Yesterday, we hosted a webinar called “A Checklist for Starting a Hedge Fund in 2015,” which focused on structure and strategy considerations for hedge fund startups as well as focus areas for your technology infrastructure and cybersecurity systems. Marni Pankin, partner at Marcum LLP, and Vinod Paul, managing director at Eze Castle Integration, shared their expert knowledge on what they consider to be the top priorities for hedge fund startups in 2015.
Pankin started with a checklist of her own, including what an emerging manager should look for when launching a new firm. We'll cover Eze Castle's portion of the webinar in Part Two next Tuesday, May 26th.
Categorized under: Launching A Hedge Fund Cloud Computing Disaster Recovery Security Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing
We were honored to be invited to participate in an exciting event in Boston recently hosted by KPMG. The event, Hedge Fund Symposium 2015, featured a lively panel on cybersecurity to kick off the afternoon. Featuring speakers from Eze Castle Integration, Morgan Lewis and The Baupost Group, the panel discussed the changing cybersecurity landscape for hedge funds and alternative investment firms and shared best practices on how to mitigate risk in this evolving climate. Following are some of our favorite highlights from the event.
Malware is seemingly the most common threat to financial firms and can infect a firm’s network as a result of improper use of removable storage media (USB devices), opening of suspicious hyperlinks and attachments or more advanced ransomware technology (think Cryptolocker virus).
Spear-phishing and social engineering campaigns are also extremely prevalent and can cripple even the most technology-savvy firm. Ultimately, these campaigns are best prevented through proper user training and awareness around information security.
We love showcasing our work with clients and one such client is Astellon Capital Partners who selected the award-winning Eze Private Cloud for all of its IT needs. Astellon moved to the Eze Private Cloud because of Eze Castle Integration's leadership role in bringing cloud services to the investment community, as well as its ability to deliver the high performance, applications and exceptional user experience the investment firm demands.
Established in 2011, Astellon Capital Partners is a twelve user alternative investment manager based in London focusing on European event-driven value-investing with a particular focus on German-speaking countries.
Davi Vieira, head of operations at Astellon Capital Partners, said, "Our move to the Eze Private Cloud was born out of the need to have a secure, reliable and institutional-grade IT platform that matches our focus on implementing strong financial, operational and infrastructure controls. Eze Castle Integration is the driving force behind the adoption of cloud services in the hedge fund industry and the optimal partner to help us run our business for many years to come."
At Eze Castle Integration we see thousands of due diligence questions about hedge fund technology and operations each year. The questions around security are getting more specific with investors wanting details about each layer of a firm’s security stack.
A new question we’ve seen pop up one or twice centers around whether a firm’s online systems have undergone an ethical hack. So what is ethical hacking and how is it different from penetration testing?
What is Ethical Hacking?
Going back to our trusty security dictionary, SearchSecurity defines ethical hacker (aka white hat hacker) as a “computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker [aka black hat hacker] could potentially exploit.”
The increased focus on all things cybersecurity related – cyber-attacks, cyber warfare and cyber terror – has even led to the creation of a Certified Ethical Hacker (CEH) designation, which hacking pros can earn by completing online courses offered by the EC-Council.
In its 2015 priorities, the SEC’s Office of Compliance Inspections and Examinations (OCIE) listed cybersecurity as a key focus area in its risk-based assessments. Then on February 3, 2015, OCIE released summary findings from its Cybersecurity Examination Sweep.
OCIE’s sweep focused on written documentation for their assessment and conducted "limited testing" of the accuracy of the responses. They did not review the technical sufficiency of the firms’ programs either. OCIE’s reliance on documentation highlights the importance of complete Written Information Security Policies.
Following are noteworthy items Eze Castle Integration observed in reviewing the findings.
Most firms adopted written information security policies, but 43% of advisers did not conduct periodic audits to determine compliance with these information security policies and procedures.
49% of advisers did not discuss mitigating the effects of a cybersecurity incident and/or outline the plan to recover from such an incident in their written business continuity plans.
The vast majority of examined firms conduct periodic risk assessments, on a firm-wide basis, to identify cybersecurity threats, vulnerabilities, and potential business consequences. However, only 32% of advisers require cybersecurity risk assessments of vendors with access to their firms’ networks.
