We were honored to be invited to participate in an exciting event in Boston recently hosted by KPMG. The event, Hedge Fund Symposium 2015, featured a lively panel on cybersecurity to kick off the afternoon. Featuring speakers from Eze Castle Integration, Morgan Lewis and The Baupost Group, the panel discussed the changing cybersecurity landscape for hedge funds and alternative investment firms and shared best practices on how to mitigate risk in this evolving climate. Following are some of our favorite highlights from the event.
Malware is seemingly the most common threat to financial firms and can infect a firm’s network as a result of improper use of removable storage media (USB devices), opening of suspicious hyperlinks and attachments or more advanced ransomware technology (think Cryptolocker virus).
Spear-phishing and social engineering campaigns are also extremely prevalent and can cripple even the most technology-savvy firm. Ultimately, these campaigns are best prevented through proper user training and awareness around information security.
In our latest webinar, “Understanding Written Information Security Plans," Eze Castle Integration’s resident WISP expert, Lisa Smith, shares insights into the development and maintenance of WISPs, including the basics of what a Written Information Security Plan (WISP) is and the stages that a firm’s WISP goes through. Continue reading for a recap or scroll down to watch the webinar.
What is a WISP?
A WISP is a formal documentation of a firm’s plans and systems put in place to protect personal information and company sensitive data. It includes both administrative and technical safeguards and identifies confidential information, where it is located, how it is protected, and who has access to it. Technical safeguards include an assessment of current policies such as penetration software and encryption and technical policies like password changes and access control.
Recently, the North American Securities Administrators Association (NASAA) has implemented new requirements on state registered advisors regarding firm’s business preparedness plans. Specifically, the rule requires firms to establish, implement, and maintain both a Business Continuity and Succession Plan.
Whether firms have existing plans already in place or are developing plans for the first time, they must ensure plans are in line with the NASAA’s new Model Rule regulations and guidance. Below are the specific areas identified as part of the new rule:
The protection, backup, and recovery of books and records.
Alternate means of communications with customers, key personnel, employees, vendors, service providers (including third-party custodians),and regulators, including, but not limited to, providing notice of a significant business interruption or the death or unavailability of key personnel or other disruptions or cessation of business activities.
Categorized under: Business Continuity Planning
This article first appeared on FINalternatives and was contributed by Brian Macallister, managing director at Ledgex Systems.
Today’s hedge fund investors are more competitive – and more demanding –than ever. As a result, many hedge funds are walking a fine line. They need to track communications, client relationships and capital movements in order to raise and retain assets, while providing exceptional client service and exceeding reporting requirements – all without increasing headcount or operational overhead. That balancing act is essential to avoiding these three primary reasons investors walk away from their hedge funds:
1. They aren’t happy with performance.
No amount of communication or reporting will save an underperforming hedge fund from losing investors. However, those efforts will help fund managers get ahead of investor concerns and proactively address likely questions during periodic performance dips. Information is power, especially in the hands of the firm. When information about how the investor’s balance today relates to past performance is readily available and integrated with customer relationship management data, financial firms can better manage expectations and investor reactions.
This article first appeared on Opalesque as part of a four-part series on cybersecurity.
Ruane, Cunniff and Goldfarb, Inc. used to have their own IT infrastructure. Todd Ruoff, Executive Vice President in charge of trading, operations and technology, was responsible for its maintenance. Then he started looking at outsourced providers a couple of years ago, as he wanted a better disaster recovery solution, the equipment was ageing and the firm was planning an office relocation. His firm is now using Eze Castle Integration’s Private Cloud, the ECINet private Internet service and Eze Castle’s Vault backup and recovery service. He tells Opalesque how that works for him.
Ruane, Cunniff and Goldfarb is an investment advisor and broker-dealer in the US, which manages an $8bn mutual fund, a '40 Act company called the Sequoia fund. The firm has around $5bn managed in hedge funds, and another $15bn in separately managed accounts run for HNWIs and institutions.
"As a broker, we need the ability to trade," Todd Ruoff says. "We are a long-term investor who invests in large, concentrated positions, focused on a few securities. It’s important that we have access to real-time market data, which we get from various sources, as well as access to our trading systems for execution and order management. As an advisor, we need to be able to report for our clients, as well as internal portfolio management teams. All of our research is done in-house, through an organic internal process, whereby our analysts work on the subject companies, which are publicly traded equities. We invest primarily in common stocks in the US, Europe and Asia."
