HFMWeek catches up with Eze Castle Integration’s managing director, Bob Guilbert, to discuss why so many funds are opting for cloud solutions and how the industry can work together to tackle cyber crime.
HFMWeek (HFM): What are the security implications of moving to a cloud system?
Bob Guilbert (BG): Firms looking to move to the cloud need to consider which provider is right for them and can service their operational and security needs. A firm needs to consider the security protocols in their office as well as in the cloud and work with someone that covers both sides, including the virtual and physical elements. It’s also vital that firms understand the ‘response and remedy’ services that cloud providers offer, the quality of which can vary hugely between public and private clouds.
If you missed our 'Starting a Hedge Fund' webinar last week, you missed a lot. Luckily, our webinar replay is available here, and we're now onto Part Two of our recap. If you missed Part One - which focused on the structural and formation basics of starting a new hedge fund - click here. In Part Two, we're recapping what our very own Managing Director Vinod Paul covered, specifically around IT infrastructure decision-making, cybersecurity protections and common technology mistakes.
2015 Technology Priorities
Before looking at the specific technology infrastructure components emerging managers should consider before and during the launch phase, let's first cover some large-scale IT priorities for startups in 2015. We've identified three major priorities:
Selecting the right service providers. Whether it's outsourcing IT, administration or another critical function, it's imperative for startups (and successful hedge funds in general) to conduct proper due diligence and forge partnerships with providers that offer flexibility and accountability.
Understanding your firm's vulnerabilities and exposures. Security, security, security. It's the most critical area of focus for hedge funds in 2015. Firms should understand what risks could affect their businesses and the safeguards in place to mitigate those risks.
Employing an infrastructure your firm can grow with. You're a startup, yes. But you can't afford to act like a startup, at least when it comes to your technology. Selecting an infrastructure platform and provider that can grow with your firm and support you 2, 5, 10 years down the road is critical to your success, and will save you money and headaches in the long run.
Categorized under: Launching A Hedge Fund Cloud Computing Disaster Recovery Security Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing Videos And Infographics
Yesterday, we hosted a hedge fund launch webinar called “A Checklist for Starting a Hedge Fund in 2015,” which focused on structure and strategy considerations for hedge fund startups as well as focus areas for your technology infrastructure and cybersecurity systems. Marni Pankin, partner at Marcum LLP, and Vinod Paul, managing director at Eze Castle Integration, shared their expert knowledge on what they consider to be the top priorities for hedge fund startups in 2015.
Pankin started with a checklist of her own, including what an emerging manager should look for when launching a new hedge fund. Below is a brief summary of her checklist and be sure to read our second article, "Starting a Hedge Fund: Your IT and Cybersecurity Checklist" here.
Categorized under: Launching A Hedge Fund Cloud Computing Disaster Recovery Security Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing
We were honored to be invited to participate in an exciting event in Boston recently hosted by KPMG. The event, Hedge Fund Symposium 2015, featured a lively panel on cybersecurity to kick off the afternoon. Featuring speakers from Eze Castle Integration, Morgan Lewis and The Baupost Group, the panel discussed the changing cybersecurity landscape for hedge funds and alternative investment firms and shared best practices on how to mitigate risk in this evolving climate. Following are some of our favorite highlights from the event.
Malware is seemingly the most common threat to financial firms and can infect a firm’s network as a result of improper use of removable storage media (USB devices), opening of suspicious hyperlinks and attachments or more advanced ransomware technology (think Cryptolocker virus).
Spear-phishing and social engineering campaigns are also extremely prevalent and can cripple even the most technology-savvy firm. Ultimately, these campaigns are best prevented through proper user training and awareness around information security.
In our latest webinar, “Understanding Written Information Security Plans," Eze Castle Integration’s resident WISP expert, Lisa Smith, shares insights into the development and maintenance of WISPs, including the basics of what a Written Information Security Plan (WISP) is and the stages that a firm’s WISP goes through. Continue reading for a recap or scroll down to watch the webinar.
What is a WISP?
A WISP is a formal documentation of a firm’s plans and systems put in place to protect personal information and company sensitive data. It includes both administrative and technical safeguards and identifies confidential information, where it is located, how it is protected, and who has access to it. Technical safeguards include an assessment of current policies such as penetration software and encryption and technical policies like password changes and access control.
