On behalf of the entire team here at Eze Castle Integration, we would like to wish all of our readers, clients, partners and friends a very happy and safe Independence Day holiday.
We'll see you back here at Hedge IT on Tuesday, July 8th for more tech talk!
Categorized under: Eze Castle Milestones
One of the first questions on the SEC’s cybersecurity questionnaire for financial firms asks firms to "indicate whether they conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities and potential business consequences", and if so, who conducts them and how often. Clearly the goal behind this question is to ensure that firms are taking a proactive approach to security. But what exactly does this assessment entail?
Here’s a quick overview.
The type of risk assessment typically associated with information technology/security is an external vulnerability assessment. Essentially, this is the process of identifying and categorizing vulnerabilities related to a system or infrastructure. Typical steps associated with a vulnerability scan or assessment include:
Identifying all appropriate systems, networks and infrastructures;
Scanning networks to assess susceptibility to external hacks and threats;
Classifying vulnerabilities based on severity; and
Making tactical recommendations around how to eliminate or remediate threats at all levels.
We continue to speak with clients and prospects on a regular basis on the topic of cybersecurity, and with the expectation that the SEC will start security exams sometime around September, it’s evident that firms are working diligently to answer the questionnaire and shore up internal practices.
To continue fostering education around this topic, we hosted two events last week dedicated to cybersecurity for hedge funds and investment firms. For your convenience, you can read a brief recap of some of the key topics discussed or scroll down to watch our full webinar replay.
Cybersecurity a Hot Topic on State & Federal Level
By now, we all know the SEC has taken steps to assure that hedge funds and investment advisers put security mechanisms and practices in place to protect against cyber threats. SEC Commissioner Luis Aguilar said there is “substantial risk that a cyber-attack could cause significant and wide-ranging market disruptions and investor harm.” Even beyond the federal level, some states are chiming in on the cybersecurity front. Earlier this month, Massachusetts and Illinois acknowledged that they were polling investment advisers about their security practices, and that based on responses, state regulations could be impacted.
Categorized under: Launching A Hedge Fund Security Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing Videos And Infographics
Timing is everything. Last week we released a new whitepaper, Why the Billion Dollar Club is Headed to the Cloud, and shared an excerpt here on Hedge IT about why hedge funds are making this move. Today, to entice you to download the full paper, we'll share WHEN firms are making the cloud move.
For newly emerging investment firms, the choice to adopt a cloud-based architecture is an easy one. Few firms have a business model where an in-house Comm. Room makes strategic or economic sense. But what about established firms that have been in business for several years and have invested millions of dollars in infrastructure? When is the right time to make a move?
Opportunities and timing will vary, but generally speaking, the following three scenarios represent ideal inflection points for moving to the cloud:
This is an ideal time to switch to the cloud. Many companies are understandably reluctant to take on the expense of moving a massive, expensive, and often outdated infrastructure to a new location – particularly if the company expects to phase out certain portions or components in the following 24-36 months. In such cases, migrating to the cloud before relocating offices can be a smart move.
Today we released a new whitepaper that looks at a growing trend we are seeing -- billion dollar hedge funds and investment firms moving to the cloud. Here is a sneak peak at the paper's content as well as a video interview with Bob Guilbert on why firms should read, Why the Billion Dollar Club is Headed to the Cloud.
It’s More Than Managing Money
There’s more competition in financial services than ever before. Every week, new and agile boutique firms sprout up, armed with proprietary models and the right technology foundation to compete – intensely – with the major players for billions of investment dollars. Firms of every size are competing to deliver broader ranges of increasingly exotic instruments, specialized funds, and high-performance investments that deliver competitive returns to investors whose demands and expectations continue to climb.
But when it comes to performance and success in financial services, there’s more to evaluate than just the hard numbers. Returns alone aren’t enough. Today, savvy firms know they need to deliver more. In a post-Madoff, post-2008 world, the SEC and FINRA – and investors as well – are scrutinizing all corners of the operation. There’s an increased focus on how operational risk is managed and how firms respond to greater demands for transparency. That means it’s more important than ever for firms to deploy and maintain robust, scalable, and secure technology infrastructures.
Hedge funds have known for some time the importance of effective cybersecurity, and regulation increasingly enforces this as a requirement. For any practice to be effective, however, there are a number of factors which need to be considered prior to implementation. Eze Castle’s Lisa Smith recently sat down with HFMWeek Magazine to talk about how to meet and understand the new cybersecurity guidelines advised by the SEC. Following is an excerpt of the article.
The SEC's cybersecurity questionnaire sets the framework and best practices for the financial industry. When you consider the type of information that hedge funds are handling on a day-to-day basis, it's really important that they have security controls in place. The questionnaire is a way for the SEC to ensure that hedge funds, private equity and investment management companies are taking security controls seriously and are aware of what's in place for their company.
HFMWeek (HFM): Within the sample SEC cybersecurity request document, questions were divided into five categories. What is the SEC looking for in these categories?
Lisa Smith (LS): Identification of risk in cybersecurity governance - this involves an analysis of what's in place. So for instance - when I conduct a business assesment I'll focus on what's currently in place versus what should be in place in accordance with the recommendations from the SEC. Anything that is not in place that should be goes into our risk assesssment summary and is categorized as low, medium or high. It's about ensuring that hedge funds have certain controls and security policies in place to protect their environment and data.
At Eze Castle Integration, we seek a variety of skill sets when we look to hire new engineers. We not only look for solid technical skills and experience, but an array of core competencies that we have found are critical for quality IT pros. To help you in your firm’s quest for a premier IT team, here are a few of the core competencies we like to see in our technology candidates:
Communication and Interpersonal Skills
IT pros need to be more than extremely intelligent and skilled in their field; they require interpersonal skills and finesse.
IT staff work with clients (internal or external) every day, sometimes day and night. It is critical for their communication to be clear and consistent at all times.
Common sense, good judgment and the ability to be resourceful are all necessary skills on the job.
Firms should also look for candidates with the ability to simultaneously understand business issues and communicate solutions effectively from a technical standpoint. Not every end user has a degree in information technology – successful IT managers should be adept at framing technical situations in a way that’s easy for non-technical users to understand.
Categorized under: Hedge Fund Operations
As your firm evaluates moving to the cloud – as most firms today will inevitably do – your list of priorities will likely include:
Regulatory and investor impact
Migration plans and operational effects
Hardware disposal and infrastructure changes
But another critical business area your firm should put some thought into is the effect of the cloud movement on your internal IT department (assuming you have one). What exactly happens to a firm’s IT team once it moves operations into a cloud environment? Is there still value in maintaining an in-house staff?
The simple answer is ‘yes,’ but the day-to-day responsibilities for those staffers may not look quite the same post-cloud. With a fully managed service provider, everyday management is typically taken care of – leaving internal resources with a lot more time on their hands. But that doesn’t mean there’s no longer a need for an IT department.
In Part 1 of our Transformation of IT seminar recap, we shared what our expert panel discussed relative to evaluating outsourced solutions and leveraging technology solutions. Our panel included Vinod Paul, Managing Director, and Steve Schoener, Vice President, at Eze Castle Integration, John Budzyna, Managing Director, and Dave Messier, Director, at KPMG, Timothy Ng, Managing Principal at Clearbrook Global Services, Jon Anderson, Global Head of OTC Derivatives at SS&C GlobeOp and Sheldon Rubin, COO/CFO/CCO at S Squared Technology LLC.
Read on to see what our speakers had to say about the considerations for outsourcing, typical transformation challenges and more. You can also read Part 1 of the event recap or listen to the complete audio replay.
Q: Whether it's technology, compliance or another area of the business, firms ultimately need to decide if they are going to manage these areas internally or outsource to an expert vendor. How does a hedge fund determine what is the right solution for them and whether to outsource or maintain their own systems and operations?
When considering internal operations vs. outsourcing, a firm must determine which option gives it the most control over the given process. The firm is not only considering outsourcing technology but also outsourcing control.
The annual gathering of Apple’s developers took place earlier this week in San Francisco, and top Apple execs Tim Cook, Phil Schiller and Craig Federighi took center stage to reveal what new products and features users can expect to see from Apple in the near future.
Before we get into the specific announcements from the Worldwide Developers Conference (WWDC), let’s talk numbers and take a look at what Apple has been up to as well as their growth as a company:
9 million registered Apple developers (47 percent increase from 2013)
800 million iOS-powered devices sold to date
80 million Macs have been installed to date
130 million new customers in the past year
1.2 million apps currently available in the App store
75 billion apps downloaded to date
12% growth in the Mac market share (whereas PC has declined)