Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Disaster Recovery

Data Destruction Basics: Why Deleting Your Hedge Fund Data Isn't Enough

By Kaleigh Alessandro,
Thursday, July 24th, 2014

Destroyed Hard DriveYour hedge fund's information security plan likely includes details on where information is stored, how it is accessed and who it is accessible to. But a critical component of this plan often overlooked is how and why data is destroyed when it is no longer needed. Including data destruction procedures in your WISP or as a separate document is vital to ensuring your firm’s sensitive data and intellectual property does not fall into the hands of the wrong people. Unfortunately, in today’s technology-driven, cyber-aware environment, simply hitting the delete key is not enough.
 
There are a few different scenarios that warrant secure data destruction maneuvers:

Your methods and policies for secure destruction may vary according to the above scenarios, or they may be standard across the firm. Your hedge fund should also consider if there are any regulatory implications. Do you need to maintain/archive data for a prescribed period of time in order to comply with state, federal or other compliance or auditing standards?
 
In any case, you’ll want to consider a variety of methods in the beginning to ensure your firm’s confidential data (e.g. investment portfolio, investor contact information, etc.) is thoroughly destroyed, preventing unwanted breaches or thefts.

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Trends We're Seeing 



BCP Testing Outside the Conference Room: Hello, Real World

By Matt Donahue,
Tuesday, July 22nd, 2014

Business Continuity StatisticWhen most people envision Business Continuity Planning (BCP) and testing, they conjure up images of conference rooms, hardcopy documents, projectors and key personnel. But the real world is a different reality.

In recent memory, there have been many situations that have disrupted businesses - be it by natural disaster or as a result of human interference. In either event, people need to be able to reestablish essential business functions, communicate, and make decisions as quickly and easily as possible. 

Although many organizations do an annual BCP review, the big question is whether they truly test the process, ease of accessibility, and the time it takes an organization/leadership group to go from unsure about the situation to confidently executing a thoughtful game plan.

What can make a considerable difference in terms of functionality and familiarity with the plans and recovery procedures is to practice -- not only verbally in the conference room setting, but also by taking time to troubleshoot and brainstorm to determine what works and what may need a second look. There is a lot that can be learned from being unplugged and “kicked” out of the conference room and asked to assume a role outside of the comfort zone. This can be done simply by taking away some of the accepted norms during a test. The following scenario illustrates issues that arise when the accepted norms are chipped away.

Categorized under: Business Continuity Planning  Disaster Recovery  Security  Hedge Fund Operations  Communications 



IT Security Dos and Don'ts to Live By

By Kaleigh Alessandro,
Tuesday, July 15th, 2014

We spend a lot of time educating our clients about security best practices and encouraging them to implement comprehensive security policies and procedures to mitigate risk and protect both the firm and its employees. And for good reason. Just today, New York Attorney General Eric Schneiderman released a report stating data breaches across the state more than tripled from 2006 to 2013 and cost businesses more than $1.37 billion last year alone.

While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. In addition to providing employees with security best practices they should follow, don’t forget to also include a list of actions they should not. Here are just a few pieces of advice we regularly offer our investment firm clients:

DO:

  • Lock your computer and mobile phone(s) when you leave your desk and/or office

  • Use care when entering passwords in front of others

  • Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Operations  Infrastructure  Communications  Business Continuity Planning  Trends We're Seeing 



What is a Security Vulnerability Assessment and How Does it Work?

By Kaleigh Alessandro,
Tuesday, July 1st, 2014

One of the first questions on the SEC’s cybersecurity questionnaire for financial firms asks firms to "indicate whether they conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities and potential business consequences", and if so, who conducts them and how often. Clearly the goal behind this question is to ensure that firms are taking a proactive approach to security. But what exactly does this assessment entail?
 Cybersecurity Whitepaper
Here’s a quick overview.
 
The type of risk assessment typically associated with information technology/security is an external vulnerability assessment. Essentially, this is the process of identifying and categorizing vulnerabilities related to a system or infrastructure. Typical steps associated with a vulnerability scan or assessment include:

  • Identifying all appropriate systems, networks and infrastructures;

  • Scanning networks to assess susceptibility to external hacks and threats;

  • Classifying vulnerabilities based on severity; and

  • Making tactical recommendations around how to eliminate or remediate threats at all levels.

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Outsourcing  Trends We're Seeing 



Keeping on Top of Cybersecurity: Q&A with Lisa Smith

By Kaleigh Alessandro,
Tuesday, June 17th, 2014

Hedge funds have known for some time the importance of effective cybersecurity, and regulation increasingly enforces this as a requirement. For any practice to be effective, however, there are a number of factors which need to be considered prior to implementation. Eze Castle’s Lisa Smith recently sat down with HFMWeek Magazine to talk about how to meet and understand the new cybersecurity guidelines advised by the SEC. Following is an excerpt of the article.

