Eze Castle Integration Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Security

Managing Risk and Protecting the Private Cloud (Webinar Recap)

By Anna Wendt,
Thursday, April 23rd, 2015

In part two of our webinar series, Cloud Perspectives: How to Impress Investors, Security Pros & CXOs, Steve Schoener and Lisa Smith of Eze Castle Integration shared their expertise with regards to security infrastructure, policies and procedures in the cloud.Cloud Safe

Threat Landscape for Hedge Funds 

With security breaches and incidents reaching sophisticated levels, Schoener first addressed the evolution of the cybersecurity landscape for investment firms. In the past, hackers were often kids with too much time on their hands looking to create chaos for a period of time. Today, it has evolved into a business for educated hackers, conducting thorough research and drawing readily accessible information from the Internet to target individual firms as a way of making money.

Categorized under: Security  Disaster Recovery 



What Do Hedge Fund Investors Think of the Cloud?

By Kaleigh Alessandro,
Thursday, April 16th, 2015

It’s a question that many folks in the financial services industry have been asking for a few years now. Are potential investors comfortable with the idea of hedge funds leveraging cloud services? In Part 1 of our cloud webinar series, The Investor Perspective on Cloud and Security, we asked Ashley Gimbel, Senior Vice President at Dyal Capital Partners, to share her thoughts on evaluating the operational and infrastructure decisions of hedge funds and alternative investment firms and if investors are truly comfortable with the cloud. Click here or scroll down to watch the full replay of our conversation with Gimbel.cloud computing
 
The simple answer is ‘yes.’ According to Gimbel, investors are and should be at ease with hedge fund clients using cloud infrastructures to support their daily operations. In fact, she says, hosted infrastructures often make more sense for firms with little to no IT resources in-house.
 
With a few caveats, of course. Firms should ensure outsourced cloud providers have proper Service Level Agreements (SLA) in place and are conducting appropriate oversight of their provider(s). A few other technology must-haves:

  • Well integrated data and systems

  • Established policies and procedures

  • Comprehensive disaster recovery

  • Cybersecurity protections

Categorized under: Cloud Computing  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Outsourcing  Trends We're Seeing 



Cybersecurity and Hedge Funds: A Two-Way Street to Automaticity

By Mary Beth Hamilton,
Thursday, April 9th, 2015

As the frequency of cyber-attacks increases, so too do the maturity of attacks and their methods of prevention and remediation. Think of cybersecurity as a two-way street. One side is trying to deceive and breach, and the other is trying to protect, prevent and detect. The commonality is both are progressing towards automaticity.security lock

Cybercrime: The Evolving Chameleon

A common misconception about cyber-attacks is that they only take the form of fake virus alerts, spam, outlandish emails and the like. On the contrary, a threat can take many forms, and cyber criminals are getting smarter. Today, hacktivists target the automaticity of our behaviors, responses and daily routines. This applies to both the human and business side of things. Cyber criminals now study and familiarize themselves with the daily activities and internal processes of firms to identify gaps and find a way in. The idiosyncrasy is in the simplicity with which cyber schemes are pulled off.

Categorized under: Security  Disaster Recovery 



Why the Public Cloud Isn't Suitable for Hedge Fund Trading Environments

By Kaleigh Alessandro,
Tuesday, April 7th, 2015

Whether you are a new hedge fund startup evaluating technology solutions or an established investment firm looking for an application upgrade or technology refresh, you’re likely to consider the cloud as one of your infrastructure options. If a cloud platform is ultimately your preference, however, your decision-making is far from over.public vs. private cloud considerations
 
Deciding between a low-budget public cloud environment (think: Amazon Web Services, Microsoft Azure) and a vertical-specific private cloud (hint, hint: The Eze Private Cloud) is not always an easy choice for financial services firms. Despite the clear advantages of the private cloud, many investment management firms are drawn to the low-cost and high flexibility of a public cloud. While this type of infrastructure may suit a variety of other verticals, financial services firms have high standards and require a level of service and infrastructure beyond what public cloud platforms can offer. Trading via the public cloud can pose a host of challenges and concerns - let's look at a few.

Preparing for Cyber-Attacks and Breaches

At the top of everyone’s priority list these days is cybersecurity preparedness. And rightfully so. Security breaches and attacks are seemingly occurring on a daily basis, and hackers have become savvier than ever. As a result, large public cloud enterprises – the Googles and Amazons of the world – are inherently more susceptible to attacks and, as a result, downtime. While these public cloud services are surely beefing up security and have billions of dollars’ worth of resources to dedicate to security planning, it remains to be seen if they can sustain a targeted attack or significant downtime.

Categorized under: Cloud Computing  Security  Hedge Fund Operations  Software  Trends We're Seeing 



Ethical Hacking: It's a Thing, Hedge Funds

By Mary Beth Hamilton,
Thursday, April 2nd, 2015

At Eze Castle Integration we see thousands of due diligence questions about hedge fund technology and operations each year. The questions around security are getting more specific with investors wanting details about each layer of a firm’s security stack.

