ECI Blog Mon, 30 Mar 2015 13:29:54 -0400 en-US <![CDATA[Encryption 101: Protecting Your Investment Firm's Sensitive Material]]>, 26 Mar 2015 00:00:00 -0400 eci The amount of data and information that passes through the Internet every day is – for lack of a better term - enormous. And truth be told, sometimes we are sharing information that we don’t want to get into the wrong hands, whether it be via email, instant message or other communications. Think: credit card information, personal information (name, address, social security number, etc.), bank account information or sensitive company or financial data.

A secure way to transmit this information is through encryption. According to TechTarget, encryption is “the conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties.”Security Padlock - Encryption

The history of encryption, believe it or not, began a long time before the Internet existed and we started sending electronic data. The ancient Greeks and Romans, in fact, sent secret messages by substituting letters that only a secret key code could decipher. In the time of Julius Caesar, he created a cipher by which he shifted letters to the left or right to hide his messages.

Modern encryption, thankfully, has developed into something much more sophisticated. The most widely accepted standard on encryption these days is the Advanced Encryption Standard (AES), which was established by the National Institute of Standards and Technology (NIST) in 2001. AES is considered asymmetric public key infrastructure (PKI) encryption – one of two typical encryption methods used today:

  • PKI encryption uses two linked cryptographic keys; “The public key is used to encrypt plaintext or to verify a digital signature; whereas the private key is used to decrypt ciphertext or to create a digital signature.”

  • Symmetric key encryption uses cryptographic keys that are the same, meaning both parties must have the same key to successfully share their encrypted message.

What should you encrypt?

Storing Data (Hard Drives/Files)
Depending on the type of information you’re storing, you may want to consider an encryption solution that stores data files. If your firm collects and stores investor or client financial or personal information, for example, encryption may be necessary. Internet Protocol Security (IPSec) or SSL-based encryption are two examples of encryption methods for protecting outbound-Internet and in-network communications.

Sending Data (Email)

Whether across an internal firm network or within a cloud solution, encryption is essentially a required function when emailing important information, particularly for firms in the financial services industry who handle sensitive material. When used in conjunction with other email security features (e.g. anti-virus, anti-spam, etc.), email encryption offers users comprehensive, multi-layered security protections when sending delicate information. Tip: be sure that your firm’s encryption solution is compliant with any required regulatory legislation such as SOX, GLBA, PIPEDA or the European Union Data Directive.

Traveling with Data (Laptops, Mobile Devices)
In some cases, firms may opt to encrypt laptops and/or mobile devices to ensure that when users are traveling, confidential company information doesn’t get into the wrong hands. While some devices feature inherent encryption technology (e.g. iOS 4.0+ and Android 4.0+), other devices will need to be protected via external software applications.

Eze Email SecurityEze Email Security solution

Eze Email Security is a comprehensive email security solution that allows firms to protect intellectual property, reduce downtime associated with email threats and enhance client trust. With Eze Email Security, every outbound email message is scanned by compliance and content filters before being sent to the recipient. Any message that matches defined compliance policies is encrypted. To learn more about Eze Email Security, please contact us.

Additional Resources:

Hedge Fund Cybersecurity Info Center
Photo Credit: Open Clipart

<![CDATA[Power Up, Power Down: The Hidden Risks of Public Charging Stations, Tools]]>, 19 Mar 2015 00:00:00 -0400 eci In a constantly connected world, the majority of us cannot help but feel reliant on our mobile devices, especially when it comes to battery life percentage.

Whether you’re in the airport, train or just on the go, keeping that effervescent green light out of the red zone becomes a priority, and most will plug into just about anything. With public smartphone chargers on the rise, this resource seems ideal for the battery conscious user. However, prior to plugging in to power up, we suggest proceeding with caution. After all, do you know whose hands that charger was in before? Smartphone charging station; BYOD

What most users don’t realize are the risks they are exposing their smartphones to by utilizing public charging stations and cords. Although these stations are “smart” they are also extremely dangerous. The moment your phone is plugged in, it will try to synchronize with whatever charging device it is connected to. Plugging into one of these USB ports could lead to cyber criminals collecting your personal information, including banking, browsing history and purchasing patterns. Additionally, your once-secure device is now at risk of being owned by malware. How criminals utilize this data ranges from targeting personalized advertisements to spying and identity theft.

On the business side of things, those who use a mobile device for work purposes must also consider the risks they are putting their business' critical data at by charging at a public kiosk. Confidential information, communications, logins, passwords and financial information could all be compromised. As businesses increasingly move away from the desktop, companies should consider educating employees on various risks and implementing BYOD security policies, for example, Mobile Device Management (MDM), Mobile Device Support, Data, Loss and Theft policies, in addition to, other safeguards regarding company-issued devices. Addressing these areas in your firm's BYOD strategy will help ensure your hedge fund is protected from potential security incidents.

How can you keep your phone secure and powered up while on the go? We suggest considering the following precautions:

  • Use only the charger provided to you by the product manufacturer

  • Buy a security adapter for your USB connection

  • Purchase your own portable charger

  • Avoid using public charging stations

  • Keep your phone locked while charging with a public device

When it comes to sensitive information and mobile security, you can never be too safe. For further information relative to this topic, check out the following articles:

Image Credits: Google

<![CDATA[Apple Watch: Security Concerns for the Enterprise and Beyond]]>, 12 Mar 2015 00:00:00 -0400 eci By now, you’ve no doubt heard about Apple’s latest tech craze: Apple Watch. Revealed during the company’s latest announcement earlier this week, the Apple Watch is expected to revolutionize the mobile world. Available starting April 24, the Apple Watch will appeal to a variety of end users – with prices ranging from $349 (for the aluminum version) to $10,000+ for gold-plated versions.

The Apple Watch will feature many of the same abilities of the iPhone – making/answering phone calls and texts, Internet surfing, and app integration as well as new advanced health monitoring features and Apple Pay. But with a user’s data now on his/her wrist in addition to in his/her pocket, should we be concerned about security?

Let’s start with the good news.Apple Watch

Apple Pay, in and of itself, has been thought out well in terms of security, it seems. Users can opt in to use a PIN number which will need to be entered every time the watch is put on a wrist. So if that watch was stolen, it would be impossible for the thief to make purchases via Apple Pay unless they had a user’s PIN number. According to Apple:

“Even if you lose Apple Watch, your accounts are protected. Because when you set up Apple Pay, you’re required to create a passcode. Each time you take Apple Watch off your wrist, the passcode must be entered to access it. And you can quickly remove your cards on”

Beyond Apple Pay, though, not much has been said about security with regards to the new device. And with enterprise firms transitioning more and more to BYOD strategies and evolving as part of the mobile world, isn’t it important that we talk about how secure the Apple Watch really is?

For instance, when on a user’s wrist, the watch works by syncing with the user’s iPhone over Wi-Fi and, in some cases, Bluetooth, networks. As Apple has said, the watch doesn’t do much without the phone. Hence, if data is constantly moving between the two devices, should we be concerned about the ability for hackers to intercept any of that traffic? Regular traffic that moves over Wi-Fi networks can be in danger and is a primary reason why many people are careful not to connect to public or other untrusted networks. And if an Apple Watch user needs to be connected to Wi-Fi in order for the watch to operate properly, it certainly seems there is a possibility for data to reside over potentially unsafe networks.

Additionally, I can’t help but wonder what the Apple Watch means for the enterprise community with regards to mobile device management and security. Firms who employ BYOD and allow employees to use their personal smartphones for corporate email are typically strict about what can and cannot be accessed. Many leverage MDM solutions such as Good Technology or Airwatch to protect corporate mail, for example. Will the same solutions be available to protect data that moves from the iPhone to the Apple Watch? Maybe a greater question is how will the Apple Watch affect enterprise mobility on a large scale? Only time will tell, it seems. Regardless, I expect there will still be quite a few crowds lined up outside Apple stores on April 24.

Read More:

Hedge Fund Cybersecurity Info Center
Photo Credit: Wikipedia

<![CDATA[Four Hedge Fund Technology Trends Not to Miss]]>, 03 Mar 2015 00:00:00 -0500 eci Two months into 2015 and already there have been changes within the financial service industry. From global security breaches, to the demands for increased investor transparency, to start-up funds launching and competing with their enterprise counterparts, the hedge fund landscape is as turbulent as ever. From a hedge fund technology perspective, there are a couple major trends that have started and will definitely continue to play out during the rest of 2015.

Hedge fund technology trends whitepaperZeroing in on these trends, today we released our new whitepaper aptly titled Four Trends Shaping Hedge Fund Technology. Read on for a sneak-peak of the topics covered in the paper and be sure to download the complete paper HERE.

Hedge Fund Technology Trend #1: Cybersecurity

One can’t look at a news source today without reading some sort of headline depicting another data breach or hack attack. The types of attacks facing the hedge fund industry are extensive and include:

  • Phishing/Spear-phishing: This type of attack is used to trick end users into giving up sensitive or personal information or making a financial transaction. While the attacks have the same intent, spear-phishing has a targeted approach and requires more research than a normal phishing attack.

  • Malware: Also known as malicious software, it is used to gain access or to disrupt system operations. Recently there has been an adware scandal, with Lenovo, a personal computer company. The organization sold computers that contained adware, which left the users vulnerable to hackers and viruses.

  • Distributed-Denial-of-Service (DDoS): DDoS attacks will make a website or system unusable and are common strategies of hackers.

SEC Cybersecurity Exam Involvement
Beyond proactively protecting against attacks, funds must also understand regulators' expectations around cybersecurity. In 2014, the Securities and Exchange Commission (SEC) released a 28-point questionnaire to investigate the security practices and protocols of firms in the investment sector. Then last month they released key cybersecurity exam findings based on the questionaire, which covers topics including:

  • Identification of Risks/Cybersecurity Governance

  • Protection of Firm Networks and Information

  • Risks Associated with Remote Computer Access and Funds Transfer Requests

  • Risks Associated with Vendors and Other Third Parties

  • Detection of Unauthorized Activity

A few best practices included firms having Written Information Security Policies (WISPS) and taking a layered approach to hedge fund security. Check out our top 10 takeaways from the SEC cybersecurity exam sweep HERE.

Hedge Fund Technology Trend #2: Due Diligence

Recently, IT and operational due diligence have seen an increased focus during the investor due diligence process. Investors are starting to devise lengthy and in-depth due diligence questionnaires for hedge funds – and by extension, their service providers – to gain more understanding of the processes and policies in place. The hedge fund technology questions typically fall into these categories:

  • Company/Organization Background

  • Annual Assessment/Audit

  • General Information Technology

  • Systems and Information Security

  • Access Control

  • Network Security

  • Physical Security

  • Disaster Recovery and Backup

Hedge Fund Technology Trend #3: Cloud Adoption

No technology trends article would be complete without exploring the impact of cloud technology. In the last decade, there has been a major transition within the financial service space to move from in-house technology and infrastructure to using an outsourced cloud solution to satisfy their needs. With 87% of investment firms using cloud solutions, the question now is how to reap maximum benefits.

Hedge Fund Technology Trend #4: The Changing Role of the Hedge Fund CTO

With the increase of cloud-powered infrastructures, the Chief Technology Officer’s (CTO) job is evolving from that of a day-to-day IT manager to that of a strategic business partner for the firm. Hedge fund CTOs are increasingly expected to focus on high-level projects like strategic discussions, compliance requirements and IT integration.

Download the "Four Trends Shaping Hedge Fund Technology" whitepaper and read in-depth about the topics brought up in this article.

hedge fund technology whitepaper trends

<![CDATA[10 Takeaways from the SEC Cybersecurity Exam Findings (Webinar Recap)]]>, 26 Feb 2015 00:00:00 -0500 eci In case you missed it, earlier this week we hosted a webinar during which our resident cybersecurity expert and SVP of Technology, Steve Schoener, answered questions regarding the results of the recent SEC cybersecurity exams and identified the top takeaways with meaning to hedge funds and investment management firms. Here’s a look at our Top 10 Takeaways from the recent exam findings. If video is more your style, you can watch the full webinar replay here or scroll down to the bottom of this article.

1. WISPs are well adopted.Visit our Hedge Fund Cybersecurity Info Center

A WISP, or Written Information Security Policy, was found to be employed by 93% of broker-dealers and 83% of registered investment advisers. What is typically included in a WISP document? Similar to business continuity plans, WISPs identify scenarios firms need to be aware of from a security perspective as well as preparedness measures to address those scenarios. Both administrative and technical safeguards are identified, giving firms a complete picture of what to protect and the processes in place to do so.

2. Broker-dealers are almost all conducting periodic risk assessments to identify cybersecurity issues.

When talking about periodic risk assessments, the question often asked, is how often they should occur. Schoener recommends that conducting risk or vulnerability assessments (VAs) at least annually makes the most sense for firms. If a hedge fund experiences a lot of change in their IT environment, they may consider conducting a VA bi-annually. *To provide our Eze Private Cloud clients with additional levels of documentation, Eze Castle Integration conducts vulnerability assessments twice per year.

Vulnerability assessments are designed to look at the specific technical details of a fund’s infrastructure and security environment. For example: is a system running differently than it normally does? Are there different certificates present? You can learn more about what occurs during and after a vulnerability assessment here.

3. Advisers are lacking in third party risk assessments.

The big takeaway here is that firms should be doing greater due diligence on their technology vendors, as well as other third parties that may have access to the firm’s networks. As cybersecurity threats continue to evolve, investor due diligence questionnaires are becoming more thorough, which may trigger firms to become more diligent in assessing and evaluating their service providers.

4. Just about everyone has suffered from some sort of cyber incident.

Most firms reported that they have experienced some sort of incident, usually related to malware or fraudulent emails. While the term “incident” is broadly used in the report, most cases refer to the aforementioned attacks.

5. Firms are suffering losses at the hands of hackers.

Through phishing and spear-phishing attacks, hackers are finding more and more success in getting firm employees to make financial transfers. For background, phishing is a more broad attack – such as an email asking a user to reset their password - while spear-phishing requires time and research before the attack. Spear-phishing often reveals itself through a heavily detailed email, perhaps from the alleged CEO to CFO, asking for a wire transfer. While it looks legit, the domain name or email address likely varies slightly from the original. Unfortunately, if not detected, it can trip up employees, as we saw from the SEC’s exam results.

Schoener mentions that most companies aren’t “aware of how much information is out there on the internet, not as a result of hacking or data leakage, but there is substantially more information on the internet than we all realize.” This readily-accessible information, of course, makes it easier for hackers to approach firms via spear-phishing attacks. To help best protect your company from this situation, employee training and awareness is crucial.

6. Employees are not always following firm procedures.

According to the exam results, most of the time firm employees are following procedures, however, skilled hackers can still convince even the most compliant employees to click a suspicious link or transfer a small amount of money. Employees can easily cut corners and put the firm at risk if the proper procedures are not in place to protect against cyber threats. The best solution is to have firm checks and balances in place and make sure that employees who handle any money and sensitive information are following procedures and not cutting corners.

7. Many firms are looking to their peers for information sharing.

As more and more organizations are being attacked, there is increased participation in information sharing among, typically, closed groups. According to Schoener, “a large number of, especially the very large broker-dealers, the big banks, all participate in something called FSISAC... that’s all about sharing intelligence around cybersecurity related to the financial sector.” This kind of information sharing can go a long way in keeping firms aware of industry happenings and hopefully better prepared for any future incidents.

8. Broker-dealers are significantly more likely to have a Chief Information Security Officer.

Many hedge funds and investment firms – particularly startups and smaller firms – do not employ dedicated CISOs, but rather COOs and CTOs handle those responsibilities. Duties include “understanding the policies that a firm has in place today and why they have them in place.” As the person or persons responsible for your firm’s security needs, it’s essential to stay up-to-date on the changes in technology and meet with service providers regularly to ensure your firm is in the best position to secure your data.

9. Very few advisers have cybersecurity insurance.

While the SEC exams found that few RIAs currently employ cybersecurity insurance, we’re seeing more and more start-ups taking this into account during the launch phase. We also expect more established firms will be looking to evaluate these types of policies in the near future.

10. Broker-dealers are considerably more prepared than registered advisers.

Not surprisingly, broker-dealers fared better overall according to the results of the SEC’s exams. Based on their sizes and clientele, broker-dealers are more likely to make the investments in technology and have large IT staffs dedicated to security. That said, RIAs are likely to continue to boost their security defenses to meet both the SEC’s guidance as well as increasing investor expectations.

More Resources on Hedge Fund Cybersecurity:

Visit our Hedge Fund Cybersecurity Info Center

<![CDATA[Opalesque TV Exclusive: Cybersecurity Threats Facing Hedge Funds in 2015]]>, 24 Feb 2015 00:00:00 -0500 eci In this Opalesque.TV video interview, Bob Guilbert and Vinod Paul from Eze Castle Integration discuss the hedge fund cybersecurity landscape, specifically the risks facing investment managers in 2015. Both spend the majority of their time educating their client base on internal and external risks, protecting them against the “Activist Hacktivists” looking for any means of entry into funds.

These hackers will spend weeks, months, and sometimes even years trying to get access, most often with the goal of triggering illicit wire transfers out of the fund.

Today, the usual efforts of employees to avoid clicking links or opening files and password protocoling aren't enough. Everyone should be aware of new techniques employed by hackers like “spearfishing” and “whaterhole” attacks which, with more institutional dollars flowing into hedge funds, will become more frequent. Unless funds have the right Written Information Security Policy (WISP) and processes in place, together with true intrusion detection that monitors what is coming into the firm and what data and information is going out of the firm, they can be at risk of a cybersecurity attack.

Learn more about:

  • “Spearfishing” attacks to wire transfers

  • “Waterhole” attacks: Why actions such as ordering from an online menu can put your firm at risk

  • SEC requirements and best practices

  • Defining a “WISP” – Written Information Security Policy

  • Multiple points of entry holding information across service provider platforms

  • Eze Castle and eSentire Partnership

  • Increasing cloud adoption rates in larger funds

  • Shift in perception of cloud safety

Additional Resources on Cybersecurity:

<![CDATA[Covering FINRA's Top 7 Key Cybersecurity Practices]]>, 19 Feb 2015 00:00:00 -0500 eci This month (February 2015) The Financial Industry Regulatory Authority (FINRA) issued a Report on Cybersecurity Practices to assist firms in responding to the growing threats of cyberattacks. The report centered on seven (7) “key points” as defined by FINRA.

Our team regularly counsels clients on how to address these cybersecurity practices. So in the interest of sharing, here is a high level snapshot of how Eze Castle Integration addresses the key points in the report.

Key Point 1: A sound governance framework with strong leadership is essential. Numerous firms made the point that board- and senior-level engagement on cybersecurity issues is critical to the success of firms’ cybersecurity programs.

Eze Castle Integration has an appointed Chief Information Security Officer and an established Computer Security Incident Response Team (CSIRT). CSIRT members have predefined roles and responsibilities, which can take priority over normal duties. The CSIRT team is overseen by the Chief Information Security Officer (CISO), and comprised of individuals from various groups such Network Operations, Client Services, Cloud Services, Project Management, and Human Resources.

Key Point 2: Risk assessments serve as foundational tools for firms to understand the cybersecurity risks they face across the range of the firm’s activities and assets—no matter the firm’s size or business model.

Risk Assessments are built into Eze Castle Integration’s Information Security Policy as well as our Business Continuity Plan.

From an information security/cybersecurity perspective, Eze Castle Integration retains third-party managed security provider eSentire to perform security audits on our corporate infrastructure as well as the Eze Private Cloud infrastructure.

For Business Continuity Planning, Eze Castle Integration has a Certified Business Continuity Planner on staff. The company conducts reviews of BC/DR procedures and policies. The business requirements are continually reviewed through training and testing. Technical solutions are generated to address any potential recovery gaps and exposures.

Key Point 3: Technical controls, a central component in a firm’s cybersecurity program, are highly contingent on firms’ individual situations. Because the number of potential control measures is large and situation dependent, FINRA discusses only a few representative controls here. Nonetheless, at a more general level, a defense-in-depth strategy can provide an effective approach to conceptualize control implementation.

As outlined in Eze Castle Integration’s Information Security Policy the company follows the Principle of Defense in Depth as well as Principle of Least Privilege. This includes employing multiple layers of security to protect all systems and data as appropriate, as well as limiting access to only those who need it.

Key Point 4: Firms should develop, implement and test incident response plans. Key elements of such plans include containment and mitigation, eradication and recovery, investigation, notification and making customers whole.

Eze Castle Integration has an Information Security Incident Management Policy in place. The policy outlines the requirements for dealing with computer security incidents. Security incidents include, but are not limited to: virus, worm, and Trojan horse detection, unauthorized use of computer accounts and computer systems, as well as complaints of improper use of Information Resources as outlined in the Acceptable Use Policy. Eze Castle Integration requires all employees to participate in information security training.

Key Point 5: Broker-dealers typically use vendors for services that provide the vendor with access to sensitive firm or client information or access to firm systems. Firms should manage cybersecurity risk exposures that arise from these relationships by exercising strong due diligence across the lifecycle of their vendor relationships.

Eze Castle Integration has extensive information security policies in place that are coupled with deep technical safeguards. We review all policies, employee adherence to these policies, the risk landscape and technical safeguards regularly and make adjustments as necessary.

Key Point 6: A well-trained staff is an important defense against cyberattacks. Even well-intentioned staff can become inadvertent vectors for successful cyberattacks through, for example, the unintentional downloading of malware. Effective training helps reduce the likelihood that such attacks will be successful.

All Eze Castle Integration employees are required to participate in annual educational and training sessions regarding Nonpublic Personal Information held by Eze Castle Integration. This includes all permanent and part-time employees, applicants, independent contractors/consultants, etc. The training sessions address the security precautions contained in the company’s Information Security Policy.

The training sessions also address security practices and procedures, including reporting procedures, material packaging or forwarding, preparation of media, e.g., CDs, DVDs, wireless devices, hard drives, security conditions during travel and other issues. All new hires entering Eze Castle Integration receive Nonpublic Personal Information training during the New Hire Orientation. New hires will receive a copy of this policy and implementing procedures for the department to which they are assigned.

As part of Eze Castle Integration’s Business Continuity Plan, quarterly a few employees are selected from each department at each office to participate in a remote test (i.e., work from their home). The goal is to validate connectivity and access to critical applications through the primary data center.

Key Point 7: Firms should take advantage of intelligence-sharing opportunities to protect themselves from cyber threats. FINRA believes there are significant opportunities for broker-dealers to engage in collaborative self-defense through such sharing.

Eze Castle Integration participates in industry groups to share information and stay current on the evolving technology and cybersecurity landscape.

