The North American Securities Administrators Association (NASAA) recently released survey results of cybersecurity practices of 440 registered investment adviser firms across nine states. The purpose of NASAA’s pilot project was to better understand cybersecurity practices of state-registered investment advisers, how they communicate with clients and what types of policies and procedures they currently maintain. Of those surveyed, 47% have assets under management of less than $25 million, 37% manage more than $25 million and 16% do not manage assets. In today’s post, we will share our favorite graphics and findings from the organization’s survey.
Client Contact via E-mail and Use of Secure E-mail
NASAA's survey reported 92% of investment firms contact clients through e-mail and/or other electronic messaging and only 54% of that group utilizes secure email. While 14% were unsure, a staggering 30% responded that they did not utilize secure messaging whatsoever.
Security has been THE topic of 2014 thus far and was amped up last week when many A-list celebrities’ phones were hacked and racy photos released. The hack was allegedly the result of an iCloud infiltration, prompting many Apple users to question the company’s privacy settings. In response, Apple CEO Tim Cook released a letter to consumers, and the company’s website will now feature a privacy section:
Apple’s privacy site includes details on both the built-in security features within Apple devices as well as how users can manage their own privacy settings and tailor them to individual needs. Here is a brief snapshot of some security functions highlighted:
Built In Privacy
iMessages and FaceTime calls are protected with end-to-end encryption
iMessages and SMS messages are backed up to iCloud, but can be turned off by the user
All iCloud content is encrypted in transit and when stored (in most cases)
iCloud Keychain allows users to create strong passwords and stores them securely without giving Apple access
Safari blocks third-party cookies on all devices and offers private browsing
In Part One of Tips to Prepare Your Investment Firm for a Power Outage, we shared 21 key steps from one of Eze Castle Integration's Business Continuity Experts, Matt Donahue, which can help firms to develop a Business Continuity Plan (BCP).
In Part Two, we discuss measures that individuals and families should take to prepare for a power outage or blackout.
19 Tips to Prepare You and Your Family
During an outage, it pays to have yourself and your family prepared. Take time and talk to your family about outages and what to do when they happen. Consider impaired or elderly family members and neighbors that may need assistance during an outage. Do research on your town's or city's emergency preparedness plans. Learn how they will identify shelters, warming/cooling stations, and announce their opening.
Extended power outages and blackouts have the potential to impact not only businesses but also our personal lives. Without electrical power, some business functions may cease entirely, resulting in the loss of valuable data and production time.
With Hurricane Season here and Tropical Storm Cristobal brewing in the Atlantic, we are running a two part series contributed by one of our Business Continuity Experts here at Eze Castle Integration – Matt Donahue.
In today’s article Matt looks at the steps or actions investment firms and other businesses can follow in order to mitigate, prepare, respond, and recover from an extended outage or blackout. Then Thursday’s article will focus on these same topics but for individuals.
21 Tips to Prepare Your Business
During an outage, investment firms risk data losses, experience logistical issues and experience unfavorable or impossible working conditions. Heavy reliance on technology items, IT systems and software can put businesses in a difficult situation during an outage, especially if they have not pre-planned or completed a Business Continuity Plan (BCP). Other mitigation activities such as purchasing alternative or back up power sources such as batteries or generators are good ways to ensure power for essential items.
Here are some other helpful steps and precautions investment firms should consider.
Mobile devices have transformed the way we manage our everyday lives: from how we track our bank accounts, to interacting with friends and family to booking travel, and so on. Everything you need is at your fingertips, but are you taking the proper security measurements to protect your device? Below are a few tips to help keep your smartphone’s data safe.
Set a Password: When you do not set a password to lock your phone, anyone who obtains possession of the device has instant access to all of your apps that automatically log-in upon launching. This is a simple security measure to take and yet, according to Consumer Reports' annual State of the Net Survey, only 36 percent of smartphone owners have a passcode. From a business use perspective, any device that accesses corporate email or networks should have a complex password and be managed by mobile device management tools such as AirWatch or Good Technology.
Mobile Security Apps: Looking to the future, we expect the adoption of mobile device security apps that provide antivirus, privacy and anti-malware protection to increase. And for good reason. According to the June 2014 McAfee Labs Threat Report, mobile malware has increased by 167 percent in the past year alone. Companies, such as AirWatch, aim to ensure your enterprise mobility deployment is secure and corporate information is protected with end-to-end security.
Following is the second part in a two-part guest post from Branden Jones, Global Head of Marketing at Liquid Holdings Group, Inc. based in New York, NY. To read Part One, click here.
In this age of data management—this new state of cross-office functionality—operational models must be able to house, curate, and level-off information sets as they happen. Funds must not only actively manage a growing universe of market data but also tackle performance reporting, risk projections, disaster planning, and partitioned client data.
