Eze Castle Integration

Hedge IT Blog

Preparing for Ebola: A Review of the Outbreak, its Economic Impact, and Business Continuity Considerations

By Matt Donahue,
Thursday, October 23rd, 2014

This year’s outbreak of Ebola in West Africa is the worst that has ever been recorded. The disease typically occurs in outbreaks in tropical regions of Sub-Saharan Africa. In the short span of a year, the virus, which is affecting Guinea, Sierra Leone, Liberia and Nigeria, has resulted in nearly 3,500 deaths.

In this article, we will look at where this outbreak started and the economic impact it has had both in Africa and internationally. We will also highlight the issues that businesses need to consider as this epidemic continues to expand.

Where Did Ebola Come From?
A report published in the New England Journal of Medicine suggests that Ebola’s Patient Zero (the initial patient of an epidemic) was most likely a 2 year-old boy living in southern Guinea. Unfortunately, the boy became very ill and died on December 6th 2013. Several close relatives died shortly thereafter. After the funerals, some of the attendants became ill. Following established patterns of close contact with the sick, the disease began spreading to other villages, then across the borders into Liberia and Sierra Leone. It wasn’t until March 2014 that the international aid agency MSF (Doctors Without Borders) became aware of the new Ebola outbreak and immediately got involved. In early August, the World Health Organization (WHO) declared “an international public health emergency”. On September 30th, the first case of Ebola was diagnosed within the United States.

At this time, the CDC is making both “best-case scenario” and “worst-case scenario” predictions of the total number of cases expected through January 1st 2015. Unfortunately, the predictions range from 11,000 to well over 1 million cases.

Categorized under: Business Continuity Planning  Trends We're Seeing 



The Danger of USB Keys: Weighing Security and Convenience

By Raj Bakhru, CFA, Chief Executive Officer, Aponix Financial Technologists,
Tuesday, October 21st, 2014

The following article is from guest contributor Raj Bakhru, CFA, Chief Executive Officer at Aponix Financial Technologists. USB Key

At Aponix Financial Technologists, we often find ourselves speaking to our clients about the risks around USB storage device access of external drives or USB keys. While convenient file transfer tools, they can also be quite dangerous to a firm's operations. Our arugment for blocking access historically has been two-fold:

  1. Intellectual Property (IP) concerns: It's obviously very easy for confidential or proprietary data to leave the firm via USB keys.

  2. Malware concerns: It's easy for infected malware to enter the firm via files existing on a USB key brought from home or other unmanaged or unprotected systems.

Earlier this month, though, the "BadUSB" exploit was released to the public. A few months ago, white hat (ethical) hackers demonstrated that USB key firmware could be overwritten and effectively sabotaged to allow the USB key to perform some very malicious actions, e.g. taking control of the computer's mouse and keyboard, among other things. USB keys affected by this exploit become weapons of destruction and data breaches, and, as the hackers demonstrated, the malicious code can be extremely well-hidden on the USB key. In fact, given the exploit resides on the USB key's firmware, deleting all the contents of the USB key has no impact on removing the malicious code. It is currently unknown how many USB devices suffer from this vulnerability, but the expectation is that it will be years before device manufacturers correct devices and the existing vulnerable devices are no longer in use.

Categorized under: Launching A Hedge Fund 



Four Signs It's Time to Break up with Your IT Provider

By Kaleigh Alessandro,
Thursday, October 16th, 2014

Broken HeartIn any relationship, when things are good, they’re usually pretty good. And when things are bad, sometimes they are really bad. There may come a point when you need to evaluate whether you’re still a good fit together.
 
Just like with a romantic relationship, your firm’s connection to a service provider (especially an infrastructure/cloud provider you rely on daily) should be strong enough to withstand a few hiccups and healthy enough to warrant open communication at all times. In some cases, it might be clear that you’re in a good place and moving forward together, but sometimes there are sure signs it’s time to call it quits.
 
Here are a few of those signs:

1. Your provider’s service levels are not up to snuff.

Maybe you recently experienced a major service outage or find that you not-so-conveniently have to work around confusing and interrupting maintenance schedules during work hours. You’re constantly frustrated and don’t feel like you are receiving the level of support that was agreed to – both verbally and as part of your Service Level Agreement (SLA).