Recently, the North American Securities Administrators Association (NASAA) has implemented new requirements on state registered advisors regarding firm’s business preparedness plans. Specifically, the rule requires firms to establish, implement, and maintain both a Business Continuity and Succession Plan.
Whether firms have existing plans already in place or are developing plans for the first time, they must ensure plans are in line with the NASAA’s new Model Rule regulations and guidance. Below are the specific areas identified as part of the new rule:
The protection, backup, and recovery of books and records.
Alternate means of communications with customers, key personnel, employees, vendors, service providers (including third-party custodians),and regulators, including, but not limited to, providing notice of a significant business interruption or the death or unavailability of key personnel or other disruptions or cessation of business activities.
Categorized under: Business Continuity Planning
This article first appeared on FINalternatives and was contributed by Brian Macallister, managing director at Ledgex Systems.
Today’s hedge fund investors are more competitive – and more demanding –than ever. As a result, many hedge funds are walking a fine line. They need to track communications, client relationships and capital movements in order to raise and retain assets, while providing exceptional client service and exceeding reporting requirements – all without increasing headcount or operational overhead. That balancing act is essential to avoiding these three primary reasons investors walk away from their hedge funds:
1. They aren’t happy with performance.
No amount of communication or reporting will save an underperforming hedge fund from losing investors. However, those efforts will help fund managers get ahead of investor concerns and proactively address likely questions during periodic performance dips. Information is power, especially in the hands of the firm. When information about how the investor’s balance today relates to past performance is readily available and integrated with customer relationship management data, financial firms can better manage expectations and investor reactions.
This article first appeared on Opalesque as part of a four-part series on cybersecurity.
Ruane, Cunniff and Goldfarb, Inc. used to have their own IT infrastructure. Todd Ruoff, Executive Vice President in charge of trading, operations and technology, was responsible for its maintenance. Then he started looking at outsourced providers a couple of years ago, as he wanted a better disaster recovery solution, the equipment was ageing and the firm was planning an office relocation. His firm is now using Eze Castle Integration’s Private Cloud, the ECINet private Internet service and Eze Castle’s Vault backup and recovery service. He tells Opalesque how that works for him.
Ruane, Cunniff and Goldfarb is an investment advisor and broker-dealer in the US, which manages an $8bn mutual fund, a '40 Act company called the Sequoia fund. The firm has around $5bn managed in hedge funds, and another $15bn in separately managed accounts run for HNWIs and institutions.
"As a broker, we need the ability to trade," Todd Ruoff says. "We are a long-term investor who invests in large, concentrated positions, focused on a few securities. It’s important that we have access to real-time market data, which we get from various sources, as well as access to our trading systems for execution and order management. As an advisor, we need to be able to report for our clients, as well as internal portfolio management teams. All of our research is done in-house, through an organic internal process, whereby our analysts work on the subject companies, which are publicly traded equities. We invest primarily in common stocks in the US, Europe and Asia."
As your hedge fund’s IT Manager or Chief Technology Officer, you may be tasked with evaluating and directing the strategic technology initiatives at your firm. Unfortunately, this doesn’t always mean that you have the final say on how and when your firm makes technology-related decisions. That responsibility, in many cases, falls to the Chief Operating Officer or Chief Financial Officer, and in many cases, that individual does not have a technology background. It’s up to you, then, to ensure you provide your CXOs with the right information to make an informed decision about your firm’s technology foundation.
We asked our own CFO, Chris Holden, to talk through some of the primary considerations C-level execs will weigh when evaluating a migration to the cloud. Read a recap of his thoughts here or scroll down to listen to the full replay of our conversation.
Cloud Migration Drivers: Is Cost Always the Primary Factor?
According to Holden, the best way to justify a new technology to non-technical senior management is to provide a sound and logical cost comparison. And when it comes to the cloud, yes – cost is a big factor and a serious selling point.
Despite the recent strides hedge funds have made to improve cybersecurity policies and safeguards, studies reveal that a less-heralded group is responsible for the majority of successful cyber-attacks. Flying under the radar and opening the malware floodgates with one click of a spoof email are employees ill-informed of cyber threats and potential risks.
Unbeknownst to the employee, upon release of their mouse they have guided hacktivists into his or her company’s network, exposing business critical information, financial records and passwords. And that’s just the beginning. The quantity and severity of subsequent damages are limitless, but so is the opportunity for improvement in the firm’s case.