Blog Entries from 03/2011
In our last post we provided a list of noteworthy iPad and iPhone apps for business and entertainment. As a follow up to that, in this article we’ll provide some food for thought around the security considerations and challenges that come with the wonderful world of mobile applications.
Mobile applications are often providing direct and automated access to cloud services and data, such as Microsoft Exchange. BlackBerry is one of the most common devices accessing corporate email accounts but newer applications are requesting more and more access to corporate data. For example at hedge funds and investment firms, trading applications on mobile devices present new security challenges and introduce a firm’s in-house trading system to a new range of threats.
With the mass adoption of Apple’s iPhone and iPad devices well underway, many business users are seeking new ways to employ these technologies to improve the ease and efficiency of their daily tasks. With over 350,000 apps now available through the Apple App Store, wading through these options can become a daunting process.
To help you get started, we have compiled a list of popular apps that are used by investment industry professionals:
Categorized under: Trends We're Seeing
An often overlooked, but critical component of disaster recovery (DR) solutions is testing. In his recent interview with HFMWeek, Bob Guilbert touched upon the topic of DR testing. In the discussion, Bob noted that “the best approach that funds can take to ensure an effective disaster recovery system is to test them periodically.” Lisa Smith, a Certified Business Continuity Planner here at Eze Castle, also echoes this advice in her conversations regarding inclement weather business continuity planning.
If regular testing is a critical component of an effective DR solution, why do many firms fail to do so? In working on the Eze Disaster Recovery team for several years, I have heard a variety of reasons from clients as to why this is the case. The most common reasons include:
a lack of time to commit to DR testing;
a lack of understanding as to how to go about testing their solutions;
and a belief that testing could hinder normal business operations, and is therefore too risky for the firm.
More and more is being discussed about the security of cloud services particularly as investment management firms are drawn to the benefits these services have to offer (i.e. efficiency, scalability and cost savings). At the heart of cloud security is an architectural approach called multi-tenancy that allows for the sharing of one or more infrastructures, databases or applications across many customers.
For Infrastructure as a Service offerings, multi-tenancy means customers can control processing power, networking components, the operating system, storage and deployed applications, but do not control the underlying physical infrastructure. In the Software as a Service model, customers share all or part of an application but do not control the underlying platform or infrastructure. These two approaches can deliver security on-par with in-house services but they also introduce new challenges for IT around data management and security – particularly from an end-user perspective.
When an application is licensed and resides in-house only IT can have complete control over user access and data security. However, as companies gravitate towards SaaS products, such as Saleforce.com, IT no longer has control over the application making it difficult to control user access and protect the data. In many cases, these applications are controlled at the business unit level rather than centrally by IT which adds a new level of complexity for security and policy management.
During a lively technology talk last week with a group of hedge fund CTOs and IT Managers, the topic of social media monitoring came up. Several group members expressed concern over whether they should be tracking (and potentially limiting) their employees’ activity on social media sites.
Whether you are a small start-up or an established firm with hundreds of users, you should take the time to consider what your company’s position is on social media and the extent to which you want to regulate or restrict employee activity.
Not sure how to determine what kind of social media policy, if any, to implement? Ask yourself these questions:
Many Project Managers will typically describe their work as part art, part science, and part major headache. Balancing all of the elements of a complex project is an act that takes time to learn, especially in a fast-paced, highly demanding industry. The list below highlights a few of the most common challenges Project Managers face during their day-to-day lives.
1. Making unrealistic deadlines realistic.
Some would argue that most projects have "schedule slippage" as a standard feature rather than an anomaly. The challenge of many managers becomes finding alternate approaches to the tasks and schedules in order to complete a project "on time" or to get approval for slipping dates.
According to a recently released study by ComScore, Apple’s smartphone (i.e. iPhone) has a 25% share of the smartphone subscriber market, and the smartphone market as a whole continues to grow. Apple’s other mobile hit, the iPad, is expected to “dominate the tablet market” according to research firm IDC.
The mass adoption of Apple’s “iDevices” means firms need to determine how to provide business users access to common applications, such as Microsoft Exchange, via the iPhone and iPad. While not all businesses are blessing the iPhone or iPad for business use, increasingly these devices are being accepted and integrated into corporate computing policies.
There are multiple ways that an Apple iPhone or iPad can reach an Exchange server. Some of the most common are:
Internet Security & Acceleration (ISA) & Threat Management Gateway (TMG) Server: This is a type of Microsoft software firewall that runs on its own server and allows traffic from authorized devices, such as iPhones and iPads, to the Exchange server.
Front-end Exchange Server: This is an Exchange server that is open to the Internet.
As the Director of Project & Technology Management at Eze Castle Integration, I am often asked, “What exactly is Project Management?”
The Project Management Institute (PMI), the world’s leading non-profit association of Project Management professionals, defines the term in the 4th edition of its guide, Project Management Body of Knowledge (PMBOK). According to this document, Project Management is “the application of knowledge, skills, tools and techniques to project activities to meet the project requirements.”
The term Project Management is vague in itself. Personally speaking, when people ask me what I do, the question always leaves me reaching for an image or phrase that never comes quite in time for me to answer with any cohesiveness. Sometimes, to get a clearer definition of what something is, it is best to start by defining what it is not.
At 800+ pages, the Dodd-Frank Wall Street Reform and Consumer Protection Act is far reaching and requires a serious time-commitment to comb through. Our hedge fund and private equity clients regularly ask us about the technology requirements outlined in the regulation and the implications on an investment firm's IT practices. This article aims to answer those questions.
Below is an excerpt from the Dodd-Frank Act on the System Safeguards and Record keeping requirements. What you’ll see is that best practice guidance is that registered hedge funds and private equity firms will need disaster recovery, data protection, security and archiving systems in place.
SYSTEM SAFEGUARDS: “Establish and maintain a program of risk analysis and oversight to identify and minimize sources of operational risk, through the development of appropriate controls and procedures, and automated systems, that—
(i) are reliable and secure; and
(ii) have adequate scalable capacity;
An Infovest 21 survey on the fund of hedge funds industry “found that over the past year, funds of funds’ most frequent change, as cited by 41% of those surveyed, was adding more nimble managers to their underlying portfolios. Another 38% said they became more liquid/provided more liquidity.”
Times they are a-changin’ (channeling Bob Dylan) for fund of hedge funds as they look to add value to investors and differentiate their funds from the competition. This evolution also adds new levels of complexity, particularly as fund of funds move towards investments in small to medium sized hedge fund managers. Investments in smaller hedge fund managers offer the prospect of higher returns and portfolio differentiation, but in some cases also require more due diligence and monitoring.
New fund of fund portfolio management software tools are emerging to provide a unified view of portfolio holdings and allow for smarter decision making. One such product is from Ledgex Systems.