Eze Castle Integration Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Trends We're Seeing RSS

Stuck on the Technology Treadmill? A Case for Hedge Fund Managed Services

By Kulvinder Gill,
Tuesday, March 28th, 2017

The technology treadmill is a tough place to be these days. Technology refresh cycles last only a mere three years, forcing firms to replace their infrastructures and make costly software and hardware upgrades on a too-frequent basis. And with hedge fund budgets tighter than ever, many firms cannot afford to stay on this path.Hedge Fund Cloud, 5 Reasons

But the hedge fund technology treadmill is not a firm’s only option. Costly in-house, 'traditional' IT services have given way to more cost-effective outsourced IT and managed services that get firms off the treadmill and on a path to success.

Let’s have a look at some of the key reasons why hedge funds and other investment management firms are moving from on-premise technology infrastructures to cloud and managed services.

Keys factors driving hedge funds to managed services

Many firms are turning to managed IT services because it allows them to align their IT requirements with their business needs, including tighter control on budgets and staff. Moving to a managed service platform provided by a reputable outsourced IT provider not only makes it easier to deploy technologies, but also allows firms to benefit from platforms inherently designed to meet the constraints of limited IT resources and budgets.

Categorized under: Cloud Computing  Security  Outsourcing  Infrastructure  Trends We're Seeing 



Essential Building Blocks to Hedge Fund Cyber Risk Management

By Lauren Zdanis,
Thursday, March 23rd, 2017

The following article originally appeared in HFMWeek's Cyber Compliance Focus.Hedge Fund Cybersecurity Compliance

It’s not enough to have strong security policies. And it’s not enough to have robust technologies in place to ward off cyber threats. In truth, it’s not even enough to have both of these.

An effective cybersecurity program, rather, can only be achieved through a consistent and comprehensive strategy that touches layers across the entirety of the organization – from perimeter security and access control to policy enforcement and employee training. Without each of these building blocks, the effectiveness of a cyber risk management program is crippled at best.

And today’s standards for cybersecurity are increasing rapidly.

Categorized under: Security  Private Equity  Hedge Fund Operations  Hedge Fund Regulation  Outsourcing  Infrastructure  Communications  Trends We're Seeing 



Five Reasons Why It’s Time to Consider the Cloud

By Kaleigh Alessandro,
Tuesday, March 21st, 2017

Traditionally, hedge funds and private equity firms have allocated significant capital budgets to build out their own sophisticated Communication (Comm.) Rooms, which can take months to provision and bring online. With servers to buy and install, software to license and configure, and voice/networks to deploy – not to mention recruiting, hiring, and managing expensive and hard-to-find IT talent – it’s no wonder cloud solutions have emerged as the dominant choice for computing infrastructures at investment firms large and small.

Not surprisingly, many investment management firms – including those with well-established in-house infrastructures – are making the move to the cloud for a number of compelling reasons, most notably these five:

  1. Timing. Understanding when the right time to move to the cloud might be is a smart first step. There are three typical inflection points: when you’re adding new applications, moving or opening a new office, or in need of an IT refresh. But even if you’re not under any of those circumstances, there are a lot of motivating factors (keep reading).

  2. Cost Containment. You may not always be able to reduce the cost of IT in the long-run with the cloud (depends on your firm’s size and scope), but you will have a predictable budget to work with, which means you can contain costs and create greater predictability and smoother, linear cash flows. As an added bonus, you can better allocate funds to other strategic projects and areas more directly relevant to the business mission. Even within the IT discipline, instead of spending time on mundane, daily operation of commodity IT resources, the firm can focus on proprietary application development, application integration, cyber security protections or other strategic initiatives.

Categorized under: Cloud Computing  Security  Disaster Recovery  Private Equity  Outsourcing  Infrastructure  Trends We're Seeing 



Hackers are Watching: New security threats facing investment firms

By Eze Castle Integration,
Thursday, March 9th, 2017

As you’re probably aware, the topic of cybersecurity has been splashed prominently across headlines lately. Earlier this year, the former US director of national intelligence, James Clapper, identified cybersecurity as the top global threat.

