Hedge IT Blog

The security threat landscape continues to evolve, and security through obscurity is no longer (and probably never was) an ideal approach to protecting the sensitive data of the hedge fund industry. A recent study by IBM found that cyber threats are expanding with 62% of managers believing that cyber threats are an increasingly serious risk to business.

The report found a 27% rise in cyber security vulnerabilities between 2009 and 2010 and noted that “early in 2011 officials at the International Monetary Fund revealed that it had been targeted by a sophisticated cyber attack – a threat that was considered so serious, the World Bank severed the computer ties through which the two organisations shared information.”

Another example cited was that “in June 2011 a black-hat hacker group known as LulzSec (or “Lulz Security”) targeted the website of the CIA in the US using a denial-of-service attack. This was the latest in a string of similar attacks against a range of government and public sector bodies.”

While these two examples occurred at large organizations, the risks facing smaller firms (read: hedge funds) are just as real. To that end, we recently had eSentire into our Boston office to speak with a group of hedge fund CTOs about the security landscape and their managed security technology. Feedback on eSentire’s offering and approach was positive and the spark for this tech spotlight article.

Read More »

Operational due diligence has become a hot topic that continues to gain importance and attention throughout the alternative investment industry. Over the past few years, as regulations have changed and investors increasingly seek transparency, funds are spending more time than ever preparing for the due diligence process.

It is no surprise that the investment industry landscape is becoming more and more competitive. As this trend continues, investors are raising their expectations and looking towards funds that display the highest levels in operational excellence. One important way to ensure your firm meets these high standards is to complete a due diligence questionnaire (DDQ) that can be shared with potential investors.

A comprehensive DDQ covers a wide range of topics, from assets under management to audited financial statements and investment strategies. One major area of focus is the fund’s IT and accompanying security policies and procedures. At Eze Castle, we frequently assist our hedge fund clients in completing DDQ questions on technology, and we often see the same types of questions popping up. So, to help you get started, we have compiled the following list of some frequently asked DDQ questions.

Read More »

As we mentioned in our recent “Trend Watch” article, the Bring Your Own Device (BYOD) movement is gaining popularity among organizations of all types and sizes. Some companies are already seeing significant benefits as a result of implementing BYOD programs, while others have been hesitant to get onboard.

BYOD refers to the so-called “consumerization of IT” trend that has emerged, in which the culture of enterprise IT is shifting such that the end user is now the one who has cutting-edge technologies first, as opposed to the organization. As a result of this trend (which is frequently attributed to the advent of such Apple products as the iPhone and iPad), individuals are now starting to prefer using their personal devices in place of company-issued products.

Some organizations have begun to embrace these preferences and have implemented BYOD programs to facilitate the use of employees’ personal mobile devices for business use. So far, many of these firms have reported positive results, although lingering concerns remain. Let’s take a look at some of the pros and cons of introducing a BYOD program at your organization.

Read More »

Earlier this week, we shared some important questions to include in hedge fund technology RFPs, focusing on Staffing, Client Service Model and User Support. In today’s article, let’s dive back into the RFP process, and look at some questions on Business Continuity & Disaster Recovery Plans, Backup & Retention of Information, Data Security and Intrusion Detection & Incident Response.

Business Continuity & Disaster Recovery Plans

• Does your company have a written policy and program in place for business continuity and disaster recovery?
• Have your company’s policy and program for business continuity and disaster recovery been fully implemented? If not fully implemented, please discuss those areas in detail and explain any plans to address them.

Read More »

As you have probably heard, a number of international organizations have become victims of cyber hacking over the past few months. Sony, RSA (a division of EMC Corporation), Lockheed Martin, PBS television, Nintendo and several others have admitted to suffering data losses as a result of security breaches. Experts believe that hackers are getting more sophisticated and more difficult to detect.

Is your fund at risk?

Read More »

As Y2K fades into a distant memory we have a new technological problem on our hands – we are running out of Internet Protocol (IP) addresses. IPv4 protocol addresses that is.

It is estimated that by 2012 we will have exhausted all the available IPv4 addresses. In fact, TMCnet predicts that “by the beginning of August 2010, there were only 6 percent of IPv4 addresses remaining.” IPv4 gave us 35 good years of addresses, but now we must look to a new protocol to keep up with the Internet's substantial growth.

The expected solution is the new IPv6 protocol, which will allow for substantially more IP addresses -- trillions upon trillions of new addresses. IPv6, however, is still in its infancy and is not yet widely deployed.

According to Cisco, there has been much security testing and development of mechanisms to secure the protocol. Many commercial security testing tools have been updated to support the IPv6 protocol; many others have it on their road maps. Various security concerns around IPv6 have already been identified, such as insecure neighbor discovery, tunneling, and auto-configuration.

Read More »

If you’re familiar with Eze Castle (and since you’re reading this blog, you probably are!), you already know that we regularly monitor the headlines for anything and everything to do with hedge funds. A topic that very regularly arises is the likelihood of regulation. Historically, hedge funds have been often misunderstood and very loosely regulated. Although it is well-known within the industry that hedge funds are not to blame for the recession, they are often the focus of regulation talk these days. This week has been especially news-worthy and even contentious.

June 25, 2010: House-Senate panel announced acceptance of revisions to the “Wall Street Reform and Consumer Protection Act,” which will require many investment advisers to register with the SEC. It will also impose new disclosure and recordkeeping requirements on these advisers. For more information on this act, please read Bingham McCutchen’s recent Client Alert.

Read More »

According to the Privacy Rights Clearinghouse, more than 100 million data records of U.S. residents have been exposed due to security breaches in the last five (5) years. In order for an investment management firm or hedge fund to correctly control and protect its data, you must first have a thorough understanding of what exactly you are storing in both print and electronic documents. Secondly, you must have data loss prevention technology in place to protect the information.

Data Mapping is one method that will help you understand what information is being stored within your infrastructure. Data Mapping involves searching your entire organization to determine what personal information is stored and where. Once the data is found, maintaining your organization’s data map is very important. This will help ensure that the personal information remains secure.

After you understand where your data resides, you will need the proper technology in place to protect it. Data loss prevention (DLP) technology is often one piece of the puzzle. DLP technology, such as GTB Technology’s eDiscovery product, can be used to monitor and protect data at rest, in motion and on the endpoints through deep content inspection and the constant monitoring of transactions occurring across the network

Read More »

Recent Posts / All Posts

Connect with Us

• Contact Us