If you missed our 'Starting a Hedge Fund' webinar last week, you missed a lot. Luckily, our webinar replay is available here, and we're now onto Part Two of our recap. If you missed Part One - which focused on the structural and formation basics of starting a new hedge fund - click here. In Part Two, we're recapping what our very own Managing Director Vinod Paul covered, specifically around IT infrastructure decision-making, cybersecurity protections and common technology mistakes.
2015 Technology Priorities
Before looking at the specific technology infrastructure components emerging managers should consider before and during the launch phase, let's first cover some large-scale IT priorities for startups in 2015. We've identified three major priorities:
Selecting the right service providers. Whether it's outsourcing IT, administration or another critical function, it's imperative for startups (and successful hedge funds in general) to conduct proper due diligence and forge partnerships with providers that offer flexibility and accountability.
Understanding your firm's vulnerabilities and exposures. Security, security, security. It's the most critical area of focus for hedge funds in 2015. Firms should understand what risks could affect their businesses and the safeguards in place to mitigate those risks.
Employing an infrastructure your firm can grow with. You're a startup, yes. But you can't afford to act like a startup, at least when it comes to your technology. Selecting an infrastructure platform and provider that can grow with your firm and support you 2, 5, 10 years down the road is critical to your success, and will save you money and headaches in the long run.
Categorized under: Launching A Hedge Fund Cloud Computing Disaster Recovery Security Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing Videos And Infographics
Yesterday, we hosted a webinar called “A Checklist for Starting a Hedge Fund in 2015,” which focused on structure and strategy considerations for hedge fund startups as well as focus areas for your technology infrastructure and cybersecurity systems. Marni Pankin, partner at Marcum LLP, and Vinod Paul, managing director at Eze Castle Integration, shared their expert knowledge on what they consider to be the top priorities for hedge fund startups in 2015.
Pankin started with a checklist of her own, including what an emerging manager should look for when launching a new firm. We'll cover Eze Castle's portion of the webinar in Part Two next Tuesday, May 26th.
Categorized under: Launching A Hedge Fund Cloud Computing Disaster Recovery Security Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing
This article first appeared on Opalesque as part of a four-part series on cybersecurity.
Ruane, Cunniff and Goldfarb, Inc. used to have their own IT infrastructure. Todd Ruoff, Executive Vice President in charge of trading, operations and technology, was responsible for its maintenance. Then he started looking at outsourced providers a couple of years ago, as he wanted a better disaster recovery solution, the equipment was ageing and the firm was planning an office relocation. His firm is now using Eze Castle Integration’s Private Cloud, the ECINet private Internet service and Eze Castle’s Vault backup and recovery service. He tells Opalesque how that works for him.
Ruane, Cunniff and Goldfarb is an investment advisor and broker-dealer in the US, which manages an $8bn mutual fund, a '40 Act company called the Sequoia fund. The firm has around $5bn managed in hedge funds, and another $15bn in separately managed accounts run for HNWIs and institutions.
"As a broker, we need the ability to trade," Todd Ruoff says. "We are a long-term investor who invests in large, concentrated positions, focused on a few securities. It’s important that we have access to real-time market data, which we get from various sources, as well as access to our trading systems for execution and order management. As an advisor, we need to be able to report for our clients, as well as internal portfolio management teams. All of our research is done in-house, through an organic internal process, whereby our analysts work on the subject companies, which are publicly traded equities. We invest primarily in common stocks in the US, Europe and Asia."
As your hedge fund’s IT Manager or Chief Technology Officer, you may be tasked with evaluating and directing the strategic technology initiatives at your firm. Unfortunately, this doesn’t always mean that you have the final say on how and when your firm makes technology-related decisions. That responsibility, in many cases, falls to the Chief Operating Officer or Chief Financial Officer, and in many cases, that individual does not have a technology background. It’s up to you, then, to ensure you provide your CXOs with the right information to make an informed decision about your firm’s technology foundation.
We asked our own CFO, Chris Holden, to talk through some of the primary considerations C-level execs will weigh when evaluating a move to the cloud. Read a recap of his thoughts here or scroll down to listen to the full replay of our conversation.
Cloud Drivers: Is Cost Always the Primary Factor?
According to Holden, the best way to justify a new technology to someone non-technical is to provide a sound and logical cost comparison. And when it comes to the cloud, yes – cost is a big factor and a serious selling point.
We love showcasing our work with clients and one such client is Astellon Capital Partners who selected the award-winning Eze Private Cloud for all of its IT needs. Astellon moved to the Eze Private Cloud because of Eze Castle Integration's leadership role in bringing cloud services to the investment community, as well as its ability to deliver the high performance, applications and exceptional user experience the investment firm demands.
Established in 2011, Astellon Capital Partners is a twelve user alternative investment manager based in London focusing on European event-driven value-investing with a particular focus on German-speaking countries.
