Wing Security's SaaS security automation to meet New York financial regulations

Wing Security, the pioneer in SaaS Security, announced that its SaaS security product is specifically designed to help financial firms and covered entities comply with the stringent NY-DFS regulations that mandate robust cybersecurity measures for SaaS applications in New York State.

24/7 protection framework

Wing Security’s product offers a 24/7 protection framework for SaaS applications, enabling easy deployment and requiring less than two hours of labour weekly.

This efficiency enables organisations to continuously meet the risk mitigations and requirements for SaaS/third-party usage specified by the New York Department of Financial Services (NY-DFS) new regulation, saving hundreds of hours of labour and ensuring the highest security standards for their SaaS supply chain's usage.

NY-DFS revised regulations

Supply chain attacks are one of the key reasons for the amendments in the department’s instructional materials

In November 2023, the NY-DFS revised its regulations to mandate more robust controls against cyberattacks, targeting the protection of sensitive services.

In a recent training video, Harriet Pearsons, Executive Deputy Superintendent and Cybersecurity Division Head at NY-DFS highlighted supply chain attacks as one of the key reasons for these amendments in the department’s instructional materials.

Improved SaaS protection

NY-DFS recommendations align with Wing Security's State of SaaS Security Report 2024, which revealed that nearly all companies use SaaS suppliers, with 97% of these businesses using at least one SaaS supplier experiencing a security event over the last 12 months.

Aligned with NY-DFS recommendations, the report underscores the urgency for improved SaaS protection against nation-state actors and other high-level threats, noting the commonplace adoption of more than 300,000 SaaS applications without adequate security measures by organisations.

SaaS security best practices

"Wing Security aims to assist businesses, particularly those with understaffed security teams, in elevating their SaaS supply chain security to match the exemplary practices endorsed by New York State," said Galit Lubetzky Sharon, CEO of Wing Security.

Galit Lubetzky Sharon adds, “Private sector businesses and public sector regulators have a joint responsibility to safeguard our critical infrastructure and economy through SaaS security best practices.”

Risk and compliance assessments

Wing Security solution ensures that CISOs are automatically implementing security policies

Wing Security's SaaS security product suite fulfills crucial requirements by automatically identifying SaaS applications used by covered entities and their employees, conducting risk and compliance assessments of suppliers, evaluating data shared via SaaS, and determining if third parties are using non-public entity data to train their AI systems.

The Wing Security solution ensures that chief information security officers (CISOs) are automatically implementing security policies based on risk assessments, verifying necessary user access to SaaS applications, and monitoring for sensitive data leakage.

SaaS reporting

Additionally, Wing Security facilitates compliance with the obligation to promptly notify CISOs of breaches and security incidents affecting their SaaS supply chains.

Wing Security’s new SaaS reporting, based on the MITRE common weakness scoring system (CWSS) risk scoring, provides auditable evidence to support the ongoing risk management of these complex supply chains.

TPRM assessments

Wing Security serves businesses of all sizes, including large, mid-market, and exempt small businesses, offering product tiers that match their risk levels and budgetary constraints.

Exempt customers can begin with Wing Security's Free Risk Discovery Tool for Third-Party Risk Management (TPRM) assessments connected to their primary SaaS platforms.