Your SLA should clearly indicate the uptime standard (e.g. 99.995% availability) as well as repercussions to any breaches in the contract (for example, service credits) and associated RPOs if disaster recovery is involved

Categorized under: Cloud Computing  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Help Desk  Infrastructure  Communications  Outsourcing  Trends We're Seeing 



Back to Basics: What is an Order Management System (OMS)?

By Kaleigh Alessandro,
Tuesday, October 14th, 2014

Eze Software GroupWe are excited to be sponsoring the 2014 EzeSoft Client Conference later this week in Boston. For those of you who aren’t familiar, Eze Software Group is the owner of the order management system, Eze OMS, which is frequently used by hedge funds and asset managers across the globe.
 
As a preview to this week’s conference, we thought we’d dial it back to basics a little and explain exactly what an order management system is and why it’s a critical piece of software for many investment management firms today.

Categorized under: Software  Launching A Hedge Fund  Cloud Computing  Hedge Fund Operations  Communications  Outsourcing  Trends We're Seeing 



51 Hedge Fund IT Due Diligence Questions You Can Expect From Investors

By Mary Beth Hamilton,
Thursday, October 9th, 2014

On our recent Hedge Fund Marketing and Due Diligence webinar we looked at how the hedge fund investor due diligence process is evolving especially in terms of scrutiny on technology processes and security safeguards. 

The reality is that investors have a greater understanding of technology, are asking more probing questions and care about the responses they receive.  We’ve even heard investors say that deficiencies in IT infrastructure and security contributed to the decisions to redeem from or not invest in a fund.

So at Eze Castle Integration we regularly assist our hedge fund clients in completing the IT portions of investor due diligence questionnaires. The wording of questions varies but here is a handy list of 51 common IT due diligence questions we see.

Organization

  1. Provide an organization chart for the Company, its affiliates and key personnel.

  2. Provide the physical address and general contact information for each of the Company’s office locations.

  3. Provide the name and contact information of the Company employee(s) assigned to the client’s account(s).

  4. Provide a list of compliance personnel, their roles and qualifications, the date of his/her appointment and position within the Company’s organizational structure.

Categorized under: Hedge Fund Due Diligence  Launching A Hedge Fund  Cloud Computing  Disaster Recovery  Security  Hedge Fund Operations  Trends We're Seeing 



Hedge Fund Marketing and Due Diligence: A Webinar Recap

By Charlene Haddad,
Tuesday, October 7th, 2014

Stand Out from the CloudAs more and more firms compete for investor attention and allocations across the financial services industry, differentiation becomes a critical consideration. And the promise of positive returns is not always enough to secure investments in today's competitive marketplace. Now more than ever, investment firms must push the boundaries in an effort to impress and satisfy new and existing investors and emerge as premier firms. Two ways in which firms can deliver on this are through marketing and technology.
 
Last week, Eze Castle collaborated with Meyler Capital, a hedge fund marketing firm, to deliver a webinar on Hedge Fund Marketing Tips to Impress Investors and Raise Capital. Scroll down to watch the full replay or continue reading our brief recap.

Categorized under: Launching A Hedge Fund  Hedge Fund Due Diligence  Hedge Fund Operations 



Cybersecurity Remains at the Forefront for Hedge Funds, Investment Firms

By Kaleigh Alessandro,
Thursday, October 2nd, 2014

This article first appeared in Hedgeweek's September 2014 Special Report on Risk Management.Thinking About Security

Cyber security has quickly become a headline risk for hedge fund managers. On 15 April 2014, the SEC issued its Cyber-Security Risk Alert, a detailed 26-point questionnaire that aims to address various elements of a hedge fund’s technical and operational infrastructure to determine how vulnerable it is to cyber attacks and data theft.

This initiative is being driven by the SEC’s Office of Compliance Inspections and Examinations. It will assess 50 individual firms and based on its findings will draft a set of final guidelines for hedge funds to adhere to. This is essentially a way to address ‘technology risk’ and implement best practices through documentation in the form of a Written Information Security Policy (WISP).
 