Cyber Security Hedge Fund Guide

<![CDATA[A Look at OCIE's Cybersecurity Exam Sweep Findings: Hedge Funds Take Note]]>, 17 Feb 2015 00:00:00 -0500 eci In its 2015 priorities, the SEC’s Office of Compliance Inspections and Examinations (OCIE) listed cybersecurity as a key focus area in its risk-based assessments. Then on February 3, 2015, OCIE released summary findings from its Cybersecurity Examination Sweep.

OCIE’s sweep focused on written documentation for their assessment and conducted "limited testing" of the accuracy of the responses. They did not review the technical sufficiency of the firms’ programs either. OCIE’s reliance on documentation highlights the importance of complete Written Information Security Policies.

Following are noteworthy items Eze Castle Integration observed in reviewing the findings.

  • Cybersecurity hedge fund guideMost firms adopted written information security policies, but 43% of advisers did not conduct periodic audits to determine compliance with these information security policies and procedures.

  • 49% of advisers did not discuss mitigating the effects of a cybersecurity incident and/or outline the plan to recover from such an incident in their written business continuity plans.

  • The vast majority of examined firms conduct periodic risk assessments, on a firm-wide basis, to identify cybersecurity threats, vulnerabilities, and potential business consequences. However, only 32% of advisers require cybersecurity risk assessments of vendors with access to their firms’ networks.

In the Written Information Security Plans (WISP) Eze Castle Integration creates for clients, we include service provider risk assessments as a standard element.

  • 88% of broker-dealers and 74% of advisers stated that they have experienced cyber-attacks directly or through one or more of their vendors. The majority of the cyber-related incidents are related to malware and fraudulent emails.

  • 25% of broker-dealers reported losses related to fraudulent emails and employees not following the firms’ procedures. While this is a small percentage, firms need to ensure they are training employees in addition to documenting the security policies and implementing tighter security.

  • Only 13% of advisers have policies and procedures related to information security training for vendors and business partners authorized to access their networks.

From our perspective, the low number (13%) is not surprising as smaller firms (i.e. hedge funds) do not have the resources to train their vendors, brokers or business partners. Rather, they are requiring these partner firms to train their own employees.

  • Only 30% of advisers have designated a CISO; rather, the advisers look to their CTO to assume responsibility or have another other senior officer (i.e. CCO, CEO, COO) liaise with a third-party consultant who is responsible for cybersecurity oversight.

This finding highlights the expectation of CTOs to serve as CISOs and highlights the evolving role of technologists within firms.

The staff is still reviewing the information to discern correlations between the examined firms’ preparedness and controls and their size, complexity, or other characteristics. As noted in OCIE’s 2015 priorities, they will continue to focus on cybersecurity using risk-based examinations.

Webinar on OCIE's Cybersecurity Sweep & Hedge Funds

Join Eze Castle Integration on Tuesday, February 24th at 2 p.m. ET as we review the SEC's cybersecurity exam findings and best practices for managing a secure investment firm. Click here to Register.

Hedge Fund SEC Cybersecurity Event

<![CDATA[Like for Life Campaign: Empower Children Through Education]]>, 12 Feb 2015 00:00:00 -0500 eci Valentine’s Day is just around the corner, and Eze Castle is taking heed of this opportunity to spread the love.

For the fifth consecutive year, we are hosting a "Like for Life" Campaign with the intent to spread awareness and raise donations for a charitable cause. This year, we will be supporting School on Wheels, an organization that strives to educate and empower underprivileged children impacted by homelessness. The group’s mission is to augment the educational opportunities available to more than the 1.6 million homeless children in the United States.

To achieve this goal, School on Wheels provides academic support, school supplies and one-on-one mentoring to children so they can reach their full potential. Since 2004, School on Wheels of Massachusetts has:

  • Trained 1,627 volunteer tutors

  • Distributed 6,028 backpacks

  • Enrolled 35 students in college

Providing children with these educational resources stimulates collaboration and growth, ultimately connecting them to one another, new horizons and a brighter future.

To support this worthy organization, Eze Castle is hosting a social media fundraiser in which we pledge to donate $1 to School on Wheels (up to $1,000) for every new “like” we receive on our Facebook page and every new follower acquired on Twitter (@EzeCastleECI). The pledge campaign will run between February 12, 2015 and March 12, 2015.

Please take a minute and “like” us on Facebook and follow us on Twitter to help us support School on Wheels. Your efforts can help improve the lives of children and increase their opportunities to learn.

Like for Life Campaign]]>
<![CDATA[Winter Weather Preparedness: Considerations for Keeping Your Firm and Employees Operational This Winter]]>, 10 Feb 2015 00:00:00 -0500 eci Anyone who lives in a region that regularly receives snow knows (and expects) that every winter brings the potential for experiencing disruption, delays, cancellations and closures to roads, buses, trains, boats and subways that transport people to and from work. (If you’re in the Boston area, you’re experiencing this today with the MBTA shutting down all rail service to clean up from more than 70 inches of snow in the last three weeks.) Snow storms don’t just affect transportation though; weather events can cause power outages, force evacuations, impact deliveries, and as we saw recently with Winter Storm Juno, can cause entire states to ban travel.

Impacts of Heavy SnowSnowstorm

Let’s consider some of the issues firms can face even if a travel ban isn’t in place and employees must attempt to make their way to the office.

Most people who commute to work know that adverse weather can have a major impact on their travel to and from the office. Regardless of the manner of transportation (car, rail, subway, boat, bus, etc.), all will most likely experience delays and present challenges for commuters during a snow storm. Delays, breakdowns, cancellations, and longer commuting times are very common throughout a storm and can still impact travel days after a storm concludes, leaving employees largely unable to work effectively if at all.

For a firm where most employees drive to the office, employees and management should be aware of some statistics taken from the federal highway administration over a 10-year period of time involving driving incidents during poor weather conditions. Choosing to drive in adverse weather for commuters can be risky; for some employers it may be worth considering alternative work options for those employees.


1,311,970 crashes

23% of vehice crashes

430,338 persons injured

20% of crash injuries

6,253 persons killed

17% of crash fatalities

* "Weather-Related" crashes are those that occur in the presence of adverse weather and/or slick pavement conditions. (Source: US Dept of Transportation, Federal Highway Administration)

Working Remotely

It isn’t uncommon for firms to allow employees to work remotely during weather-related events. But before the decision to work from home is made, you want to ensure employees have the resources they need (i.e., computer or laptop, strong Internet connection, instructions for accessing data, Help Desk contact information, etc.), and test! We strongly encourage firms to validate employees’ home setups before logging in during a storm event. This will ensure employee can spend their time focusing on work tasks instead of troubleshooting technology problems.

Technical Factors: Licenses, Access and Power Outages

Even for firms that allow employees to work remotely, issues can arise if the number of licenses purchased is not enough to cover the entire firm. Even in established companies there can be issues with connectivity and access for employees. If your firm doesn’t have IT personnel on staff, make sure you have up-to-date contact information for your IT provider so you can quickly contact them if any issues are experienced.

In most heavy snow/blizzard conditions, power outages are also common. It’s important to preplan and, in some cases, purchase items that will allow employees to continue working - think wireless Internet accessories or battery backup sources/alternative power sources.

Personal Factors: Family Responsibilities and Distractions

During the recent Juno Storm, many Northeast states announced a travel ban for non-emergency service personnel, forcing employees and their families to remain at home. This can be troublesome for parents expected to work while home with children who require supervision. It’s important for managers to realize there may not be easy solutions for these parents during this type of scenario and to set realistic workload expectations for their employees.


Maintaining communications is vital to every business, especially during a weather-related event. Being able to seamlessly continue communications even while remote or out of the office is important. A little planning can go a long way in this effort. Having critical business contacts stored on a mobile device or an accessible shared drive can help firms keep clients, partners, and vendors in the loop during any type of disruption. A call forwarding service is also an option to consider implementing so that any calls that would go to an office phone are redirected to a home phone or cellphone.

Working at the Office

If you or employees in your office do manage to make into the office during a storm, you should consider assigning a point person to ensure everything stays operational and can report outages to the appropriate contacts (i.e., senior manager, building management, etc.).

In addition, you might want to reconsider outdoor evacuation sites during and after the storm. It is important to be aware of the impact of the snow piles left from plows or shoveling on the preplanned evacuation sites. If your firm’s building or offices are being evacuated, ensure employees have a safe location (preferably indoors) at which to gather and account for staff. Depending on your firm’s size you may consider having multiple alternate locations, such a department store or coffee shop for smaller firms or a hotel lobby or a nearby parking structure.

In conclusion, some of the impacts of snow storms are unavoidable. Most employees are subject to the same issues when trying to commute to work during these situations. However good planning and a little investment can make a difference for your employees and your firm’s business continuity.

DR/BCP Guidebook

To read more about winter weather preparedness, check out these articles:

Photo Credit: Wikimedia

<![CDATA[2015 Hedge Fund Trends & SEC Exam Priorities (Webinar Recap)]]>, 05 Feb 2015 00:00:00 -0500 eci With a new year comes new regulations for hedge funds and investment firms. Earlier this week, Eze Castle Integration hosted a webinar during which Ricardo Davidovich, partner at Haynes & Boone LLP, shared his insight into the Securities and Exchange Commission’s (SEC) new examination priorities as well as reoccurring themes firms should expect to see play out through the year.Ricardo Davidovich

What’s New in 2015

Retail Investors

One priority for examinations this year is the focus on retail investors. Davidovich says that “hedge funds, which in [the SEC’s] mind have historically been an exclusive and private club, are being sold to the retail and consumer client base.” Meaning they will be taking a closer look at the types of fees being sold, the sales practices and the suitability analysis. Firms should focus on making sure no information released is misleading and that there are provisions against fraud. There should be a real emphasis on policies to create guidelines that can be shown and proven to the SEC.

Market Wide Risks

With this priority, the SEC is focusing on keeping the markets fair and orderly. They want to protect investors, especially ones who invest in large firms with many affiliates. This is also where the focus on cybersecurity comes in. With many businesses suffering cybersecurity attacks in 2014, it makes sense that the SEC will focus on this aspect of the market. Having robust security and infrastructure policies and systems in place will help to strengthen the market and decrease risk across the board.

Annual SEC Focuses

Marketing/Performance Advertising

This is a strong point of contention with investment advisors and fund managers. As one of the most regulated areas by the SEC, funds partaking in advice marketing and advertising must employ strict policies and procedures to demonstrate to the SEC that they are in compliance. Proving that your firm has a “culture of compliance” is the most effective way to keep the SEC’s attention away from you.

Any time a fund is actively promoting itself to solicit investment, there are provisions to be wary of:

“There are some considerations out there that suggest targeted performance... there is little guidance but the commission has made it clear through other avenues that whenever you’ve got a fund manager or investment advisor that said ‘we seek to beat the index by “x” percent’… you need to have a good faith demonstrable basis for that targeted return.”


This focus is about a potential conflict of interest. When a manager tells investors one thing, but values their portfolio in a different way, thus leading to mistrust and confusion, the SEC is going to notice.


To have custody, you have to have access to the investor’s money. There are occasions when partners don’t realize that they have custody for various reasons, so awareness is very important. When you don’t have all the information, the decisions being made could be affected in a negative way.

Material Non-Public Information (MNPI)

Also known as insider trading, the SEC has struggled in the past with prosecuting claims as most cases tend to settle or lose traction. Davidovich points out that a lot of the time, people aren’t looking to share MNPI but do it accidentally. “It’s a lack of understanding of what happens or where the triggers are,” which means that investors are simply trying to gain knowledge or advice, but the use of expert networks can lead to issues with MNPI. When investment managers are doing research, they are constantly trying to talk to more senior personnel, who tend to be less trained in what they can and cannot say, which can lead to accidentally leaked MNPI. Adhering to a detailed and structured policy is the safest way to avoid succumbing to MNPI incidents.

To hear more from Ricardo Davidovich, Partner at Haynes & Boone LLP, including his thoughts on the 2015 seeding landscape for investment firms, watch our full webinar replay below.

To read more on hedge fund technology and operations trends, check out these articles:

<![CDATA[Outlook for iOS and Android Deliver Potential Security Concerns]]>, 03 Feb 2015 00:00:00 -0500 eci At a time when cyber-attacks are becoming more and more frequent, protecting your company’s information is of the utmost importance, which is why Eze Castle Integration is advising clients to hold-off on downloading Microsoft’s Outlook for IOS and Android.

Outlook for iOS and Android, Hedge Funds security concerns

The Background

In December 2014, Microsoft acquired tech company, Acompli, which was known for their mobile mail application. Now in 2015, Microsoft has rebranded the app as an Outlook application for IOS and Android phones. While the product has done well and has a following, many are wary of certain procedures and features that could compromise information moving forward.

How Does It Work?

The application uses ActiveSync (EAS), for the majority of users, and OWA, for advanced functionality. EAS grabs information from Exchange, which then is processed and pushed to the clients. However, each step of the process has potential complications. The platform includes email, calendar features, attachment integration with OneDrive, Dropbox, Google Drive, Box and iCloud, and customization.

To set up the application you must give your login information so the app can link to your account. It then stores this data, meaning your credentials are held somewhere in a cloud. The only exception being Gmail users, which requires OAuth authorization. Microsoft uses AWS IP to constantly monitor the account in order to notify you, the user.

However, they don’t ask your permission before storing your login information and don’t state where they are holding your credentials.

Trial users have reported that even after deleting the application, as soon as they uploaded the app again, information was being pushed to their mobile devices prior to re-entering login credentials. This presents a serious cybersecurity issue, as the location and magnitude of information being saved is unknown.

What Are They Storing and Where?

It appears they are storing login information as well as some personal data. For example, as stated in Acompli’s privacy and securities policy,

Some user data are retained in Acompli system during the lifetime of a user account, always encrypted at rest. A user can choose to completely purse his/her account from the mobile app, in which case all user data will be wiped clean throughout the Acompli system, from both the mobile device and the server farm.”

This isn’t the only time private information that is held on outside servers. Their policy also states that,

The service retrieves the calendar data and address book contacts associated with your email account and securely pushes those to the app on your device. Those messages, calendar events, and contacts, along with their associated media, may be temporarily stored and indexed securely both in our servers and locally on the app on your device.”

At this point, Microsoft has simply rebranded this product, meaning this is still the process that information goes through before it sits in your inbox. This again is a security issue for companies as they don’t know which information is being stored by Acompli.

In the exchange process, the data is stored on cloud servers in the United States before being pushed to your mailbox. For non-US users this has the potential to introduce data sovereignty and regulatory concerns.

Additional Reasons to Give Pause

A few other concerns:

  • Currently missing is the ability to enforce PIN locks at the device and application levels; wipe the device after maximum failed password attempts; and force activity time-out limits that require users to re-enter their PIN after a certain amount of time.

  • Built in connectors to OneDrive, Dropbox, and GoogleDrive potentially allow the easy sharing of confidential company files or access to malicious files. This is an added issue that could compromise information.

While some believe that the negative hype is just that, hype; it may be better security wise to wait and see what updates and changes Microsoft will make for the future before installing the application.

Related Articles


Sources: WindowsITPro, Winkelmeyer, Tom's Hardware, Acompli, Venture Beat, Exchange Server Pro

<![CDATA[Blizzard 2015: Business Continuity Tips and Reminders for Disaster Events]]>, 27 Jan 2015 00:00:00 -0500 eci If you live in the Northeast United States – anywhere from DC to Maine – you’re likely living through the Blizzard of 2015 right now. Snow and heavy winds are pounding the East Coast, with snow totals expected to exceed 2 to even 3 feet in many areas and wind gusts to reach hurricane strength.

During weather events such as this, it’s critical that firms take precautions to ensure that not only do their technologies work and their businesses remain operational, but that their employees are safe, connected and receiving constant communications. We’ve experienced many events such as this in recent years – Hurricane Sandy is probably the most memorable – but the Blizzard of 2015 is an important reminder to firms about employing comprehensive business continuity plans and disaster recovery systems.

Here are a few reminders to get your firm through this latest weather event:


Communicating effectively with your employees is especially critical before, during and after disasters and other weather events. Be sure to keep your employees in the loop on what’s happening and what’s expected of them. Should they work remotely in the event they can’t get to the office? Are non-essential personnel expected to use paid time off? When can they expect updated communications regarding next steps?

If your firm employs a comprehensive BCP, you’ve likely already shared regional Quick Reference Cards so your staff is aware of evacuation locations, remote access policies and instructions and other communication essentials.

Remote Workers

With “states of emergency” declared across several states, odds are, if possible, your employees are working from home today. Hopefully you’ve properly trained all employees to log in remotely. As a reminder, here are a few different options for remote access:

  • VPN: IPSec or SSL VPN technologies work by connecting your home computer to that which resides in your office. You are able to “remote desktop” and run all of the applications that live on your work computer’s server.

  • Citrix: With a Citrix server, you are able to log into a website via any computer and get access to the applications that live on the Citrix server in your office. When you click any application icon, it will appear as if it is running locally despite being housed on your office server.

  • OWA: For those companies who use Microsoft Outlook for email, you can log into OWA to access your email account from an external computer.

Regardless of which system or systems above your firm chooses to employ for remote access, it’s imperative to properly train employees so they have a clear understanding of how to use them (and hopefully have tested them effectively prior to the disaster striking).

Finally, here are some handy tips in one presentation we hope will help your firm make it through this and the next disaster situation. As always, Eze Castle Integration’s Business Continuity experts are adept at working with firms to create and augment BCP plans in order to ensure business operations are not affected by weather events. If you would like to speak with someone on our team about your firm’s BCP plan, please don’t hesitate to contact us.

Additional Resources on Business Continuity Planning:

BCP/DR Guidebook

<![CDATA[Tips for Healthy Flu Season Operations]]>, 22 Jan 2015 00:00:00 -0500 eci According to the Center for Disease Control (CDC), "All national key flu indicators are elevated and about half of the country is experiencing high flu activity." So here are some tips to keep your firm operating smartly during flu season. Watch, read and learn.

  1. Monitor the flu situation.

  2. Get a flu shot.

  3. Limit exposure to others if you have flu symptoms.

  4. Limit onsite meetings.

  5. Keep contact information current.

  6. Review BCP and DR activation procedures.

  7. Update employee DR materials.

  8. Communicate flu policy.

  9. Supply disinfecting wipes for all offices.

  10. Stay home if you have the flu.

Contact us to discuss in more detail the role flu preparedness should play in your BCP.

<![CDATA[Hedge Funds: It's Time to Get Bullish On Social Media, LinkedIn]]>, 20 Jan 2015 00:00:00 -0500 eci Trying to avoid social media is increasingly futile, even for hedge funds. We live in a ‘sharing’ culture, so it’s time to embrace it and control (or at least contribute to) your online profile.

In its 2015 predictions article, third-party marketing firm Agecroft Partners listed increased social media usage by hedge fund managers and investors as a key trend, and here’s why:

“…Social media is being used for research, to build stronger relationships and help promote a firms’ brands in the market place. Some managers are also using it to promote their investment ideas in order to create a catalyst for a security. The most commonly used social media is LinkedIn, which is broadly used throughout the industry. In 2014, Twitter was used by many people in the industry for the first time and this is expected to increase in 2015. Finally, we are beginning to see some use in YouTube where organizations are creating videos that can be posted on websites, distributed through social media or emailed to a distribution group…”(Source: Top Hedge Fund Industry Trends for 2015 by Don Steinbrugge)

Getting the Basics Right: LinkedIn

If a hedge fund manager has time for only one social media outlet, LinkedIn is the one. Over 332 million people use LinkedIn, and new members join at a rate of 2 per second. Additionally, 40% of users check LinkedIn daily (source: Digital Marketing Ramblings).

And from a search perspective, your LinkedIn profile is almost guaranteed to come up on the first page of results for a Google search of your name. So let’s look at how hedge fund managers can enhance their LinkedIn profiles.

LinkedIn Profile Basics

  • You need a picture. People won’t take you seriously or want to connect with you if they can’t see what you look like. Plus, your profile is 11 times more likely to be viewed if you have a picture.

  • Write a summary. This is an open space that allows you to hone in on the key qualities, attributes and skills you want to highlight.

  • Include all (relevant) job experience.When you add your company, be sure it is linking to the firm’s LinkedIn page as this is an easy way to direct your connections back to your firm’s page after viewing your profile.

  • Add skills. From a personal brand perspective, adding skills is an easy way for people to find you.

Customizations on LinkedIn

  • Customize your URL to reflect your firm name (and a personal one if you have a personal webpage).

  • Optimize your ranking for certain search terms by adding them to key sections of your profile including Headline, Summary, Work experience and Specialties.

LinkedIn Hedge Fund Groups

  • Join groups that are relevant to your experience and interests, such as the Hedge Fund Group or IvyExec.

  • Position yourself as an expert and become a thought leader by asking and answering questions. Groups are also a great way to foster conversation, generate new ideas from peers and connect with key people.

LinkedIn Profiles that Get it Right

Here are a few folks on LinkedIn who get it right. Check out their profiles for ideas:

JD David, COO at Meyler Capital

Thomas Plaut, Forex Trading Executive

Don A. Steinbrugge, Managing Partner at Agecroft Partners

Richard C. Wilson, Single Family Office Advisor

Last but not least, here's an Eze Castle Integration LinkedIn profile doing it right: Vinod Paul, Managing Director.

Want More Hedge Fund Marketing Tips?

Watch our video with Meyler Capital on 'Hedge Fund Marketing Tips to Impress Investors and Raise Capital'

<![CDATA[Happy New Year! Employee Resolutions for 2015]]>, 15 Jan 2015 00:00:00 -0500 eci Happy New Year, all!

As we embark on the New Year, there is no better time to reflect on 2014 and set new goals for the future, both personal and professional. We’ve asked a few of our employees at Eze Castle Integration what their aspirations are for 2015. Check out what some of their responses were below.2015

  • "Eat out less and cook at home more often." - Jim Bove, Systems Engineer

  • "To learn more about technology. You can never learn enough!" - Tim Macdonald, Product Manager

  • "To travel more." - Elizabeth Martin, Resource Coordinator

  • "To actually go to the dentist every six months and the doctor once per year." - Steve Montecalvo, Client Technology Manager

  • "To look at all situations from a more positive viewpoint." - Jess Teatom, Operations Coordinator

  • "To approach things more proactively." - Evelyn Villemaire, Associate Product Manager

  • "Do more arts and crafts, keep a cleaner kitchen, bring lunch to work everyday, watch Best Picture nominated movies, take the stairs more often, and eat more fruit and veggies." - Anna Wendt, Marketing Co-op

And don't forget to read our recent Hedge IT post, which featured five resolutions that all hedge funds should consider!

