Technology innovation and evolution has had a profound effect on many jobs, perhaps most notably for a firm’s Chief Technology Officer. Once tasked with desktop support and server maintenance, these IT executives have seen their job descriptions change dramatically over the years. But that change doesn’t necessarily signal something negative.
Our Private Equity CTO Survey asked these technology experts directly how they spend their time and what they view as the new and evolving role of the private equity CTO. Their answers highlight a transformative shift from technology troubleshooter to strategic thinker.
With the advent of outsourcing and the cloud, many feared or expected the CTO role to diminish. So perhaps the most notable finding of our survey is that 93 percent of respondents believe their firm’s CTO or top IT executive is becoming more important to their business. The vast majority of private equity IT execs are becoming more focused on managing relationships with contractors, cloud and other IT service providers. This increased focus is in alignment with the trend of today’s progressive CTOs drawing on cloud technology to create agile firms that can quickly deliver the applications users require – and working hand-in-hand with outsourced providers to support the organization’s technology and operations objectives.
Most firms (85 percent) also see the CTO becoming more involved in driving the firm to meet regulatory and compliance demands. This is especially true as regulators outline data protection and cybersecurity expectations that can only be fully addressed through the use of technology. Additionally, regulators’ expectations around third-party due diligence has increased, placing more responsibility on CTOs to execute thorough risk assessments on the contractors, cloud, software and IT service providers used by the firm.
It’s time to take another close look at the results of our 2016 Private Equity CTO Survey, this time with a careful eye on how private equity firms are leveraging outsourcing and cloud services.
Private equity outsourcing is growing in popularity – and we discussed many of the reasons why at length in a September webinar which you can listen to here. Our survey findings tell us that the average private equity firm is outsourcing about 30 percent of IT, with of course, some firms outsourcing less frequently and some outsourcing more.
On the whole, most firms are leveraging outsourced third party providers for between 20 and 40 percent of their IT functions. Firms managing less than $100M in assets are the most likely to outsource greater portions of their IT services, likely given their lack of internal staff and resources.
Overall, firms’ propensity to manage technology via in-house resources, outsourced providers or contract work is expected to stay consistent in 2017, as evidenced by the graph below.
As you probably recall, our 2016 Private Equity CTO Survey – which we released at the end of November – highlights key IT priorities and investment areas driving private equity firms in 2017. And while we shared some high-level findings at the outset, we’d like to take the opportunity to dig a little deeper into some of the survey results over the next two weeks. Since the survey itself covered four primary areas, our next four Hedge IT articles will examine each of these areas independently and highlight some of the most interesting and thought-provoking findings.
To kick us off, let’s start by taking a look at some critical business priorities for private equity firms in 2017.
Drivers for Private Equity IT Investments
We all know and appreciate how technology can impact our day-to-day operations. For private equity firms, advances in technology have enabled their businesses to become more efficient and drive growth across the entire organization.
When asked to identify the top drivers impacting IT spend in the next 12 months, survey respondents highlighted the need for increased protection against growing cybersecurity threats, a desire to improve the investor/client experience, and the goal of improving efficiencies by refreshing outdated or legacy technology.
2017 is quickly approaching and so are a plethora of new financial technology and operations articles here on Hedge IT. As we wrap up 2016, let’s take a look back and share some of our readers’ favorite articles from this past year.
Tips for launching a hedge fund are always popular on Hedge IT, and 2016 was no different. Earlier this year, Eze hosted a webinar featuring speakers Paul Schultz from Wells Fargo, Michael Mavrides from Proskauer Rose LLP, and Bob Guilbert from Eze Castle Integration. A few key takeaways from the 1-hour event include:
Understand that investors will expect enterprise-grade technology built in from Day 1.
Remember the advantages of the cloud: a predictable cost, flexibility and scalability (“tech on demand”), enterprise security, and professional management and monitoring.
Compare both the benefits and disadvantages of a “master fund” versus a “side-by-side” structure (e.g. the master fund allows for one set of books and trades, while the side-by-side structure allows for more tax flexibility)
Show investors that you have a 3+ year budget for working capital without any performance fees.
2017 is already shaping up to be an interesting year. With a new presidential administration taking office and the hedge fund industry coming off the heels of a challenging year, there’s a lot to keep an eye on. We recently hosted a panel with law firm Morgan Lewis to discuss these and many other topics as part of our “2017 Outlook for Hedge Funds: Risk, Regulation and Technology” event.
