Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Security

How the Financial Cloud Should Be Protected (A Presentation)

By Mary Beth Hamilton,
Tuesday, September 16th, 2014

Last week our SVP of client technology, Steve Schoener, presented at a hedge fund due diligence event on the topic of protections in the cloud.

Since cloud security and ensuring a hedge fund’s data is protected is such a hot topic we thought we’d share his presentation. In a nutshell, the presentation looks at the layers of security that should be built into a cloud environment, which includes deep and detailed practices around:

  1. Principle of Defense in Depth
  2. Principle of Least Privilege
  3. Audit & Logging
  4. Secure User Authentication Protocols & Encryption

Check out the complete presentation for more details:

Categorized under: Cloud Computing  Launching A Hedge Fund  Security  Hedge Fund Due Diligence  Infrastructure 



Assessing Your Firm's Attitude Toward Security: What's Your Type?

By Kaleigh Alessandro,
Thursday, August 21st, 2014

If there’s one thing we’ve learned over the years when it comes to security, it’s that there’s a whole lot more to creating a secure hedge fund (or any business for that matter) than robust technology. Before identifying infrastructure components and implementing operational policies, a firm must first be clear on what its attitude is toward security. This attitude will filter through the company from the top down, and will therefore dictate how employees and the business as a whole operate on a daily basis.Security
 
To give you a clearer understanding of what we mean, we’ve created three security profiles that cover a wide spectrum in terms of security attitudes and practices.

Under the Radar: Low Security

If you’re attitude toward security is low, odds are you’re barely scraping the surface in terms of what practices and policies you should be employing to maintain proper security firm-wide. You likely rely on quick fixes to solve problems instead of looking at the bigger picture and thinking strategically about how security can both benefit and protect your business. You’ve employed minimal preparedness efforts and could be in for a difficult task if faced with a serious security incident. You probably take a “it won’t happen to me” attitude and don’t take security seriously enough – a stance that could endanger your firm in the long term.

Categorized under: Security  Launching A Hedge Fund  Cloud Computing  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



Putting the Smart in Smartphone Security: Six Consumer Tips

By Katie Sloane,
Thursday, August 14th, 2014

Mobile devices have transformed the way we manage our everyday lives: from how we track our bank accounts, to interacting with friends and family to booking travel, and so on.  Everything you need is at your fingertips, but are you taking the proper security measurements to protect your device?  Below are a few tips to help keep your smartphone’s data safe. 

  1. Set a Password: When you do not set a password to lock your phone, anyone who obtains possession of the device has instant access to all of your apps that automatically log-in upon launching. This is a simple security measure to take and yet, according to Consumer Reports' annual State of the Net Survey, only 36 percent of smartphone owners have a passcode. From a business use perspective, any device that accesses corporate email or networks should have a complex password and be managed by mobile device management tools such as AirWatch or Good Technology.

  2. Mobile Security Apps: Looking to the future, we expect the adoption of mobile device security apps that provide antivirus, privacy and anti-malware protection to increase. And for good reason. According to the June 2014 McAfee Labs Threat Report, mobile malware has increased by 167 percent in the past year alone. Companies, such as AirWatch, aim to ensure your enterprise mobility deployment is secure and corporate information is protected with end-to-end security. 

Categorized under: Security  Communications  Software  Trends We're Seeing 



FCA to Financial Services Firms: Social Media Promotions Require #Ad Compliance

By Kaleigh Alessandro,
Thursday, August 7th, 2014

Hedge fund marketing and advertising has greatly evolved in the past few years, both with regulatory changes taking effect (in the US, the JOBS Act now allows public advertising) and new forms of media emerging, particularly social platforms such as Twitter, Facebook, LinkedIn and YouTube.Social Media Apps
 
In the UK this week, the Financial Conduct Authority (FCA) took steps to further regulate how financial services firms market to consumers by launching guidance consultation on social media usage. As evidenced by FCA Director of Supervision Clive Adamson, the consultation is intended to ensure financial promotions on social media platforms protect consumers and are disseminated in a way that fairly balances both benefits and risks.
 
“The FCA sees positive benefits from using social media but there has to be an element of compliance. Primarily, what firms do on social media must ensure customers are at the heart of their business. Our overall approach is that financial promotions, whether on social media or traditional media, should be fair, clear and not misleading. We have had extensive industry engagement on this issue and we believe our guidance is a sensible approach that doesn’t affect industry’s ability to innovate using new forms of media. We recognise social media are constantly evolving. We, therefore, welcome feedback to [the] consultation and look forward to continuing the discussion with industry."

Categorized under: Hedge Fund Regulation  Security  Hedge Fund Operations  Communications  Trends We're Seeing 



Monetary Authority of Singapore (MAS): Technology Risk Management Guidelines Overview

By Kulvinder Gill,
Tuesday, August 5th, 2014

Monetary Authorirty of SingaporeThe last five years has seen an increase in reliance on technology among financial institutions. IT outsourcing has become more attractive to the financial services industry - but against the backdrop of increased reliance on complex IT systems and operations is the heightened risk of cyber-attacks and system disruptions.

In June 2013, the Monetary Authority of Singapore (MAS) issued the Technology Risk Management Guideline (TRMG), which addresses existing and emerging technology risks within financial institutions.   
 
The objective of the TRMG is for financial firms to establish a sound and robust technology risk management framework, strengthen system security, reliability, resiliency, recoverability and deploy strong authentication to protect customer data and systems.