<![CDATA[A Proactive Approach to Cybersecurity for Hedge Funds, Investment Firms]]>, 08 Jan 2015 00:00:00 -0500 eci This article originally appeared on TABBforum and was contributed by Steve Schoener, senior vice president of client technology at Eze Castle Integration.

Cybersecurity certainly made its mark on the hedge fund and alternative investment industry in 2014. Threats consistently increased in frequency, sophistication and form. With the release of the SEC’s Cybersecurity Risk Alert this past April, firms were forced to react swiftly and leave their outdated security practices behind. 2014 was a reactive year for hedge funds, but we envision a shift in trends for 2015.

Prior to heightened regulations and detailed due diligence and IT security questionnaires, the majority of financial firms were drawing their curtains closed when it came to facing the reality of the threat landscape. But it was only a matter of time until businesses no longer could turn a blind eye to threats and investors knocking at their front doors.

Over the past year we have witnessed an unceasing number of cyber-attacks and potential threats, as well as heightened security regulations placed upon hedge funds. Consequently, we’ve all read the headlines and best practices guidelines when it comes to cybersecurity. While these resources are all helpful, there is an untapped core that lies beneath this hot topic’s surface layer. That is, the ever-evolving future and forthcoming trends for hedge fund information security. So what do we at Eze Castle Integration forecast for cybersecurity in 2015?Phishing

Went to Work, Caught a Phish

A common security threat on the rise among the industry is phishing. In traditional phishing, cyber criminals send mass messages to millions of users to increase the chances of infecting recipients (generally by enticing users to click a link and infect their environments or, in some cases, require financial action be taken). Spear phishing, on the other hand, utilizes a much more targeted approach and selects specific individuals and companies to attack. In this case, attackers do their homework and research social networking profiles as well as company employee names and titles. Tapping into personal and sensitive information provides attackers with the means to mirror familiar email addresses, dialect and URLs in their messages and ultimately better deceive users.

We anticipate this type of targeted attack on financial firms to continue to proliferate in 2015, primarily because cybercriminals utilize tools that are tested and true to hack intellectual property. To reduce the chances of getting hooked, users need to double check email addresses, websites and sender contact information. Variables that differ between authentic and fraudulent may come down to one special character, letter or number.

Think Global

Successful high-profile breaches have paved the way to global opportunity for attackers. Cybersecurity headlines crossed borders and continents in 2014, and this trend will continue to burgeon in 2015, but on a much larger scale. Contributing to this expansion is the drop in prices of malicious malware in underground markets. Additionally, syndicates are hired by international crime organizations to exploit computer software flaws and security gaps. This increasing movement toward remote attacks means firms need to expand their security reach to become as safeguarded as possible.

The Social Side of Cybercriminals

Our constant connectivity to social networks has opened the floodgates to impromptu soirees with cybercriminals. We predict social campaigns, along with new, diverse hacking tactics, will escalate in 2015. Through social networks, criminals are able to track our likes, contacts, places and searches. Familiarizing themselves with our personal information and Internet routines gives hackers an upper hand in curating deceptive origins and forms.

Staying Ahead of the Hacker’s Curve

Approaches to security in 2015 will vary firm to firm. However, awareness of threats is no longer enough and common information security mistakes need to be a way of the past. It is imperative that all businesses understand the risks, strengthen and implement security measures, and have Business Continuity Plans (BCP) in place to prepare for the possibility of a data breach. Every employee needs to be more conscious when opening emails, downloading programs and connecting to networks, both in firm offices and when working remotely. In order to have a proactive year for security in 2015, firms need to cover all of their bases, both internally and externally.

Additional Resources on this Topic:

Cybersecurity Whitepaper

Photo Credit: Flickr]]>
<![CDATA[New Year, New Resolutions for Hedge Funds]]>, 06 Jan 2015 00:00:00 -0500 eci It’s officially 2015! With the New Year upon us it is important to set new goals for the future. In today’s post, we will offer five resolutions hedge funds should consider to help pave the pathway for another prosperous year.

Resolution #1: Prepare for CybersecurityHedge Fund Resolutions

In 2014, hedge funds were revamping their IT policies and upgrading their methods of preventing, detecting and responding to cyber threats. However, this push to overhaul and enhance security was largely reactive to the several breaches we witnessed in 2014. Among those companies affected were Sony, Target, JP Morgan Chase and Home Depot. In 2015, we predict cybersecurity will remain at the forefront of headlines. That being said, hedge funds should prepare ahead of time and have detailed information security policies in place.

Resolution #2: Avoid Common Cloud Mistakes

When it comes to hedge fund operations and technology, there is no margin for error. Common mistakes range from not sizing bandwidth adequately to business needs to not planning proactively for applications and assuming deep security safeguards are in place. Hedge funds that take the proper precautions and do their research when cloud shopping save themselves from preventable stress and inflated issues down the road.

Resolution #3: Know Basic Cloud Terminology

Technology is ever-evolving. To help make these continuous developments less overwhelming, we suggest keeping up-to-date with cloud jargon. In 2015, ensure your hedge fund has brushed up on basic cloud terms to stay in the know, rather than behind the curve.

Resolution #4: Proactively Set Policies in Place

At Eze Castle, we recommend that all hedge funds employ several layers of security and have a Business Continuity Plan (BCP) in place to help mitigate risk and reduce the level of impact should a disaster occur. Firms should also make sure information, whether confidential or sensitive, is protected by internal and external policies. Having the following guidelines and procedures in place will help prevent sensitive and confidential business data from falling into the wrong hands:

Resolution #5: Test Your Disaster Recovery (DR) Systems Frequently

We cannot stress enough how imperative it is to test DR systems on a regular basis. Why should you test it? Because it helps ensure that the DR site meets your present business needs as well as your firm's needs during a disaster. As your organization evolves and changes, your DR system should adapt accordingly. Not testing this sytem could leave your fund vulnerable to a disaster and may hinder the continuation of efficient business operations.

Additional Resources:

BCP/DR Guidebook]]>
<![CDATA[The Best in Hedge Fund Technology: Hedge IT 2014 in Review]]>, 30 Dec 2014 00:00:00 -0500 eci It’s been quite a year, and as always, it’s hard to believe it’s over. In 2014, Hedge IT continued to thrive in its goal to provide advice and insight into hedge fund technology and operations. The financial services industry is evolving at a rapid pace, and we’re evolving our topics and conversations to keep up. Across 100 blog posts this year (not including this one), almost half of them – 49 to be exact – addressed the topic of security, which is undoubtedly one of the single most important focus areas for hedge funds and investment firms today. In addition to security, we covered everything from tips for starting a hedge fund to avoiding cloud mistakes to hiring for IT roles.

Looking ahead to 2015, we plan to keep the conversations tuned in to what really matters to hedge funds when it comes to technology, and we’ll share as much content as we can in as many formats as we can. But before we get too ahead of ourselves – it’s not quite 2015 yet – let’s take a look back at 10 of our most popular blog posts from 2014.

IT Security Dos & Don’ts2015 Happy New Year

As I mentioned above, we talked A LOT about hedge fund security this year. But one of the more popular security topics was actually the simplest. It was a list we compiled of simple dos and don’ts employees should be aware of. (For example, DO: Lock your computer when you leave your desk; DON’T: Open suspicious attachments). You can read the list here or watch a handy video we created on the topic.

Assessing Your Firm’s Attitude Toward Security: What’s Your Type?

Like I mentioned, security was big this year. Before identifying infrastructure components and implementing operational policies around security, a firm must first be clear on what its attitude is toward security. This attitude will filter through the company from the top down, and will therefore dictate how employees and the business as a whole operate on a daily basis. Take a look at the three security attitude profiles we created, and see where your firm falls.

A How-To Guide to Selling the Cloud to Your CFO

If you’re an IT Manager looking to move to the cloud, how do you go about pitching that move to your Chief Financial Officer? The CFO is tasked with understanding how a firm’s infrastructure decisions will impact the firm’s overall business and financial health, so it’s important to address his/her key concerns. We’ve outlined how to talk to your CFO about the cloud and what questions to answer to help secure his/her go-ahead.

51 Hedge Fund IT Due Diligence Questions Your Can Expect from Investors

2014 marked an important year for due diligence, as hedge fund investors became savvier than ever – especially when it comes to technology. We’ve narrowed down 51 critical DDQ questions your firm should expect to answer the next time your investors come calling.

Video: Why the Private Cloud Works for One Growing Investment Firm

We know most firms are using the cloud to support their operations, but sometimes it’s nice to hear a first-hand account. Bill Prew, CEO of INDOS Financial, an AIFMD depository fund based in London, spoke on camera about his firm’s decision to move the private cloud. Hear his story.

Hedge Fund Transformation Series

Back in May, we gathered a panel of hedge fund experts – in conjunction with our friends at KPMG – and talked about how the hedge fund industry is evolving with regards to technology and operations. Our two-part event recap focuses on how firms are using outsourced providers to support operations and the challenges to transformation.

A Hacker’s Tool Kit: Cyber Security Threats to Financial Firms

Even before the SEC revealed its cybersecurity exam questionnaire, we knew that security was going to be an important focus of 2014. Back in February, we attended a FBI Citizens Academy seminar during which the speaker examined how hackers are targeting financial firms today. Here’s a look inside a hacker’s took kit.

Hedge Fund Startup Tips from 9 Emerging Manager Experts

New hedge fund launches always have a lot of questions – and it’s understandable; they have so much to think about. That’s why we asked nine hedge fund startup experts across the industry to share their knowledge as part of our Emerging Managers Insight Article Series. Experts from prime brokerage, compliance, legal, technology and more share their expertise with new startups; choose from the individual articles or read the full compilation.

The Right Time to Move Applications to the Cloud?

We know firms are moving to the cloud, but when are they moving? We identified three primary inflection points at which hedge funds and investment firms typically make the decision to move operations to the cloud.

Why Are Hedge Funds Moving to Miami?

One of our most popular articles in 2014 focused on why hedge funds and other financial services firms are making Miami their new home. South Florida seems to be the new hotspot for finance, and we examined why. Take a look at why more than just sunshine is attracting new business.

We look forward to seeing you in 2015.

Happy New Year!

Photo Credit: Eze Castle Integration]]>
<![CDATA[Trend Watch: Technology Predictions for 2015]]>, 18 Dec 2014 00:00:00 -0500 eci As we say goodbye to 2014 and look ahead to 2015, we thought we'd pull together some of our top technology predictions for the new year. Take a look below and see if they match up with your expectations.


Cybersecurity was brought to the forefront during 2014, particularly when the SEC introduced its intention to focus on cybersecurity during this year’s round of examinations. Hedge funds have been overhauling their IT policies and upgrading their methods of preventing, detecting and responding to cyber threats. This was further reinforced by the many breaches we witnessed in 2014 including those that affected Target, Home Depot, JP Morgan Chase, and, most recently, Sony. By itself the Sony hack resulted in the release of personal data of both current and former employees, company wage data, communications from upper management and five movies being stolen and subsequently released to the public. As hacks and threats increase in complexity and frequency, we expect that cybersecurity will continue to be a big topic of discussion in 2015.


2014 has been one of the most turbulent years for firms with regards to safeguarding data. Firms have to be constantly vigilant, but even the most vigilant of firms have difficulty detecting hackers hiding under the guise of another user. Therefore, firms have been experimenting with the use of biometrics to analyze user behavioral patterns as a measure of determining whether or not a user is legitimate. This includes things such as click through rate, typing cadences and scrolling speed, but some financial institutions have also begun plans to implement voice recognition technology in call centers. These minute indicators would then factor into building a user profile, which firms can then match up against current behavior to conclude if a user has been compromised or not. Currently this technology is relatively new to the financial industry, but in the wake of recent cyber incidents, it may gain traction as a way of detecting cybercriminals.


Mobile technology has been mentioned on past trend lists, but deserves another mention here. BYOD policies have become a focus in 2014 along with the concept of “dark IT” which has developed as company employees have brought new apps and technologies that have not been sanctioned by the company into the workplace. IT personnel may not be equipped to handle troubleshooting these devices if they have not been provided with the correct procedures and training to handle it, and this may allow for holes hackers can take advantage of to gain access to company systems. It is important that firms have appropriate policies to determine what sorts of devices and apps are permitted for work, which should be detailed in the company’s stance on BYOD.

Digital Currency

Perhaps one of the most intriguing things to hit the financial industry, bitcoin is a universal digital currency or cryptocurrency used in the same way as credit cards and cash. Bitcoins are stored in a virtual “wallet” on a cloud or computer. There are various software systems which transact bitcoins and are currently gaining the interest of investors as a way to trade. Though currently there is very little regulation from the US or other international governments, there have been movements towards establishing a financial policy relating to bitcoin which may indicate an opportunity for investors and firms.

Photo Credit: Wikimedia Commons

<![CDATA[A How-To Guide to Selling the Cloud to Your CFO]]>, 16 Dec 2014 00:00:00 -0500 eci If you’re one of the seemingly few firms who has yet to make the move to the cloud, it could be for a variety of reasons. Perhaps you want to maintain total control of your IT environment. Or maybe you’re waiting for a tech refresh to motivate you. Alternatively, it could be that you just haven’t made the proper case to management for switching to the cloud – and many times the one who really needs convincing is the Chief Financial Officer (CFO).

If you’re the Chief Technology Officer (CTO) or IT Manager, your responsibility is determining the infrastructure choices that are going to best suit operations at your firm. But those priorities may not line up exactly with those of the firm’s CFO. IT doesn’t always have insight into the financial ramifications of an operations decision of this magnitude. Instead they are typically focused on the other benefits including personnel reallocation, workflow efficiencies, etc.handshake

The CFO, on the other hand, is ultimately tasked with ensuring the company’s financial decisions are appropriate, and therefore, it’s often advantageous to at least attempt to speak his/her language when pushing for an IT change.

So how exactly do you go about getting the buy-in from your firm’s CFO when it comes to moving to the cloud? Here’s a handy how-to guide to get you started.

  1. Understand your current IT costs. Before you can make the pitch to your CFO, you need to realize the costs your firm is currently incurring for technology infrastructure (and personnel if that will be affected by your infrastructure decision). Once you have even a rough figure, you’re better equipped to approach your CFO with a cloud proposal and can outline the various cost-savings the firm is likely to incur as a result of the move.

  2. Do your due diligence. You’ll want to be prepared for your meeting – no need to waste your CFO’s time otherwise. Make sure you’ve thoroughly evaluated all of the appropriate cloud solutions available to you and compiled the necessary research to present to your CFO. Be sure to include both tangible and intangible benefits, such as cost-savings, scalability/flexibility of the solution, details on the third-party provider, etc.

  3. Stress predictability. One of the greatest benefits to cloud solutions is the transition of Capital Expenditures (CapEx) to Operational Expenditures (OpEx). With the cloud, firms no longer need to drop tens of thousands of dollars on costly hardware to power operations. Rather, costs are broken down into predictable, monthly (generally per user) fees that are simple to calculate when adding or removing users. This situation is ideal to point out to your CFO, as he/she will appreciate consistent budgeting and can easily factor it into the firm’s overall budget.

  4. Skip the tech talk. Odds are, your CFO doesn’t have an IT background. So explaining hypervisors, MPLS and intrusion detection systems shouldn’t be your first priority. Instead, focus on operational benefits and challenges and how the infrastructure decision supports the business as whole, not just the IT department. Getting into the nitty-gritty of the cloud technology will only confuse him/her and may make him/her less receptive to your proposal.

In addition to the above suggestions, we recommend you try to answer the following questions when meeting with your CFO:

  • How will the transition to the cloud shift the company's costs from capital to operating expenses?

  • How will the monthly costs change?

  • How will the annual costs change, particularly at 1 year? 3 years? 5 years?

  • What additional expenses can we expect to incur by moving to the cloud?

  • What costs (and risks) go away seeing as we will have to invest less in our own equipment?

  • How does our current IT cost structure compare with a public cloud strategy and a private cloud strategy?

  • Will transitioning to the cloud ultimately lower our costs and allow us more flexibility in approaching new business opportunities?

  • How can we audit and manage the risks associated with moving to the cloud?

Here are a few other resources you might find valuable during this process:

Billion Dollar Club Goes Cloud
Photo Credit
<![CDATA[IT Security Etiquette: A Best Practice Guide (Video)]]>, 11 Dec 2014 00:00:00 -0500 eci If you’re a loyal Hedge IT reader, you may remember we highlighted a few simple dos and don’ts a few months ago that, when utilized, can go a long way in shoring up your firm’s security. To make it easy, we’ve put these tips together into a video. Take a look below and discover a vast range of security tips and tricks from email encryption to proper security measures for protecting computers and mobile devices.

<![CDATA[Betting Against the Odds and Neglecting Risk:The True Cost of a Data Breach]]>, 09 Dec 2014 00:00:00 -0500 eci When it comes to the cost of a successful data breach, the ensuing ramifications are not limited to monetary loss. A firm’s confidential information, customer trust and overall operations are all at risk of being compromised. To protect their data and systems from cyber-attacks and breaches, it is critical that firms become as secure as possible.Hacker

Raising the Bar

Over the past year, we have witnessed more firms strengthening their security measures in an effort to comply with industry regulations as well as the SEC cybersecurity expectations. Additionally, we’ve seen an increase in frequency and sophistication of both data theft and cybercrime. A study by Risk Based Security revealed that within the first nine months of 2014 there were 1,922 data breaches reported and 904 million records exposed. Four of those incidents have made the Top Ten All time Breach List and three hacking incidents combined were accountable for nearly sixty percent of exposed records. Today, most hedge funds are aware of the severe negative effects a security breach can cause; however, gaining this knowledge may have been a tough lesson to learn.

Going All-In

Remember the old saying “no risk, no reward”? While this phrase may work favorably in some cases, there is no margin for gambling when it comes to a firm’s information security. Target groups do vary and victims range from big merchants and high-end retailers to public figures and common folk, but hedge funds remain a high profile target. A survey by the Ponemon Institute reported that in 2014 the annual average cost of successful cyber-attacks per company in financial services is $20.8 million. Although nothing is foolproof, hedge funds that prepare for the “what if” scenarios have a greater chance of thwarting an attack and minimizing financial loss.

Proactive Planning

At Eze Castle, we recommend that all hedge funds employ multiple layers of security and have a Business Continuity Plan (BCP) in place to help mitigate risk and reduce the level of impact should a disaster strike. Firms should also ensure information, whether personal or confidential, is protected by internal and external policies. Having the following guidelines and procedures in place will help prevent sensitive and confidential business data from falling into the wrong hands:

Cybersecurity Whitepaper

Photo Credit: Istock]]>
<![CDATA[Throwback Thursday: History of the Eze Private Cloud]]>, 04 Dec 2014 00:00:00 -0500 eci Less than ten short years ago, Eze Castle Integration saw a shift in the market and gap in the cloud space. Eze Private Cloud PlatformFirms had to hire multiple third-party vendors to fully outsource their IT needs, public cloud environments fell short of hedge fund security demands and service level contracts varied drastically. Fast-forward to today, and that very same spark of ideation has progressed to completely revolutionize hedge fund IT. In the spirit of Throwback Thursday, today we're reflecting on the journey and growth of our very own Eze Private Cloud.

In 2005, Eze Castle built and deployed the first hosted cloud platform for a large hedge fund based in New York City in 2005. By 2007, 18 funds spun out from the initial firm, each selecting Eze Castle as their trusted cloud platform provider. The following year, the company began building the foundation for the Eze Private Cloud. The same year marked the opening of Eze Castle’s hedge fund hotel in New York City. The environment, which supported more than 200 users, united the company’s cloud computing platform and fully managed office suites for startup funds.

In 2009, Eze Castle officially launched its Eze Private Cloud, making it a landmark year for the company. This new solution provided a fully hosted IT platform for hedge funds and investment firms across the U.S. Combining a high performance, fully redundant infrastructure with the industry's best IT experts enabled the company to manage over 30 applications within the Eze Private Cloud by 2010. Today, that figure has increased by 285%.

In 2011, the Eze Private Cloud expanded its presence overseas to support end users in the UK and further expanded in 2012 to Asia. The following year, the Eze Private Cloud grew more than 300% in number of both clients and users, and today it supports thousands of hedge fund users worldwide. This year, Eze Castle released the next generation of its cloud-based voice solution, Eze Voice. Additionally, we expanded our cloud offering to include Microsoft and Varonis applications. These new offerings provide collaboration, unified communications, file-sharing and security applications.

Since its official launch in 2009, the Eze Private Cloud has evolved into the highest performing cloud platform available and industry standard for hedge fund cloud computing. Over the past two years, the company has received 24 industry accolades for technology provided to financial services firms, including the following awards:

  • Best Managed Technology Platform: Hedgeweek USA Awards

  • Best Cloud-Based Services Provider: WatersTechnology Rankings

  • Leading IT Infrastructure Provider: Hedge Fund Journal

  • Best Cloud Computing Solution: HFMWeek US Hedge Fund Services Awards

Today, the platform is powered by state-of-the-art technology from VMware, Cisco, Dell, and NetApp. Eze Castle’s strong partnerships with these trusted vendors allow us to provide the highest quality, secure cloud computing experience to all clients. We continuously invest in and enhance our global financial cloud platform to ensure we are providing firms with secure, resilient, available and robust IT infrastructures.

Cloud Survey Results

Additional resources you might find valuable:

Photo Credit: Istock

<![CDATA[10 Holiday Travel Security Safety Tips]]>, 25 Nov 2014 00:00:00 -0500 eci Traveling with electronic devices puts personal and critical business information at risk. As we embark on the busy holiday travel season, we decided to share some useful tips to help prevent your data and devices from falling into the wrong hands. Here are our top 10:

  1. Back up Your Data Before You Leave: Prior to traveling, back up data that is stored on your device(s) onto media that will not be taken with you on your travels. For example, on a storage card, cloud, or computer, if you are not bringing the latter device on your trip. Furthermore, ensure you do not have social security numbers, passwords, credit card information and other sensitive data stored on your devices. If you do, save this information in a more secure place and remove it from your portable devices.

  2. smartphones tablets mobile devicesTravel Light: If you do not need it, do not bring it on your trip. Only devices that are necessary should accompany you while traveling.

  3. Encrypt All Information: We strongly recommend all portable devices be encrypted. When utilizing public networks, the threat of other users from within or outside your network capturing your login credentials and emails increases drastically. Encrypting your data makes it unreadable and unusable to those lacking the necessary tools to unlock it.

  4. Protect Devices with Anti-Virus Software: We suggest installing anti-virus software and updating it regularly on your personal computers so that your data is safe no matter where you are.

