Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Hedge Fund Due Diligence

What is a Security Vulnerability Assessment and How Does it Work?

By Kaleigh Alessandro,
Tuesday, July 1st, 2014

One of the first questions on the SEC’s cybersecurity questionnaire for financial firms asks firms to "indicate whether they conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities and potential business consequences", and if so, who conducts them and how often. Clearly the goal behind this question is to ensure that firms are taking a proactive approach to security. But what exactly does this assessment entail?
 Cybersecurity Whitepaper
Here’s a quick overview.
 
The type of risk assessment typically associated with information technology/security is an external vulnerability assessment. Essentially, this is the process of identifying and categorizing vulnerabilities related to a system or infrastructure. Typical steps associated with a vulnerability scan or assessment include:

  • Identifying all appropriate systems, networks and infrastructures;

  • Scanning networks to assess susceptibility to external hacks and threats;

  • Classifying vulnerabilities based on severity; and

  • Making tactical recommendations around how to eliminate or remediate threats at all levels.

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Outsourcing  Trends We're Seeing 



Tips for Tackling Your Financial Firm's Cybersecurity To-Do List

By Kaleigh Alessandro,
Thursday, June 26th, 2014

Cybersecurity WhitepaperWe continue to speak with clients and prospects on a regular basis on the topic of cybersecurity, and with the expectation that the SEC will start security exams sometime around September, it’s evident that firms are working diligently to answer the questionnaire and shore up internal practices.
 
To continue fostering education around this topic, we hosted two events last week dedicated to cybersecurity for hedge funds and investment firms. For your convenience, you can read a brief recap of some of the key topics discussed or scroll down to watch our full webinar replay.

Cybersecurity a Hot Topic on State & Federal Level

By now, we all know the SEC has taken steps to assure that hedge funds and investment advisers put security mechanisms and practices in place to protect against cyber threats. SEC Commissioner Luis Aguilar said there is “substantial risk that a cyber-attack could cause significant and wide-ranging market disruptions and investor harm.” Even beyond the federal level, some states are chiming in on the cybersecurity front. Earlier this month, Massachusetts and Illinois acknowledged that they were polling investment advisers about their security practices, and that based on responses, state regulations could be impacted.

Categorized under: Launching A Hedge Fund  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



Keeping on Top of Cybersecurity: Q&A with Lisa Smith

By Kaleigh Alessandro,
Tuesday, June 17th, 2014

Hedge funds have known for some time the importance of effective cybersecurity, and regulation increasingly enforces this as a requirement. For any practice to be effective, however, there are a number of factors which need to be considered prior to implementation. Eze Castle’s Lisa Smith recently sat down with HFMWeek Magazine to talk about how to meet and understand the new cybersecurity guidelines advised by the SEC. Following is an excerpt of the article.

The SEC's cybersecurity questionnaire sets the framework and best practices for the financial industry. When you consider the type of information that hedge funds are handling on a day-to-day basis, it's really important that they have security controls in place. The questionnaire is a way for the SEC to ensure that hedge funds, private equity and investment management companies are taking security controls seriously and are aware of what's in place for their company.

HFMWeek (HFM): Within the sample SEC cybersecurity request document, questions were divided into five categories. What is the SEC looking for in these categories? 

Lisa Smith (LS): Identification of risk in cybersecurity governance - this involves an analysis of what's in place. So for instance - when I conduct a business assesment I'll focus on what's currently in place versus what should be in place in accordance with the recommendations from the SEC. Anything that is not in place that should be goes into our risk assesssment summary and is categorized as low, medium or high.  It's about ensuring that hedge funds have certain controls and security policies in place to protect their environment and data.

Categorized under: Security  Disaster Recovery  Hedge Fund Due Diligence  Business Continuity Planning 



What Happens to Your Firm's IT Team When You Go Cloud?

By Kaleigh Alessandro,
Tuesday, June 10th, 2014

hedge fund staffingAs your firm evaluates moving to the cloud – as most firms today will inevitably do – your list of priorities will likely include:

  1. Regulatory and investor impact

  2. Migration plans and operational effects

  3. Hardware disposal and infrastructure changes

But another critical business area your firm should put some thought into is the effect of the cloud movement on your internal IT department (assuming you have one). What exactly happens to a firm’s IT team once it moves operations into a cloud environment? Is there still value in maintaining an in-house staff?
 
The simple answer is ‘yes,’ but the day-to-day responsibilities for those staffers may not look quite the same post-cloud. With a fully managed service provider, everyday management is typically taken care of – leaving internal resources with a lot more time on their hands. But that doesn’t mean there’s no longer a need for an IT department.