According to Assured SKCG Inc, an insurance advisory firm, 37 per cent of security breaches between 2012 and 2013 affected financial organisations. Hedge funds are a high profile target. Establishing a WISP and becoming as data secure as possible is critical.
 
At Eze Castle Integration, the phones haven’t stopped ringing as clients look to address any gaps in their IT infrastructure and operational policies. 

Categorized under: Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Trends We're Seeing 



NASAA Cybersecurity Report Recap: Our Favorite Graphics and Findings

By Katie Sloane,
Tuesday, September 30th, 2014

The North American Securities Administrators Association (NASAA) recently released survey results of cybersecurity practices of 440 registered investment adviser firms across nine states. The purpose of NASAA’s pilot project was to better understand cybersecurity practices of state-registered investment advisers, how they communicate with clients and what types of policies and procedures they currently maintain. Of those surveyed, 47% have assets under management of less than $25 million, 37% manage more than $25 million and 16% do not manage assets. In today’s post, we will share our favorite graphics and findings from the organization’s survey.   

Client Contact via E-mail and Use of Secure E-mail

NASAA's survey reported 92% of investment firms contact clients through e-mail and/or other electronic messaging and only 54% of that group utilizes secure email. While 14% were unsure, a staggering 30% responded that they did not utilize secure messaging whatsoever.

Hedge fund secure e-mail














 

Categorized under: Security  Business Continuity Planning  Software  Trends We're Seeing  Videos And Infographics 



Educate Employees About Cybersecurity: A Hedge Fund's Security Depends On It

By Mary Beth Hamilton,
Thursday, September 25th, 2014

The following article originally appeared last month on the Tabb Forum.

Cybersecurity is a hot topic -- and rightfully so -- as headlines tout new vulnerabilities or incidents with increasing frequency. In the fight to prevent attacks, technology safeguards are typically the focus. A firm must have layers of security that include, but are not limited to, anti-virus, firewalls, intrusion detection systems and Internet monitoring and reporting, as well as procedures that restrict and monitor access. 
 
However beyond technology, the role employees play cannot be underestimated. The reality is that employees can be one of a firm’s best lines of defense or weakest link. The deciding factor in which way it swings often comes down to access control policies and cybersecurity training.

Getting the Access Right

Employees require access to the data necessary to complete their job functions. But beyond that, firms should be limiting what data employees have access to. It’s not about not trusting your employees, but more so about not trusting the technology behind those employees. The less data employees can get to, the less damage can be done via an internal breach or external hack.

The SEC Cybersecurity Risk Alert issued in April 2014 highlights the importance of access control by asking about the controls a firm maintains to “prevent unauthorized escalation of user privileges” and how firms “restrict users to those network resources necessary for their business functions.”

Part of a firm’s cybersecurity planning must be defining how company data is protected, where it is located and who has and needs access. Once access levels are defined, they must be reviewed at least annually to ensure adherence firm wide.

Categorized under: Security  Cloud Computing  Hedge Fund Operations  Trends We're Seeing 



Apple to iPhone Users: Here's How to Protect Your Devices

By Kaleigh Alessandro,
Tuesday, September 23rd, 2014

Security has been THE topic of 2014 thus far and was amped up last week when many A-list celebrities’ phones were hacked and racy photos released. The hack was allegedly the result of an iCloud infiltration, prompting many Apple users to question the company’s privacy settings. In response, Apple CEO Tim Cook released a letter to consumers, and the company’s website will now feature a privacy section:
 

Apple CEO Tim Cook


Apple’s privacy site includes details on both the built-in security features within Apple devices as well as how users can manage their own privacy settings and tailor them to individual needs. Here is a brief snapshot of some security functions highlighted:

Built In Privacy

  • iMessages and FaceTime calls are protected with end-to-end encryption

  • iMessages and SMS messages are backed up to iCloud, but can be turned off by the user

  • All iCloud content is encrypted in transit and when stored (in most cases)

  • iCloud Keychain allows users to create strong passwords and stores them securely without giving Apple access

  • Safari blocks third-party cookies on all devices and offers private browsing

Categorized under: Communications  Cloud Computing  Security  Software  Trends We're Seeing 



View earlier posts in the archive

Recent Posts / All Posts