Security HeadlinesIn his testimony before the Senate Armed Services Committee, Clapper stated “I think the private sector needs to up its game on cyber security and not just wait for the government to provide perfect warning or a magic solution.” So what should you be doing to better protect your firm’s critical systems and data?
 

The truth is both large, well-established hedge funds and smaller startups are equally at risk of intrusion. Hackers may target large firms because they see an opportunity to profit from their substantial asset pools. Additionally, they might be after the notoriety associated with successfully hacking a well-known fund’s critical systems, especially in cases that will likely garner media attention. For smaller funds, hackers are likely after intellectual property, namely business plans, market forecasts and investment strategies.

Categorized under: Security  Hedge Fund Operations  Trends We're Seeing 



Showtime’s ‘Billions’ Airs a Lesson in Laptop Security

By Mary Beth Hamilton,
Thursday, February 23rd, 2017

Lessons on Laptop Security from Showtime's BillionsI just finished Season 1 of Showtime’s ‘Billions’ and can’t resist calling out the horrible IT security on a key character’s laptop. ‘Billions’ centers on a multi-billion dollar CT hedge fund and federal prosecutors looking to take them down for financial crimes. [Spoiler Alert] As season 1 nears an end, US Attorney Chuck Rhoades easily logs into the laptop of his wife, who is also the hedge fund’s in-house psychiatrist. On the laptop he finds the incriminating evidence necessary to potentially take down Mr. Billions (aka Bobby "Axe" Axelrod).

From an IT security perspective, there were so many things wrong with this scene, but I’ll highlight three that any hedge fund, regardless of AUM, should consider:

First up: password security.

In ‘Billions’ they broke the golden rule of NEVER sharing your password, but beyond that, multi-factor authentication should have been implemented. Multi-factor authentication is established by requiring at least two authentication factors that are knowledge based (password), possession based (something you have – token, mobile phone) and/or inherence based (something you are – fingerprint or eye scan).

Eze Castle Integration’s Eze Managed Suite offering includes two-factor authentication via a tool called Duo. Duo combines knowledge based (password) with possession based (smartphone) authentication factors.

Categorized under: Security  Launching A Hedge Fund  Trends We're Seeing 



Five Steps to Effectively Managing Third-Party Service Provider Risk

By Kaleigh Alessandro,
Tuesday, February 21st, 2017

Hedge fund outsourcing is not a new trend, as buy-side firms have long dispersed the responsibility of many functions to third-party service providers more adept and accomplished at said functions. Technology, for example, is an area where many firms choose to leverage outsourced providers to manage complete or partial infrastructures, support projects or supplement on-site IT staffs. The benefits to outsourcing are numerous, but the true measure of a successful service provider relationship comes when an investment firm’s level of risk in using that provider is low.Service Provider Risk
 
Risks are everywhere, particularly in today’s cyber-focused environment. But the risk a hedge fund undertakes when outsourcing a function of its business to a third-party is enormous. Not only is the firm relinquishing control to an outside company, it also takes on the added burden of managing that company, in addition to its own.
 
It’s one thing to put faith in your service providers to do their jobs effectively. It’s another to ignore your own firm’s responsibility to manage that third party as a means of protecting your own firm. Successfully managing risk associated with third-party service provider relationships is a full-time job, especially for financial services firms working with dozens of various parties. Here are a few tips to help your firm properly manage third-party service provider risk:

Categorized under: Hedge Fund Operations  Launching A Hedge Fund  Cloud Computing  Security  Infrastructure  Trends We're Seeing 



Then and Now: State of the Hedge Fund Industry

By Kaleigh Alessandro,
Thursday, February 16th, 2017

They say the more things change, the more they stay the same. Turns out it’s a pretty accurate assessment of the hedge fund industry then and now.

You see, back in 2011 we hosted a “State of the Hedge Fund Industry” event that yielded some interesting trends and perspectives, and we thought it might be fun to not only look back at those trends, but compare them to what we’re seeing in today’s industry – more than five years later.

Like I said: the more things change, the more they stay the same.

Hedge Fund Market Trends & Challenges

THEN (2011): It’s been an interesting year thus far for hedge funds and other alternative investment firms, as inflows have been high but performance low. In addition to performance challenges, hedge funds continue to deal with increased competition for investments, and thus asset-raising remains a hurdle for many funds – regardless of their size or strategy.