A new question we’ve seen pop up one or twice centers around whether a firm’s online systems have undergone an ethical hack. So what is ethical hacking and how is it different from penetration testing?

What is Ethical Hacking?

Going back to our trusty security dictionary, SearchSecurity defines ethical hacker (aka white hat hacker) as a “computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker [aka black hat hacker] could potentially exploit.”

The increased focus on all things cybersecurity related – cyber-attacks, cyber warfare and cyber terror – has even led to the creation of a Certified Ethical Hacker (CEH) designation, which hacking pros can earn by completing online courses offered by the EC-Council.

Categorized under: Security  Cloud Computing  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Trends We're Seeing 



Interconnectivity: A Growing Cybersecurity Threat

By Katie Sloane,
Tuesday, March 31st, 2015

In an interconnected world, there is a trade-off between enjoying limitless information at our fingertips and threats that are just one click away. Most of us have become so accustomed to being plugged in, that we forget the world is simultaneously plugging in to us as well.

Global Cyber Threats, Hedge Fund Security

The global evolution of cybercrime continues to push boundaries and raise the bar for technology innovation and advanced security solutions. Indicating the evolving regulatory landscape, the US Securities and Exchange Commission (SEC)'s Office of Compliance Inspections and Examinations (OCIE) announced back in 2014 that it planned to inspect the cybersecurity preparedness of over 50 registered broker-dealers and investment advisers. In 2015, their examinations will continue across the financial services industry, and firms are locking down security practices in advance of these inquiries. Additionally, in Asia, the Singapore Personal Data Protection Act governs the collection, use, and disclosure of personal data.

Categorized under: Security  Hedge Fund Operations  Hedge Fund Regulation  Software  Trends We're Seeing 



Encryption 101: Protecting Your Investment Firm's Sensitive Material

By Kaleigh Alessandro,
Thursday, March 26th, 2015

The amount of data and information that passes through the Internet every day is – for lack of a better term - enormous. And truth be told, sometimes we are sharing information that we don’t want to get into the wrong hands, whether it be via email, instant message or other communications. Think: credit card information, personal information (name, address, social security number, etc.), bank account information or sensitive company or financial data.Security Padlock - Encryption
 
A secure way to transmit this information is through encryption. According to TechTarget, encryption is “the conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties.”
 
The history of encryption, believe it or not, began a long time before the Internet existed and we started sending electronic data. The ancient Greeks and Romans, in fact, sent secret messages by substituting letters that only a secret key code could decipher. In the time of Julius Caesar, he created a cipher by which he shifted letters to the left or right to hide his messages.

Categorized under: Communications  Cloud Computing  Security  Hedge Fund Operations  Hedge Fund Regulation  Trends We're Seeing 



What Is Factor Authentication and How Can I Use It?

By Mary Beth Hamilton,
Tuesday, March 24th, 2015

The official definition given in TechTarget’s IT Dictionary reads: “Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. Authentication is a process in which the credentials provided are compared to those on file in a database of authorized users’ information on a local operating system or within an authentication server. If the credentials match, the process is completed and the user is granted authorization for access.”

password requiredAt the heart of authentication is controlling access to ensure individuals only access the information they need. With stories of password compromises becoming more common it is important to understand the types of authentication factors available and good computing practices.
 
As part of Information Security Planning, firms should also identify applications, services or websites that require at least one level of authentication (e.g. password protection, PC certificate, or security tokens) as well as any that may require multi-factor authentication.

Following are the three commonly used authentication factors:

Categorized under: Security  Cloud Computing 



Power Up, Power Down: The Hidden Risks of Public Charging Stations, Tools

By Katie Sloane,
Thursday, March 19th, 2015

Smartphone charging station; BYODIn a constantly connected world, the majority of us cannot help but feel reliant on our mobile devices, especially when it comes to battery life percentage.

Whether you’re in the airport, train or just on the go, keeping that effervescent green light out of the red zone becomes a priority, and most will plug into just about anything. With public smartphone chargers on the rise, this resource seems ideal for the battery conscious user. However, prior to plugging in to power up, we suggest proceeding with caution. After all, do you know whose hands that charger was in before?

Categorized under: Security  Communications  Software  Trends We're Seeing 



Hedge IT Blog Awards: Cheers to 500 Posts!

By Katie Sloane,
Thursday, March 5th, 2015

We recently hit our 500th post here on Hedge IT! To commemorate, we are hosting our annual blog awards! We've gathered the most thought-provoking, popular articles according to our readers and included a few of our personal favorites, as well. 

We hope you enjoy!

Categorized under: Eze Castle Milestones  Cloud Computing  Disaster Recovery  Security  Communications  Videos And Infographics 



View earlier posts in the archive

Recent Posts / All Posts