Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Security

A Public Reminder on the Private Cloud Debate

By Kaleigh Alessandro,
Tuesday, March 25th, 2014

Earlier this week, it was reported that Nasdaq was reconsidering its Amazon-based cloud product, FinQloud. According to the Financial Times, FinQloud has failed to gain significant traction in the marketplace amongst financial services firms including broker-dealers and exchanges. If Nasdaq pulls out of the deal with Amazon Web Services (AWS), it would be a major disappointment to Amazon, who is actively pitching AWS to large financial institutions and enterprises.
 
Public vs Private CloudsWhether the limited adoption of FinQloud is a sign of a product flaw or a larger industry trend, we feel it important to draw attention to a longstanding debate within the financial services industry – a debate that we’ve shared our thoughts on here on Hedge IT many times: public vs. private clouds. 
 
It’s certainly possible that the slow adoption of FinQloud is a result of concerns over mass public cloud usage – a stern reality for many financial services firms who expect and demand that their critical applications and data be stored in a highly secure and available environment. Hedge funds and investment firms, in particular, cannot afford unexpected downtime, and unfortunately, we’ve seen several public cloud providers experience major outages in recent years. Just last week, Dropbox users logged in to find the service was unavailable, and Amazon and Google have both found their services in the headlines in recent years over very large and public disruptions.

Categorized under: Cloud Computing  Security  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Outsourcing  Trends We're Seeing 



Microsoft XP Extends Antimalware Support, Highlights Cybersecurity Concerns

By Kaleigh Alessandro,
Tuesday, March 11th, 2014

Microsoft XP End of SupportBack in October of last year, we learned that Microsoft was ending support for its XP operating system – a move that would force users to upgrade to its more current software. Fast forward to today, and more than 29% of PC users are still using XP (according to NetMarketShare). In an interesting move, Microsoft announced recently that it will continue to provide updates to its antimalware signatures and engine for Windows XP users through July 14, 2015. Microsoft did caution that its research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited. 

But why?

We can assume this is a move at least partly fueled by slow adoption of software upgrades, based on the figure NetMarketShare has provided. Beyond private PC users, however, there may lie an even greater reason for extending security support. Reports suggest that more than 90% of ATMs across the United States are operating with Windows XP – a potentially crippling situation if hackers were able to breach the operating system. Last year, “a high-profile criminal group in Europe took advantage of a security vulnerability in XP that allowed them to use flash drives to infect ATMs with malicious software, emptying the machines of cash one-by-one. Researchers estimate that they may have gotten away with millions of Euros."

Categorized under: Security  Trends We're Seeing 



Dropbox Alternatives Coming to a Hedge Fund Private Cloud Near You

By Mary Beth Hamilton,
Tuesday, March 4th, 2014

Dropbox Alternative for Hedge FundsIs Dropbox becoming a noun? For the sake of this article, let’s say it is.

With over 200 million users, Dropbox (and similar services) is gaining popularity based on its ability to allow users to share files and sync data between devices. These capabilities are very appealing but rely on a public cloud platform that can introduce security and compliance concerns for hedge funds.  

Dropbox made headlines last year when it was discovered by security researchers that the service opens some files once they are uploaded. While Dropbox provided an explanation, this can be a serious issue for businesses where employees are using Dropbox to share sensitive company and investment data.

So are your employees using Dropbox? Probably. A study conducted by Gigaom of 1,300 business professionals found that one out of five use public file sharing services, such as Dropbox, with work documents. And, half of those users know their companies have rules against it. This raises the question, how do you give employees access to a valuable tool in a way that meets compliance and security protection obligations?

Categorized under: Cloud Computing  Launching A Hedge Fund  Security  Hedge Fund Operations  Trends We're Seeing 



A Hacker's Tool Kit: Cyber Security Threats to Financial Firms

By Mary Beth Hamilton,
Thursday, February 27th, 2014

It has been said that cyber weapons can be as dangerous as weapons of mass destruction. To emphasize this, at last night’s FBI Citizens Academy seminar on cyber security in financial markets, the speaker noted that if you take out an industry (think financial, teleco) you can cripple an entire country.

But just how would this happen? What’s in a hacker’s tool kit? Quinn Shamblin, executive director of information security at Boston University, provided a glimpse into the cyber security underworld.

Targeting Your Favorite Device

Let’s start with Mobile Device Security. Hackers are shifting their focus and resources to mobile devices. They recognize that a user’s life is virtually encapsulated on his/her mobile device. From contacts and email to documents, passwords and banking apps, mobile devices now hold as much as or more personal information than PCs or laptops. And most devices do not have anti-virus/malware software installed.

Just last Friday, Apple released a critical update to its iOS 7 operating system after a flaw was identified that could give an attacker with a privileged network position the ability to capture or modify data in sessions protected by SSL/TLS (aka public key encryption). Following that announcement, researchers at a cyber security firm (FireEye) published a proof of concept for a surveillance app that, if created and distributed by hackers, could capture every tap on an iPhone’s screen. The information captured, including passwords and credit card numbers, would be accessible to the attacker. These are just two examples of the cyber security threats facing mobile devices. Users need to be aware that these threats exist and practice smart computing on all devices.

Categorized under: Security  Hedge Fund Due Diligence  Hedge Fund Operations  Infrastructure  Trends We're Seeing 



Happy 400th Post! Hedge IT Blog Awards

By Emma Howie,
Tuesday, February 25th, 2014

In honor of our 400th post on here on Hedge IT (400 - wow!), we are celebrating with our annual blog awards. We've gathered the most popular articles according to our readers and included a few of our personal favorites, too.