  5. Lock Your Devices: Lock your computer and mobile device when you are not using them. We recommend doing so to prevent unauthorized users from gaining access to your computer’s hard disk and critical business data.Mobile Device Security

  6. Password Protect Your Device(s): Portable devices are extremely popular targets for criminals because they are small and easy to sell. To help mitigate the risk of sensitive data falling into the wrong hands, all devices should be password protected. This applies to laptops, tablets, mobile phones, etc. We recommend using a combination of upper and lowercase letters, numbers and special characters. Additionally, avoid obvious passwords, such as birthdays, anniversaries and pet names. Smartphones should have passcode locks, and if applicable, Touch IDs in place. For iPhones, this can be configured in Settings > General. In the same location, you can also set your device to erase all data after 10 failed passcode attempts. From a business perspective, any device that accesses corporate email or networks should have a complex password and be managed by mobile device management tools such as AirWatch or Good Technology.

  7. Remove Saved Passwords on Your Device(s): Although login credentials that are saved for websites may be convenient, it can also leave your personal and confidential business data at risk. We recommend removing this feature from all websites.

  8. Do Not Leave Your Devices Unattended in a Public Place: Leaving your device in plain view increases the risk of your property being stolen. You should always keep your devices in a secure bag, zipped pocket or within close proximity to your body. If your device is stolen or lost, you should report this immediately to help protect sensitive and confidential information. Additionally, corporate devices should have the ability to be remotely wiped to safeguard confidential data or networks from unwarranted access.

  9. Connect to Encrypted Networks: When connecting to networks, ensure they are encrypted and only visit websites with the prefix “https”. You can also contact your service provider to purchase a global data package while traveling internationally. For the highest level of security, utilize virtual private networks (VPNs).

  10. Find My iPhone/iPad/Mac: In the event that your device is lost or stolen, enable Find My iPhone/iPad/Mac to locate your device.

Additional Articles:

  1. Apple to iPhone Users: Here's How to Protect Your Devices

  2. A Hacker's Tool Kit: Cyber Security Threats to Financial Firms

  3. Developing a BYOD Policy for Your Hedge Fund

<![CDATA[Common Information Security Mistakes (Video)]]>, 20 Nov 2014 00:00:00 -0500 eci As hedge funds and investment management firms shore up security practices in an effort to comply with the SEC cybersecurity expectations and other industry and investor standards, it can become overwhelming to sort out what's required and how firms should go about achieving compliance. It can also be easy to make mistakes. We asked Eze Castle's Business Continuity and Data Privacy Manager, Lisa Smith, to tell us about some of the common information security mistakes she witnesses firms make and how to avoid them in the future. Here are some of the key questions Lisa answers:

  • Where are you seeing the most deficiencies in cybersecurity preparedness?

  • What goes into an effective Written Information Security Plan?

  • What common mistakes do you find firms are making when it comes to information security safeguards?

Take a look at Lisa's answers!

Additional resources on Information Security Best Practices:

Cybersecurity Whitepaper]]>
<![CDATA[Crisis Communications Tips for Business Continuity]]>, 18 Nov 2014 00:00:00 -0500 eci How important is day to day communications within your company/firm? If an incident or disaster occurred today, how would your organization respond? Do you have a team or group designated to develop messages for both internal (employees, vendors, third parties, building management) and external (public, employee families, media) contacts? Have they practiced? When the pressure is on, is your organization prepared if a disaster or event suddenly puts your firm under the microscope with an onslaught of internal/external calls, questions, requests, emails, social media messages or media requests?

Crises and disasters continue to happen across borders and industries. Let’s not forget some of the more recent large scale disasters such as Hurricane Katrina, Typhoon Haiyan, Deepwater Horizon, Fukushima, Hurricane Sandy, and, of course, the ongoing major data breaches, just to name a few. That list doesn’t include more common events that may not make the major news networks such as utility failures, office fires, and systems outages. Smaller events like previously mentioned can cause minimal to significant disruption to business operations. This is why developing and practicing a variety of communications is vital in an organization’s response to an incident.

Some of these events can be predicted in advance, giving an organization time to make decisions, analyze other organization’s responses, consider impacts, and communicate a message or action. Sometimes events are sudden, such as an earthquake or active shooter. These events require immediate actions, decisions, and communications to be made. In either case - an immediate or delayed event - communication is critical to demonstrating proper leadership and providing employees with proper direction, especially if the event is centered specifically on your organization.

A recent example of effective communication and leadership occurred during the Boston Marathon Bombing press conference in April 2013. The briefing featured representatives from all the involved parties – sign of unified and organized communication strategy. Regardless of the amount of information disseminated, the listeners likely felt comfort knowing everyone was on the same page. In this case, the chief of the Boston Police Department, the Mayor, the Governor, State Police, MBTA Police, FBI, and Watertown Police prepared statements and answered questions to effectively communicate the ongoing situation to the public.

How important is your company’s reputation? Would poor communication to employees, clients, investors, the public, and the media impact your reputation - especially if your organization is at the forefront of a major event? Signs of poor communication typically include disorganization, conflicting reports, inaccurate predictions, information vacuums, insincerity, and confusing information. Communication is vital in almost every aspect of one’s personal and professional life and the same can be said for companies and firms. In general it’s people and companies that can effectively communicate to their audience that are perceived to be more organized and appealing.

Here are some tips to help with your firm’s communication:

  • Have an executive appointed group: 3 or 4 individuals prepared to speak, email, message, etc. on behalf of the firm in the event of an incident.

  • Keep it simple. Don’t over complicate the message. Make it to-the-point and easy to understand.

  • Create a schedule for information briefings if the event is ongoing. If you are not giving information, people will search out less credible sources or make it up.

  • Know your audience. Who will be receiving this message? Does it have the right tone for the situation?

  • Don’t be afraid to seek help. Don’t be afraid to ask for help or assistance from local agencies or even rival companies, depending on the situation. Incidents can happen to any organization. You may be surprised who will come to your aid.

DR/BCP Guidebook

<![CDATA[2014 Benchmark Study Results: Top Hedge Fund Applications Revealed]]>, 13 Nov 2014 00:00:00 -0500 eci The results from our Global Hedge Fund Technology Benchmark Study are in, and here is a snapshot of the 2014 findings. You can find the complete report here. We surveyed 279 buy-side firms across the United States, United Kingdom and Asia in order to discover their front, middle, and back office technology and application preferences.

Respondent Profile

Hedge Funds by Type

All survey respondents fell into the following categories within the financial industry: hedge fund (58%), asset/investment manager (13%), private equity firm (3%), fund of fund (3%), and family office (3%). Additionally, 13 percent fell into an ‘other’ category, which included financial firm types such as venture capital, advisory, fund management, quant and wealth management.

Firms surveyed fell into three asset groups: thirty-three percent (33%) reported their assets under management (AUM) as less than $100 million; twenty-eight percent (28%) fell between $101 and $500 million; and the majority (39%) reported over $500 million AUM.

In regards to investment strategy, long/short equity continues to dominate as the most favorable with 50 percent (50%) of respondents reporting this to be their primary investment strategy. Additional preferred strategies include credit (8%), fixed income (6%), emerging markets (5%), event driven (4%), and distressed debt (3%). Twenty-four percent (24%) of firms fell into an “Other” category that included a wide variety of investment strategies such as commodities, derivatives, merger arbitrage, relative value, securities, global macro, and long only. In 2014, the top primes employed by firms are Goldman Sachs, Morgan Stanley, JP Morgan, Credit Suisse and UBS (same as 2013 results).

Front Office

Order Management System

OMS: Firms use order and execution management systems in order to support trading, operations, compliance and portfolio management. Once firms have evolved from their initial launch phase and begin seeing investment growth, they need robust, efficient solutions in order to continue growing and progressing. Our survey found that the majority of firms rely on Eze Software Group’s Eze OMS, followed by Bloomberg’s Asset and Investment Manager (AIM), RediPlus EMS and Advent’s Moxy.

Market Data & Analytics: Bloomberg continues to lead the pack as far as market data services and analytics in the financial industry. Respondents reported that ninety-six percent (96%) are using Bloomberg either exclusively or alongside a second solution.

Research & Document Management: The majority of respondents reported that they outsource the responsibility of managing research materials and documentation. Forty-three percent (43%) of firms are using in-house or proprietary solutions. For those firms using a specific tool, Microsoft’s SharePoint, Advent’s Tamale, or Code Red RMS are the most common.

Middle & Back Office

Portfolio Accounting

Portfolio Accounting: Advent Software continues to be the primary leader in regards to portfolio accounting with its Geneva and APX solutions remaining the top two choices among investment firms surveyed. Almost half of those surveyed are using one of the two Advent products.

Risk Management: Risk Management is inclusive of a wide variety of thoughts: everything from cybersecurity and infrastructure risk to portfolio and systemic risk. According to our survey results, adoption of risk management solutions is still slow as a reported fifty-six percent (56%) are not using solutions to mitigate portfolio risk. For those firms that do have a formal solution in place, popular vendors utilized include Advent, Bloomberg, FT Options, Indus Valley, iVolitility, Orchestrade and The Insight.

Outsourced Administration: While not all firms choose to utilize an outsourced fund administrator for more comprehensive services, those that do tend to work with a variety of different vendors. Citco is the top administrator choice among our survey respondents, followed by SS&C GlobeOp, Northern Trust, State Street and JP Morgan.

Customer Relationship Management: In regards to CRM tools, our survey results found that Backstop is the most popular solution, followed by and Petrac.

Message Archiving: A large majority of survey respondents (57%) are relying on Global Relay for their email and IM message archiving services, followed by Eze Castle’s Eze Archive service, which is powered by Global Relay. Smarsh and Frontbrige round out the top four services.

Mobile Technology: We continue to see firms using BlackBerry (83%) as their primary mobile solution. However, iPhone use has made great leaps and increased from forty-three percent (43%) in 2013 to sixty-four percent (64%) in 2014.

What’s Next?

We foresee the adoption rate of the cloud not letting up as not only startup firms are leveraging cloud solutions, but also large, established firms. This migration to private cloud environments has completely revolutionized the way firms do business. Visible benefits to hosting applications in the cloud—cost-savings, flexibility and scalability—will fuel firms to continue moving in that direction and may change the results we see in a year’s time if any of these applications and vendors do not offer positive experiences in the cloud.

We hope our 2014 Hedge Fund Technology Benchmark Study will serve as a guide and assist firms in making these critical decisions.

For more survey results, listen to the full webinar replay below.

<![CDATA[Sneak Peek: 2014 Hedge Fund Benchmark Study Results]]>, 11 Nov 2014 00:00:00 -0500 eci In it's fourth year running, our Global Hedge Fund Technology Benchmark Study reveals the top technology systems and applications used by investment management firms around the world. And while we aren't due to officially release the results until tomorrow - register for our webinar to hear them live - we thought we'd share a little sneak peek in the form of an infographic.

Take a look below and discover how your hedge fund and investment management firm peers are using technology to power their firm operations.

2014 Hedge Fund Technology Benchmark Infographic

Be sure to come back to Hedge IT on Thursday for a replay of our Benchmark Study Webinar and a link to the final report!

<![CDATA[Tech Tips for Starting a Hedge Fund]]>, 04 Nov 2014 00:00:00 -0500 eci Last week, we co-hosted another exciting Hedge Fund Startup event with KPMG in New York and had a great turnout of fund managers looking to learn more about everything from legal and tax implications to technology must-haves and capital raising strategies.

Since technology is clearly our forte, we wanted to share some of the key takeaways from our “Achieving Institutional-Grade IT” panel, featuring speakers from Evercore Partners, Bank of America Merrill Lynch and, of course, Eze Castle Integration. Here are the highlights:

State of Emerging Manager MarketOutsourced Responsibility

  • The hedge fund startup market is healthy, and investors’ appetite for emerging managers is strong

  • Investors are attracted to the nimbler, hungrier nature of emerging managers.

Key Priorities for Startups in 2014/2015

  • Select the right service providers to support your business.

  • Understand your firm’s vulnerabilities and exposures.

  • The operational due diligence process is changing, therefore firms need to understand the protections they have in place to secure investor assets.

Selecting the Right Infrastructure (i.e. Cloud vs. On-Prem)

  • The pendulum has definitely swung to the cloud for firms of all shapes and sizes.

  • Hedge funds, especially new launches, want the easiest, quickest and most cost-effective solution to support their business. The answer is generally cloud.

  • If the cloud is your preferred infrastructure method, be sure to consider vendor oversight and, if using multiple clouds for multiple solutions, how they talk to each other and comingle.

Service Provider Selection/Oversight

  • You can outsource the accountability of your data, but not the responsibility.

  • When SEC/FINRA calls, you as the fund manager need to be able to provide the right answers.

  • When it comes to service provider relationships: trust, but verify. Ensure you get supporting documentation to authenticate the practices/protocols they say they have in place to support your firm’s data and assets.

Cybersecurity is Focus #1

  • Determine what your firm’s attitude toward security is.

  • Management sets the tone, but security should start at the employee level.

Advice for New Managers

  • Plan for the future. Build an infrastructure that can scale along with your firm’s growth. Changing the way your firm does business (as it relates to your technology) will be much harder down the road.

  • Expect IT security audits to increase in depth and frequency.

  • Regulators are coming and will hold you to the same standards as the large, established investment firms.

  • As investors deepen their operational due diligence on you, you should deepen your due diligence on your vendors and service providers.

Emerging Manager eBook

To read more on this topic, check out these resources:

Photo Credit: Eze Castle Integration

<![CDATA[Happy Halloween! A Look at the Scariest IT Moments of 2014]]>, 30 Oct 2014 00:00:00 -0400 eci Over the years, cybercrime has evolved, matured and increased in frequency. Target groups vary from case to case and victims range from big merchants and high-end retailers to celebrities and common folk. On the eve of Halloween, we’ve dug up some of the scariest cyber-attacks in 2014.Scary IT Hack Ghost


One of the more innovative hacks in recent years started making headway in Great Britain in September 2013. CryptoLocker utilizes malware to encrypt and freeze victims’ sentimental and valuable files on infected computers. After successfully locking the computer, a ransom note appears on the victim’s screen demanding money in return for their files. If the victim fails to make payment, the computer remains locked and files are unsalvageable.

More than $100 million in losses were attributed to the cybercriminals’ schemes as well as hundreds of thousands of infected computers. Computer security companies estimate that CryptoLocker infected over 234,000 computers worldwide, including more than 100,000 in the United States.


Target’s recent data breach affected 40 million credit and debit cards, tapping into payment card information and other sensitive data. Both Target and Home Depot‘s attacks were traced to a software that slipped into the companies’ networks and scanned payment-card information. The aftermath of Target’s breach spilled over from 2013 into 2014, costing the company $148 million in expenses, offset by a $38 million insurance receivable. Additionally, financial institutions spent over $200 million replacing millions of compromised cards, raising the breach’s total to $350 million.

Home Depot

The cyber-attack on Home Depot’s payment systems compromised 56 million cards over a five-month period, surpassing Target’s affected 40 million credit and debit cards. Home Depot was in the midst of encrypting its payment terminal data when the hackers beat them to the project’s fruition. The company’s new encryption system, which launched September 13, scrambles card information, making it unreadable and unusable by persons lacking the proper tools to unlock data.

Home Depot estimates the investigation, increased staffing and card monitoring will cost $62 million, offset by $27 million it expects insurance to reimburse.

Scary IT Hack Ghost 2J.P. Morgan Chase & Co.

J.P. Morgan, the nation’s largest bank by assets, said about 76 million households and seven million small businesses were affected by a cybersecurity attack on the bank this summer. Sensitive data stolen included customers’ names, email addresses, addresses and phone numbers. The unknown hackers were unable to acquire account information, such as passwords, Social Security numbers or account numbers. It appears that the hackers commenced the network breach via an employee’s personal computer, which had administrative privileges, and increasingly attained data from that point on.

In response to the data breach, J.P. Morgan’s CEO James Dimon stated that J.P. Morgan will be doubling their cybersecurity spending from $250 million annually in 2014. Investigators believe 12 other financial-services companies were targeted by the same cyber criminals.


Apple’s iCloud service has dealt with multiple cybersecurity issues as of late. Users based in China fell victim to a cyber-attack, exposing usernames, passwords, pictures, files and other personal information. Users reported seeing warnings from their browsers stating that was not a trusted site, indicating that Apple’s iCloud communications had been breached. Additionally, racy celebrity photos were leaked from the iCloud system last month. In response to the attacks and raising concerns regarding the company’s privacy settings, Apple stated that moving forward, it will utilize encryption on its mobile devices.

To learn more about security, we recommend you read the following resources:

<![CDATA[Preparing for Ebola: A Review of the Outbreak, its Economic Impact, and Business Continuity Considerations]]>, 23 Oct 2014 00:00:00 -0400 eci This year’s outbreak of Ebola in West Africa is the worst that has ever been recorded. The disease typically occurs in outbreaks in tropical regions of Sub-Saharan Africa. In the short span of a year, the virus, which is affecting Guinea, Sierra Leone, and Liberia, has resulted in nearly 3,500 deaths.

In this article, we will look at where this outbreak started and the economic impact it has had both in Africa and internationally. We will also highlight the issues that businesses need to consider as this epidemic continues to expand.

Where Did Ebola Come From?

A report published in the New England Journal of Medicine suggests that Ebola’s Patient Zero (the initial patient of an epidemic) was most likely a 2 year-old boy living in southern Guinea. Unfortunately, the boy became very ill and died on December 6th 2013. Several close relatives died shortly thereafter. After the funerals, some of the attendants became ill. Following established patterns of close contact with the sick, the disease began spreading to other villages, then across the borders into Liberia and Sierra Leone. It wasn’t until March 2014 that the international aid agency MSF (Doctors Without Borders) became aware of the new Ebola outbreak and immediately got involved. In early August, the World Health Organization (WHO) declared “an international public health emergency”. On September 30th, the first case of Ebola was diagnosed within the United States.

At this time, the CDC is making both “best-case scenario” and “worst-case scenario” predictions of the total number of cases expected through January 1st 2015. Unfortunately, the predictions range from 11,000 to well over 1 million cases.Impact of Ebola on African Economies

Ebola’s Impact on Local Economies

Before the recent Ebola outbreak, all three of the impacted West African countries had been in the midst of an economic revival of sorts. Two were returning to economic levels not seen since before pre-civil war times. Since the Ebola outbreak occurred, downward financial trends have developed in all three of the affected nations.

At this time, many of the affected nations have closed borders and quarantined communities with outbreaks. Closed borders not only stop travel but also make the trade and transport of goods difficult, if not impossible. Essential goods are becoming both scarce and expensive.

International businesses are also pulling out personnel and are hesitant to make investments. Major airlines have also implemented bans on the nations rampant with Ebola, affecting tourism and business-related travel as well as the supply chain and some needed resources.

An interesting analysis of the economic impact of Ebola conducted by the World Bank suggests that the “largest economic effects of the crisis are not as a result of the direct costs (mortality, morbidity, caregiving, and the associated losses to working days) but rather those resulting from aversion behavior driven by fear of contagion.” The World Bank goes on to predict that if the epidemic spreads to neighboring countries the economic impact could be as much as $32 billion.

Is There a Chance of Ebola Spreading to the U.S. and Other International Destinations?

The short answer is yes. There is always a small chance that someone not showing any symptoms could board an international flight or travel internationally; however, when the individual begins going through the tell-tale signs and symptoms including fever, vomiting, etc., they will seek out or be sent for medical help. When this happens, healthcare professionals should be able to identify and treat them with elevated precautions and isolations.

Unfortunately, precautions are not always 100% effective, as evidenced by a Liberian man flying into Dallas, TX recently and later testing positive for (and succumbing to) Ebola.

In wake of this story, many international airports, healthcare facilities, and hospitals throughout the world are on high alert and stepping up precautions to ensure proper screening and safety. Just this week, the Department of Homeland Security announced travelers flying to the U.S. from the affected countries are required to fly into one of five U.S. airports equipped with CDC screenings.

How should businesses prepare for a potential Ebola outbreak?

During large scale outbreaks, much like the current wave of Ebola, businesses can take steps to ensure their business operations continue, while also making employee safety a priority. There are some precautionary steps an organization can take to prepare itself, its employees, and its continuity practices in case this outbreak travels to a major financial market area.

  • Review pandemic plans and identify vulnerabilities. Take some time and review and discuss the plan or plans to see if any anything needs to be updated, discussed, or corrected in the unlikely scenario that an outbreak happens within your business region. Identify any employees who may be traveling or living near an area affected by the outbreak. Make sure the employee is aware of situation and what steps he/she can take to avoid exposures. If not already identified, consider relocation/teleworking options that can be provided to enhance the continuity process.

  • Communicate to employees. Let’s face it. At this point every office, jobsite, and business has had some kind of break room discussion about the current Ebola outbreak. Whether it was a serious discussion or just topical water cooler catch up, it is on the minds of your employees. It is never a bad idea to open the lines of communication and listen to questions or concerns they might have and take the opportunity to disseminate continuity information or factsheets.

  • Ensure employees are educated on proper hygiene practices. This may seem unnecessary, but most people are unaware of how susceptible they are every moment of every day to all kinds of germs and illnesses. Reviewing proper hygiene practices will help break bad habits that can increase risks.

In Conclusion

Take some time to review and reflect about the current situation and determine what steps your firm can take to prepare your organization and employees for the potential threats that are growing and spreading around the world.

DR/BCP Guide for Managers

<![CDATA[Four Signs It's Time to Break up with Your IT Provider]]>, 16 Oct 2014 00:00:00 -0400 eci In any relationship, when things are good, they’re usually pretty good. And when things are bad, sometimes they are really bad. There may come a point when you need to evaluate whether you’re still a good fit together.

Just like with a romantic relationship, your firm’s connection to a service provider (especially an infrastructure/cloud provider you rely on daily) should be strong enough to withstand a few hiccups and healthy enough to warrant open communication at all times. In some cases, it might be clear that you’re in a good place and moving forward together, but sometimes there are sure signs it’s time to call it quits.Broken Heart

Here are a few of those signs:

1. Your provider’s service levels are not up to snuff.

Maybe you recently experienced a major service outage or find that you not-so-conveniently have to work around confusing and interrupting maintenance schedules during work hours. You’re constantly frustrated and don’t feel like you are receiving the level of support that was agreed to – both verbally and as part of your Service Level Agreement (SLA).

Your SLA should clearly indicate the uptime standard (e.g. 99.995% availability) as well as repercussions to any breaches in the contract (for example, service credits) and associated RPOs if disaster recovery is involved.

2. Communication is lacking – and sometimes nonexistent.

The key to any successful relationship is communication. Without it, there’s no chance for success. Like with any romantic partner, an investment firm must be able to communicate effectively with its service provider – and receive the proper amount of communication in return.

