Blog Entries from 06/2013
This month, Eze Castle turns 18! The company, founded in 1995 by childhood neighbors John Cahaly and Sean McLaughlin, has grown into a global technology operation with offices in the United States, Europe, and Asia. In honor of the Castle’s (that's our little nickname for ourselves) 18th birthday, let’s take a look at 18 fun facts highlighting not only our successes on a company level, but those of the wonderful employees who make it all possible.
The Bring Your Own Device (BYOD) trend is certainly nothing new (we’ve been talking about it here on Hedge IT for months). So, now that this movement has hit the financial services sector, and is clearly here to stay, the next critical step is to develop a thorough BYOD policy to help manage this transition at your firm.
Some items to keep in mind when developing your firm’s policy include:
Company-owned mobile devices should be issued to – and personal devices approved for – only those employees who require immediate and frequent contact with co-workers, clients or partners regardless of whether they are physically located at their desks.
Devices should only be approved in situations where the productivity gains outweigh the costs incurred by the organization to support and manage the device.
As you set out to establish your firm’s BYOD and mobile device management strategies, be sure to consider each of the following areas in order to ensure your policies are comprehensive and the firm is protected from potential security incidents.
Earlier this week, our friends at Varonis Systems joined us for a webinar to talk about information technology ownership and hedge fund data protection. IT threats as a result of external hackers or internal security breaches are on the rise, and therefore firms are encouraged to protect and audit file data in order to answer two simple questions:
Who has access to my data?
Who has accessed my data?
Let’s take a closer look at how Varonis helps investment firms accomplish this.
Context is king
Firms can hasten data protection by achieving a greater amount of context awareness. Some contextual questions to ask are:
Who owns the data?
Who uses the data?
Who should have access?
Who should not have access?
Who granted access?
Who moved my data?
If your firm hasn’t had to cope with the aftermath of a security breach, you’re probably one of the lucky ones. According to an analysis conducted by Ponemon Institute and Symantec in 2013, human errors and system glitches caused nearly two-thirds of data breaches globally in 2012.
With the threat of security incidents at all all-time high, we want to ensure our clients and partners have a system in place to cope with any threats that may arise. Here is a step-by-step guide to follow in the event your firm suffers from a security breach.
1. Establish an Incident Response Team.
Choose a select group of individuals to comprise your Incident Response Team (IRT). Assign each member a predefined role and set of responsibilities, which may in some cases, take precedence over normal duties. The IRT can be comprised of a variety of departments including Information Technology, Compliance and Human Resources.
2. Identify the type and extent of incident.
Before your IRT can alleviate any incidents, it must clearly assess the damage to determine the appropriate response. For example, if the incident is a computer virus that can be quickly and efficiently detected and removed (and no internal or external parties will be affected), the proper response may be to document the incident and keep it on file. This task could effectively be handled by the IT department.
For years, the role of the chief information officer (CIO) has been to acquire and maintain cost-effective IT services for the organization. Technology was viewed as a basic necessity, so managing costs and ensuring systems were running smoothly were the primary areas of focus for corporate IT leaders.
Today, technology is much more than a commodity. In fact, for many investment management firms, it has evolved into a source of competitive advantage. This change, combined with stagnant IT budgets, has caused the role of the CIO to move away from basic IT management to become more of a forward-thinking innovator for the organization. Here are a few strategies to help ease this transition.
As your firm considers whether a cloud-based infrastructure or on-premise environment is best suited to meet your business needs, another interesting alternative to consider is colocation.
Colocation allows firms to house their computing, network, storage and IT equipment in a fully managed facility. This allows the organization to maintain ownership over the infrastructure while feeling confident that it is highly secure, redundant and monitored around-the-clock by experienced professionals.
If you determine that colocation is a viable option for your firm, you’re next step will be to select a provider and facility. Depending on your geographic location, there may be several options to choose from.
To help you get started with this process, we’ve developed an infographic outlining the key criteria to use when evaluating potential colocation facilities and services.
We spend a lot of time here on Hedge IT making suggestions about what hedge funds and investment firms should do when it comes to their technology. But today, we’re not going to tell you what you should do. In fact, these are things we definitely DON’T want you to do!
Plan your infrastructure only for the short-term.
A crucial mistake often made by funds is not planning for the future. Even at launch, you should be thinking about what your firm will look like and what technology you will require down the road. Planning out two to three years in advance is recommended in order to reap the most benefits when it comes to your infrastructure. Plus, if you don’t plan ahead, you may wind up incurring more costs if technology decisions need to be made unexpectedly.
Ignore the importance of a business continuity plan.
It has become commonplace for hedge funds to employ disaster recovery strategies to protect mission-critical data and applications (due to a number of reasons including investor expectations, new regulations and the effect of unexpected natural disasters, e.g. Hurricane Sandy). But firms often overlook the equally important business continuity plan, which provides guidelines for what employees need to do in the event of a disaster. Yes, focusing on your infrastructure is essential to keeping your business afloat, but that business also cannot survive without its employees. Don’t forget to test that BCP plan once you’ve developed it – a good plan will only work if people know how to follow it.
Big changes are coming in the form of European Union data protection mandates. In January 2012, the European Commission announced a proposal to reform the current European Union's data protection framework, currently known as the 1995 EU Data Protection Directive, to better protect the personal data of EU citizens and update the current legislation to fit in with the 21st century requirements and rapid evolution of technology (including the prevalence of social networking and smartphones).
The EU proposal will give individuals more control over their data while also serving to promote the importance of data protection in a globalised world. The European Commission expects the rules will go into effect two years after they have been adopted by the member countries - officially around 2014 or 2015.
While some of the current proposals will undoubtedly be amended over the course of this lengthy process, let’s look at some of the practical steps companies should be considering now.