Categorized under: Cloud Computing  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Outsourcing  Trends We're Seeing 



Hedge Fund Transformation, Part 1: Evaluating Outsourced Solutions & Leveraging Technology

By Jennifer Odence,
Thursday, May 29th, 2014

Earlier this month alongside KPMG, we hosted a seminar in New York on “The Transformation of IT and Hedge Fund Operations.” We asked experts to examine the changes impacting hedge funds today and the future of this industry transformation. Our distinguished panel included Vinod Paul, Managing Director, and Steve Schoener, Vice President, at Eze Castle Integration, John Budzyna, Managing Director, and Dave Messier, Director, at KPMG, Timothy Ng, Managing Principal at Clearbrook Global Services, Jon Anderson, Global Head of OTC Derivatives at SS&C GlobeOp and Sheldon Rubin, COO/CFO/CCO at S Squared Technology LLC.
 
OutsourcingBelow is a brief recap of the topics discussed during the lively event. To listen to the full audio podcast of the event, click here.

What do you see as the greatest transformation the hedge fund industry has undergone or is currently in the midst of?

  • There is more acceptance of outsourcing. Many firms are leveraging outsourced service providers for front office support, for example, and leaving their in-house departments to focus on the core business. 

  • Many firms starting today don’t even consider building out a middle and back office – they immediately look to outsourcing. The quality and opportunities provided by outsourced service providers, including administrators, are much better than they have ever been before.

Categorized under: Outsourcing  Hedge Fund Due Diligence  Hedge Fund Operations  Trends We're Seeing 



Video: Hedge Fund Startup 101 Roundtable with the Hedge Fund Association

By Kaleigh Alessandro,
Tuesday, May 13th, 2014

The following article is part of our Emerging Managers Insight Article Series. Read more articles from the Series HERE.

What are the keys to starting a hedge fund? How does an emerging manager ensure success in a constantly-changing world of legal and regulatory guidelines, increasing investor expectations and evolving technology platforms?

In order to answer these questions, Asset TV and the Hedge Fund Association recently gathered an expert panel for a video roundtable focused on hedge fund startups. Our own Managing Director, Vinod Paul, was featured on the panel, along with experts from The Kingdom Trust Company, Eisner Amper LLP, and Thompson Hine LLP. Watch the video below to learn more about a variety of topics important to new fund launches, including:

  • Custodial Needs

  • Technology Infrastructure Priorities

  • Compliance Concerns

  • Data Management

  • Dodd-Frank & Regulatory Requirements

  • Cybersecurity Concerns

  • Investor Expectations

 

Categorized under: Launching A Hedge Fund  Cloud Computing  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Infrastructure  Outsourcing  Trends We're Seeing  Videos And Infographics 



Preparing for SEC Cybersecurity Exams: Webinar Recap & Replay

By Kaleigh Alessandro,
Thursday, May 8th, 2014

Cybersecurity is one of the hottest buzzwords in the industry right now – but it’s also a serious concern for hedge funds and investment firms. So much so that the Securities and Exchange Commission has taken formidable steps in 2014 to assess the cybersecurity landscape and provide guidance to registered broker dealers and investment advisers around what policies and technical safeguards should be in place to protect them.Webcast: Preparing for SEC Cybersecurity Exams
 
With so much information being shared and so many industry changes around this topic, we asked our cybersecurity experts – Steve Schoener and Lisa Smith – to talk us through what’s happening in the world of hedge fund cybersecurity and provide direction for firms looking to comply with the SEC’s latest guidelines. Following is a brief recap of a webinar we held earlier this week doing just that. To watch the full replay of the event, click here.

Industry Update: How did we get here?

Before we dive into what expectations the SEC has for registered firms in regards to their cybersecurity practices, let’s first take a look at how we got to this point. Among the host of high-profile security incidents we’ve seen dominate the news of late, these few resonate the most:

  • Dec 2013: Target data breach results in customers’ personal data stolen

  • Feb 2014: Crytolocker ransomware holds data hostage

  • April 2014: Heartbleed vulnerability poses potential data exposure threat

  • April 2014: Internet Explorer vulnerability puts technology at risk, leaves PCs open to being hacked

As a result of these and other security concerns, the SEC has taken steps to ensure hedge funds and investment firms are prepared for the next incident. In a Risk Alert issued last month, the SEC announced it will perform examinations of at least 50 registered firms and also provided a lengthy sample questionnaire for firms to use as a guide in their preparations. The seven-page document addresses various aspects of a firm’s technical infrastructure and corporate policies and sets expectations that firms should meet a set of standard criteria in order to comply with the new guidelines.