As your hedge fund’s IT Manager or Chief Technology Officer, you may be tasked with evaluating and directing the strategic technology initiatives at your firm. Unfortunately, this doesn’t always mean that you have the final say on how and when your firm makes technology-related decisions. That responsibility, in many cases, falls to the Chief Operating Officer or Chief Financial Officer, and in many cases, that individual does not have a technology background. It’s up to you, then, to ensure you provide your CXOs with the right information to make an informed decision about your firm’s technology foundation.
We asked our own CFO, Chris Holden, to talk through some of the primary considerations C-level execs will weigh when evaluating a migration to the cloud. Read a recap of his thoughts here or scroll down to listen to the full replay of our conversation.
Cloud Migration Drivers: Is Cost Always the Primary Factor?
According to Holden, the best way to justify a new technology to non-technical senior management is to provide a sound and logical cost comparison. And when it comes to the cloud, yes – cost is a big factor and a serious selling point.
Despite the recent strides hedge funds have made to improve cybersecurity policies and safeguards, studies reveal that a less-heralded group is responsible for the majority of successful cyber-attacks. Flying under the radar and opening the malware floodgates with one click of a spoof email are employees ill-informed of cyber threats and potential risks.
Unbeknownst to the employee, upon release of their mouse they have guided hacktivists into his or her company’s network, exposing business critical information, financial records and passwords. And that’s just the beginning. The quantity and severity of subsequent damages are limitless, but so is the opportunity for improvement in the firm’s case.
In part two of our webinar series, Cloud Perspectives: How to Impress Investors, Security Pros & CXOs, Steve Schoener and Lisa Smith of Eze Castle Integration shared their expertise with regards to security infrastructure, policies and procedures in the cloud.
Threat Landscape for Hedge Funds
With security breaches and incidents reaching sophisticated levels, Schoener first addressed the evolution of the cybersecurity landscape for investment firms. In the past, hackers were often kids with too much time on their hands looking to create chaos for a period of time. Today, it has evolved into a business for educated hackers, conducting thorough research and drawing readily accessible information from the Internet to target individual firms as a way of making money.
We love showcasing our work with clients and one such client is Astellon Capital Partners who selected the award-winning Eze Private Cloud for all of its IT needs. Astellon moved to the Eze Private Cloud because of Eze Castle Integration's leadership role in bringing cloud services to the investment community, as well as its ability to deliver the high performance, applications and exceptional user experience the investment firm demands.
Established in 2011, Astellon Capital Partners is a twelve user alternative investment manager based in London focusing on European event-driven value-investing with a particular focus on German-speaking countries.
Davi Vieira, head of operations at Astellon Capital Partners, said, "Our move to the Eze Private Cloud was born out of the need to have a secure, reliable and institutional-grade IT platform that matches our focus on implementing strong financial, operational and infrastructure controls. Eze Castle Integration is the driving force behind the adoption of cloud services in the hedge fund industry and the optimal partner to help us run our business for many years to come."
It’s a question that many folks in the financial services industry have been asking for a few years now. Are potential investors comfortable with the idea of hedge funds leveraging cloud services? In Part 1 of our cloud webinar series, The Investor Perspective on Cloud and Security, we asked Ashley Gimbel, Senior Vice President at Dyal Capital Partners, to share her thoughts on evaluating the operational and infrastructure decisions of hedge funds and alternative investment firms and if investors are truly comfortable with the cloud. Click here or scroll down to watch the full replay of our conversation with Gimbel.
The simple answer is ‘yes.’ According to Gimbel, investors are and should be at ease with hedge fund clients using cloud infrastructures to support their daily operations. In fact, she says, hosted infrastructures often make more sense for firms with little to no IT resources in-house.
With a few caveats, of course. Firms should ensure outsourced cloud providers have proper Service Level Agreements (SLA) in place and are conducting appropriate oversight of their provider(s). A few other technology must-haves:
Well integrated data and systems
Established policies and procedures
Comprehensive disaster recovery