The SEC's cybersecurity questionnaire sets the framework and best practices for the financial industry. When you consider the type of information that hedge funds are handling on a day-to-day basis, it's really important that they have security controls in place. The questionnaire is a way for the SEC to ensure that hedge funds, private equity and investment management companies are taking security controls seriously and are aware of what's in place for their company.

HFMWeek (HFM): Within the sample SEC cybersecurity request document, questions were divided into five categories. What is the SEC looking for in these categories? 

Lisa Smith (LS): Identification of risk in cybersecurity governance - this involves an analysis of what's in place. So for instance - when I conduct a business assesment I'll focus on what's currently in place versus what should be in place in accordance with the recommendations from the SEC. Anything that is not in place that should be goes into our risk assesssment summary and is categorized as low, medium or high.  It's about ensuring that hedge funds have certain controls and security policies in place to protect their environment and data.

Categorized under: Security  Disaster Recovery  Hedge Fund Due Diligence  Business Continuity Planning 



The Transformation of IT and Hedge Fund Operations

By Kaleigh Alessandro,
Thursday, May 1st, 2014

Regulatory oversight, competition for assets and investor due diligence concerns have left investment management firms with more pressure than ever to succeed. And technology innovations like the cloud have turned the traditional hedge fund operations model on its head. The questions remain: how do fund managers evolve in 2014 and meet the increasing demands of the financial services industry? And how do firms compete with the incoming crop of new launches that continue to emerge and vie for investor allocations?
 
The following presentation takes a closer look at these key transformations within the hedge fund industry and examines the shift firms are making from traditional, on-premise IT infrastructures to cloud-based platforms. It also highlights managed disaster recovery services and offers best practices for security in the cloud.

Take a look, and if you can, join us in New York on Tuesday, May 6 as a panel of experts discusses these topics and more at our Transformation seminar.

Categorized under: Trends We're Seeing  Cloud Computing  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing 



BCP Tip: Don't Rely on Luck to Get Your Firm Through a Disaster

By Lisa Smith,
Tuesday, March 18th, 2014

Feeling lucky that your business has never been impacted by a disaster? If so, now is the time to evaluate everything from your call tree to your disaster recovery solutions. Most studies show that up to 40 percent of businesses fail after a disaster. That means that almost half of firms reading this article will not recover if not fully prepared.BCP Emergency Kit

So what do you do to ensure that you will be more than just lucky to successfully recover from a disaster? 

Start with your documentation. What do you have? You should have a current Business Continuity Plan (BCP) and Employee Quick Reference Cards (QRCs).  If you have those two items, be sure to review them and make sure any recent changes to your business have been captured. Once you’ve validated the information is current, it’s time to test the documentation.

Categorized under: Business Continuity Planning  Disaster Recovery 



Happy 400th Post! Hedge IT Blog Awards

By Emma Howie,
Tuesday, February 25th, 2014

In honor of our 400th post on here on Hedge IT (400 - wow!), we are celebrating with our annual blog awards. We've gathered the most popular articles according to our readers and included a few of our personal favorites, too.

We hope you enjoy!

Categorized under: Eze Castle Milestones  Cloud Computing  Disaster Recovery  Security 



The Antidote for IT Headaches: Eze Private Cloud (NEW VIDEO!)

By Emma Howie,
Tuesday, February 11th, 2014

Managing technology at a hedge fund can be complex and time consuming, but not when you’re on the Eze Private Cloud. Adding new investment applications is a cinch, IT costs are predictable and security is robust.

Watch our new video to see what it feels like to be on the Eze Private Cloud: 


Categorized under: Cloud Computing  Business Continuity Planning  Disaster Recovery  Videos And Infographics 



How Is Your Firm Mitigating Technology Risk?

By Kaleigh Alessandro,
Thursday, February 6th, 2014

Investment risk plays an important role in the life of a hedge fund manager, but technology risk should not. When it comes to your firm’s technology systems and operations, you want things to run efficiently, not add more stress to your already crowded plate.Mitigating Technology Risk
 
Mitigating technology risk is a critical step to ensuring your hedge fund operates smoothly and successfully. Following are a few areas to keep in mind as you evaluate your firm’s technology risk:

Layers of Redundancy

One way to reduce your firm’s technology risk is to add layers of redundancy throughout your infrastructure. Whether you’re utilizing a cloud infrastructure or an on-premise environment, your servers, networking and telecomm lines should feature N+1 availability, a configuration in which multiple components have at least one independent backup component to ensure system functionality continues in the event of a failure. 

Categorized under: Outsourcing  Cloud Computing  Disaster Recovery  Security  Hedge Fund Operations  Infrastructure  Business Continuity Planning  Trends We're Seeing 



View earlier posts in the archive

Recent Posts / All Posts

 

Subscribe to Hedge IT

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Recent Articles

Categories

Archives