Categorized under: Trends We're Seeing  Launching A Hedge Fund  Cloud Computing  Security  Disaster Recovery  Hedge Fund Regulation  Business Continuity Planning 



10 Questions to Ask Your Cloud Services Provider

By Kaleigh Alessandro,
Thursday, February 9th, 2017

When evaluating a cloud services provider there are a lot of factors to take into consideration: features & functionalities, security protections, provider experience, and industry certifications just to name a few. We've identified some of the most important questions today's investment management firms should be asking cloud services providers during the selection process.

Five or seven years ago, these questions would probably be fairly basic in nature. Does the infrastructure isolate individual client environments? (Yes). Can the cloud environment scale to meet a firm's growing resource needs? (Yes). In 2017, we can safely assume you understand the basics of the cloud, so the questions we've identified move beyond the basic and focus on critical infrastructure, security and support questions your cloud provider should be able to address.

Top Ten Questions to Consider:

  1. I'm most concerned about the security of my data. What types of security layers do you employ across the cloud platform and your broader organization to guarantee the safety of my firm's information?

  2. Does your cloud leverage proactive security technologies such as intrusion detection and prevention, next-generation firewalls and regular vulnerability assessments and/or penetration tests?

Categorized under: Cloud Computing  Trends We're Seeing 



Is “Smart” Technology Invading Your Privacy?

By Lauren Zdanis,
Tuesday, February 7th, 2017

We educate our clients all the time about how to keep their organizations secure and mitigate against insider and outsider threats. But one area of security often overlooked is that of the home office – and the home itself on a larger scale. With new technologies constantly being released – and many of today’s devices linked via the Internet of Things (IoT) – the likelihood of being hacked or having private information stolen also increases.

Emerging ‘smart’ technologies such as Amazon’s Echo and Google Home are making their way into many homes, making it simple to find for users to stay up-to-date on the latest news, ask for directions, or hear tomorrow’s weather forecast. The Echo’s voice assistant, Alexa, for example, can complete advanced tasks such as turning on lights and changing the temperature of your home.

But what if these technologies are jeopardizing the inherent privacy of your own home? Let’s take a look into the future.

Categorized under: Security  Cloud Computing  Communications  Trends We're Seeing 



How to Create a Human Firewall: Proactive Cyber Advice

By Mary Beth Hamilton,
Thursday, February 2nd, 2017

How much security protection is enough? That’s a tough question to answer and the catalyst behind our recently published whitepaper on selecting the right cybersecurity tier based on individual risk profiles (download it HERE). The paper outlines three common tiers including Tier 0 (the ‘must-have’ list) to Tier 2 (the ‘advanced’ list), however it only touches briefly on the human element of security.

The reality is that in today’s sophisticated cyber environment firms must go beyond physical or virtual firewalls firms and establish a ‘Human Firewall,’ because sometimes technology alone won’t stop some of the most damaging attacks. In many instances, employees are “holding the door open” to criminals or inadvertently “leaving the keys out.” At other times, disgruntled employees act with more malicious intent.

Building a ‘human firewall’ comes down to establishing a security-conscious workplace and culture where employees understand the risk landscape and know how to respond. So what goes into their ‘human firewall’? It has varying parts including policies, training, awareness and of course people(!).

Practical, User-Friendly Policies

Many firms create a 20+ page written information security plan that formalizes the definitions and policies that govern the creation, access, and deletion of confidential information and computing services. That can be everything from a definition of personally identifiable information (PII), a description of user access privileges and roles, or policies regarding data handling. What matters is that you’ve explicitly and unambiguously documented all aspects of your company’s at-risk assets and services.

While the plan should be comprehensive, firms should also avoid getting bogged down in “tech speak.” Employees need user-friendly policies that are straightforward to follow. For example, they want to know the implications of their actions (“If I read this on a mobile phone, am I creating a security vulnerability?” “What happens if I lose my mobile device?”).

Categorized under: Security  Launching A Hedge Fund  Private Equity  Hedge Fund Operations  Hedge Fund Regulation  Trends We're Seeing 



View earlier posts in the archive

Recent Posts / All Posts