Read on for some of our panel’s key takeaways.
2017 Regulatory Outlook
While little is known about how a Trump presidency will operate, there could be potential tax savings for managers depending on how the administration chooses to regulate Wall Street.
Firms should expect to see reforms with the Dodd-Frank Act and the Volcker Rule, which could add more competition into the marketplace if limits on bank investments are adjusted.
SEC Focus Areas
Top six areas of focus for the Securities & Exchange Commission will likely be: (1) expenses and fees, (2) trade allocation, (3) material non-public personal information, (4) valuation processes, (5) operating partners and due diligence, and (6) security, privacy, insider trading and business continuity.
Cybersecurity is not necessarily part of every SEC examination, however, the bar will continue to be raised in terms of preparations firms will need to employ.
In 2016, the SEC provided additional guidance on business continuity and transition plan requirements, highlighting the need for hedge fund and financial firms to maintain their fiduciary responsibility to their clients and investors.
Categorized under: Security Cloud Computing Disaster Recovery Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Outsourcing Infrastructure Business Continuity Planning Trends We're Seeing
Our 2016 Private Equity CTO Survey is packed with insights across four primary areas: business priorities, cybersecurity, outsourcing trends and the evolution of the private equity CTO. These findings include:
70% of PE firms report their organizations have experienced 3 or more cybersecurity issues in the past 12 months
Nearly 90% of respondents identified cloud computing as a planned investment area, with respondents preferring private cloud solutions over the public cloud.
93% of survey respondents believe their firm’s CTO or top IT executive is becoming more important to their business
Checkout out our infographic (below) for a picture of our findings and download the full report here: www.eci.com/pesurvey.
The tide is changing for private equity firms. They continue to grow in popularity – some say private equity is the new hedge fund – but with increased interest comes amplified speculation and heightened expectations.
In technology, private equity firms have found a fierce enabler for continued growth, and one that has shone the light on organizational benefits to be had far beyond the IT closet.
Eze Castle Integration commissioned its Private Equity CTO Survey to more closely examine the evolution of the private equity industry as driven by – and driven to – technology. In reaching the top IT executives and chief technology officers (CTOs) at these firms, the survey highlights their priorities, successes and even failures, and in doing so, sheds light on this industry that has risen to the forefront of the greater financial community.
Our Private Equity CTO Survey encompasses four primary sections: business priorities, cybersecurity, outsourcing trends and the evolution of the private equity CTO.
If one thing is to be derived from the advent of information technology, it is that IT enablement extends well beyond the recesses of the Communications Room. Accordingly, technology decision-making is also impacted by an organization’s business objectives, and the two work in alignment to derive achievements across the firm. In this section of the survey, we’ll highlight areas where business goals have impacted IT budgets and where private equity firms plan to focus their attention in the coming year.
Due to changes in the cyber security landscape, traditional firewalls on the port level are no longer effective at managing traffic. Malicious traffic has the capacity to enter any open port, which provides great risk to firm security. Next-generation firewalls work further than port-based firewalls by adding application inspection and intrusion prevention. Next generation firewalls have the ability to scan traffic as it enters and leaves the network, therefore stopping potential threats.
Eze Castle Integration is increasingly implementing Palo Alto next-gen firewalls for our hedge fund and alternative investment firm clients. Palo Alto is not only a next generation firewall but it is also the market leader based upon ratings, support, pricing and overall performance. A Palo Alto firewall has the ability to detect what traffic is doing and immediately stop threats from spreading by distributing protection.
Unknown traffic is analyzed by Palo Alto Wildfire, where new threats are identified and protections are simultaneously developed. Upon the discovery of an unknown threat, the threat is not only blocked but updates are sent to all global subscribers within five minutes to be able to stop them from spreading. Due to this feature each threat and its variants are blocked without having to go through the analysis process again. Through Wildfire information is also fed through a filter which allows for automatic blocking of any correlated threats.
Older port-based models do not detect what traffic is doing, therefore allowing threats to port hop until they find an open port in which they can enter. Viruses are not port specific and can therefore utilize any port. Without analyzing what traffic is doing threats can easily bypass a port-based model.
The current threat landscape is such that security threats are more likely to arise from within your network as opposed to external sources. Internal users opening malicious emails or becoming victims of phishing schemes are now preferred methods for attackers. The next generation capabilities of the Palo Alto firewalls allow for deep application level inspection to detect and thwart these threats from opening backdoors to your network.