To successfully, and simultaneously, manage these activities, funds must have a data operational model that supports automation, where it makes sense:
- Continuous processing, as an underlying system
- Consistent normalization, across the board
- Historical, since inception view
- Defensive measures, to protect the operation
Real-time, continuous actions are the new normal in today’s hedge fund reality. Funds are expected to understand, identify, and take advantage of opportunities as they occur. However, from a data standpoint “real-time” is only a point on a larger continuum of activity that occurs when a participant observes or captures a single event in time. Continuous processing is the underlying current that accepts and captures, or rejects data inflows and outflows. As pressures increase from both investors and regulators, managers should rely on continuous, automated services, processes, and technology to support their business, not only as a viewable segment, but constantly, throughout the lifespan of the fund.
Following is the first part in a two-part guest post from Branden Jones, Global Head of Marketing at Liquid Holdings Group, Inc. based in New York, NY.
This is the year for big data. Across industries, firms have unprecedented amounts of both public and private information sets – from user profiles and consumer habits to business outputs and proprietary algorithms. But access to data, or information at large, does not guarantee a valuable yield. Jonathan Shaw, managing editor of Harvard Magazine notes, “The [data] revolution lies in improved statistical and computational methods, not in the exponential growth of storage or even computational capacity.” Data is ubiquitous but not intrinsically valuable – it needs to be smartly processed, not just farmed.
For hedge funds, data processing is the quiet, invisible process that moves through the trade lifecycle—accessed from external entities like exchanges and brokers, modified and adjusted in execution, and at times, frozen in snapshots for an increasingly complex group of investors and regulators. More operational credibility and regulatory compliance is required than ever before, with increased scrutiny of the secret buy-side manna that goes along with it.
Smarter data management can be expensive and time-consuming as funds seek to keep up with regulatory, compliance, and transparency requirements while navigating through a sea of market opportunities. Good fund management starts and ends with precise, accurate data management. Truly taking advantage of data, and smarter computational methods, requires not only shedding the skin of outdated models, but categorically understanding a whole new data ecosystem, with new methods of processing, through selective automation and augmented observation. Once that new data ecosystem has been embraced, fund managers can spend their time mastering alpha generation and capital building initiatives.
The annual gathering of Apple’s developers took place earlier this week in San Francisco, and top Apple execs Tim Cook, Phil Schiller and Craig Federighi took center stage to reveal what new products and features users can expect to see from Apple in the near future.
Before we get into the specific announcements from the Worldwide Developers Conference (WWDC), let’s talk numbers and take a look at what Apple has been up to as well as their growth as a company:
9 million registered Apple developers (47 percent increase from 2013)
800 million iOS-powered devices sold to date
80 million Macs have been installed to date
130 million new customers in the past year
1.2 million apps currently available in the App store
75 billion apps downloaded to date
12% growth in the Mac market share (whereas PC has declined)
According to Forrester Research, it is “inevitable that enterprise IT in 2020 will be a hybrid mix of on- and off-premises services. While [a firm’s] particular mix of actual cloud services will vary, it’s unlikely that any enterprise IT shop will still be primarily focused on configuring server, storage, and network devices as a core competency. The shift to business technology and IT-as-a-service is well underway, so you can either ignore it, try to contain it, or embrace it.”
So when it the right time for a hedge fund to make the cloud move?
For newly emerging investment firms, the choice to adopt a cloud-based architecture is an easy one. Few firms have a business model where an on-premise solution makes strategic or economic sense -- but what about established firms that have been in business for several years and have invested millions of dollars in technology? When is the right time to make a move?
Opportunities and timing will vary, but generally speaking, the following three scenarios represent ideal inflection points for moving to the cloud:
Office Relocations: This is an ideal time to switch to the cloud. Many hedge funds are understandably reluctant to take on the expense of moving a massive, expensive, and often outdated infrastructure to a new location – particularly if the company expects to phase out certain portions or components in the following 24-36 months. In such cases, migrating to the cloud before relocating an office can be a smart move.
New Applications: Larger investment firms with larger application sets often find that a transitional strategy is best. Abrupt migrations to the cloud can be disruptive. In those instances, investment firms often find that new applications can start in the cloud – no subsequent migration needed. And those deployments are faster. While few IT portfolios will see 100 percent turnover in the short term, this strategy can simplify any migration of on-premise applications to the cloud by minimizing the work required when the company finally makes its move.
Earlier this week, we hosted a webinar on the topic of application hosting in the cloud and featured our newest partner, Black Mountain Systems. Our speakers looked at the benefits firms can realize from hosting their hedge fund applications in the cloud as well as the future of cloud adoption. Let’s take a closer look at what was covered. If you’d like to watch the full event replay, click here.
Here at Eze Castle Integration, we see the adoption of cloud computing continuing to grow in a significant way, particularly among new startup firms. Realizing the operational and financial benefits of a cloud infrastructure, nearly 95 percent of new startup funds are opting to utilize the cloud. Existing firms are also shifting in this direction (though at a much slower pace), and we’re seeing on-premise infrastructure deployments starting to decline.