survey gave great insight into the readiness of financial services organizations to comply with the new regulations.  One key statistic from the survey that picked up on Jennifer’s discussion on third party liability is that only about half the organizations think they can meet the two-year transitional period to implement a third-party services provider security policy.  One member of the audience mentioned that they may have to switch some service providers who can’t meet the requirements.  The discussion also talked about fourth-party service providers, since you as a covered entity can’t know who your service providers use for their business.  This gets complicated very quickly.

Dr. Ponemon’s keynote was followed by a panel discussion moderated by Kevin Cox from Brite Computers on meeting governance and security aspects of the regulation.  The panel included Dr. Ponemon, Jennifer Beckage, Dave Hansen from Freed Maxick, Reggie Dejean from Lawley Insurance, and Ron Arden from Fasoo.  Based on a number of questions from the audience, the panel had a lively discussion on incident response.  A key item is to engage your legal and insurance providers immediately if you suspect a negative cyber event.  How you characterize an event and your response to it is not only a technical and process issue, but a legal one too.  An event is not considered an incident until an attorney says so.

One key discussion was on data retention and protection.  Since the regulation talks about encrypting and limiting access to all nonpublic data, one way to minimize risk is to delete information that is no longer needed by the business.  If you don’t have it, you don’t need to protect it.  This not only helps with general security hygiene, but also helps satisfy other regulations, since eliminating unneeded information reduces a company’s general liability.  As in the earlier discussions, this lends itself to protection and revoking access to nonpublic information you share with your service providers.

Fasoo wants to thank all the Buffalo NYDFS 23 NYCRR 500 roadshow sponsors for all their support.  It was a great event and everyone said that got a lot of great information that will help them as they strive toward meeting the first deadline of August 28, 2017.

Ponemon Institute
Brite Computers
Lawley Insurance
Phillips Lytle LLP
Freed Maxick

Rochester NYDFS Pathways to Compliance Event a Big SuccessThe first of the NYDFS 23 NYCRR 500 roadshow events in Rochester, NY on May 16, 2017 was a great success as numerous people from local financial services companies participated in a great forum to help organizations understand how to meet the new cybersecurity regulations that went into effect on March 1, 2017.

The event was held at Harter Secrest & Emery LLP in Rochester and started what will be a continuing series of forums to assist entities regulated by the New York Division of Financial Services (NYDFS) comply with a strict and wide-ranging group of regulations.

The event started with an “Overview of 23 N.Y.C.R.R. Part 500 and Key Legal Challenges” by F. Paul Greene of Harter Secrest & Emery LLP.  Paul focused on many of the legal issues around compliance, including what is a covered entity.  Any organization regulated under the Banking, Insurance or Financial Services law is subject to this regulation.  This includes foreign and out of state businesses that operate in New York and most likely applies to the whole organization, unless the organization has a segregated IT infrastructure.

Dr. Larry Ponemon of the Ponemon Institute followed with a review of his latest survey, “Countdown to Compliance: Is the Financial Services Industry Ready for New York State’s Cybersecurity Regulations?”.  Sponsored by Fasoo, this survey helped understand the current posture of readiness to comply with the new regulations.  Some of the more interesting results are that most organizations do not believe they can meet the timelines for compliance, over 70 percent think a lack of knowledgeable personnel will hamper their efforts and most are very concerned about how to implement effective security policies for third party service providers.

Dr. Ponemon’s keynote was followed by a Panel Discussion – Pathway to Compliance – that was moderated by Kevin Cox from Brite Computers.  Panel members included Dr. Ponemon, Paul Greene, Reg Harnish from GreyCastle Security, Reggie Dejean from Lawley Insurance, and Ron Arden from Fasoo.  There was a lot of discussion around doing a risk assessment and understanding what nonpublic information assets you have and where they are.  This lead to insurance questions and how best to mitigate risk related to business continuity following a data breach.  While insurance is critical to recovery from loss, it is not a substitute for a good cybersecurity program.

The event finished with questions from attendees on the most challenging areas in their companies for compliance.  One bit of advice from the panel was to remember that the regulation is intended to protect companies and their customers by protecting sensitive information.  While many can get caught up in the minutiae of plans and reporting, it is imperative to focus on protecting the data which drives the business.  That is the focus needed to improve the cybersecurity posture at each covered entity.

Fasoo wants to thank all the Rochester NYDFS 23 NYCRR 500 roadshow sponsors for all their support in making it an outstanding event.

Ponemon Institute
Harter Secrest & Emery, LLP
Brite Computers
GreyCastle Security
Lawley Insurance

Fasoo Sponsors NYDFS 23 NYCRR 500 RoadshowOn March 1, 2017 new sweeping cybersecurity regulations from the New York State Department of Financial Services (NYDFS) took effect.  The NYDFS 23 NYCRR 500 regulations affect thousands of regulated financial institutions that do business in New York as well as thousands of Third Party Service Providers that support those financial institutions, world-wide.  The regulations add to the complexity that financial institutions already face in developing and implementing their comprehensive information security programs.  They also bring with them challenges and uncertainty as organizations implement new tools and practices designed to protect customer and company information.