In today’s blog article we will take a look at some of the key guidelines covered in the guide:

Categorized under: Hedge Fund Regulation  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Infrastructure  Outsourcing  Business Continuity Planning 



Cloud Computing: The Growing Competitive Advantage for Hedge Funds

By Katie Sloane,
Thursday, July 31st, 2014

The competition amongst firms in the financial services industry is ever burgeoning, and in order to achieve differentiation, it is imperative for firms to create and maintain robust, manageable, scalable and reliable technology infrastructures. Increasingly, we’re seeing more than just emerging managers opting for a cloud solution and established hedge funds and alternative investment firms shifting gears from traditional on-premise IT infrastructures to cloud services.Why the Billion Dollar Club is going Cloud
 
If you missed our webinar yesterday on Why the Billion Dollar Club is Going Cloud, read our recap below or scroll down to watch the full webinar replay, featuring Eze Castle’s Managing Directors Bob Guilbert and Vinod Paul.

The Business Case for the Cloud: Why Established Firms are Making the Move

Across the industry, established firms that have been in business for several years are moving away from physical infrastructures and adopting the cloud. Traditionally, investment firms would allocate substantial capital budgets to build on-premise Communication (Comm.) Rooms. These cost-intensive infrastructures can take months to build out, and specific expenses can vary depending on a firm’s unique needs. For example, at minimum, investment firms require file services, email capabilities, mobility services and remote connectivity, as well as disaster recovery and compliance. Beyond those, many firms also require systems and applications such as order management systems (OMS), customer relationship management tools (CRM), and portfolio management or accounting packages.

Categorized under: Cloud Computing  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Trends We're Seeing  Videos And Infographics 



Data Destruction Basics: Why Deleting Your Hedge Fund Data Isn't Enough

By Kaleigh Alessandro,
Thursday, July 24th, 2014

Destroyed Hard DriveYour hedge fund's information security plan likely includes details on where information is stored, how it is accessed and who it is accessible to. But a critical component of this plan often overlooked is how and why data is destroyed when it is no longer needed. Including data destruction procedures in your WISP or as a separate document is vital to ensuring your firm’s sensitive data and intellectual property does not fall into the hands of the wrong people. Unfortunately, in today’s technology-driven, cyber-aware environment, simply hitting the delete key is not enough.
 
There are a few different scenarios that warrant secure data destruction maneuvers:

Your methods and policies for secure destruction may vary according to the above scenarios, or they may be standard across the firm. Your hedge fund should also consider if there are any regulatory implications. Do you need to maintain/archive data for a prescribed period of time in order to comply with state, federal or other compliance or auditing standards?
 
In any case, you’ll want to consider a variety of methods in the beginning to ensure your firm’s confidential data (e.g. investment portfolio, investor contact information, etc.) is thoroughly destroyed, preventing unwanted breaches or thefts.

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Trends We're Seeing 



BCP Testing Outside the Conference Room: Hello, Real World

By Matt Donahue,
Tuesday, July 22nd, 2014

Business Continuity StatisticWhen most people envision Business Continuity Planning (BCP) and testing, they conjure up images of conference rooms, hardcopy documents, projectors and key personnel. But the real world is a different reality.

In recent memory, there have been many situations that have disrupted businesses - be it by natural disaster or as a result of human interference. In either event, people need to be able to reestablish essential business functions, communicate, and make decisions as quickly and easily as possible. 

Although many organizations do an annual BCP review, the big question is whether they truly test the process, ease of accessibility, and the time it takes an organization/leadership group to go from unsure about the situation to confidently executing a thoughtful game plan.

What can make a considerable difference in terms of functionality and familiarity with the plans and recovery procedures is to practice -- not only verbally in the conference room setting, but also by taking time to troubleshoot and brainstorm to determine what works and what may need a second look. There is a lot that can be learned from being unplugged and “kicked” out of the conference room and asked to assume a role outside of the comfort zone. This can be done simply by taking away some of the accepted norms during a test. The following scenario illustrates issues that arise when the accepted norms are chipped away.

Categorized under: Business Continuity Planning  Disaster Recovery  Security  Hedge Fund Operations  Communications 



IT Security Dos and Don'ts to Live By

By Kaleigh Alessandro,
Tuesday, July 15th, 2014

We spend a lot of time educating our clients about security best practices and encouraging them to implement comprehensive security policies and procedures to mitigate risk and protect both the firm and its employees. And for good reason. Just today, New York Attorney General Eric Schneiderman released a report stating data breaches across the state more than tripled from 2006 to 2013 and cost businesses more than $1.37 billion last year alone.

While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. In addition to providing employees with security best practices they should follow, don’t forget to also include a list of actions they should not. Here are just a few pieces of advice we regularly offer our investment firm clients:

DO:

  • Lock your computer and mobile phone(s) when you leave your desk and/or office

  • Use care when entering passwords in front of others

  • Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Operations  Infrastructure  Communications  Business Continuity Planning  Trends We're Seeing 



What is a Security Vulnerability Assessment and How Does it Work?

By Kaleigh Alessandro,
Tuesday, July 1st, 2014

One of the first questions on the SEC’s cybersecurity questionnaire for financial firms asks firms to "indicate whether they conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities and potential business consequences", and if so, who conducts them and how often. Clearly the goal behind this question is to ensure that firms are taking a proactive approach to security. But what exactly does this assessment entail?
 Cybersecurity Whitepaper
Here’s a quick overview.
 
The type of risk assessment typically associated with information technology/security is an external vulnerability assessment. Essentially, this is the process of identifying and categorizing vulnerabilities related to a system or infrastructure. Typical steps associated with a vulnerability scan or assessment include:

  • Identifying all appropriate systems, networks and infrastructures;

  • Scanning networks to assess susceptibility to external hacks and threats;

  • Classifying vulnerabilities based on severity; and

  • Making tactical recommendations around how to eliminate or remediate threats at all levels.

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Outsourcing  Trends We're Seeing 



View earlier posts in the archive

Recent Posts / All Posts

 

Subscribe to Hedge IT

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Recent Articles

Categories

Archives