You may be unhappy with your IT service provider if you find that you don’t hear from your Client Relationship Manager often or only ever reach their voicemail. If you call into the provider’s Help Desk with an urgent issue and notice the call gets routed to a cell phone (or doesn’t get picked up at all), it’s time to take a step back and think about your relationship. A successful IT provider will be attentive to your needs – both urgent and ongoing – and keep in constant communication with you to ensure you feel the level of support you require on a daily basis.

3. Your provider seems cool with the status quo.

Beyond troubleshooting technology issues and performing routine upgrades and maintenance, your technology provider should also be on the cutting-edge. It’s not enough to be okay with the status quo these days – your provider should be leading the charge in new technologies (think cybersecurity and cloud technology) and practices to make your job easier. Without innovation, you’re simply stuck. If your provider isn’t open to new ideas or seems hesitant to change and evolve, it may be a sign that this isn’t the right relationship for you. To succeed and grow in your business, you need and should expect your IT firm to do the same.

4. Plain and simple – you’ve outgrown them.

Speaking of growing in your business, if you’re smart you’re already thinking ahead to the future. You have a 3 or 5-year plan in motion and expect positive growth in the coming years. But can your IT provider handle that? Can it handle dozens (or even hundreds) of new user accounts and corresponding data increases? Can it handle evolving technology and adding and supporting new application sets? As your business grows, can your provider connect you to counterparties around the world and make your workflow more efficient? If the answer to these questions is “no,” then it’s time to say goodbye and identify a true partner that can complement your business and grow with you.

A true IT business partner is someone who understands your strengths, balances your weaknesses and puts your needs above all others. Can you say that about your current IT provider? If not, it’s probably time to have the talk. And maybe start dating again soon with some of these tips in mind.

Guide to Tech Outsourcing

You might also be interested in these recent articles:

Photo Credit: Pixabay

<![CDATA[Back to Basics: What is an Order Management System (OMS)?]]>, 14 Oct 2014 00:00:00 -0400 eci We are excited to be sponsoring the 2014 EzeSoft Client Conference later this week in Boston. For those of you who aren’t familiar, Eze Software Group is the owner of the order management system, Eze OMS, which is frequently used by hedge funds and asset managers across the globe.

As a preview to this week’s conference, we thought we’d dial it back to basics a little and explain exactly what an order management system is and why it’s a critical piece of software for many investment management firms today.

What is an OMS?2013 Benchmark Study

An order management system is a “software-based platform that facilitates and manages the order execution of securities.” Used on both the buy-side and sell-side, an OMS allows firms to manage the lifecycle of their trades and automate and streamline investments across their portfolios. OMS platforms typically run on FIX Protocol, linking hedge funds and investment firms to hundreds of counterparties around the globe.

In November 2013, Eze Castle Integration revealed the results of its annual Global Benchmark Study, which highlights the top vendors and applications used by investment firms worldwide. Results showed that Eze OMS was the preferred order management system for most firms, with 42% of respondents indicating it was their current OMS platform. Download the full 2013 Global Hedge Fund Benchmark Study here.

According to Eze Software Group, some of the benefits firms can achieve from an order management system include:

  • Managing orders, allocations and executions across asset classes from a single platform

  • Automating pre-, intra- and post-trade compliance checks

  • Monitoring real-time P&L and exposure

  • Track and report on the full lifecycle of a firm’s orders

Eze Castle Integration regularly consults with clients about their software and application needs and provides guidance on the appropriate infrastructure necessary to host those systems. If you would like to speak with a technology representative about your firm's unique needs, please contact us.

Contact an Eze representative

Sources: Wikipedia, Eze Software Group
<![CDATA[51 Hedge Fund IT Due Diligence Questions You Can Expect From Investors]]>, 09 Oct 2014 00:00:00 -0400 eci On our recent Hedge Fund Marketing and Due Diligence webinar we looked at how the hedge fund investor due diligence process is evolving especially in terms of scrutiny on technology processes and security safeguards.

The reality is that investors have a greater understanding of technology, are asking more probing questions and care about the responses they receive. We’ve even heard investors say that deficiencies in IT infrastructure and security contributed to the decisions to redeem from or not invest in a fund.

So at Eze Castle Integration we regularly assist our hedge fund clients in completing the IT portions of investor due diligence questionnaires. The wording of questions varies but here is a handy list of 51 common IT due diligence questions we see.


  1. Provide an organization chart for the Company, its affiliates and key personnel.

  2. Provide the physical address and general contact information for each of the Company’s office locations.

  3. Provide the name and contact information of the Company employee(s) assigned to the client’s account(s).

  4. Provide a list of compliance personnel, their roles and qualifications, the date of his/her appointment and position within the Company’s organizational structure.

Annual Assessment/Audit

  1. When was the last date on which the Company tested its internal policies and procedures? Please provide a summary of the results.

  2. Describe the internal controls that ensure conformity with the Company’s policies and procedures concerning confidentiality of client information.

  3. Describe any material violations of the Company’s policies and procedures that relate to the services provided to the client in the last twelve (12) months. If any occurred, please describe the violations and the corrective action that was taken.

  4. Describe the Company’s process for (i) reporting violations that directly affect the services provided to the client and (ii) reviewing and assessing the adequacy and effectiveness of its policies and procedures. Please include an explanation of how the Company determines the materiality of violations as well as the process for identifying and reporting violations of policies and procedures internally.

  5. Do you conduct annual external or internal technology audits? If so, please detail auditor, frequency, areas covered, date of last audit and key findings.

General Information Technology Questions

  1. Who handles your IT strategy and oversees the day-to-day IT function? What is your IT strategy (i.e. outsource, in-house, hybrid model)?

  2. What types of challenges has your firm faced with its IT operations in the last 12 months?

  3. What IT upgrades occurred in the last 12 months? What upgrades are planned for the next 12 months? How do you stay current with technology?

  4. Provide details on relationships with third party IT integrators and support providers, including an overview of their credentials and length of the relationship.

Systems and Information Security

  1. Describe the software system(s) used to provide services to the client, including any relevant security features (e.g., firewalls).

  2. Describe any material changes within the past twelve (12) months relating to software systems used to provide services to the client.

  3. Where is/are the Company’s data center(s) located?

  4. Describe the Company’s security measures with respect to systems access, including who has access (and at what level).

  5. Describe in detail (i) what records the Company retains on behalf of the client (in both electronic and physical format), and (ii) for how long the records are kept.

  6. Describe the security procedures (e.g., locked filing cabinets) for the protection of physical documents.

  7. Describe the Company’s policies and procedures for destroying physical documents.

  8. Are ongoing vulnerability assessments performed against the Company’s systems? If so, are the assessments performed by internal personnel or third party service providers?

  9. Have you had any security breaches or security related issues in the past 3 years?

Access Control Policy

  1. Does the organization have a formal and well-documented access control policy in place?

  2. Is the policy regularly reviewed to determine whether the controls are operating as intended? Are changes and enhancements to the policy implemented when necessary?

  3. Does the firm’s IT staff (or technology partner) ensure appropriate access control to applications and sensitive company data? Are there robust procedures in place to grant or deny access to applications?

  4. How does the firm manage employee remote access? Are procedures in place to ensure remote access is delivered securely?

  5. Has a password policy been implemented throughout the organization? Have all employees been trained on best practices for password security?

  6. Are procedures in place to create and disable user accounts? Are active accounts reviewed on a periodic basis? What is the process for disabling accounts of terminated employees?

  7. Are policies in place to force password changes periodically?

  8. How do you screen employees prior to employment? What background checks are undertaken?

Network Security Policy

  1. Has the organization developed a formal and well-documented network security policy?

  2. Is the policy regularly reviewed to determine whether the controls are operating as intended? Are changes and enhancements to the policy implemented when necessary?

  3. Does the firm have a robust firewall in place at the network level? Are policies configured to defend against external security threats? Are the firewall logs monitored regularly?

  4. Does the firm employ an intrusion detection system (IDS) to prevent unauthorized access?

  5. Is a solution in place to protect email systems against spam?

  6. Is a solution in place to ensure mobile devices and laptops are secure in the event of loss or theft?

  7. Are email messages encrypted and archived? For how long are messages archived?

Physical Security Policy

  1. Has the organization developed a formal and well-documented physical security policy?

  2. Is the policy regularly reviewed to determine whether the controls are operating as intended? Are changes and enhancements to the policy implemented when necessary?

  3. Are access controls in place for the Server Room? How does the firm ensure only authorized personnel gain access critical systems?

  4. Are procedures in place to manage visitors in the office? Are steps being taken to ensure visitors do not have the ability to observe or access sensitive employee systems and documents?

Disaster Recovery & Backup

  1. Describe the Company’s physical security, disaster recovery and backup plans and procedures.

  2. Please describe the communication chain related to the firm’s business continuity/disaster recovery plan.

  3. Is the policy regularly reviewed to determine whether the controls are operating as intended? Are changes and enhancements to the policy implemented when necessary?

  4. Has the firm tested the BCP from both a technical and operational perspective? How often are these tests performed?

  5. Has the firm established a dedicated location to retain backup copies of all critical data? Is offsite data encrypted and stored securely?

  6. Has a secondary working location been established to which employees should report in the event of a disruption or outage?

  7. Do all employees clearly understand the BCP procedures? Have appropriate training and documentation been established and shared with all personnel?

  8. Has the firm determined its crucial recovery point objectives (RPOs) and recovery time objectives (RTOs)? Does the DR solution meet these guidelines?

  9. Please provide a copy of the Company’s disaster recovery plan.

  10. How often is the Company’s disaster recovery plan tested?

<![CDATA[Cybersecurity Remains at the Forefront for Hedge Funds, Investment Firms]]>, 02 Oct 2014 00:00:00 -0400 eci This article first appeared in Hedgeweek's September 2014 Special Report on Risk Management.

Cyber security has quickly become a headline risk for hedge fund managers. On 15 April 2014, the SEC issued its Cyber-Security Risk Alert, a detailed 26-point questionnaire that aims to address various elements of a hedge fund’s technical and operational infrastructure to determine how vulnerable it is to cyber attacks and data theft.Hedgeweek Risk Report Cover

This initiative is being driven by the SEC’s Office of Compliance Inspections and Examinations. It will assess 50 individual firms and based on its findings will draft a set of final guidelines for hedge funds to adhere to. This is essentially a way to address ‘technology risk’ and implement best practices through documentation in the form of a Written Information Security Policy (WISP).

According to Assured SKCG Inc, an insurance advisory firm, 37 per cent of security breaches between 2012 and 2013 affected financial organisations. Hedge funds are a high profile target. Establishing a WISP and becoming as data secure as possible is critical.

At Eze Castle Integration, the phones haven’t stopped ringing as clients look to address any gaps in their IT infrastructure and operational policies.

“It wasn’t at the forefront of managers’ minds previously. It is now though,” says Lisa Smith (pictured), BCP/Data Privacy Manager at Eze Castle Integration. “Previously they put a lot of trust in their CTO, their service providers, to implement best practices around how to protect the firm. Now, rather than thinking someone else is taking care of it, there’s more emphasis on documenting everything and making sure that everybody is singing from the same hymn sheet.

“Everybody within a hedge fund should have a better understanding of what’s in place with respect to data privacy and infrastructure security. There needs to be firm-wide knowledge.”

A WISP acts as a blueprint. Just like the compliance manual, it sets all the firm’s internal policies and procedures covering everything from service provider outages to how often system passwords should be updated and so on.

“We start off by gauging where the client is. Do they have an IT policy? What type of infrastructure do they have in place? Fortunately for us, a lot of firms who have been calling us are existing clients so we have a good understanding of what they have in place. We as a firm follow industry best practices and implement those across our clients’ infrastructures,” explains Smith.

What Eze Castle is able to do in producing the WISP is apply their expertise (having already written dozens of WISPs for financial institutions) and paint a picture of how well a firm is protected against cybersecurity threats. This immediately overcomes the very real issue of ‘Key Man risk’. Say the CTO were to up sticks and join a competitor. If nothing has been written down and documented, nobody in the firm would have a clue as to how their IT infrastructure operates.

“Until it has been documented, everyone works off of assumptions,” comments Smith, who continues:

“We help put the controls in place to address data privacy. Some firms have documented this in their compliance manual, which we would make reference to in the WISP. It sets out a firm’s IT functions and applications and prioritises them.

“If a cyber attack takes place and impacts one system, having it documented means the manager will see where the impact is and what effect it will have on the rest of the firm.”

To read more about the SEC's Cybersecurity Initiative and how firms can prepare, check out these articles:

Cybersecurity Whitepaper
Photo Credit: Hedgeweek

<![CDATA[NASAA Cybersecurity Report Recap: Our Favorite Graphics and Findings]]>, 30 Sep 2014 00:00:00 -0400 eci The North American Securities Administrators Association (NASAA) recently released survey results of cybersecurity practices of 440 registered investment adviser firms across nine states. The purpose of NASAA’s pilot project was to better understand cybersecurity practices of state-registered investment advisers, how they communicate with clients and what types of policies and procedures they currently maintain. Of those surveyed, 47% have assets under management of less than $25 million, 37% manage more than $25 million and 16% do not manage assets. In today’s post, we will share our favorite graphics and findings from the organization’s survey.

Client Contact via E-mail and Use of Secure E-mail

NASAA's survey reported 92% of investment firms contact clients through e-mail and/or other electronic messaging and only 54% of that group utilizes secure email. While 14% were unsure, a staggering 30% responded that they did not utilize secure messaging whatsoever.

Hedge fund secure e-mail

Risk Assessments Related to Cybersecurity and Frequency of Risk Assessment

Risk assessment is the first step firms should take when creating a Business Continuity Plan (BCP). The below diagrams report that 62% of firms conduct risk assessments, 40% of which do so on an annual basis. The 37% of firms that do not run tests heighten their risks of a data breach and leaking confidential information.

Risk assessments for cybersecurityFrequency of risk assessments

Policies, Procedures and Training Programs

As cybersecurity threats are intensifying, it is imperative for hedge funds to have administrative and technical safeguards in place to ensure confidential data is protected. Furthermore, firms should require employees to complete cybersecurity training as well as limit what data employees have access to. Although firms are headed in the right direction, the below chart reveals that 23.1% of those surveyed for NASAA’s report have no policies and procedures in place regarding data security.

Cybersecurity Policies, Proecedures and Training Programs

Related Articles:

<![CDATA[Educate Employees About Cybersecurity: A Hedge Fund's Security Depends On It]]>, 25 Sep 2014 00:00:00 -0400 eci The following article originally appeared last month on the Tabb Forum.

Cybersecurity is a hot topic -- and rightfully so -- as headlines tout new vulnerabilities or incidents with increasing frequency. In the fight to prevent attacks, technology safeguards are typically the focus. A firm must have layers of security that include, but are not limited to, anti-virus, firewalls, intrusion detection systems and Internet monitoring and reporting, as well as procedures that restrict and monitor access.

However beyond technology, the role employees play cannot be underestimated. The reality is that employees can be one of a firm’s best lines of defense or weakest link. The deciding factor in which way it swings often comes down to access control policies and cybersecurity training.

Getting the Access Right

Employees require access to the data necessary to complete their job functions. But beyond that, firms should be limiting what data employees have access to. It’s not about not trusting your employees, but more so about not trusting the technology behind those employees. The less data employees can get to, the less damage can be done via an internal breach or external hack.

The SEC Cybersecurity Risk Alert issued in April 2014 highlights the importance of access control by asking about the controls a firm maintains to “prevent unauthorized escalation of user privileges” and how firms “restrict users to those network resources necessary for their business functions.”

Part of a firm’s cybersecurity planning must be defining how company data is protected, where it is located and who has and needs access. Once access levels are defined, they must be reviewed at least annually to ensure adherence firm wide.

A Little Education Goes a Long Way

With access controls set, a firm must train employees on handling confidential data and define their responsibilities around cybersecurity. One compromised computer can infect an entire organization, so at least annually, employees should complete security awareness training on a range of topics including:

  • Importance of Security Policies: Outline employee responsibilities concerning information security, the incident escalation process and how to protect data from malicious intrusion;

  • Cybersecurity Threat Landscape: Define the techniques a hacker may use to access confidential data or systems and how employees can avoid being victims. Common social engineering threats targeted at employees include pre-texting, phishing via email or phone, baiting and quid pro quo;

  • Practicing Internet Safety: Help employees recognize the signs of malicious activity, how it can spread and prevention strategies. Threats employees may encounter on the Internet include network spoofing, viruses, worms, password crackers and Trojan horses. Employees need to know the signs, such as missing files, that may indicate a computer is infected;

  • Email Safety: Identify what makes an email message suspicious, such as a strange subject line or unexpected sender, and how employees should handle the message – best practice is to delete;

  • Access Control Responsibilities: Train employees on how access controls and passwords are maintained and expectations for employee behavior in both areas. For example, employees should never share their login information and must maintain complex passwords;

  • Preventing Identify Theft: Educate employees on how identify theft occurs, including shoulder surfing/eavesdropping and dumpster diving, how to prevent and what to do if they are a victim; and

  • Physical Security Threats: Focus gravitates towards cyber threats, but firms and their employees must still take physical security precautions including locking workstations and offices, storing sensitive documentation and locking computers to reduce risks.

Security awareness training empowers employees and provides firms an added barrier against internal and external threats.

Related Articles

Cybersecurity Whitepaper

<![CDATA[Apple to iPhone Users: Here's How to Protect Your Devices]]>, 23 Sep 2014 00:00:00 -0400 eci Security has been THE topic of 2014 thus far and was amped up last week when many A-list celebrities’ phones were hacked and racy photos released. The hack was allegedly the result of an iCloud infiltration, prompting many Apple users to question the company’s privacy settings. In response, Apple CEO Tim Cook released a letter to consumers, and the company’s website will now feature a privacy section:

Apple CEO Tim Cook

Apple’s privacy site includes details on both the built-in security features within Apple devices as well as how users can manage their own privacy settings and tailor them to individual needs. Here is a brief snapshot of some security functions highlighted:

Built In Privacy

  • iMessages and FaceTime calls are protected with end-to-end encryption

  • iMessages and SMS messages are backed up to iCloud, but can be turned off by the user

  • All iCloud content is encrypted in transit and when stored (in most cases)

  • iCloud Keychain allows users to create strong passwords and stores them securely without giving Apple access

  • Safari blocks third-party cookies on all devices and offers private browsing Apple Two-Phase Verification Code

Manage Your Privacy

  • Users have the option to set a 4-digit passcode or a stronger one if they prefer

  • With certain models (iPhone 5s or later), users can program their fingerprints for increased security and control

  • “Find My iPhone” allows users to locate their device if lost or stolen

  • Two-step verification is now available and offers a second layer of protection if users want to change their Apple ID, sign into iCloud or make a purchase in the App Store

  • Users can configure their iCloud settings and control which apps (music, photos, documents, etc.) are backed up

In addition to outlining the features above, Apple has also provided a list of phishing schemes to be aware of as users navigate their mobile devices. Keep an eye out for these:

  • The sender’s address doesn’t match the name of the company it’s supposedly from.

  • The message was sent to a different address from the one you gave that company.

  • A link takes you to a website whose URL doesn’t match the company’s site.

  • The message starts with a generic greeting like “Dear valued customer” — most legitimate companies will include your name in their messages to you.

  • The message looks significantly different from other messages you’ve gotten from the company.

  • The message requests personal information like a credit card number or account password. Don’t reply or click any links. Instead, go to the company’s website, find their contact information, and contact them directly about the issue.

  • An unsolicited commercial message contains an attachment. If you receive one of these, do not open the attachment without first contacting the company to verify its contents.

We also recommend you read the following resources to learn more about security:

Whitepaper: Critical Cybersecurity Threats
Photo Credit: Apple]]>
<![CDATA[Hedge Fund Startup Tips from 9 Emerging Manager Experts]]>, 18 Sep 2014 00:00:00 -0400 eci We’ve tapped the expertise of nine experts in the hedge fund startup space to share their thoughts on a range of topics specific to emerging hedge fund managers. Below are some highlights, and you can read the entire Emerging Managers Insight Series eBook here.

Hedge Fund Startup Tips#1: The Prime Broker Perspective (Glen Dailey, Jefferies & Company)

  • Set a realistic schedule to launch and don’t rush to get the hedge fund up and running too quickly. Take the time to partner with the right service providers that will support your business from the start and as you grow.

  • Budget for a marketer in your first two years of operation. If you look at the largest funds in the industry, they all have substantial investor relations teams that keep current investors informed while prospecting for future investors.

  • Capital introduction is a much sought after service from prime brokers which can be very helpful in providing a new hedge fund exposure to potential investors. Take advantage of introductions and begin to build relationships with potential investors.

#2: Flowing Into Liquid Alts (Frank Attalla and Marc J. Wolf, Rothstein Kass)

  • Managers have to make smart, informed decisions about whether a registered product is right for them, and how they can best implement the strategy if they decide to make the move.

  • Questions to consider include: Will a registered product cannibalize my existing private fund business? Will my strategy fit inside a mutual fund? Do I understand the distribution landscape? Is a registered fund too expensive? Do I understand the track record implications?

  • The liquid alternative space has grown at a breakneck pace in recent years, and there doesn’t seem to be any slowdown in sight. Before making any move, managers need to take a hard look in the mirror and consider all the business implications — and consult with their service providers — before getting caught up in all the liquid alts excitement.

#3: Assessing Never-Examined SEC-Registered Investment Advisers (Shelley Rosensweig and Beth Smigel, Tannenbaum Helpern Syracuse & Hirschtritt)

  • Published in the SEC’s National Exam Program priorities is the NEP’s initiative to conduct focused, risk-based examinations of investment advisers who have been registered with the SEC for at least three (3) years (including non-U.S. advisers) but have not yet been examined by the NEP and are not subject to the “Presence Exam” initiative discussed herein (“Covered Advisers”).

  • Examinations conducted by the NEP in accordance with the Initiative focus on two approaches. The first approach consists of risk-assessment reviews which allow the NEP to obtain a better understanding of each Covered Adviser and include a high-level review of the Covered Adviser’s overall business activities, with a particular focus on the compliance program and other essential documents needed to assess the representations made on the Covered Adviser’s disclosure documents.

  • The second approach utilizes focused reviews which emphasize certain high risk areas of the Covered Adviser’s business and operations, including the following: Compliance Program, Filings/Disclosure, Marketing, Portfolio Management and Safety of Client Assets.

#4: Guiding Technology Decisions: From Cloud to DR (Mary Beth Hamilton, Eze Castle Integration)

  • 9 out of 10 hedge fund startups are selecting a cloud-based solution versus a traditional on-premise solution for reasons including simplicity, cost containment, improved flexibility and simplified IT management.

  • Regardless of whether a hedge fund selects on-premise IT or cloud, security is fundamental as all investment firms are at risk. A multi-layer security approach is essential to protecting the critical information that passes through the organization’s system every day.

