The tide is changing for private equity firms. They continue to grow in popularity – some say private equity is the new hedge fund – but with increased interest comes amplified speculation and heightened expectations.
In technology, private equity firms have found a fierce enabler for continued growth, and one that has shone the light on organizational benefits to be had far beyond the IT closet.
Eze Castle Integration commissioned its Private Equity CTO Survey to more closely examine the evolution of the private equity industry as driven by – and driven to – technology. In reaching the top IT executives and chief technology officers (CTOs) at these firms, the survey highlights their priorities, successes and even failures, and in doing so, sheds light on this industry that has risen to the forefront of the greater financial community.
Our Private Equity CTO Survey encompasses four primary sections: business priorities, cybersecurity, outsourcing trends and the evolution of the private equity CTO.
If one thing is to be derived from the advent of information technology, it is that IT enablement extends well beyond the recesses of the Communications Room. Accordingly, technology decision-making is also impacted by an organization’s business objectives, and the two work in alignment to derive achievements across the firm. In this section of the survey, we’ll highlight areas where business goals have impacted IT budgets and where private equity firms plan to focus their attention in the coming year.
To wrap up and round out our 6-week Risk Outlook Webinar Series, we spoke with John Cotronis, Executive Director at JP Morgan, about hedge fund risk management and governance. Specifically, he addressed the following questions:
What have you observed in recent years in terms of changes affecting hedge funds – particularly at the startup phase?
Have you noticed a marked shift in the importance managers are placing on risk?
Do the firms you typically engage with have staff on hand to manage risk – compliance officers, etc.?
In terms of corporate governance, where do you see investment firms excelling when it comes to implementing risk management controls and also fostering a culture of risk management across the firm?
Let’s talk a little bit about counterparty risk. What kind of criteria are you looking for that indicates to you a provider has the right risk management framework and best practice structure to support your clients?
A lot has gotten tougher for firms, particularly on the investment side with capital raising, also with regulatory reporting, etc. What areas of operations do you think have gotten easier for hedge funds over the years?
What is your assessment of outsourcing risk – is it higher or lower than managing various functions in-house?
With October being cybersecurity awareness month it is an important time to ensure your firm and employees are aware of and using best practices, and security policies and procedures. Risk mitigation is needed to protect both the firm and its employees from savvy hackers and attacks. Data breaches continue to wreak havoc on businesses, and the cost is continuously rising. According to the Ponemon Institute, the total average cost of a data breach is now $4 million, up from $3.8 million in 2015. Hackers have everything to gain while your firm bears reputational and operational harm.
While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. To get started here are just a few pieces of advice we offer our investment firm clients and remember to not only inform employees on what to do, but also what not to do.
Private equity firms have been slow to embrace outsourcing, but managing data and technology is more complex than ever. With increasing regulatory requirements and a growing urge to focus on core competencies, PE firms are shifting their views of the back office. In case you missed our recent webinar on 'The Transformation of Private Equity Operations', speakers from Citco Fund Services and Eze Castle Integration examined the changing tide for private equity operations and how CFOs, CTOs and fund managers alike can control operating costs, maximize efficiency and better perfect operational workflows.
Drivers for change.
The number one reason for managers to make the switch to an outsourced solution is the desire for managers to get back to their roots. The idea of back office transformation is really founded in that managers have found themselves spending much more time doing everything but raising money and investing money.
Beneath this layer, back office transformation is also driven by regulation, investor transparency, the lifecycle of a private equity firm, and global reach. Slow adoption, fast results. The private equity sector has been slow on the uptake when it comes to outsourcing, and we contribute this lag due to lack of education on the process and benefits of outsourcing. In the past three to five years, adoption in the PE space has increased because it is cost effective, secure and feature rich. Private equity firms that have made the switch wonder why others are not doing the same. The idea of leveraging an experienced managed service provider is one that private equity firms have really embraced because there is no burden for firms to hire and attract talent, which can be challenging and expensive.
As we work with clients on completing due diligence questionnaires (DDQs), one increasingly common question is, “does your firm block access to data sharing sites such as DropBox or Google Drive?”
Generally the answer to this question should be ‘Yes,’ but that isn’t always the case because public file sharing services such as these are very convenient, and firms may overlook the security risk they pose. Additionally, employees accustomed to using Dropbox for personal use may be tempted to go for convenience over security when they need to share a large file or data set.
However, with security threats multiplying exponentially, hedge funds and alternative investment firms need to be proactive in protecting data and personally identifiable information (PII) from accidental and malicious insider risks. That’s why for secure file sharing Eze Castle Integration includes Varonis' DatAnywhere product as a standard feature within our Eze Managed Suite. Varonis' DatAnywhere offers users seamless and secure collaboration and file sharing across devices.
Beyond security, Varonis' DatAnywhere is easy to use. Users receive the same drag-n-drop experience as shared network drives or a cloud sync folder, which means no need for training on complex user interfaces and collaboration workflows. Additionally, data is automatically backed up and version controlled.