We hope you enjoy!

Categorized under: Eze Castle Milestones  Cloud Computing  Disaster Recovery  Security 



Three Reasons the Private Cloud is Just like Olympic Curling

By Kaleigh Alessandro,
Thursday, February 20th, 2014

Have you been enamored by the coverage of the Winter Olympics the last two weeks? We sure have. And watching all of these great sports we don’t normally get the chance to witness got us thinking – there are a lot of similarities between technology and Olympic sports. They’re both complex in many ways and require experts (engineers and athletes) who are the best of the best at what they do.Olympic Curling
 
One of our favorite sports to watch is curling. And we couldn’t help but notice that Olympic curling and the private cloud are a lot alike. Don’t believe us? Take a look.

Both are safe and secure.

Let’s be honest: curling clearly presents the least amount of danger and lowest risk for injury at the Winter Olympics. Skiing and snowboarding? We’ve seen our fair share of wipeouts this year. Bobsled, luge and skeleton? Those are terrifying enough just as a spectator. Even figure skating poses a risk when skaters are leaping and twizzling left and right.
 
But curling? Extremely safe. Athletes can be fairly certain – whether they are curling or sweeping – that they will come out of the event unscathed.

Categorized under: Cloud Computing  Launching A Hedge Fund  Security  Outsourcing  Trends We're Seeing 



How Is Your Firm Mitigating Technology Risk?

By Kaleigh Alessandro,
Thursday, February 6th, 2014

Investment risk plays an important role in the life of a hedge fund manager, but technology risk should not. When it comes to your firm’s technology systems and operations, you want things to run efficiently, not add more stress to your already crowded plate.Mitigating Technology Risk
 
Mitigating technology risk is a critical step to ensuring your hedge fund operates smoothly and successfully. Following are a few areas to keep in mind as you evaluate your firm’s technology risk:

Layers of Redundancy

One way to reduce your firm’s technology risk is to add layers of redundancy throughout your infrastructure. Whether you’re utilizing a cloud infrastructure or an on-premise environment, your servers, networking and telecomm lines should feature N+1 availability, a configuration in which multiple components have at least one independent backup component to ensure system functionality continues in the event of a failure. 

Categorized under: Outsourcing  Business Continuity Planning  Cloud Computing  Disaster Recovery  Hedge Fund Operations  Infrastructure  Security  Trends We're Seeing 



SEC to Examine Cybersecurity Policies at a Hedge Fund Near You

By Mary Beth Hamilton,
Tuesday, February 4th, 2014

Notice anything different? That’s right, your favorite hedge fund technology blog got a facelift, and we didn’t stop there -- we overhauled our corporate website too. Our goal with the overhaul was to make it even easier for visitors to get the valuable information they expect from the industry’s technology leader (us!). We hope you like it.

SEC LogoNow on to today’s hot topic. The U.S. Securities and Exchange Commission (SEC), at a recent industry event, said that they plan to examine the cybersecurity policies and procedures asset managers have in place to prevent and detect cyber attacks.

Specifically, according to Reuters, SEC national associate director Jane Jarcho said,  “We will be looking to see what policies are in place to prevent, detect and respond to cyber attacks [and] we will be looking at policies on IT training, vendor access and vendor due diligence, and what information you have on any vendors."

Some have indicated that the SEC cybersecurity exams could be coming by late-September 2014. In many cases they will be conducted as part of the SEC's routine examinations of investment companies, however, Jarcho advised that inquiries could be done as separate exams.

Categorized under: Security  Hedge Fund Regulation 



Dealing with a Security Breach: Planning, Response & Resolution

By Jennifer Odence,
Tuesday, January 28th, 2014

Last week, we kicked off our 2014 webinar series with our first topic, “Security Incident Response Priorities: How to Prepare Your Firm Before a Breach Occurs” featuring our own VP of Technology, Steve Schoener, along with eSentire’s Chief Technology Officer, Eldon Sprickerhoff. Topics discussed included common threat actors and potential security scenarios to be aware of as well as the importance of planning a response to such attacks.Restricted Area

A Quick Brief

In 2012, IBM reported that companies were attacked an average of 2 million times per week, and unfortunately, the statistics aren’t declining anytime soon. It’s no longer “what if” a security breach or cyber-attack occurs, but when and how it will occur. With targeted attacks that are bypassing existing security infrastructures, the topic of security has become even more important to all firms.

Security Landscape

The most common security threat actor lately has been attacks from criminal organizations, most notably international occurrences. Criminal organizations are out for profit and the most difficult to track down, especially in international instances. There has been less impact from Nation States, but these are still threats to be cautious of, along with insiders and hacktivists.

Categorized under: Security 



Video: Security Incident Response Priorities for Your Hedge Fund

By Kaleigh Alessandro,
Thursday, January 23rd, 2014

At the end of last year, we predicted security would continue to be a hot topic in 2014 - and our experts agree. It's still such an important topic for hedge funds and investment firms to be educated on that we even dedicated our first webinar of the year to it.

Expert speakers from Eze Castle Integration and eSentire spoke earlier today about security incident response priorities and offered best practices for investment firms looking to plan before a security breach occurs.

Watch the video below and learn more about the three critical phases of security incident management:

  • Planning

  • Response

  • Resolution

Categorized under: Security  Infrastructure  Trends We're Seeing  Videos And Infographics 



View earlier posts in the archive

Recent Posts / All Posts