Categorized under: Security  Cloud Computing  Hedge Fund Due Diligence  Hedge Fund Operations  Infrastructure  Outsourcing  Trends We're Seeing 



The Transformation of IT and Hedge Fund Operations

By Kaleigh Alessandro,
Thursday, May 1st, 2014

Regulatory oversight, competition for assets and investor due diligence concerns have left investment management firms with more pressure than ever to succeed. And technology innovations like the cloud have turned the traditional hedge fund operations model on its head. The questions remain: how do fund managers evolve in 2014 and meet the increasing demands of the financial services industry? And how do firms compete with the incoming crop of new launches that continue to emerge and vie for investor allocations?
 
The following presentation takes a closer look at these key transformations within the hedge fund industry and examines the shift firms are making from traditional, on-premise IT infrastructures to cloud-based platforms. It also highlights managed disaster recovery services and offers best practices for security in the cloud.

Take a look, and if you can, join us in New York on Tuesday, May 6 as a panel of experts discusses these topics and more at our Transformation seminar.

Categorized under: Trends We're Seeing  Cloud Computing  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing 



A Hacker's Tool Kit: Cyber Security Threats to Financial Firms

By Mary Beth Hamilton,
Thursday, February 27th, 2014

It has been said that cyber weapons can be as dangerous as weapons of mass destruction. To emphasize this, at last night’s FBI Citizens Academy seminar on cyber security in financial markets, the speaker noted that if you take out an industry (think financial, teleco) you can cripple an entire country.

But just how would this happen? What’s in a hacker’s tool kit? Quinn Shamblin, executive director of information security at Boston University, provided a glimpse into the cyber security underworld.

Targeting Your Favorite Device

Let’s start with Mobile Device Security. Hackers are shifting their focus and resources to mobile devices. They recognize that a user’s life is virtually encapsulated on his/her mobile device. From contacts and email to documents, passwords and banking apps, mobile devices now hold as much as or more personal information than PCs or laptops. And most devices do not have anti-virus/malware software installed.

Just last Friday, Apple released a critical update to its iOS 7 operating system after a flaw was identified that could give an attacker with a privileged network position the ability to capture or modify data in sessions protected by SSL/TLS (aka public key encryption). Following that announcement, researchers at a cyber security firm (FireEye) published a proof of concept for a surveillance app that, if created and distributed by hackers, could capture every tap on an iPhone’s screen. The information captured, including passwords and credit card numbers, would be accessible to the attacker. These are just two examples of the cyber security threats facing mobile devices. Users need to be aware that these threats exist and practice smart computing on all devices.

Categorized under: Security  Hedge Fund Due Diligence  Hedge Fund Operations  Infrastructure  Trends We're Seeing 



2013 Benchmark Study Reveals Top Hedge Fund Applications

By Emma Howie,
Thursday, December 19th, 2013

The results from our Global Hedge Fund Technology and Operations Benchmark Study are in and here is a snapshot of the 2013 findings. You can find the complete report here. We surveyed 538 buy-side firms across the United States, UK and Asia in order to discover their front, middle, and back office technology and application preferences. 

Respondent Profile

Hedge Fund Technology Use Report Image

All survey respondents fell into the following categories within the financial industry: hedge fund (60%), asset/investment manager (13%), private equity firm (8%), fund of hedge fund (5%), non-financial firm (5%), advisory firm (1%), broker dealer (1%), venture capital firm (1%), quant fund (1%), or ‘other’ (3%). 

The firms resided in three different asset classes: 30 percent reported their AUM as $100 million and under; 32 percent fell between $101 and $500 million; and 38 percent reported over $500 million in assets under management.

In regards to investment strategy, long/short equity continues to dominate as the most favorable with 45 percent of respondents reporting this to be their primary investment strategy.  Other preferred strategies include fixed income (8%), credit (7%), global macro (6%), emerging markets (6%), distressed debt (5%), and event driven (4%). The top prime brokers employed by firms in 2013 are Goldman Sachs, Morgan Stanley, Credit Suisse, JP Morgan and UBS (same as last year).

Now let's look at front, middle and back office applications most commonly used at hedge funds. 

Categorized under: Hedge Fund Operations  Launching A Hedge Fund  Cloud Computing  Hedge Fund Due Diligence  Communications  Outsourcing  Software  Trends We're Seeing 



View earlier posts in the archive

Recent Posts / All Posts

 

Subscribe to Hedge IT

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Recent Articles

Categories

Archives