The SEC and other financial regulatory bodies have increased transparency demands with regard to cybersecurity in recent years, and as such, registered investment advisers face a long list of requirements to meet on the technology and operational front. In each of its cybersecurity guidance updates, the SEC has called out the need for hedge funds and private equity firms to "indicate whether they conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities and potential business consequences", and if so, who conducts them and how often.
Risk and vulnerability assessments have not only become must-haves for financial firms due to these regulatory initiatives, but also as a result of growing investor calls for transparency. Side note: If you missed the news, Eze Castle Integration has expanded its cybersecurity consulting services to deliver comprehensive vulnerability assessments (as well as penetration testing and third party due diligence audits) across both internal and external networks. Click here to read more about Eze Vulnerability Assessments.
We field a lot of questions about what exactly a security vulnerability assessment is, so we thought it best to review what such a test entails.
Here’s a quick overview.
The type of risk assessment typically associated with information technology/security is an external vulnerability assessment. Essentially, this is the process of identifying and categorizing vulnerabilities related to a system or infrastructure. Typical steps associated with a vulnerability scan or assessment include:
Identifying all appropriate systems, networks and infrastructures;
Scanning networks to assess susceptibility to external hacks and threats;
Classifying vulnerabilities based on severity; and
Making tactical recommendations around how to eliminate or remediate threats at all levels.
Earlier this week Delta Airlines suffered a major system outage that resulted in more than 740 flight cancellations and thousands of flight delays.
Delta’s Chief Operating Officer Gil West explained that “Monday morning a critical power control module at [Delta’s] Technology Command Center malfunctioned, causing a surge to the transformer and a loss of power. The universal power was stabilized and power was restored quickly. But when this happened, critical systems and network equipment didn’t switch over to backups. Other systems did. [As a result, Delta saw] instability in these systems.”
As with any major “uh oh” moment, there are lessons that can be learned. So let’s take a look at what hedge funds can learn from Delta’s IT mishap.
1. Outdated technology can hurt in a big way. Airlines are saddled with legacy IT systems, complicated by mergers and acquisitions requiring complex integrations. Unlike airlines however, most asset management firms are not relying on technology from 80s or 90s. But that doesn’t give firms a pass when it comes to staying current with technology.
Outdated IT systems insert instability into a firm’s operations and provide holes for cyber hackers to exploit. The reality is that outdated systems will only continue to fall behind in the race of technology, trouble shooting will take longer, future applications will fail to run, or crash the server altogether, and the cost to migrate increases concurrently as the pool of experts shrinks.
2. You can’t ignore the IT industry’s transition to cloud computing. As noted in a ZDNet article, “the big question is why in 2016 airlines are being brought down by single points of failure when cloud services offer resiliency zones, backup options, and redundancy to keep critical systems running.”
Enterprise-grade clouds deliver significant resiliency in both the hardware and data centers, with cloud infrastructures spanning geographically diverse facilities. Beyond hardware, top tier cloud providers (Eze!) have teams of senior engineers managing and monitoring the infrastructure. Additionally systems are upgraded on a regular frequency.
In the investment management industry, it is common to hear investors state they are more comfortable with fund managers utilizing a private cloud rather than keeping IT on premise. At larger funds, the prevalence of cloud-based solutions provides Chief Technology Officers (CTOs) the opportunity to execute more strategic technology initiatives and focus on risk mitigation.
Cloud, Cyber Security and Managed Services: Putting Eze Castle Over the Top in Waters Rankings (Video)
We're thrilled to share that Eze Castle Integration has won the coveted awards for Best Cloud Infrastructure Provider and Best Cyber-Security Provider in the 2016 Waters Rankings. Vinod Paul, Managing Director of Eze Castle Integration, spoke with Dan DeFrancesco, Deputy Editor of Sell-Side Technology and Waters Technology about how Eze Castle Integration differentiates itself from other cloud and security providers.
Watch Vinod's video interview below or scroll down for some quick takeaways.
As a hedge fund or investment management firm, you’re juggling a lot. Hedging bets, pitching investors, running day-to-day operations – there’s a lot on your plate. That’s why working with an experienced cloud services provider can offer benefits beyond just infrastructure.
Let’s take a look at three different ways your cloud services provider can de-stress your busy life and provide you with much needed value.
1. Free up your space.
One of the beauties of a cloud computing environment is the near elimination of physical hardware and equipment on-site at your office. When managing your own server room or Communications (Comm.) room, you are responsible for housing a variety of equipment such as servers, UPS units, networking equipment and cables, spare parts, etc. Not to mention you need the real estate for it all. And don’t forget – much of this equipment runs on a three-year refresh cycle, which means you’ll have to upgrade everything in the near future.
At Eze Castle Integration we often reference data center tiers (i.e. Tier II and Tier III) in our written materials and assume readers will automatically understand the value of these distinctions. In some cases this might be a safe assumption, but you know what they say about assuming so we’ll do a refresher in this blog post.
Data center tiers – Tier I to IV – represent a standardized method to define the uptime of a data center. The tiers are useful in measuring:
Data center performance
Return on investment (ROI)
Categorized under: Cloud Computing