Davi Vieira, head of operations at Astellon Capital Partners, said, "Our move to the Eze Private Cloud was born out of the need to have a secure, reliable and institutional-grade IT platform that matches our focus on implementing strong financial, operational and infrastructure controls. Eze Castle Integration is the driving force behind the adoption of cloud services in the hedge fund industry and the optimal partner to help us run our business for many years to come."
It’s a question that many folks in the financial services industry have been asking for a few years now. Are potential investors comfortable with the idea of hedge funds leveraging cloud services? In Part 1 of our cloud webinar series, The Investor Perspective on Cloud and Security, we asked Ashley Gimbel, Senior Vice President at Dyal Capital Partners, to share her thoughts on evaluating the operational and infrastructure decisions of hedge funds and alternative investment firms and if investors are truly comfortable with the cloud. Click here or scroll down to watch the full replay of our conversation with Gimbel.
The simple answer is ‘yes.’ According to Gimbel, investors are and should be at ease with hedge fund clients using cloud infrastructures to support their daily operations. In fact, she says, hosted infrastructures often make more sense for firms with little to no IT resources in-house.
With a few caveats, of course. Firms should ensure outsourced cloud providers have proper Service Level Agreements (SLA) in place and are conducting appropriate oversight of their provider(s). A few other technology must-haves:
Well integrated data and systems
Established policies and procedures
Comprehensive disaster recovery
Whether you are a new hedge fund startup evaluating technology solutions or an established investment firm looking for an application upgrade or technology refresh, you’re likely to consider the cloud as one of your infrastructure options. If a cloud platform is ultimately your preference, however, your decision-making is far from over.
Deciding between a low-budget public cloud environment (think: Amazon Web Services, Microsoft Azure) and a vertical-specific private cloud (hint, hint: The Eze Private Cloud) is not always an easy choice for financial services firms. Despite the clear advantages of the private cloud, many investment management firms are drawn to the low-cost and high flexibility of a public cloud. While this type of infrastructure may suit a variety of other verticals, financial services firms have high standards and require a level of service and infrastructure beyond what public cloud platforms can offer. Trading via the public cloud can pose a host of challenges and concerns - let's look at a few.
Preparing for Cyber-Attacks and Breaches
At the top of everyone’s priority list these days is cybersecurity preparedness. And rightfully so. Security breaches and attacks are seemingly occurring on a daily basis, and hackers have become savvier than ever. As a result, large public cloud enterprises – the Googles and Amazons of the world – are inherently more susceptible to attacks and, as a result, downtime. While these public cloud services are surely beefing up security and have billions of dollars’ worth of resources to dedicate to security planning, it remains to be seen if they can sustain a targeted attack or significant downtime.
At Eze Castle Integration we see thousands of due diligence questions about hedge fund technology and operations each year. The questions around security are getting more specific with investors wanting details about each layer of a firm’s security stack.
A new question we’ve seen pop up one or twice centers around whether a firm’s online systems have undergone an ethical hack. So what is ethical hacking and how is it different from penetration testing?
What is Ethical Hacking?
Going back to our trusty security dictionary, SearchSecurity defines ethical hacker (aka white hat hacker) as a “computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker [aka black hat hacker] could potentially exploit.”
The increased focus on all things cybersecurity related – cyber-attacks, cyber warfare and cyber terror – has even led to the creation of a Certified Ethical Hacker (CEH) designation, which hacking pros can earn by completing online courses offered by the EC-Council.
The amount of data and information that passes through the Internet every day is – for lack of a better term - enormous. And truth be told, sometimes we are sharing information that we don’t want to get into the wrong hands, whether it be via email, instant message or other communications. Think: credit card information, personal information (name, address, social security number, etc.), bank account information or sensitive company or financial data.
A secure way to transmit this information is through encryption. According to TechTarget, encryption is “the conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties.”
The history of encryption, believe it or not, began a long time before the Internet existed and we started sending electronic data. The ancient Greeks and Romans, in fact, sent secret messages by substituting letters that only a secret key code could decipher. In the time of Julius Caesar, he created a cipher by which he shifted letters to the left or right to hide his messages.
The official definition given in TechTarget’s IT Dictionary reads: “Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. Authentication is a process in which the credentials provided are compared to those on file in a database of authorized users’ information on a local operating system or within an authentication server. If the credentials match, the process is completed and the user is granted authorization for access.”
At the heart of authentication is controlling access to ensure individuals only access the information they need. With stories of password compromises becoming more common it is important to understand the types of authentication factors available and good computing practices.
As part of Information Security Planning, firms should also identify applications, services or websites that require at least one level of authentication (e.g. password protection, PC certificate, or security tokens) as well as any that may require multi-factor authentication.