The following article is from guest contributor Raj Bakhru, CFA, Chief Executive Officer at Aponix Financial Technologists.
At Aponix Financial Technologists, we often find ourselves speaking to our clients about the risks around USB storage device access of external drives or USB keys. While convenient file transfer tools, they can also be quite dangerous to a firm's operations. Our arugment for blocking access historically has been two-fold:
Intellectual Property (IP) concerns: It's obviously very easy for confidential or proprietary data to leave the firm via USB keys.
Malware concerns: It's easy for infected malware to enter the firm via files existing on a USB key brought from home or other unmanaged or unprotected systems.
Earlier this month, though, the "BadUSB" exploit was released to the public. A few months ago, white hat (ethical) hackers demonstrated that USB key firmware could be overwritten and effectively sabotaged to allow the USB key to perform some very malicious actions, e.g. taking control of the computer's mouse and keyboard, among other things. USB keys affected by this exploit become weapons of destruction and data breaches, and, as the hackers demonstrated, the malicious code can be extremely well-hidden on the USB key. In fact, given the exploit resides on the USB key's firmware, deleting all the contents of the USB key has no impact on removing the malicious code. It is currently unknown how many USB devices suffer from this vulnerability, but the expectation is that it will be years before device manufacturers correct devices and the existing vulnerable devices are no longer in use.
Categorized under: Launching A Hedge Fund
We are excited to be sponsoring the 2014 EzeSoft Client Conference later this week in Boston. For those of you who aren’t familiar, Eze Software Group is the owner of the order management system, Eze OMS, which is frequently used by hedge funds and asset managers across the globe.
As a preview to this week’s conference, we thought we’d dial it back to basics a little and explain exactly what an order management system is and why it’s a critical piece of software for many investment management firms today.
On our recent Hedge Fund Marketing and Due Diligence webinar we looked at how the hedge fund investor due diligence process is evolving especially in terms of scrutiny on technology processes and security safeguards.
The reality is that investors have a greater understanding of technology, are asking more probing questions and care about the responses they receive. We’ve even heard investors say that deficiencies in IT infrastructure and security contributed to the decisions to redeem from or not invest in a fund.
So at Eze Castle Integration we regularly assist our hedge fund clients in completing the IT portions of investor due diligence questionnaires. The wording of questions varies but here is a handy list of 51 common IT due diligence questions we see.
Provide an organization chart for the Company, its affiliates and key personnel.
Provide the physical address and general contact information for each of the Company’s office locations.
Provide the name and contact information of the Company employee(s) assigned to the client’s account(s).
Provide a list of compliance personnel, their roles and qualifications, the date of his/her appointment and position within the Company’s organizational structure.
As more and more firms compete for investor attention and allocations across the financial services industry, differentiation becomes a critical consideration. And the promise of positive returns is not always enough to secure investments in today's competitive marketplace. Now more than ever, investment firms must push the boundaries in an effort to impress and satisfy new and existing investors and emerge as premier firms. Two ways in which firms can deliver on this are through marketing and technology.
Last week, Eze Castle collaborated with Meyler Capital, a hedge fund marketing firm, to deliver a webinar on Hedge Fund Marketing Tips to Impress Investors and Raise Capital. Scroll down to watch the full replay or continue reading our brief recap.
We’ve tapped the expertise of nine experts in the hedge fund startup space to share their thoughts on a range of topics specific to emerging hedge fund managers. Below are some highlights, and you can read the entire Emerging Managers Insight Series eBook here.
Set a realistic schedule to launch and don’t rush to get the hedge fund up and running too quickly. Take the time to partner with the right service providers that will support your business from the start and as you grow.
Budget for a marketer in your first two years of operation. If you look at the largest funds in the industry, they all have substantial investor relations teams that keep current investors informed while prospecting for future investors.
Capital introduction is a much sought after service from prime brokers which can be very helpful in providing a new hedge fund exposure to potential investors. Take advantage of introductions and begin to build relationships with potential investors.
Last week our SVP of client technology, Steve Schoener, presented at a hedge fund due diligence event on the topic of protections in the cloud.
Since cloud security and ensuring a hedge fund’s data is protected is such a hot topic we thought we’d share his presentation. In a nutshell, the presentation looks at the layers of security that should be built into a cloud environment, which includes deep and detailed practices around:
Principle of Defense in Depth
Principle of Least Privilege
Audit & Logging
Secure User Authentication Protocols & Encryption
Check out the complete presentation for more details:
We all make mistakes, but when it comes to technology and hedge fund operations, mistakes aren’t an option. So let’s look at seven common cloud mistakes we see hedge fund firms making and talk about how to avoid them.
