Ron Arden, Executive Vice President & COO, Fasoo, Inc. spoke to security professionals and executives on how to meet the data-centric requirements of the NYDFS 23 NYCRR 500 cybersecurity regulations for financial services organizations at the 2017 Rochester Security Summit at the Rochester Hyatt in Rochester, NY.
Ron delivered a presentation entitled “Do You Have a Pathway to Data Security and Compliance?” as part of the risk and compliance track during the October 19 – 20, 2017 event. With deadlines approaching for some of the more challenging components of the NYDFS cybersecurity regulations, timing was right as Ron reviewed results from the recent Ponemon Institute survey on NYDFS readiness and Fasoo’s approach to help meet the technical challenges of protecting unstructured data or data stored in files. This is an area that most organizations are struggling with, since about 80 percent of their information is not in databases, but is in office documents.
Conversations during the presentation ran from concerns about meeting regulatory compliance to those trying to protect intellectual property from walking out the door. One financial services company is in process of locating and classifying all files trying to decide what is sensitive and what is not. Ron suggested thinking about all files as sensitive and encrypting them upon creation. If you spend a lot of time determining what is and what is not sensitive, you may miss something and cause more problems. If you need to remove the encryption to share with someone externally, it’s easier to make an exception for that rather than expecting users to decide on the sensitivity of a file. That causes breakdowns in workflows and burdens users unnecessarily. Plus you may not meet the NYDFS requirement to encrypt all nonpublic information.
Bill Blake, Senior Vice President of Fasoo, and Ron joined security partner Brite Computers in a booth during the vendor focused times during the 2-day event. Brite and Fasoo have had great
success over the years bringing security technology and a customer-focused approach to solving business problems to numerous customers in a variety of industries. The initiatives helping customers become compliant with the NYDFS regulations is the just latest.
Brite also had an RSS after party on Thursday evening to meet with customers and partners in a more relaxed setting. It was held in the newly renovated Center City Terrace & Lounge and allowed everyone to take advantage of the unseasonably warm weather. It was great to get to meet a lot of Brite’s current customers and talk to them about how Fasoo can help them address many of their security and compliance issues.
The event this year showed the continuing need for data-centric security solutions as companies try to mitigate the risk of both external hackers and insider threats to their most sensitive data. Complying with regulations is important, but the main goal of these regulations is to protect sensitive data from leaking or being stolen by unauthorized people. Stopping this has become a main focus of many CISOs and boards.
