Wing Security’s SaaS Security Automation to meet New York financial regulations

April 23, 2024
This efficiency enables organizations to continuously meet the risk mitigations and requirements for SaaS/third-party usage.

San Jose, Calif., April 23, 2024 – Wing Security, a leader in SaaS Security, today announced that its SaaS security product is specifically designed to help financial firms and covered entities comply with the stringent NY-DFS regulations that mandate robust cybersecurity measures for SaaS applications in New York State.

Wing Security’s product offers a 24/7 protection framework for SaaS applications, enabling easy deployment and requiring less than two hours of labor weekly. This efficiency enables organizations to continuously meet the risk mitigations and requirements for SaaS/third-party usage specified by the New York Department of Financial Services (NY-DFS) new regulation, saving hundreds of hours of labor and ensuring the highest security standards for their SaaS supply chain's usage.

In November 2023, the NY-DFS revised its regulations to mandate more robust controls against cyberattacks, targeting the protection of sensitive services. In a recent training video, Harriet Pearsons, Executive Deputy Superintendent and Cybersecurity Division Head at NY-DFS, highlighted supply chain attacks as one of the key reasons for these amendments in the department’s instructional materials.

NY-DFS recommendations align with Wing Security's State of SaaS Security Report 2024, which revealed that nearly all companies use SaaS suppliers, with 97% of these businesses using at least one SaaS supplier experiencing a security event over the last 12 months.

Aligned with NY-DFS recommendations, the report underscores the urgency for improved SaaS protection against nation state actors and other high-level threats, noting the commonplace adoption of more than 300,000 SaaS applications without adequate security measures by organizations.

"Wing Security aims to assist businesses, particularly those with understaffed security teams, in elevating their SaaS supply chain security to match the exemplary practices endorsed by New York State," said Galit Lubetzky Sharon, CEO of Wing Security. “Private sector businesses and public sector regulators have a joint responsibility to safeguard our critical infrastructure and economy through SaaS security best practices.”

Wing Security's SaaS security product suite fulfills crucial requirements by automatically identifying SaaS applications used by covered entities and their employees, conducting risk and compliance assessments of suppliers, evaluating data shared via SaaS, and determining if third parties are using non-public entity data to train their AI systems.

The Wing Security solution ensures that chief information security officers (CISOs) are automatically implementing security policies based on risk assessments, verifying necessary user access to SaaS applications, and monitoring for sensitive data leakage.

Additionally, Wing Security facilitates compliance with the obligation to promptly notify CISOs of breaches and security incidents affecting their SaaS supply chains. Wing Security’s new SaaS reporting, based on the MITRE common weakness scoring system (CWSS) risk scoring, provides auditable evidence to support the ongoing risk management of these complex supply chains.

Wing Security serves businesses of all sizes, including large, mid-market, and exempt small businesses, offering product tiers that match their risk levels and budgetary constraints. Exempt customers can begin with Wing Security's Free Risk Discovery Tool for Third-Party Risk Management (TPRM) assessments connected to their primary SaaS platforms. For more information about Wing Security's SaaS product tiers, visit