Blog Entries from 02/2013
It's hard to believe it, but we have officially reached the 300th post here on the Hedge IT blog!
To commemorate this special occasion, we're bringing back the Hedge IT blog awards honoring the best articles, topics and trends from the past year as a way of saying "thanks" to all of our loyal readers. We look forward to continuing this tradition of sharing valuable, thought provoking content with you again this year. Here's to the next 100 posts!
Today we released our Best Practices for Managing IT Security Risks: A Hedge Fund Manager’s Guide, which we developed with eSentire. Following is a sneak peek of the guidance included in the 10-page guidebook. Assuming we have whet your appetite, you can download the entire guidebook here or attend our upcoming webinar on the topic (register here).
Managing Security Threats Facing Hedge Funds
Most successful cybersecurity attacks in today’s environment occur via three different methods: malware via email, malware via a website download (drive-by download or man-in-the-middle) and transfer via USB. In most cases, an employee will download an unsuspecting virus or open an unsuspecting email, triggering a malware attack that could open the door for further intrusion. Alternatively, a trend becoming more common is the threat of employees transferring information onto USB drives (whether knowingly or unknowingly), resulting in an internal security breach. Externally –and regardless of the intrusion method – attacks typically follow a similar path from start to finish. Global security firm Lockheed Martin has identified steps to what they call the “cyber kill chain.”
Reconnaissance: Collecting information and learning about the internal structure of the host organization
Weaponization: How the attacker packages the threat for delivery
Delivery: The actual delivery of the threat (via email, web, USB, etc.)
Exploitation: Once the host is compromised, the attacker can take advantage and conduct further attacks
Installation: Installing the actual malware, for example
Command & Control: Setting up controls so the attacker can have future access to the host’s network
Actions or Objections: The attacker meets his/her goal (e.g. stealing information, gaining elevated privileges or damaging the host completely)
Here on the Hedge IT blog, we love to talk about the cloud. However, most of our discussions focus on the technology and operational considerations for investment firms. This week, we’re taking a different approach and looking at the cloud from a business perspective. On Tuesday we explored the business case for moving to the cloud. Today, we’re taking the CFO’s point of view.
You’re a hedge fund CFO. Your CTO has proposed moving the organization’s IT infrastructure to the cloud using a third party service provider. What questions should you ask to gain a better understanding of the impact this change could have on your team and the firm at large?
While the technology benefits of moving to the cloud are well known, the business case for moving to the cloud is just as important. The hedge fund industry is increasingly moving towards cloud computing not only for the vast technology benefits, but also for the enhanced efficiencies, high quality technology environment, and numerous cost savings. Read on to learn the business case for adopting cloud computing technology at your firm.
Transferring from CapEx to OpEx
Today, many hedge funds are grappling with ways to achieve efficient operations while remaining as competitive as possible. Companies are examining the costs associated with their IT departments in order to determine the best way to make their technology more cost effective. For many firms, this means moving to the cloud. One of the major benefits of adopting cloud computing technology is the resulting movement from CapEx to OpEx.
This shift allows a decrease in capital expenditures (CapEx) and an increase in operational expenses (OpEx), providing potential tax benefits. The tax benefit is the result of OpEx allowing for the deduction of expenses in the current year and the cutting of tax liability applied to net income. Furthermore, there are few upfront capital expenditures associated with adopting a cloud model as there with building out in-house comm rooms and data centers. This is because cloud providers deploy a “pay-as-you-go” service model.
Today, as you know, is Valentine’s Day. So, for the third consecutive year, we’re taking this opportunity to spread the love.
This year, we’re dedicating our efforts to support School on Wheels, an organization focused on increasing the educational opportunities available to the more than 1.6 million homeless children in the United States. The group’s mission is based on these three fundamental premises:
Every child deserves the right to a quality education.
Education is the key to unlocking a brighter future and breaking the cycle of homelessness.
Community support is vital in helping achieve the goal of providing academic stability and hope for all children who have no permanent home.
Categorized under: Trends We're Seeing
Recently, we’ve been hearing more and more questions from our hedge fund clients on the topic of global networking and – more importantly – its value in the investment management industry.
So, as we often like to do here on the Hedge IT blog, we turned to the experts.
Mike Abbey is the vice president of network services here at Eze Castle Integration. He joined the company in 1999 and is currently responsible for ECINet, our global carrier class network platform. Mike also provides design consulting and best practice audits on fault tolerance and scalable optical, Ethernet, and IP-based networks, from single and multi-site domestic networks to multi-site, global deployments. He is a graduate of Binghamton University.
Q. Mike, what are you hearing from clients regarding networking and Internet services?
A. To be honest, most hedge fund managers don’t have the time – and don’t necessarily want – to grapple with the complicated intricacies of securing and maintaining an enterprise-class network or Internet service. That’s where my team and I come in. We help simplify this process for our clients using Eze Castle’s ECINet global private network.
This fall, Microsoft’s new Windows 8 operating system captured the attention of many customers. Windows 8, however, isn’t the only Microsoft change 2013 will bring. Microsoft is planning to provide stricter oversight of its auditing process by conducting up to 30,000 licensing audits on small to midsize companies by 2014. Here is an overview of why you should ensure that your software is up to date and what to expect when it comes to the Microsoft licensing audits.
What are the Microsoft Licensing Audits?
In 2013, Microsoft will conduct audits on customers’ software usage. The audits will be mainly focused on mid-size companies with 500 - 2,000 computers. Many large companies have already put strict companywide licensing policies in place, but smaller firms typically have less formalized processes for ensuring all devices are licensed appropriately. As a result, Microsoft’s auditing focus is shifting to smaller companies. These audits will ensure that clients’ software is correctly licensed and paid for.
Last week, we hosted a webinar on the Hedge Fund Industry Outlook for 2013 with speakers Deborah Prutzman, CEO of the Regulatory Fundamentals Group, and Mary Beth Hamilton of Eze Castle Integration. Following is a recap of the key topics discussed around operational due diligence, regulations and technology trends.
Insights from Deborah Prutzman, Regulatory Fundamentals Group
2012 was a year marked with significant regulatory changes in the world of investment management. So far, we’re expecting to see more of the same in 2013. This time, the direction and manner of change will likely be more predictable. Some important themes we expect will permeate throughout the year include: