Hedge fund outsourcing is not a new trend, as buy-side firms have long dispersed the responsibility of many functions to third-party service providers more adept and accomplished at said functions. Technology, for example, is an area where many firms choose to leverage outsourced providers to manage complete or partial infrastructures, support projects or supplement on-site IT staffs. The benefits to outsourcing are numerous, but the true measure of a successful service provider relationship comes when an investment firm’s level of risk in using that provider is low.
Risks are everywhere, particularly in today’s cyber-focused environment. But the risk a hedge fund undertakes when outsourcing a function of its business to a third-party is enormous. Not only is the firm relinquishing control to an outside company, it also takes on the added burden of managing that company, in addition to its own.
It’s one thing to put faith in your service providers to do their jobs effectively. It’s another to ignore your own firm’s responsibility to manage that third party as a means of protecting your own firm. Successfully managing risk associated with third-party service provider relationships is a full-time job, especially for financial services firms working with dozens of various parties. Here are a few tips to help your firm properly manage third-party service provider risk:
As a new firm, your to-do list is going to be lengthy: formation structures, legal requirements, service provider evaluation, etc. On the technology front, there are also a lot of items to think through. Here’s a quick IT checklist cheat sheet that financial firms should keep handy during the startup planning process.
Also, for more technology tips, download the Essential Tech Guide to Starting a Hedge Fund
Networking & Infrastructure
Define networking requirements
Data circuits featuring N+1 redundancy
Wireless and Local Area Network (LAN) capabilities
Design network infrastructure: Cloud, On-Premise or Hybrid
Workstations (PCs, monitors, laptops, servers)
Peripherals (printers, phones, etc.)
Categorized under: Launching A Hedge Fund
Last week, we partnered up with law firm Sadis & Goldberg to host a webinar where we discussed the Securities and Exchange Commission’s (SEC) Division of Investment Management’s latest cybersecurity guidance recommendations and offered firms clear direction on satisfying these new requirements from both a legal and technology perspective. Featured speakers included John Araneo, counsel, and Lance Friedler, partner at Sadis & Goldberg, as well as Eze Castle Integration’s Managing Director Vinod Paul. To watch a full recap of the webinar, click here or scroll down.
Cyber Threats Across the Industry
The cyber threat landscape is changing rapidly, and our speakers shared examples of how developed hackers are targeting all industries, not only financial services. Araneo gave two examples of data breaches from two companies that were recently penalized by the SEC for failure to meet requirements. The first example was from a firm that failed to use strong passwords and allowed access to systems after long periods of computer inactivity, resulting in a penalty and mandatory independent security consulting for two years. The second firm failed to enforce the use of anti-virus software, leading to an unauthorized trade from a customer’s account and resulting in fines totaling over $100,000.
Beyond mismanagement of internal cyber controls, phishing and ransomware are other targeted approaches our speakers noted they are seeing across the industry, as hackers are targeting executives by sending fake emails to try to phish sensitive information or attaching files that could infect entire systems. In the case of ransomware, if a user opens an email that is infected, it will lock down files and the only way to recover the files is to buy a key from the hacker. As the sophistication of cyber hackers increases, firms are expected to shore up securities and employ best practices to protect sensitive company information – a goal the SEC is targeting with their most recent cybersecurity guidance recommendations.
Security, security, security. It’s all anyone can talk about. From spear-phishing schemes to cyber extortion plots, hackers are reaching new levels of sophistication in their attempts to confiscate sensitive material and, in many cases, access monetary funds. But while we’ve trained ourselves to be more aware of these elaborate cybersecurity schemes, we often forget that the gateway to much of our information is only secured by one teeny, tiny little feature: a password.
Whether you’re safeguarding your work PC or personal mobile device, password security is the first and arguably most important step you can take to protect your sensitive information. And unfortunately, users often don’t put the necessary effort into creating strong, secure passwords, thereby leaving that sensitive information in peril and potentially easily accessed by intelligent hackers.
Password creation sounds like a simple task, but it is far from it, especially in today’s security-heightened marketplace. Following are five hallmarks of a strong password to help get you started:
In the context of information technology, social engineering refers to the act of tricking people into divulging confidential or sensitive business information, and breaking security policies. This form of attack infiltrates companies by targeting their weakest access point, which predominantly is a firm’s employees.
The Art of the Phishing Con
Let’s examine a popular technique for social engineering known as phishing. In a phishing scheme, the hacker broadly disseminates a fraudulent email with aim to acquire sensitive data, such as, login credentials, IT resources or banking information. The message may request the recipient to submit personal information or to click on a link embedded with malware. Although this approach rarely dupes sophisticated users, a distracted employee could make one mistake and compromise a firm’s entire network.
On behalf of the entire team here at Eze Castle Integration, we would like to wish all of our U.S. readers, clients, partners and friends a very happy and safe Independence Day holiday.
Also, we’re happy to announce our newly launched Instagram page so be sure to follow us: EzeCastle
We'll see you back here at Hedge IT on Tuesday, July 7th for a look at Social Engineering.
20 years. 400 incredible employees. 650 clients. 3 continents. 10 offices. Countless services.
June 2015 marked the 20-year anniversary of Eze Castle Integration’s founding. We have reached many milestones over the years thanks to our dedicated employees and loyal client base.
From building the world’s first all NT trading floor (as Eze Castle Consulting) to building the hedge fund industry’s first private cloud platform (as Eze Castle Integration), the Eze Castle name represents innovation, quality and excellence.
We could go on and on but we’d rather show you some of our proudest accomplishments from the last decade.
20 years – Wow. So many milestones and so many more to come.
Did you know that the average cost of a data breach is $3.8 million? Or, that the consolidated average cost incurred for each record of lost or stolen sensitive and confidential information has increased six percent (6%) since 2013 from $145 to $154? A recent study of 350 companies spanning 11 countries reported the aforementioned statistics, representing a twenty-three percent (23%) increase in data breach consolidated costs.
We take great pride in helping solve our clients' IT needs and highlighting recent success stories. Our client Wexford Capital LP is one such example who selected the Eze Private Cloud platform for its fully managed, enterprise-grade environment. Wexford Capital gravitated away from its on-premise IT infrastructure and towards the Eze Private Cloud for its multifaceted suite of services and measurable benefits, such as, cost optimization and increased business agility.
Dante Domenichelli, Chief Operating Officer at Wexford Capital, said, “Eze Castle Integration delivers the comprehensive services and expert, reliable support we had been searching for in an IT provider. Transitioning to the Eze Private Cloud has enabled seamless business expansion and improved our operational efficiencies while providing assurances of performance and security.
Written by Ledgex Systems, the following article originally appeared in the Canadian Hedgewatch under the title, "2015 Trends: Investor-centric Approaches for Hedge Fund Growth."
Winning Hedge Fund Strategies
In today's competitive market, winning investor assets is no easy feat. Hedge funds must be nimble and meet increasing investor and regulatory demands, while remaining cost efficient and advancing operations. To foster and sustain these relationships, it’s vital that managers and investors reach equilibrium in regards to their interests and expectations.
Achieving this balance is an ongoing challenge; however, it also offers firms opportunities for improvement. The following are suggested focus areas for hedge funds to differentiate themselves from the competition and attract and retain investors.
Bespoke Fund Productization
Managers that strive to enhance offerings consistently to attract principal growth must focus on investors’ needs during product ideation and development. Aside from exceptional client service, investors expect high performance, availability, transparency and seamless integration with client relationship management data. Hedge funds that invest in building bespoke solutions suitable for investor operations will meet expectancies better while increasing efficiencies and reducing the risk of underperformance.