In the Written Information Security Plans (WISP) Eze Castle Integration creates for clients, we include service provider risk assessments as a standard element.
Winter Weather Preparedness: Considerations for Keeping Your Firm and Employees Operational This Winter
Anyone who lives in a region that regularly receives snow knows (and expects) that every winter brings the potential for experiencing disruption, delays, cancelations and closures to roads, buses, trains, boats and subways that transport people to and from work. (If you’re in the Boston area, you’re experiencing this today with the MBTA shutting down all rail service to clean up from more than 70 inches of snow in the last three weeks.) Snow storms don’t just affect transportation though; weather events can cause power outages, force evacuations, impact deliveries, and as we saw recently with Winter Storm Juno, can cause entire states to ban travel.
Impacts of heavy snow if traveling to work
Let’s consider some of the issues firms can face even if a travel ban isn’t in place and employees must attempt to make their way to the office.
Most people who commute to work know that adverse weather can have a major impact on their travel to and from the office. Regardless of the manner of transportation (car, rail, subway, boat, bus, etc.), all will most likely experience delays and present challenges for commuters during a snow storm. Delays, breakdowns, cancellations, and longer commuting times are very common throughout a storm and can still impact travel days after a storm concludes, leaving employees largely unable to work effectively if at all.
HFMWeek Catches Up with Eze Castle Integration’s Managing Director, Vinod Paul, To Discuss How Technology Can Help Tackle the Challenges Facing Hedge Fund Start-up Firms.
HFMWeek (HFM): Are you seeing a healthy market for new hedge fund launches in the US?
Vinod Paul (VP): 2013 and 2014 were very strong years for start-ups in the US. Our US pipeline is also quite healthy for 2015 in terms of start-ups, which is a little different to Europe, where there aren’t as many launches. In terms of overall US business, 50% of the clients we brought on in 2014 were start-ups; this is up from 40% in 2013. There are several factors that have contributed to this, some that we cannot control, such as how the wider market performs. Institutional money coming back into the market is causing some of the start-up activity. Many of the start-ups we have been able to bring on were funded by larger institutions. HFM: How are today’s start-up funds different than those from five years ago?
If you’re a loyal Hedge IT reader, you may remember we highlighted a few simple dos and don’ts a few months ago that, when utilized, can go a long way in shoring up your firm’s security. To make it easy, we’ve put these tips together into a video. Take a look below and discover a vast range of security tips and tricks from email encryption to proper security measures for protecting computers and mobile devices.
Less than ten short years ago, Eze Castle Integration saw a shift in the market and gap in the cloud space. Firms had to hire multiple third-party vendors to fully outsource their IT needs, public cloud environments fell short of hedge fund security demands and service level contracts varied drastically. Fast-forward to today, and that very same spark of ideation has progressed to completely revolutionize hedge fund IT. In the spirit of Throwback Thursday, today we're reflecting on the journey and growth of our very own Eze Private Cloud.
In 2005, Eze Castle built and deployed the first hosted cloud platform for a large hedge fund based in New York City. By 2007, 18 funds spun out from the initial firm, each selecting Eze Castle as their trusted cloud platform provider. The following year, the company began building the foundation for the Eze Private Cloud. The same year marked the opening of Eze Castle’s hedge fund hotel in New York City. The environment, which supported more than 200 users, united the company’s cloud computing platform and fully managed office suites for startup funds.
As hedge funds and investment management firms shore up security practices in an effort to comply with the SEC cybersecurity expectations and other industry and investor standards, it can become overwhelming to sort out what's required and how firms should go about achieving compliance. It can also be easy to make mistakes. We asked Eze Castle's Business Continuity and Data Privacy Manager, Lisa Smith, to tell us about some of the common information security mistakes she witnesses firms make and how to avoid them in the future. Here are some of the key questions Lisa answers:
Where are you seeing the most deficiencies in cybersecurity preparedness?
What goes into an effective Written Information Security Plan?
What common mistakes do you find firms are making when it comes to information security safeguards?
Take a look at Lisa's answers!