Mistake #1: Not Sizing Bandwidth to Business Needs
Determining the right amount of bandwidth comes down to the types of services being delivered and user expectations. Nothing ruins a cloud or really any computing experience like sluggish application and Internet performance.
Beyond bandwidth, firms must also consider latency. While latency issues don’t impact all applications (i.e. email is relatively insensitive) for others it is a killer. Latency has little place in trading applications or voice over IP services. When moving to the cloud, have a realistic conversation with the hedge fund cloud provider about the amount of bandwidth your firm really needs.
Mistake #2: Not Planning for Applications
Not all cloud platforms are equal especially when it comes to supporting hedge fund specific applications such as Order Management Systems or Portfolio Accounting Systems. While a hedge fund may not launch day one with one of these applications, there is a good chance they will require one in the future. To help mitigate future growing pains a hedge fund should plan for the future when evaluating cloud providers. Being shortsighted can result in future disruptions and integration pains.
If there’s one thing we’ve learned over the years when it comes to security, it’s that there’s a whole lot more to creating a secure hedge fund (or any business for that matter) than robust technology. Before identifying infrastructure components and implementing operational policies, a firm must first be clear on what its attitude is toward security. This attitude will filter through the company from the top down, and will therefore dictate how employees and the business as a whole operate on a daily basis.
To give you a clearer understanding of what we mean, we’ve created three security profiles that cover a wide spectrum in terms of security attitudes and practices.
Under the Radar: Low Security
If you’re attitude toward security is low, odds are you’re barely scraping the surface in terms of what practices and policies you should be employing to maintain proper security firm-wide. You likely rely on quick fixes to solve problems instead of looking at the bigger picture and thinking strategically about how security can both benefit and protect your business. You’ve employed minimal preparedness efforts and could be in for a difficult task if faced with a serious security incident. You probably take a “it won’t happen to me” attitude and don’t take security seriously enough – a stance that could endanger your firm in the long term.
Categorized under: Security Launching A Hedge Fund Cloud Computing Disaster Recovery Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing Videos And Infographics
Voice over IP has come a long way especially in the business world, but many investment firms still have hesitations about making the switch. In honor of our recently enhanced Eze Voice service, which runs over the Eze Private Cloud Network, we decided to tackle five common myths about Voice over IP.
MYTH 1: Poor Call Quality – Everyone will know I’m on VoIP
Call quality is a key concern and can be impacted by a number of items including the network, available bandwidth and even the type of phones being used. However, a well-designed business-caliber VoIP system can deliver quality of service comparable to an in-house phone system. In business settings, where calls are made over private IP connections, Quality of Service (QoS) can be monitored and guaranteed because the entire IP connection is controlled by the party making the call.
When evaluating VoIP services, it is important to inquire about the underlying network and how voice traffic is prioritized and routed. You want a provider that has full control over network traffic and can ensure high quality of service. For added confidence, ask to speak with existing VoIP customers (over the phone!) to hear about their experiences first-hand.
MYTH 2: VoIP is Unreliable – I’ll Experience Downtime
A natural extension of the call quality concern is the reliability concern. While consumer-grade VoIP services work over the Internet to deliver low cost services, Business-grade VoIP services often use the Internet as a backup and have private IP point-to-point lines for primary connections. If Internet is the primary transit, be sure you are working with a VoIP provider who manages the entire network and has control over traffic prioritization. In most cases you want to ensure voice traffic takes precedent over data or travels on a different network.
We are excited to debut our newest video that explains why the network powering a cloud service matters and should be evaluated closely.
As background for why we created this video, in today’s interconnected financial world, investment firms have global interests and a global presence, making fully on-premise IT infrastructure a way of the past. Cloud service providers have a variety of capabilities, each designed to serve a specific set of needs, which makes it crucial for businesses to critically evaluate the network behind a cloud and what it can deliver. Not all clouds are created equal.
Our ECI Link Financial Network is a global private cloud network built for the financial industry. With data centers in the US, UK and Asia, it enables organizations to efficiently leverage a single provider for all their global infrastructure needs.
Now on to the video -- let us show you why ECI Link is THE single converged network built to power today’s buy-side firms' trading operations.