Additional Advantages of Next Generation Firewalls
All-in-one functionality: Next-generation firewalls bundle traditional firewall functionality with intrusion prevention, antivirus and protocol filtering.
On occasion, hedge fund C-level execs don’t see eye to eye. It’s inevitable. One such topic of occasional discord is outsourced IT. Chief technology officers (CTOs), for example, are immersed in every level of technology, from applications to security to disaster recovery, and they have a vested interest in concerns from user experience to business continuity and beyond.
Meanwhile, chief financial officers (CFOs) must focus on the bottom line, factoring in the cost-benefit of new technologies and projects. Elsewhere in the C-suite, the chief operating officer (COO) is looking at opportunity costs and asking key questions including if the CTO is managing day-to-day IT “plumbing,” which strategic projects are getting pushed aside?
Following is an excerpt from a whitepaper we recently published looking at various C-level perspectives on IT outsourcing – including where certain executives may differ on its value, where those same executives can agree, and ultimately why outsourcing IT and using the cloud sets alternative investment firms up for success. DOWNLOAD THE FULL PAPER HERE.
The cloud point-counterpoint
Based on investor comfort, the SEC’s increased scrutiny of cybersecurity practices and the impact of legislation like the Dodd-Frank Act, moving to private cloud services seems like a no-brainer. The cloud creates a far more cost-efficient and effective way for alternative investment firms to improve security and manage day-to-day IT demands. So why the conflict between CFOs/COOs and CTOs?
Total Control Comes with Risks
One reason for the conflict is that CTOs want to retain control, and understandably so. Outsourced security measures may seem opaque compared to the control they impart – it is tempting to believe that no third party could be as invested in system resiliency (i.e. disaster recovery) and security as the firm itself.
The reality is that most CTOs are so tasked for time and money that they cannot maintain complete control over their environments. The burden of ensuring continuous, reliable and secure operations is difficult even for large enterprises that have vast time and budgets and potentially unsurmountable for smaller teams. Often only the largest firms can adequately invest in and manage the layers of security necessary to defend against growing cybersecurity threats.
In seeking to retain control, CTOs are limiting their options. Embracing the idea of cloud-based services expands the CTO’s team, provides greater redundancies and enables more cost efficiencies. Most importantly, it lets the CTO focus on priority IT projects that enhance and improve the company’s bottom line.
CTO’s Role is Evolving
Procuring, maintaining, testing and upgrading adequate technology on-premise is out of reach for most alternative investment firms. It is also becoming an antiquated strategy. Today’s progressive CTOs are increasingly drawing on cloud technology to create agile firms that can quickly deliver the applications users require.
CFOs/COOs must recognize the valuable business knowledge and insights the CTO can insert into functions including risk management, product development, operations and innovation. CTOs must understand where they can deliver functional results and utilize the cloud as an IT-enabler for the firm.
As the CTO’s role evolves, so does the entire IT team. Too often in-house IT teams are allocating valuable time to reacting to IT issues and troubleshooting rather than proactively solving user issues or addressing regulatory mandates.
Outsourcing Has a Track Record
CFOs and COOs have the advantage of positive experiences with outsourcing. Many have used third-party providers for functions like payroll, accounting or even hiring, so it’s not surprising that they tend to be more comfortable with bringing in cloud service providers to deliver more efficiencies and dedicate focus to revenue-producing activities.
To wrap up and round out our 6-week Risk Outlook Webinar Series, we spoke with John Cotronis, Executive Director at JP Morgan, about hedge fund risk management and governance. Specifically, he addressed the following questions:
What have you observed in recent years in terms of changes affecting hedge funds – particularly at the startup phase?
Have you noticed a marked shift in the importance managers are placing on risk?
Do the firms you typically engage with have staff on hand to manage risk – compliance officers, etc.?
In terms of corporate governance, where do you see investment firms excelling when it comes to implementing risk management controls and also fostering a culture of risk management across the firm?
Let’s talk a little bit about counterparty risk. What kind of criteria are you looking for that indicates to you a provider has the right risk management framework and best practice structure to support your clients?
A lot has gotten tougher for firms, particularly on the investment side with capital raising, also with regulatory reporting, etc. What areas of operations do you think have gotten easier for hedge funds over the years?
What is your assessment of outsourcing risk – is it higher or lower than managing various functions in-house?