  • Disaster recovery and business continuity plans are crucial for sustaining operations during outages or disasters. A disaster recovery plan addresses how the business will resume normal operations in the event of a catastrophe. A business continuity plan is somewhat broader in nature and deals with sustaining normal business operations during periods of disruption.

#5: Alternative Strategy Investor and Valuation Risk (Daniel Johnson of Wells Fargo Global Fund Services and Eric Lazear of FQS Capital Partners)

  • Operational risk can take many forms, but valuation is a good place for investors’ initial focus: are the holdings of the fund accurately valued, and is there a process in place to ensure that they are accurately valued at each dealing period?

  • Unlike reviews of performance, it is essential that any review of valuation risk include all parties involved in valuing the assets of the fund. This will often include speaking to the administrator about their role in the process and what the involvement of the investment manager has in determining the final prices.

  • There are also some common questions that should be asked of all funds and questions for fund administrators covering key areas (read the full list HERE).

#6: Hedge Fund Trading Desks, Furniture Matters (Jeff Brechman, CFS Group)

  • For someone starting a fund, and relying on your own capital, creating an office space within a budget is essential. Also important is identifying what technology a hedge fund will use to ensure that the furniture selected supports the end users appropriately.

  • Hedge funds should look for a furniture partner that has the ability to identify each client’s specific needs and provide them with the right product for their furniture application.

Emerging Manager Series eBook

<![CDATA[7 Common Cloud Mistakes and How to Avoid Them]]>, 11 Sep 2014 00:00:00 -0400 eci We all make mistakes, but when it comes to technology and hedge fund operations mistakes aren’t an option. So let’s look at seven common cloud mistakes we see hedge fund firms making and talk about how to avoid them.

Mistake #1: Not Sizing Bandwidth to Business Needs

Common Hedge Fund Cloud Mistakes

Determining the right amount of bandwidth comes down to the types of services being delivered and user expectations. Nothing ruins a cloud or really any computing experience like sluggish application and Internet performance.

Beyond bandwidth, firms must also consider latency. While latency issues don’t impact all applications (i.e. email is relatively insensitive) for others it is a killer. Latency has little place in trading applications or voice over IP services. When moving to the cloud, have a realistic conversation with the hedge fund cloud provider about the amount of bandwidth your firm really needs.

Mistake #2: Not Planning for Applications

Not all cloud platforms are equal especially when it comes to supporting hedge fund specific applications such as Order Management Systems or Portfolio Accounting Systems. While a hedge fund may not launch day one with one of these applications, there is a good chance they will require one in the future. To help mitigate future growing pains a hedge fund should plan for the future when evaluating cloud providers. Being shortsighted can result in future disruptions and integration pains.

Mistake #3: Not Having Cloud Service Level Agreements (SLAs) in Place

The Cloud Standards Customer Council defines cloud SLAs as written expectations for service between cloud consumers and providers. The Council advises companies to evaluate cloud SLAs using a number of steps including:

  • Understand roles and responsibilities

  • Understand service and deployment model differences

  • Evaluate security and privacy requirements

  • Evaluate disaster recovery plans

  • Understand the exit process

Mistake #4: Not Understanding Cloud Vendor Lock-in Costs

Following on understanding a cloud provider’s SLAs, firms must also fully review and understand vendor lock-in costs that may be included in a contract.

Techopedia explains “vendor lock-in as a service delivery technique that ensures customer dependence on the vendor services. This is achieved by developing IT solutions that are platform-dependent with proprietary software/application/hardware/equipment and that run exclusively or collaboratively with limited and third-party vendor partners. Moreover, these types of services dent high switching costs between competing vendors, making customers reluctant or even incapable of transitioning to different vendors.”

Be sure to discuss potential cloud lock-in costs with your selected cloud provider.

Mistake #5: Not Having Local File Servers/Domain Controllers

In the move to go completely cloud, some firms underestimate the value of having local file servers and domain controllers as part of the architected cloud solution. Talk to your cloud provider about the pros and cons of this model.

Mistake #6: Assuming Deep Security Safeguards Are in Place

Concerns around cybersecurity are top of mind across the hedge fund and investment industry and rightfully so. Beyond the SEC shining a spotlight on the topic with its Sample Cybersecurity Exam Questionnaire, the risks of security breaches and incidents are real.

When evaluating a cloud provider, firms should inquire about the layers of security in place and ensure the cloud undergoes regular risk assessments. As we’ve said before, not all clouds are created equal, and security is one key area where differentiation occurs.

Mistake #7: Not Matching Backup/Archiving Requirements with Cloud Services

Don’t assume that the backup processes included with your cloud service will match industry regulatory requirements, especially when it comes to message archiving. In most cases hedge funds and registered investment firms will need to add a long-term archiving solution to their cloud package.

That wraps up our list of the seven most common cloud mistakes and how to avoid them. Happy cloud shopping! (P.S. we're fans of the Eze Private Cloud.)

Hedge fund cloud guidebook

Photo Credit: Shutterstock

<![CDATA[iPhone 6: A Brief Summary of Apple's Newest Technology]]>, 09 Sep 2014 00:00:00 -0400 eci Following the steadily growing hype for th
e new iPhone 6, CEO Tim Cook put all rumors to rest at their Cupertino event today. Apple revealed not one, but two iPhones, boasting significantly larger screens to compete with Android smartphones. The iPhone 6 and the iPhone 6 Plus are expected to hit stores on September 19th, and response has already been overwhelming.

Both iPhones will come in Apple’s standard gold, space gray and silver, and instead of the straight edged look of the iPhone generations 4 and 5, have curved sides and the thinnest body of iPhones to date. The iPhone 6 has a 4.7 inch screen, while the iPhone 6 Plus appeals to all the “phablet” users with its 5.5 inch screen. Pricing for the iPhone 6 16 GB starts at $199 with a two-year contract and $299 for the iPhone 6 Plus 16 GB.

With the new iPhones also comes the unveiling of the awaited iOS 8, which also includes some features that will be useful with the iPhone 6 and 6 Plus’ large screen. First up, "reachability”allows the user to reach the top of the screen without having to reach across the screen by double touching the Touch ID. Next, there will be more content available in Messages, including face images of the recipient. Another new feature, the iSight camera, focuses automatically and continuously when taking photos and videos. And now for the first time, the user has the ability to view the home screen horizontally. The iOS 8 will be available for free to download on September 17th.

However, the most interesting capability coming with the new iPhone is called Apple Pay. Though NFC technology has been around for some time, many retailers have not used it due to consumer wariness and lack of education. Now, Apple has used this technology to create Apple Pay, a payment method that condenses the payment process to your iPhone and a single thumbprint. It comes standard on all models of the iPhone 6 and 6 Plus, and removes the need for a physical credit card.

The user need only take a picture of their credit card, verify it, and then all purchases can be made using the iPhone and completed using the thumbprint reader in lieu of a signature. No data on purchases is stored, and the retailer where the purchase is made does not even receive a credit card number, only the one-time payment number for that transaction. Purchases can be viewed in Passbook, and it works with credit cards from American Express, Visa and MasterCard. Apple already has clearance with several large retailers such as Macy’s, Walgreens, Sephora and Target and expects that Apple Pay will become a universal payment method.

The iPhone 6 will be available for preorder on September 12th. To commemorate this, Apple in connection with U2 have allowed their new album to be downloaded for free from iTunes until mid-October. A full list of the iPhone 6 and 6 Plus’ specs can be viewed here.

Photo Credit: Wikipedia

<![CDATA[Say Hello to Eze Voice, Our Next Generation Cloud Voice Solution]]>, 04 Sep 2014 00:00:00 -0400 eci Last month we covered the five myths about Voice over IP (VoIP) in preparation for the general availability of our next generation Eze Voice service. In case you don’t recall, the myths we debunked were:

  • MYTH 1: Poor Call Quality – Everyone Will Know I’m on VoIP

  • MYTH 2: VoIP is Unreliable – I’ll Experience Downtime

  • MYTH 3: I’ll Lose Critical Functionality Required by My Investment Firm

  • MYTH 4: I Can’t Keep My Phone Number

  • MYTH 5: Someone May Hack My Phone System

Now that Eze Voice is officially here and already being used by many clients, we wanted to give it a little shout-out, so here goes. Eze Voice is an innovative hosted voice solution that combines high levels of redundancy and quality of service with the communication features financial firms require.

The newest version of the Eze Voice service leverages Eze Castle Integration’s premier global cloud platform, Eze Private Cloud, and is ideal for firms that want to benefit from the flexibility, scalability and cost-effectiveness offered with a cloud-based voice service. Featured benefits of Eze Voice include:

  • Premier Quality of Service: Eze Castle Integration manages the state-of-the-art network powering Eze Voice and is able to ensure it is optimized to deliver crystal clear sound quality;

  • Critical Functionality for Financial Services: Eze Voice includes functionality financial firms require such as true ‘bridged appearances’ that allow flexible push-button collaboration between colleagues;

  • Seamless Communication Across Multiple Offices: Eze Voice seamlessly connects a firm’s offices and employees, eliminating the need for expensive and complex networks, hardware and software; and

  • Easily Connecting Office Extensions to Mobile Devices: With Eze Voice, mobile devices can easily become an extension of a user’s corporate phone system.

Here’s how Eze Voice Works

VoIP for Financial Firms

Learn more about Eze Voice HERE.

Contact VoIP Provider
<![CDATA[Video: How Did Technology Make Your Summer Better?]]>, 02 Sep 2014 00:00:00 -0400 eci Here at Eze Castle Integration, we’re not ready for summer to end! This year, we decided to ask our employees how technology enhanced their sun-soaked season.

​Check out the slideshow below to read their responses!

How did technology enhance your summer?

Photo Credit: Eze Castle Integration

<![CDATA[Assessing Your Firm's Attitude Toward Security: What's Your Type?]]>, 21 Aug 2014 00:00:00 -0400 eci If there’s one thing we’ve learned over the years when it comes to security, it’s that there’s a whole lot more to creating a secure hedge fund (or any business for that matter) than robust technology. Before identifying infrastructure components and implementing operational policies, a firm must first be clear on what its attitude is toward security. This attitude will filter through the company from the top down, and will therefore dictate how employees and the business as a whole operate on a daily basis.

To give you a clearer understanding of what we mean, we’ve created three security profiles that cover a wide spectrum in terms of security attitudes and practices.

Under the Radar: Low Security

If your attitude toward security is low, odds are you’re barely scraping the surface in terms of what practices and policies you should be employing to maintain proper security firm-wide. You likely rely on quick fixes to solve problems instead of looking at the bigger picture and thinking strategically about how security can both benefit and protect your business. You’ve employed minimal preparedness efforts and could be in for a difficult task if faced with a serious security incident. You probably take a “it won’t happen to me” attitude and don’t take security seriously enough – a stance that could endanger your firm in the long term.

Play it Safe: Moderate Security

In a typical moderate fashion, if this is your security attitude you probably fall somewhere in the middle. You’re employing practices and protocols just enough to get by and feel secure – but there’s still plenty more you could do. In many cases, you rely solely on the IT department to manage security and don’t involve other areas of the business. You send a once-off communication to employees to change their passwords – but don’t follow up on it or enforce it on a regular basis. You may be protected against moderate security threats but could suffer if a serious breach occurs.

Lock it Down: High Security

If your attitude toward security is at the highest level, congratulations! While one could argue there is always more than can be done in regards to security, you at the front of the pack and taking it seriously (as you should). You employ best practices across the firm and document policies and procedures to outline technology and operational priorities and safeguards. More so, you take the time to educate and train your employees on security awareness on a regular basis. You take a proactive stance against security, ensuring it becomes a company-wide effort and engaging all users in preventing and responding to security incidents. Your demonstrated awareness of the importance of security will serve you well in the event a breach or incident occurs.

Did you determine your security type yet? The chart below further identifies characteristics and trademarks of these security profiles.

What's your Attitude Toward Security?

For more guidance on security best practices, check out these resources:

Cybersecurity Whitepaper

<![CDATA[Philanthropy Plunge: Eze Castle Takes the ALS Ice Bucket Challenge (Video)]]>, 19 Aug 2014 00:00:00 -0400 eci Unless you've been living under a rock for the last few weeks, you've probably seen a slew of videos on your Facebook or Instagram news feeds featuring your friends and family members dumping buckets of ice over their heads. To what end?

The Ice Bucket Challenge is sweeping the nation and simultaneously raising awareness and money for amyotrophic lateral sclerosis (ALS) – also known as Lou Gehrig’s disease. Pete Frates, a 29-year-old Boston-area man and former baseball captain at Boston College, is credited with leading the charge and challenging his friends to pour ice over their heads. The challenge took off in the Boston area and quickly went viral across the country and even globally. Celebrities are now accepting the challenge as well – and everyone from Justin Timberlake to Taylor Swift to Mark Zuckerberg have participated.

But beyond filling your news feeds with entertaining videos, the ALS Ice Bucket Challenge is also succeeding at spurring significant donations. As of this week, the ALS Association said it has received $15.6 million in donations since July 29 – compared with just $1.8 million during the same time period last year. We noticed many of our employees here at Eze Castle Integration were brave enough to accept the challenge, and we applaud them for raising awareness for such a worthy cause. We’ve created a short compilation below to highlight some of our amazing employees as they take the ALS Ice Bucket Challenge.

If you would like to join the cause, you can support ALS research and make a donation at or You can also read more below about how Eze Castle Integration and its employees make philanthropy a priority:

<![CDATA[Putting the Smart in Smartphone Security: Six Consumer Tips]]>, 14 Aug 2014 00:00:00 -0400 eci Mobile devices have transformed the way we manage our everyday lives: from how we track our bank accounts, to interacting with friends and family to booking travel, and so on. Everything you need is at your fingertips, but are you taking the proper security measurements to protect your device? Below are a few tips to help keep your smartphone’s data safe.

  1. Set a Password: When you do not set a password to lock your phone, anyone who obtains possession of the device has instant access to all of your apps that automatically log-in upon launching. This is a simple security measure to take and yet, according to Consumer Reports' annual State of the Net Survey, only 36 percent of smartphone owners have a passcode. From a business use perspective, any device that accesses corporate email or networks should have a complex password and be managed by mobile device management tools such as AirWatch or Good Technology.

  2. Mobile Security Apps: Looking to the future, we expect the adoption of mobile device security apps that provide anti-virus, privacy and anti-malware protection to increase. And for good reason. According to the June 2014 McAfee Labs Threat Report, mobile malware has increased by 167 percent in the past year alone. Companies such as AirWatch aim to ensure your enterprise mobility deployment is secure and corporate information is protected with end-to-end security.

  3. Physical Security: Consumer Reports projected that approximately 3.1 million American consumers were victims of smartphone theft. Keeping your device in a zipped pocket, secure bag or within close proximity to your body helps reduce the risk of losing or having your phone stolen. Leaving your phone in plain view (e.g. beach blanket, park bench, etc.) increases these risks and may cost you an expensive afternoon. Also, business devices should have the capability to be remotely wiped to ensure confidential data or network access does not fall into the wrong hands.

  4. Backup and Secure Your Data: You should backup all of your smartphone’s data - for example, your contacts, photos and documents. This data can be stored on your computer, on a storage card, or in the cloud.

  5. Only Download Apps from Trusted Sources: Research apps before installing them to confirm legitimacy. Users can do so by checking the app publisher, seller and reviews, as well as comparing the app sponsor’s website with the app store link to confirm consistency.

  6. “Find my Phone” App: In the event that your device goes missing, having set up this iPhone app in advance can help you locate the device from your browser. When signing into the app, a map will appear which pinpoints your device’s location and also gives you the options to call, lock and even erase your phone.

In conclusion, the use of common sense and security measures can help mitigate the risk to your mobile device’s data. At Eze Castle Integration we regularly work with hedge funds and investment firms to create mobile security policies that make end-users happy by giving them device-freedom while keeping corporate data safe and secure.

Additional Articles:

<![CDATA[FCA to Financial Services Firms: Social Media Promotions Require #Ad Compliance]]>, 07 Aug 2014 00:00:00 -0400 eci Hedge fund marketing and advertising has greatly evolved in the past few years, both with regulatory changes taking effect (in the US, the JOBS Act now allows public advertising) and new forms of media emerging, particularly social platforms such as Twitter, Facebook, LinkedIn and YouTube.

In the UK this week, the Financial Conduct Authority (FCA) took steps to further regulate how financial services firms market to consumers by launching guidance consultation on social media usage. As evidenced by FCA Director of Supervision Clive Adamson, the consultation is intended to ensure financial promotions on social media platforms protect consumers and are disseminated in a way that fairly balances both benefits and risks:Social Media Apps

“The FCA sees positive benefits from using social media but there has to be an element of compliance. Primarily, what firms do on social media must ensure customers are at the heart of their business. Our overall approach is that financial promotions, whether on social media or traditional media, should be fair, clear and not misleading. We have had extensive industry engagement on this issue and we believe our guidance is a sensible approach that doesn’t affect industry’s ability to innovate using new forms of media. We recognise social media are constantly evolving. We, therefore, welcome feedback to [the] consultation and look forward to continuing the discussion with industry.”

The FCA is currently soliciting opinions and advice from financial services in regards to social media promotions. At this time, however, they are encouraging firms to practice the following:

  • Identifying promotions: Firms should clearly identify product/service promotions as such; one accepted method, especially for character-limited media, is the use of #ad within the post

  • Stand-alone compliance: Each communication (i.e. a tweet, Facebook post, etc.) needs to be considered individually and comply with all relevant rules.

  • Risk warnings: Certain product/service promotion may require the use of risk warnings or other required statements under law.

  • Image vs. text: Consider using image advertising in place of limited character opportunities, but remember risk warnings and other pertinent information cannot appear solely in the image.

This week’s guidance could develop into official policy changes to the FCA’s initial guidance on the use of social media, first published back in 2010. At the time, the FCA (it was then known as the Financial Services Authority) released guidance regarding the use of “new media” channels for promotions. The regulator had conducted a review of social media pages operated by a variety of financial companies and determined many firms were not taking proper compliance rules into consideration and should evaluate whether social platforms were appropriate for promotions.

The big question seems to be whether a firm can adequately disseminate the risks and conditions associated with a promotion or sale of services via a social media outlet, particularly one with character/time restrictions. Twitter’s unique platform, for example, only allows 140 characters. Vine, the video sharing service, limits uploads to six-second clips. The FCA has an overarching strategic objective of ensuring the relevant markets function well. To support this it has three operational objectives: "to secure an appropriate degree of protection for consumers; to protect and enhance the integrity of the UK financial system; and to promote effective competition in the interests of consumers."

For more information on the FCA’s social media guidance consultation for financial services firms, click here.

More Resources on Financial Firms and Social Media Usage:

UK Social Media Guidance Webcast
Photo Credit: Flickr

<![CDATA[Cloud Computing: The Growing Competitive Advantage for Hedge Funds]]>, 31 Jul 2014 00:00:00 -0400 eci The competition amongst firms in the financial services industry is ever burgeoning, and in order to achieve differentiation, it is imperative for firms to create and maintain robust, manageable, scalable and reliable technology infrastructures. Increasingly, we’re seeing more than just emerging managers opting for a cloud solution and established hedge funds and alternative investment firms shifting gears from traditional on-premise IT infrastructures to cloud services.

If you missed our webinar yesterday on Why the Billion Dollar Club is Going Cloud, read our recap below or scroll down to watch the full webinar replay, featuring Eze Castle’s Managing Directors Bob Guilbert and Vinod Paul.

The Business Case for the Cloud: Why Established Firms are Making the Move

Why the Billion Dollar Club is going CloudAcross the industry, established firms that have been in business for several years are moving away from physical infrastructures and adopting the cloud. Traditionally, investment firms would allocate substantial capital budgets to build on-premise Communication (Comm.) Rooms. These cost-intensive infrastructures can take months to build out, and specific expenses can vary depending on a firm’s unique needs. For example, at minimum, investment firms require file services, email capabilities, mobility services and remote connectivity, as well as disaster recovery and compliance. Beyond those, many firms also require systems and applications such as order management systems (OMS), customer relationship management tools (CRM), and portfolio management or accounting packages.

To run all of these systems and build out an on-site Comm. Room (with proper power, cooling and connectivity requirements), firms will spend upwards of $200,000 to $300,000. With the cloud, those upfront capital costs are no longer a concern.

Beyond moving firms from a CapEx to OpEx model, the cloud also allows firms to reduce their spend on additional technology expenses such as software licensing, hardware upgrades and technology infrastructure refreshes, and rudimentary patch management.

The Right Time: When Established Firms are Making the Move

Although no two firms are identical, we believe the following three scenarios are key triggers for firms to go to the cloud:

  1. Office Relocations

  2. New Applications

  3. Technology Refresh

Read more about when firms typically opt to make the move to the cloud here.

The Cloud Advantage: Architecture, Access, Operations

For most financial services firms, IT services and resources are managed at an offsite data center, typically situated in a more cost-effective location rather than a high-rent office building (think New Jersey, not Midtown Manhattan). Cloud service providers use a similar architecture for the cloud, but offer the following additional advantages:

  • Rapid Provisioning: Adding resources to the cloud (storage capacity, computing resources, etc.) is much quicker than with on-premise environments.

  • Consistent, Guaranteed Performance: Providers enforce strong service level agreements and employ robust monitoring tools to ensure the operating environment remains optimal for users.

  • Professional Management and Operations: The cloud helps to solidify IT processes (e.g. adding/removing users) and moves the burden of management and monitoring to a third party, allowing internal users to focus on higher-level projects.

  • Application Support & Integration: Professionally-managed private clouds can generally support a wide variety of applications and integrate them seamlessly onto one environment (something not easily achieved with public cloud platforms).

The Cloud Advantage: Stronger Security, Lower Risk

One of the most important considerations for firms is risk mitigation, specifically when it comes to cybersecurity. Due to the increased emphasis that the U.S. Securities and Exchange Commission (SEC) is placing on security mechanisms, hedge funds and investment firms operating in today’s environment are often turning to cloud providers to leverage their robust networks and infrastructures.

A first-rate cloud provider can create a level of security that only the largest financial firms in the world can afford to implement, manage, and maintain. From the careful implementation of best practice principles and procedures to comprehensive auditing to enforcing robust authentication methods, rapid deprovisioning, 24x7 monitoring, vulnerability testing, and strong physical security methods with biometric access, and more – the cloud provider bolsters and fortifies a hedge fund’s security and offers a level of comfort that investors are desperately seeking.

Watch the full replay from our webinar, Why the Billion Dollar Club is Going Cloud, below.