In response to this sea-change, Fasoo is sponsoring a roadshow across three major markets in New York (Rochester, Buffalo and NY city) to help affected organizations comply with the new regulations.  The highlight of the roadshow will be a keynote by Dr. Larry Ponemon of the Ponemon Institute reviewing a study sponsored by Fasoo to gauge industry readiness and reaction to the new regulations.

The roadshow brings together experts in cybersecurity, insurance, law, corporate governance, risk management and compliance to help audience members prepare for implementing and managing these new regulations that will surely expand to other states and industries.

If you are in one of these cities during the week of May 15, 2017, please join Fasoo and its partners (see below) for one of these exclusive events.

Rochester, NY – May 16, 2017  8:00 AM – 10:00 AM
Harter Secrest & Emery LLP, 13th Floor
1600 Bausch & Lomb Place
Rochester, New York 14604
To learn more and register, please click here.

Buffalo, NY – May 17, 2017  8:00 AM – 10:00 AM
Phillips Lytle LLP
One Canalside
125 Main Street
Buffalo, NY, 14203
To learn more and register, please click here.

New York, NY – May 19, 2017 8:00 AM – 2:00 pM
PwC
300 Madison Avenue
New York, NY 10017
To learn more and register, please click here.

NYDFS 23 NYCRR 500 roadshow sponsors
Ponemon Institute
Harter Secrest & Emery, LLP
Brite Computers
GreyCastle Security
Lawley Insurance
Phillips Lytle LLP
Freed Maxick
PwC
ForgeRock
Securonix

Click here to see the Countdown to Compliance, Fasoo Sponsored Ponemon Institute Survey of NYDFS 23 NYCRR 500Fasoo sponsored a Ponemon Institute survey to determine the readiness of financial firms doing business in New York State to comply with the new cybersecurity regulation NYDFS 23 NYCRR 500 that went into effect on March 1, 2017.  The regulation includes deadlines to implement procedures and solutions to achieve compliance with the new standards.  Since New York is one of the world’s financial capitals, the state wants to ensure that organizations that operate under the banking, insurance or financial services regulations provide a secure information sharing environment to protect companies and their customers.

“The survey is aptly titled “Countdown to Compliance,” said Dr. Larry Ponemon.  “Our goal is to provide insight into the challenges these organizations face in complying with the demanding new requirements which apply to all ‘nonpublic information’ – at rest, in-transit and shared with third parties.  The survey will provide insight into their efforts to comply over the next 180 to 365 days.”

Many organizations may not realize they are covered under these regulations, but if you just go to the NY Department of Financial Services website, you can search for your business.  If you are a financial institution,

insurance company, insurance licensee or service contract provider, you are most likely covered.  This also includes foreign banks that are New York State-chartered or licensed.

This is the second Ponemon Institute survey sponsored by Fasoo during the past year. The previous research, titled “Risky Business: How Company Insiders Put High Value Information at Risk” polled IT security practitioners on risks of data breaches by trusted insiders.  The information in that survey is still very relevant to financial services firms and any business today.

“Both of these Ponemon surveys build market awareness and inform CIO/CISO and Compliance Officer leadership as to the need and now the mandatory New York State requirements for data-centric security, audit, and compliance solutions,” said John Herring, CEO of Fasoo, Inc.  “We are joining with leading Legal, GRC and Insurance cybersecurity professionals to sponsor several events across New York State to highlight strategies and enterprise ready data-centric solutions to address regulatory compliance.”

If want to get an early release copy of the “Countdown to Compliance” survey and keep apprised of Fasoo sponsored NYDFS events, please register here.

 

Photo credit thenails

Fasoo Hits Nerve with Message of Security, Governance and Productivity at RSA 2017After two days at the 2017 RSA Conference in San Francisco, it looks like Fasoo’s message of Security, Governance and Productivity is hitting a nerve with security professionals, analysts, executives and other attendees.  As the regulatory and business climate change to overcome constant threats to businesses and the data they use to drive profitability, companies are looking for a more comprehensive and practical approach to providing secure ways to conduct business.

An interesting theme at this year’s show is Business Driven Security.  I think the convergence of business and security is finally coming to a head as boards and executives realize they must think of security solutions as a business driver that helps mitigate business risk so they can propel their businesses forward.

One main focus this year is helping financial organizations comply with the New York State Department of Financial Services (NYS DFS) cybersecurity regulations.  Fasoo employees spoke to numerous banks and mortgage companies at the booth that are affected by this new regulation to encrypt nonpublic data and provide clear access control and audit trails.  The Fasoo Data Security Framework can help protect sensitive data from getting into the wrong hands and help meet this comprehensive regulation.

Other attendees were very interested in providing a more secure way of collaborating with documents.  It’s clear that organizations need to secure their data and protect against cyber attacks, but if employees and partners aren’t productive, business comes to a halt.  Productivity drives innovation and Wrapsody is a great way to let people share ideas securely as they drive their businesses.

Of course what would RSA be without some fun?  Our hourly presentations are very lively and attendees are entered into a drawing for an Amazon Echo.  We gave one away on Tuesday and will at the end of each day.  Aside from the prize, a lot of people were very interested in how Fasoo can really protect sensitive information from getting outside their companies and either cause them to go afoul of regulators or hurt their bottom line.  Encrypting and always controlling information is the best way to meet regukatory requirements and protect your intellectual property.

If you haven’t already, stop by booth S1239 on the show floor to see how we can help your business.

Categories
Book a meeting