Executive Briefings

Simple Encryption Not Enough to Comply With New Cybersecurity Regulations

The New York Department of Financial Services and Governor Andrew Cuomo have announced a series of new rules strengthening cybersecurity requirements for financial firms in the state of New York - the latest in a series of announcements aimed at protecting clients, consumers and financial entities from the ever-growing threat of cyber-attacks.

Simple Encryption Not Enough to Comply With New Cybersecurity Regulations

These mandates expand the categories of data to be encrypted (the current draft calls for the "encryption of all nonpublic information held or transmitted"), and they tie to access control, acceptable usage policy and data retention. Basic encryption may no longer be enough to comply with the New York DFS regulations.

In his remarks on the proposal, Cuomo said, “New York, the financial capital of the world, is leading the nation in taking decisive action to protect consumers and our financial system from … state-sponsored organizations, global terrorist networks, and other criminal enterprises.”

When the requirement for encryption and data-loss protection spans not just records and managed systems, but anywhere data can travel, traditional means of encryption and monitoring may not scale.

Read Full Article

These mandates expand the categories of data to be encrypted (the current draft calls for the "encryption of all nonpublic information held or transmitted"), and they tie to access control, acceptable usage policy and data retention. Basic encryption may no longer be enough to comply with the New York DFS regulations.

In his remarks on the proposal, Cuomo said, “New York, the financial capital of the world, is leading the nation in taking decisive action to protect consumers and our financial system from … state-sponsored organizations, global terrorist networks, and other criminal enterprises.”

When the requirement for encryption and data-loss protection spans not just records and managed systems, but anywhere data can travel, traditional means of encryption and monitoring may not scale.

Read Full Article

Simple Encryption Not Enough to Comply With New Cybersecurity Regulations