Additional resources you might find valuable:

<![CDATA[FATCA: What You Need to Know About Tax Compliance]]>, 29 Jul 2014 00:00:00 -0400 eci We’ve seen the face of the financial services industry change dramatically over the last few years, with emerging technologies, investor transparency demands and growing competition fueling firms to assess their operations and focus on the health and success of the overall business. But perhaps beyond any of these trends, the focus on industry regulations and compliance efforts may be the most significant in changing the way financial services firms do business.

FACTA and YouThis year alone, we’ve seen regulatory initiatives dominate headlines and leave firms scrambling to comply, notably the SEC’s cybersecurity guidelines released this spring and the official implementation of the Alternative Investment Managers Fund Directive (AIFMD), which went into effect last week. Also becoming official this month is the Foreign Account Tax Compliance Act, or FATCA, which requires U.S. persons to report financial accounts held outside of the United States and financial institutions (notably banks) to report foreign financial accounts and clients who hold foreign assets.

To identify non-compliance, the Internal Revenue Service is requiring financial institutions with foreign entities and foreign financial institutions (FFIs) to disclose information about U.S. clients with balances over $50,000. The law threatens a steep 30 percent withholding tax on payments for non-compliant FFIs.

There is also a significant cost for firms to implement compliance procedures and reporting standards to meet the legislative requirements of FATCA. It is reported that implementation costs average between $100,000 and $500,000 depending on firm size and are expected to amount to roughly $8 billion USD a year for financial institutions alone (not including costs to the private sector, IRS and foreign entities).

The FATCA law was written more than four years ago – back in 2010 – but went into effect on July 1, 2014. The good news for institutions making an effort to comply with FATCA is the IRS recently issued Notice 2014-33 that this year and 2015 will be a transition period for reporting and due diligence. The IRS will not enforce FATCA requirements on firms striving to meet regulations (account opening practices and procedures) but will not provide relief to entities making no effort.

Preparing for FATCA involves the entire organization’s (operations, technology, risk, legal, and tax) involvement for successful compliance. After registering FFIs or foreign entities, the steps to consider include:

  • Investigating and determining if current clients are a “US person” (this includes US citizens who live abroad) and implement new rules and procedures for new accounts

  • Developing a team (legal, tax, IT, project management) to integrate the new legislative requirements

  • Completing a gap analysis to recognize what systems and procedures need to be updated

  • Creating and implementing a plan to put new systems and procedures into place

  • Considering a third-party service provider for their expertise of FATCA’s rules and regulations

FATCA compliance will require client information to be up to date and be available electronically for reporting; new policies, procedures, and system technologies may be vital to maintaining compliance. Despite the “transition period” currently in place, firms should be taking active steps to implement the necessary requirements to meet FATCA compliance standards and ensure business operations are not negatively impacted from a cost or regulatory perspective.

Hedge Fund Outsourcing Guidebook
Photo Credit: Shutterstock

<![CDATA[Data Destruction Basics: Why Deleting Your Hedge Fund Data Isn't Enough]]>, 24 Jul 2014 00:00:00 -0400 eci Your hedge fund's information security plan likely includes details on where information is stored, how it is accessed and who it is accessible to. But a critical component of this security plan often overlooked is how and why data is destroyed when it is no longer needed. Including data destruction procedures in your hedge fund's Written Information Security Policy (WISP) or as a separate document is vital to ensuring your firm’s sensitive data and intellectual property does not fall into the hands of the wrong people. Unfortunately, in today’s technology-driven, cyber-aware environment, simply hitting the delete key is not enough.Destroyed Hard Drive

There are a few different scenarios that may warrant secure data destruction maneuvers:

Your methods and policies for secure data destruction may vary according to the above scenarios, or they may be standard across the firm. Your hedge fund should also consider if there are any regulatory implications. Do you need to maintain/archive data for a prescribed period of time in order to comply with state, federal or other compliance or auditing standards?

In any case, you’ll want to consider a variety of methods in the beginning to ensure your firm’s confidential data (e.g. investment portfolio, investor contact information, etc.) is securely destroyed, preventing unwanted breaches or thefts. Consider the following as you evaluate what makes sense for your firm:

Physical Destruction: Disk shredding, crushing or melting are common techniques. This method can be effective for a hedge fund's on-premise equipment, however, does not necessarily apply when using the cloud – as in most cases, firms are leveraging physical equipment owned by the cloud services provider. Paper shredding is the most common method of destruction for hardcopy documentation.

Encryption: If you choose not to destroy data through any particular means, you can take steps to ensure, if it is obtained by any unauthorized parties, it cannot be accessed or at least easily understood without the proper encryption key.

Degaussing: This is “the process of decreasing or eliminating a remnant magnetic field.” Degaussing is often the preferred method for firms looking to purge highly sensitive data, as it does not leave open even the remote possibility of recovery. The equipment storing the data, however, becomes collateral damage with this method, as it will be destroyed right along with the information.

Overwriting: In many cases, firms choose to overwrite old data with new information, making it difficult, at best, to locate or recover.

With the emergence of cloud services, concern has grown over data destruction methods and the level of destruction firms employ to eliminate data. Whether you are ending a relationship with a cloud services provider altogether or migrating your information to another platform, ensure there are written contracts in place to protect your data throughout the process. The vendor you are severing your relationship with should also provide a certificate of destruction to validate that any company data or information is no longer accessible to them.

Also, don’t forget about mobile devices. Many firms now employ BYOD programs, which give employees the option of using their personal smartphones and devices to run corporate software and email. As a firm, be sure you’re including mobile devices in your data destruction policies and are clear with employees on what happens to their data and devices in the event they leave the company. Many employers require users to sign contracts giving the firm permission to remotely wipe devices if employees are terminated or sensitive company data needs to be moved or transferred elsewhere.

As a final thought, we encourage firms to think through the risks of undestroyed data as they are developing and modifying their information security and data destruction policies. With cyber hackers seemingly everywhere and disgruntled employees bound to emerge, it is critical hedge funds take all measures to ensure sensitive company and employee data is protected while needed and eliminated when not.

Read on to learn more about best practices for information security:

Cybersecurity Whitepaper 2014
Photo Credit: Wikimedia

<![CDATA[Does the Network Powering a Cloud Matter? Watch and Learn]]>, 17 Jul 2014 00:00:00 -0400 eci We are excited to debut our newest video that explains why the network powering a cloud service matters and should be evaluated closely.

As background for why we created this video, in today’s interconnected financial world, investment firms have global interests and a global presence, making fully on-premise IT infrastructure a way of the past. Cloud service providers have a variety of capabilities, each designed to serve a specific set of needs, which makes it crucial for businesses to critically evaluate the network behind a cloud and what it can deliver. Not all clouds are created equal.

Our ECI Link Financial Network is a global private cloud network built for the financial industry. With data centers in the US, UK and Asia, it enables organizations to efficiently leverage a single provider for all their global infrastructure needs.

Now on to the video -- let us show you why ECI Link is THE single converged network built to power today’s buy-side firms' trading operations.

<![CDATA[IT Security Dos and Don'ts to Live By]]>, 15 Jul 2014 00:00:00 -0400 eci IT Security Dos and Dont'sWe spend a lot of time educating our clients about security best practices and encouraging them to implement comprehensive security policies and procedures to mitigate risk and protect both the firm and its employees. And for good reason. Just today, New York Attorney General Eric Schneiderman released a report stating data breaches across the state more than tripled from 2006 to 2013 and cost businesses more than $1.37 billion last year alone.

While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. In addition to providing employees with security best practices they should follow, don’t forget to also include a list of actions they should not. Here are just a few pieces of advice we regularly offer our investment firm clients:

DO:Check Mark

  • Lock your computer and mobile phone(s) when you leave your desk and/or office

  • Use care when entering passwords in front of others

  • Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)

  • Change your password immediately if you suspect that it has been compromised

  • Report suspicious activity to the IT team/CSIRT to help minimize cyber risks

  • Protect personal computers and devices with anti-virus software when working remotely


  • Allow others to use your login ID or password

  • Use the same password for every applicationX Mark

  • Store passwords on a piece of paper or other easily accessible document

  • Open email or attachments if the sender is unknown or suspicious

  • Provide information such as login IDs, passwords, social security numbers, account numbers, etc. via unencrypted email

  • Leave your laptop or mobile device unattended while in a public place. Lost or stolen equipment, including mobile devices connected to corporate network, should be reported immediately

  • Keep open files containing personal or confidential information on your desks or in an unlocked file cabinet when away from your office/desk

  • Install unauthorized programs on your work computer

  • Plug in personal devices without permission from IT

For more security best practices and tips, check out these other articles:

Cybersecurity Whitepaper

Photo Credits: Wikimedia Commons

<![CDATA[Persistent Automation for Fund Management: The New Reality, Part 2]]>, 10 Jul 2014 00:00:00 -0400 eci Following is the second part in a two-part guest post from Branden Jones, Global Head of Marketing at Liquid Holdings Group, Inc. based in New York, NY. To read Part One, click here.

In this age of data management—this new state of cross-office functionality—operational models must be able to house, curate, and level-off information sets as they happen. Funds must not only actively manage a growing universe of market data but also tackle performance reporting, risk projections, disaster planning, and partitioned client data.

To successfully, and simultaneously, manage these activities, funds must have a data operational model that supports automation, where it makes sense:

  • Continuous processing, as an underlying system
  • Consistent normalization, across the board
  • Historical, since inception view
  • Defensive measures, to protect the operation


Advice for hedge fund managersReal-time, continuous actions are the new normal in today’s hedge fund reality. Funds are expected to understand, identify, and take advantage of opportunities as they occur. However, from a data standpoint “real-time” is only a point on a larger continuum of activity that occurs when a participant observes or captures a single event in time. Continuous processing is the underlying current that accepts and captures, or rejects data inflows and outflows. As pressures increase from both investors and regulators, managers should rely on continuous, automated services, processes, and technology to support their business, not only as a viewable segment, but constantly, throughout the lifespan of the fund.


While the amount of data increased, the types of data and their origin/ sources have multiplied as well. That means that systems that previously could only recognize one or two sources, are now challenged with a more complex ferrying of information sets from counterparties, exchanges, fund admins, and primes. Normalization is the process that guarantees safe passage of these data packets, regardless of origin, as the data becomes available to converge with its intended destination(s) within the fund infrastructure. Consistent data, through consistent ongoing normalization, translates into accurate pricing and valuations for use in real-time and forward-looking portfolio management, as well as precision analysis and reporting for investors.


The need to investigate and utilize historical, security-level data unique to the fund is a key to the success of the business. Arming a fund with since-inception-data allows the manager to transform the most unique and granular drivers of past performance into the underpinnings of actionable, forward-looking initiatives across alpha generation, risk management, investor insights, and compliance.


While data trafficking, shaping, and viewing are relatively benign activities, when it comes to true data management, a fourth component is critical: the ability to uncover and recover from adverse events, and the greater protection of investor interests. A solid wall to prevent co-mingling of client data within an underlying architecture keeps critical, and proprietary, data safe. When it comes to planning for the unplanned, like adverse events both in the digital and physical worlds, automated services can provide the second life for a fund—without interruption. Cloud technology provides the best option for funds to house data infrastructures—not only providing secure and convenient access, but also virtual warehouses that are automated, back-up systems, shielding the business from any physical hardware environmental risks like earthquakes, floods, or outages. Thus, it’s not only important how data is managed but where it is managed.

To continue reading the white paper, please visit

<![CDATA[The New Reality: Persistent Automation for Fund Management]]>, 08 Jul 2014 00:00:00 -0400 eci Following is the first part in a two-part guest post from Branden Jones, Global Head of Marketing at Liquid Holdings Group, Inc. based in New York, NY.

This is the year for big data. Across industries, firms have unprecedented amounts of both public and private information sets – from user profiles and consumer habits to business outputs and proprietary algorithms. But access to data, or information at large, does not guarantee a valuable yield. Jonathan Shaw, managing editor of Harvard Magazine notes, “The [data] revolution lies in improved statistical and computational methods, not in the exponential growth of storage or even computational capacity.” Data is ubiquitous but not intrinsically valuable – it needs to be smartly processed, not just farmed.

For hedge funds, data processing is the quiet, invisible process that moves through the trade lifecycle—accessed from external entities like exchanges and brokers, modified and adjusted in execution, and at times, frozen in snapshots for an increasingly complex group of investors and regulators. More operational credibility and regulatory compliance is required than ever before, with increased scrutiny of the secret buy-side manna that goes along with it.

Smarter data management can be expensive and time-consuming as funds seek to keep up with regulatory, compliance, and transparency requirements while navigating through a sea of market opportunities. Good fund management starts and ends with precise, accurate data management. Truly taking advantage of data, and smarter computational methods, requires not only shedding the skin of outdated models, but categorically understanding a whole new data ecosystem, with new methods of processing, through selective automation and augmented observation. Once that new data ecosystem has been embraced, fund managers can spend their time mastering alpha generation and capital building initiatives.

Liquid Holdings - New Hedge Fund Reality

Lifecycle Convergence

While data management has historically been the purview of three separate functions (front-, middle-, and back-office), funds are now considering data inflows and outflows as simultaneous and holistic activities that not only govern market data and transparency capabilities, but also the capacity to be position-aware. This new viewpoint not only extends to in-house modifications, but will play an increasingly larger role amongst fund/service provider relationships. According to an Aite report from earlier this year, “…regardless of whether firms currently outsource or plan to outsource, the most common impressions of the benefits of using a single front- to back-office vendor for fund operations revolve around the attractiveness of holistic functionality, the expected contribution of a specialized vendor’s experience gained from other firms, and the vendor’s potential to better service clients.”

Essentially, funds are approaching operations as an ecosystem – instead of a train-like pipeline where only one train moves in one direction. The ecosystem houses converging cross-office data functionalities that are near-simultaneous activities, beyond the linear progression of the traditional lifecycle. Risk is moving to the front office. Portfolio management is constant. And compliance is everywhere. No longer do funds hand off a piece of paper from their trader(s), to the risk officer, over to compliance for the stamp of approval, call down to the floor to reconcile all activity, and then spend countless hours updating disparate systems and colleagues, and later investors, of the impacts on performance and risk. That is the pre-data model from the ‘80’s and 90’s – non-computational and hindered by actual human movement, where data moves in a single line, waiting in turn to be moved in and out of an outdated fund architecture by personnel who may or may not exist in today’s hedge fund reality.

The data map has changed – it’s time for a new hedge fund model.

Part 2: Be sure to come back to Hedge IT on Thursday, July 10 for the second part to this article, which examines the new data model firms should look to leverage: one that supports processing, normalization, historical and defensive measures. If you can't wait until Thursday, you can download Liquid Holdings' complete whitepaper, The New Reality, here.

Emerging managers series

Photo Credit: Liquid Holdings

<![CDATA[What is a Security Vulnerability Assessment and How Does it Work?]]>, 01 Jul 2014 00:00:00 -0400 eci One of the first questions on the SEC’s cybersecurity questionnaire for financial firms asks firms to "indicate whether they conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities and potential business consequences", and if so, who conducts them and how often. Clearly the goal behind this question is to ensure that firms are taking a proactive approach to security. But what exactly does this risk assessment entail?

Here’s a quick overview.

The type of risk assessment typically associated with information technology and cybersecurity is an external vulnerability assessment. Essentially, this is the process of identifying and categorizing vulnerabilities related to a system or infrastructure. Typical steps associated with a vulnerability scan or assessment include:Cybersecurity Whitepaper for Download

  • Identifying all appropriate systems, networks and infrastructures;

  • Scanning networks to assess susceptibility to external hacks and threats;

  • Classifying vulnerabilities based on severity; and

  • Making tactical recommendations around how to eliminate or remediate threats at all levels.

As a best practice, Eze Castle Integration recommends that hedge funds and investment firms conduct external vulnerability assessments at least once per year. Many firms may opt for semi-annual scans, particularly if the firm’s technology environment is continually changing.

The true goal of the vulnerability assessment is to gauge the level of security a firm has in place to protect against external threats and cyber-attacks. Depending on the third party conducting the test, a firm may be ‘graded’ with a number or letter score or simply provided with a list of vulnerabilities and security recommendations. Here’s one example of a grading system associated with a vulnerability/risk assessment:

Excellent: The firm’s security exceeds industry standards and best practices, and overall the firm’s security was found to be in excellent condition with only minor, low-level security vulnerabilities discovered.

Good: The firm’s security meets accepted standards within the industry, and overall the firm’s security was found to be strong with only a few low and medium-level security risks identified.

Fair: The firm’s security is somewhat below current industry standards and moderate changes would need to be implemented to increase security and meet industry levels.

Poor: The firm’s security has significant deficiencies and is well below industry standard level. Major changes would need to be implemented to alleviate critical and high-level vulnerabilities and elevate the firm’s overall security program.

For any vulnerabilities identified as part of the assessment, a description of the risk would be included as well as any specific systems or networks affected and recommendations for how the firm can either remediate or alleviate the risk. Ultimately, these assessments and their corresponding documentation will serve to demonstrate a number of significant points:

A) that the investment firm is taking the SEC’s cybersecurity inquiry seriously and preparing for upcoming exams;
B) that investors can feel confident the firm is implementing policies and procedures to protect investor information and assets; and
C) that the firm is taking an overall proactive approach to security and business continuity.

Check out these other relevant resources:

Download Free Cybersecurity Whitepaper

<![CDATA[Tips for Tackling Your Financial Firm's Cybersecurity To-Do List]]>, 26 Jun 2014 00:00:00 -0400 eci We continue to discuss cybersecurity with financial firms on a regular basis, and with the expectation that the SEC will start cybersecurity exams sometime around September, it’s evident that registered investment advisers are working diligently to answer the questionnaire and shore up internal practices.

To continue fostering education around this topic, we hosted two events last week dedicated to cybersecurity for hedge funds and other registered investment advisers. In case you missed them, you can read a brief recap of some of the key topics discussed or scroll down to watch our full webinar replay.

Cybersecurity a Hot Topic on State & Federal Level

By now, we all know the SEC has taken steps to assure that hedge funds and registered investment advisers put security mechanisms and practices in place to protect against cyber threats. SEC Commissioner Luis Aguilar said there is “substantial risk that a cyber-attack could cause significant and wide-ranging market disruptions and investor harm.” Even beyond the federal level, some states are chiming in on the cybersecurity front. Earlier this month, Massachusetts and Illinois acknowledged that they were polling investment advisers about their security practices, and that based on responses, state regulations could be impacted.

SEC Fundamental Concerns

eSentire: Must Have Security Considerations

According to Eldon Sprickerhoff, Chief Security Strategist at eSentire, the SEC’s cybersecurity initiative is designed to shed light on the following four fundamental concerns:

  • Day-to-day operations in a rapidly changing landscape

  • Detection and reporting of a cyber incident

  • Impact on cybersecurity of fundamental decision making

  • Expectations of executive oversight of this new risk category

Beyond Technology: Written Information Security Plans (WISP)

Question 2 in the SEC’s cybersecurity questionnaire states: “Please provide a copy of the Firm’s written information security policy.” In plain, bold letters, the SEC has announced that it expects hedge funds and other registered investment advisers to not only be implementing cybersecurity policies, but also to be documenting them. Administrative and operational steps are just as critical to a successful security program as robust, technology solutions.

As part of your financial firm’s cybersecurity WISP, we at Eze Castle Integration advise that firms investigate and answer the following questions (Note: this is not a comprehensive list):Cybersecurity Whitepaper

What is data and where is data located? Not all data is created equal. Is it encrypted? Is it on shared drives or stored locally?

How is data protected? Is it encrypted? If you’re sending investor information and it’s not encrypted, you put investors’ data at risk. Do you need to access a portal or some other website to access certain confidential information?

Who has access to information? Employees need access to the data necessary to complete their tasks. But beyond that - firms should be limiting what data employees have access to. It’s not about not trusting your employees, but more so about not trusting the technology behind those employees. The less data employees can get to, the less damage can be done via an internal breach or external hack.

What incident response procedures are in place? Odds are your firm has already suffered some sort of security incident – even if it’s as small as a malware attack. Firms need to identify what the business response will be to a variety of incident types. In what situations will investors, authorities, etc. need to be notified? Documenting these scenarios in advance will cut down on response times in real-life situations.

What are employees’ responsibilities? User training becomes key here. Employees should be responsible for security awareness, but businesses should also make it a priority to provide proper training and educational resources to everyone across the firm.

Technical Safeguards

On the cybersecurity technology front, financial firms should undertake employing the following technical practices to mitigate security risks:

  • Penetration testing

  • Vulnerability assessments

  • Firewalls

  • Audit & logging

For even more information on the technical and operation safeguards investment firms should implement to protect against cyber threats, watch our full webinar replay below featuring speakers from Eze Castle Integration, eSentire and Maloy Risk Services.

Other Cybersecurity Resources You Might Find Helpful:

Photo Credit: eSentire

<![CDATA[When Billion Dollar Hedge Funds Make the Cloud Move]]>, 24 Jun 2014 00:00:00 -0400 eci Timing is everything. Last week we released a new whitepaper, Why the Billion Dollar Club is Headed to the Cloud, and shared an excerpt here on Hedge IT about why hedge funds are making this move. Today, to entice you to download the full paper, we'll share WHEN firms are making the cloud move.

WhitepaperFor newly emerging investment firms, the choice to adopt a cloud-based architecture is an easy one. Few firms have a business model where an in-house Comm. Room makes strategic or economic sense. But what about established firms that have been in business for several years and have invested millions of dollars in infrastructure? When is the right time to make a move?

Opportunities and timing will vary, but generally speaking, the following three scenarios represent ideal inflection points for moving to the cloud:

Office Relocations

This is an ideal time to switch to the cloud. Many companies are understandably reluctant to take on the expense of moving a massive, expensive, and often outdated infrastructure to a new location – particularly if the company expects to phase out certain portions or components in the following 24-36 months. In such cases, migrating to the cloud before relocating offices can be a smart move.

New Applications

Larger firms with larger application portfolios often find that a transitional strategy is best. Abrupt migrations to the cloud can be disruptive. In those instances, financial firms find that new applications can start in the cloud – no subsequent migration needed. And those deployments are faster. While few IT portfolios will see 100 percent turnover in the short term, this strategy can simplify any migration of on-premise apps to the cloud by minimizing the work required when the company finally makes its move.

Technology Refresh

Similarly, many firms find that when the time comes to update infrastructure or upgrade applications, that inflection point represents an excellent opportunity to perform a cost-benefit analysis. In most cases, firms find that initiating a cloud migration for that particular component of the IT portfolio is the best choice. And since either choice introduces change, there’s no added burden to making that transition. What’s important to note is that, for an established firm, migrating to the cloud is not an “all or nothing” decision. The pace and scope of the transition to the cloud can be custom-fit to the firm’s business/strategic needs.

Download the full whitepaper, Why the Billion Dollar Club is Going to the Cloud, HERE.

right time to go cloud image

<![CDATA[Why Billion Dollar Hedge Funds Are Going Cloud]]>, 19 Jun 2014 00:00:00 -0400 eci Today we released a new whitepaper that looks at a growing trend we are seeing -- billion dollar hedge funds and investment firms moving to the cloud. Here is a sneak peak at the paper's content as well as a video interview with Bob Guilbert on why firms should read, Why the Billion Dollar Club is Headed to the Cloud.

It’s More Than Managing Money

Billion Dollar Club Goes CloudThere’s more competition in financial services than ever before. Every week, new and agile boutique firms sprout up, armed with proprietary models and the right technology foundation to compete – intensely – with the major players for billions of investment dollars. Firms of every size are competing to deliver broader ranges of increasingly exotic instruments, specialized funds, and high-performance investments that deliver competitive returns to investors whose demands and expectations continue to climb.

But when it comes to performance and success in financial services, there’s more to evaluate than just the hard numbers. Returns alone aren’t enough. Today, savvy firms know they need to deliver more. In a post-Madoff, post-2008 world, the SEC and FINRA – and investors as well – are scrutinizing all corners of the operation. There’s an increased focus on how operational risk is managed and how firms respond to greater demands for transparency. That means it’s more important than ever for firms to deploy and maintain robust, scalable, and secure technology infrastructures.

The Business Case for The Cloud: Why Established Firms Are Making The Move

Hedge Funds and CloudTraditionally, investment firms have allocated significant capital budgets – millions of dollars – to build out their own sophisticated Communication (Comm.) Rooms, which can take months to provision and bring online. There are servers to buy and install, software to license and configure, and voice/networks to deploy. And these infrastructures also require firms to recruit and hire expensive IT talent to manage and operate.

Increasingly, however, that model no longer makes good business sense for some firms. Today, cloud architectures are emerging as the dominant choice for computing infrastructures at investment firms of all sizes. With cloud computing, firms procure from a third party a scalable supply of computing, storage, and networking resources on a near-immediate basis without the upfront capital investments, delays, staffing requirements, or maintenance headaches. Funds can provision new servers in a few hours, scale up to meet short-term needs, and scale down when needs dictate. Best of all, that infrastructure is managed and protected 24x7 by dedicated professionals who focus solely on operating these services on a firm’s behalf.

Not surprisingly, many firms – including those with well-established in-house infrastructures – are making the move to the cloud for a variety of compelling reasons:

  • Predictable and Favorable Economics

  • Investor Transparency

  • World-Class Capabilities

Download the full whitepaper, Why the Billion Dollar Club is Going to the Cloud, HERE.

Need more convincing? Watch our video.

<![CDATA[What Happens to Your Firm's IT Team When You Go Cloud?]]>, 10 Jun 2014 00:00:00 -0400 eci As your firm evaluates moving to the cloud – as most firms today will inevitably do – your list of priorities will likely include:

  1. Regulatory and investor impacthedge fund staffing

  2. Migration plans and operational effects

  3. Hardware disposal and infrastructure changes

But another critical business area your firm should put some thought into is the effect of the cloud movement on your internal IT department (assuming you have one). What exactly happens to a firm’s IT team once it moves operations into a cloud environment? Is there still value in maintaining an in-house staff?

The simple answer is ‘yes,’ but the day-to-day responsibilities for those staffers may not look quite the same post-cloud. With a fully managed service provider, everyday management is typically taken care of – leaving internal resources with a lot more time on their hands. But that doesn’t mean there’s no longer a need for an IT department. And it certainly doesn’t mean IT managers should be left to twiddling their thumbs. Here are a few long-term projects ideally suited for a full-time technology staff no longer bogged down by mundane software patches and licensing upgrades:

Cybersecurity programs. You’ve heard us say it before, but cybersecurity is the hottest topic in the investment industry right now. With the SEC providing an extensive questionnaire for registered firms to follow, it’s critical that firms take the time to assess their security practices and employ robust programs to not only meet SEC demands but also satisfy investors. Even if a firm chooses to leverage an outsourced cloud solution for their daily infrastructure (which may come with some inherent security features), any physical infrastructure that still resides on-premise at the firm would need to be protected. Beyond management of on-premise technology, hedge fund IT staffs should also be forward-thinking and address large-scale security initiatives and ensure the entire organization is involved in regulating and mitigating security issues.

Regulatory compliance. Outside of the SEC’s recent focus on cybersecurity, there are other regulatory issues firms should be sure to comply with. As part of a fund’s overall technology program, IT staffs should work with internal or external compliance experts to address any gaps the firm may have and ensure operations are in sync with existing regulatory requirements on state, federal and international (if applicable) levels. For example, on the international front, recent initiatives such as the Financial Conduct Authority’s Dear CEO letter and AIFMD should be on the radar for any affected parties.

Due diligence. Investor expectations are higher than ever, and technology has become one of the most critical components of the due diligence process. As technology service providers, we assist our hedge fund clients with DDQs on a regular basis and have seen an immense uptick in both the quantity of requests as well as their complexity. Investors are no longer satisfied with ‘checking the box’ responses. Internal CTOs and IT staffs can assist this process enormously and often work directly with investors in providing the necessary information to secure allocations.

Application integration. Hedge funds and investment firms who employ custom or in-house applications may look to keep IT staff on-site to manage not only integration but development of the application set being used.

Organizational support. To some, technology may seem like just another department within a business, but the fact is, IT is inherently linked to every aspect of an organization. As such, many firms continue to leverage internal staff to support operations and provide peace of mind to other employees within the office setting.

Despite the shift we are seeing firms make to the cloud, many funds today still look to leverage in-house technology experts and rely on them to assist with the aforementioned efforts and more. Moving infrastructure to the cloud is not a death sentence for an IT staff – merely an opportunity for firms to reevaluate priorities and reallocate resources to areas of the business most critical to the firm.

Additional Resources You Might Be Interested In:

Guide to Cloud Computing for Hedge Funds
Photo Credit: Shutterstock

<![CDATA[Hedge Fund Transformation, Part 2: Cloud, Communication & Control]]>, 05 Jun 2014 00:00:00 -0400 eci In Part 1 of our Transformation of IT seminar recap, we shared what our expert panel discussed relative to evaluating outsourced solutions and leveraging technology solutions. Our panel included Vinod Paul, Managing Director, and Steve Schoener, Vice President, at Eze Castle Integration, John Budzyna, Managing Director, and Dave Messier, Director, at KPMG, Timothy Ng, Managing Principal at Clearbrook Global Services, Jon Anderson, Global Head of OTC Derivatives at SS&C GlobeOp and Sheldon Rubin, COO/CFO/CCO at S Squared Technology LLC.

Read on to see what our speakers had to say about the considerations for outsourcing, typical transformation challenges and more. You can also read Part 1 of the event recap or listen to the complete audio replay.

Q: Whether it's technology, compliance or another area of the business, firms ultimately need to decide if they are going to manage these areas internally or outsource to an expert vendor. How does a hedge fund determine what is the right solution for them and whether to outsource or maintain their own systems and operations?Hedge Fund Outsourcing

  • When considering internal operations vs. outsourcing, a firm must determine which option gives it the most control over the given process. The firm is not only considering outsourcing technology but also outsourcing control.

Q: Would you consider outsourcing a cure for uncertainty? Or does it add flexibility in a market swimming in infrastructural, regulatory and technological changes?

  • There is no true cure for uncertainty, but a firm can find economical ways of dealing with uncertainty as it comes. Regulations, for example, can play a part.

Q: Beyond technology, a firm also needs to rely on either in-house or outsourced personnel to take a firm through any of these so-called transformations. Obviously, in order to move from an on-premise technology infrastructure to the cloud, a firm would need to employ an experienced IT staff or leverage a cloud provider to make that migration. What skills and experience are needed for effective hedge fund operations and IT transformation?

  • The short answer is many skills and experiences. Team effort is important. Business skills are also critical: someone who is an expert in underlying business from the top down. That includes the larger perspective as well as intricate levels of detail. Communication is another critical skill.

Q: What are the typical challenges a firm faces while undergoing a transformation? Are there any recommendations you can make about how a firm can effectively navigate the transformation process?

  • Transformation, implementation or change of any kind can be overwhelming. It can be intimidating. One piece of advice is to take a large project and break it down into smaller, more manageable pieces. Firms should also put together a strategic roadmap of where they are and where they want to be. But don’t be married to that roadmap. Understand that things will change and adjustments will need to be made.

  • Another challenge can be overanalyzing problems. Sometimes getting a solution in place and fine tuning later can be more effective than waiting to find the optimal solution while in search of perfection.

Q: What are your final thoughts or forward-thinking predictions in terms of where we see firms going and what other transformations we can expect to see in the future?

  • The changing regulatory requirements have not increased the entry barriers for firms.

  • We have come a tremendous way in a short period of time. Old tried and true technologies are not going away with the emergence of new technology though. There are now just more (and better) solutions for firms to choose from – not a complete change in the industry, but ways to make firms more efficient and increase quality.

  • Firms should use technology to understand what the inherent costs are to running a portfolio.

  • There is widespread industry acceptance of outsourcing, and with the emergence of the cloud, there are certain front, middle and back office processes moving away from the core of the fund.

Here are some other resources on Hedge Fund Transformation you might enjoy:

Hedge Fund Outsourcing Guidebook
Photo Credit: iStock Photo

<![CDATA[WWDC 2014: The Latest and Greatest from Apple's Worldwide Developers Conference]]>, 03 Jun 2014 00:00:00 -0400 eci

The annual gathering of Apple’s developers took place earlier this week in San Francisco, and top Apple execs Tim Cook, Phil Schiller and Craig Federighi took center stage to reveal what new products and features users can expect to see from Apple in the near future.

Before we get into the specific announcements from the Worldwide Developers Conference (WWDC), let’s talk numbers and take a look at what Apple has been up to as well as their growth as a company:

  • 9 million registered Apple developers (47 percent increase from 2013)

  • 800 million iOS-powered devices sold to date

  • 80 million Macs installed to date

  • 130 million new customers in the past year

  • 1.2 million apps currently available in the App store

  • 75 billion apps downloaded to date

  • 12% growth in the Mac market share (whereas PC has declined)

Now back to the WWDC. The event’s keynote speech delved deep into what Apple has been working on tirelessly for the last year and what users can expect to see at its annual fall release. Here is a breakdown of new features and key additions for Apple’s newest release: iOS 8.Apple Healthkit

Healthkit – There is a clear health and fitness focus in the latest software upgrade. Healthkit provides a composite profile of your favorite fitness apps and health information, similar to how Passbook organizes boarding passes, movie tickets and loyalty cards. Healthkit syncs your health-related apps into one convenient space. ‘Health’ is the primary app within the profile; it has the ability to track a wealth of information such as activity (steps), nutrition, heart rate, sleep, weight and blood pressure. It also integrates with third party applications, such as Nike.

QuickType – Apple has finally revealed that they are providing predictive typing, a feature already commonly used with Android products. QuickType will be able to guess your next words as well as adapt your language depending on who you are talking to.

Group Messaging – Group messaging is getting a serious facelift. The updated feature will allow users to: name friends, add and remove members, and permanently leave a thread. And, for the real winner, you can apply “do not disturb” settings at any time!

Homekit – This new platform allows users to control locks, doors, lights, cameras, thermostats, etc. with one central device. Apple has partnered with a variety of third-party vendors to make this possible.

Interactive Notifications – This feature will allow users to respond to notifications such as texts or Facebook messages while still remaining in the application currently in use. How? Simply pull down the notification window and easily respond to the pressing message at hand. Users will have the option to respond with text, picture, video or voice recording without interruption.iOS 8

Family Sharing – Six members of a family are now able to share iTunes purchases, including applications, music and movies, with one central credit card. This feature also gives access to linked members’ calendars, reminders and photos. Parents also have the ability to control children’s purchases because permission to purchase must be verified by the main cardholder.

Synced Photo Editing – iOS 8 will automatically sync your photos with iCloud to ensure that images are available across all applications. There are also new affordable iCloud plans:

  • 20 GB for $.99 per month

  • 200 GB for $3.99 per month

The iCloud Photo Library will also include new smart editing features that allow users to manually adjust multiple effects such as contrast, color, light exposure and more.

Overall, the results from WWDC 2014 are consistent in terms of the types of information Apple usually presents. Nonetheless, the features and additions they presented should continue to please their user base and help the company stay amongst the leaders in the smartphone market.

To stay up-to-date on other technologies, take a look at some other Hedge IT articles, including:

Contact an Eze representative

Photo Credits: 9 to 5 Mac, Apple
<![CDATA[Hedge Fund Transformation, Part 1: Evaluating Outsourced Solutions & Leveraging Technology]]>, 29 May 2014 00:00:00 -0400 eci Earlier this month alongside KPMG, we hosted a seminar in New York on “The Transformation of IT and Hedge Fund Operations.” We asked experts to examine the changes impacting hedge funds today and the future of this industry transformation. Our distinguished panel included Vinod Paul, Managing Director, and Steve Schoener, Vice President, at Eze Castle Integration, John Budzyna, Managing Director, and Dave Messier, Director, at KPMG, Timothy Ng, Managing Principal at Clearbrook Global Services, Jon Anderson, Global Head of OTC Derivatives at SS&C GlobeOp and Sheldon Rubin, COO/CFO/CCO at S Squared Technology LLC.

Below is a brief recap of the topics discussed during the lively event. To listen to the full audio podcast of the event, click here.

What do you see as the greatest transformation the hedge fund industry has undergone or is currently in the midst of?

  • There is more acceptance of outsourcing. Many firms are leveraging outsourced service providers for front office support, for example, and leaving their in-house departments to focus on the core business. Outsourcing

  • Many firms starting today don’t even consider building out a middle and back office – they immediately look to outsourcing. The quality and opportunities provided by outsourced service providers, including administrators, are much better than they have ever been before.

  • Third-party software and service providers continue to improve and many firms are attempting to fully integrate the back office as a result. With systems designed effectively, firms can yield benefits including reduced costs and increased efficiencies.

  • Allocators are being more frequently asked to take on the role of consultants and analyze underlying risks within fund portfolios – something many investors today don’t understand fully.

How do you see fund managers utilizing technology to address the call for greater portfolio transparency by institutional investors and consultants?

  • Investment firms are using technology to get a better view of the inner workings of the portfolio. Funds who utilize portfolio or risk software are often asked to provide risk metrics to investors. A fund should focus on getting the transparency, understanding it and translating it for the investor so that they are comfortable with any current or future allocations.

What are some opportunities for fund managers – particularly those with modest budgets – to leverage technology for strategic and/or operational benefit?

  • Firms should conduct a cost-benefit analysis to evaluate the importance of any implementation. If you can justify the effort needed to ensure a successful project based on the benefits outlined, it is a project worth moving forward.

How can emerging managers, in particular, cope with limited resources and personnel and still compete on an institutional level as well as meet the increasing amount of regulatory oversight and pressure?

  • One approach for emerging managers looking to compete is to avoid hiring internally for a variety of functions. Firms can outsource technology, back office, administration, etc. as long as the service providers are reputable and institutional-grade. If allocators can see that firms are set with due diligence, compliance and other services and are utilizing the high standards of a service provider, they will be more likely to invest with emerging managers.

What are some of the best ways to apply transformation or operational improvement efforts to such a rapidly-changing area, like compliance, for example?

  • The idea of operational improvement is a continuum: from incremental, tactical opportunities to transformational opportunities. Compliance tends to lean more towards the incremental side. There are many well-integrated, efficient solutions in the marketplace to satisfy needs relative to personal trading, securities, brokerage and execution, legal compliance, etc. Firms need to look closely at individual compliance needs and find a solution that will satisfy both the firm itself and investors.

Is there some particular pattern to when a firm undergoes the transformation process and goes from analyzing the problem to fixing the problem?

  • When struggling with a problem, you often reach a critical point where the complexity or volume of the problem has outstripped your capacity as a business. This is a critical situation. The problem might start to cause mistakes or money if not resolved. This is often a significant driver for change.

Read Part 2 of our Hedge Fund Transformation Recap here! In the meantime, you might find these resources valuable:

Guide to Technology Outsourcing
Photo Credit: Istock]]>
<![CDATA[Video: Hedge Fund Startup 101 Roundtable with the Hedge Fund Association]]>, 13 May 2014 00:00:00 -0400 eci The following article is part of our Emerging Managers Insight Article Series. Read more articles from the Series HERE.

What are the keys to starting a hedge fund? How does an emerging manager ensure success in a constantly-changing world of legal and regulatory guidelines, increasing investor expectations and evolving technology platforms?

In order to answer these questions, Asset TV and the Hedge Fund Association recently gathered an expert panel for a video roundtable focused on hedge fund startups. Our own Managing Director, Vinod Paul, was featured on the panel, along with experts from The Kingdom Trust Company, Eisner Amper LLP, and Thompson Hine LLP. Watch the video below to learn more about a variety of topics important to new fund launches, including:

  • Custodial Needs

  • Technology Infrastructure Priorities

  • Compliance Concerns

  • Data Management

  • Dodd-Frank & Regulatory Requirements

  • Cybersecurity Concerns

  • Investor Expectations

To learn more about launching a hedge fund, check out some of our other relevant resources:

Articles for Emerging HF Managers

<![CDATA[Preparing for SEC Cybersecurity Exams: Webinar Recap & Replay]]>, 08 May 2014 00:00:00 -0400 eci Cybersecurity is one of the hottest buzzwords in the industry right now – but it’s also a serious concern for hedge funds and investment firms. So much so that the Securities and Exchange Commission has taken formidable steps in 2014 to assess the cybersecurity landscape and provide guidance to registered broker dealers and investment advisers around what policies and technical safeguards should be in place to protect them.Webcast: Preparing for SEC Cybersecurity Exam

With so much information being shared and so many industry changes around this topic, we asked our cybersecurity experts – Steve Schoener and Lisa Smith – to talk us through what’s happening in the world of hedge fund cybersecurity and provide direction for firms looking to comply with the SEC’s latest guidelines. Following is a brief recap of a webinar we held earlier this week doing just that. To watch the full replay of the event, click here or watch below.

Industry Update: How did we get here?

Before we dive into what expectations the SEC has for registered firms in regards to their cybersecurity practices, let’s first take a look at how we got to this point. Among the host of high-profile security incidents we’ve seen dominate the news of late, these few resonate the most:

  • Dec 2013: Target data breach results in customers’ personal data stolen

  • April 2014: Crytolocker ransomware holds data hostage

  • April 2014: Heartbleed vulnerability poses potential data exposure threat

  • April 2014: Internet Explorer vulnerability puts technology at risk, leaves PCs open to being hacked

As a result of these and other security concerns, the SEC has taken steps to ensure hedge funds and investment firms are prepared for the next incident. In a Risk Alert issued last month, the SEC announced it will perform examinations of at least 50 registered firms and also provided a lengthy sample questionnaire for firms to use as a guide in their preparations. The seven-page document addresses various aspects of a firm’s technical infrastructure and corporate policies and sets expectations that firms should meet a set of standard criteria in order to comply with the new guidelines.

A Sample Look at the SEC’s Cybersecurity Questions

To help firms gain a better understanding of what information the SEC is looking for within its request for information document, following are a few questions from the document and some helpful information for firms starting to draft responses.

Category: Identification of Risks/Cybersecurity Governance
Question: Please indicate whether the Firm conducts periodic risk assessments to identify cybersecurity threats, vulnerabilities, and potential business consequences. If such assessments are conducted: a) who conducts them and in what month/year was the most recent assessment completed? and b) please describe any findings from the most recent risk assessment that were deemed to be potentially moderate or high risk and have not yet been fully remediated.

If you’re not familiar with what exactly a risk assessment is, let’s start there. A risk assessment looks at a firm’s systems and data and evaluates the potential level of risk and impact to that firm if a security incident were to occur. We recommend risk assessments be conducted on an annual basis as well as in the event of major business changes (e.g. expansion, adding new applications, etc.). Third-party vendors, such as our partners at eSentire, are well-versed in conducting vulnerability assessments for financial services firms.

Category: Protection of Firm Networks and Information
Question: Please indicate if the Firm maintains a written data destruction policy.

Keep in mind that a data destruction policy does not only apply to electronic information. Your firm should employ a policy that addresses the destruction and/or removal of all data and records including, but not limited to, portfolios, subscription information, employee personnel files, hard drives, servers, and tape backup.

Another consideration to think through is what third parties your firm is engaged with and which of them have access to your company’s data or infrastructure. For example, if you are working with a cloud provider, there should be a contractual obligation on the part of that vendor to remove any client data and either destroy it or return it to the client in the event the relationship is terminated. With the cloud, obviously physical infrastructure is not destroyed, but firms should ensure their data is removed from the cloud environment if and when the client migrates off the platform.

Category: Detection of Unauthorized Activity
Question: Identify and explain how and by whom the following practice is carried out – identifying and assigning specific responsibilities, by job function, for detecting and reporting suspected unauthorized activity.

With this line of questioning, the SEC is looking to see that firms are putting thought into their cybersecurity preparations and assigning specific ownership to firm personnel. Firms should identify a person or team of persons to oversee policies and procedures around the firm’s security practices as well as to lead the charge in responding to any types of security incidents that occur. In many cases, this role is taken on by a Chief Technology Officer or Director of IT.

The Importance of Written Information Security Plans (WISP)

The most effective way for a hedge fund or investment firm to respond to the SEC’s examinations is with a written information security plan (WISP). A WISP is a carefully crafted document firms should create as a means to identify and implement both administrative and technical safeguards to protect a firm’s sensitive data and infrastructure. Key elements of a WISP include:

Administrative Safeguards

  • Define confidential data

  • How is it protected?

  • Where is it located? (Shared drives, emails, CRM systems, etc.)

  • Who has access? Do they have a business need?

  • Roles and responsibilities (Is there a person or team in place to manage this?)

  • Communication procedures (Who needs to be notified? e.g. investors/regulators)

Technical Safeguards

  • Assessment of technical safeguards (e.g. penetration testing, encryption software, etc.)

  • Evaluation

  • Implementation of additional safeguards, as necessary

As a final thought, firms should work with their internal IT staffs and/or outsourced technology providers to review the SEC’s questions and customize responses according to their specific infrastructure configurations and data requirements. In cases like these, unfortunately, one size does not fit all, and firms will find that their written information security plans will need to include detailed specifics relative to the firm.

Eze Written Information Security Plan ServiceEze Castle Integration’s WISP team is actively working with clients to respond to the SEC inquiry and develop comprehensive written plans to satisfy regulatory and investor demands. If you would like to learn more about Eze Castle’s WISP service or speak with a sales representative, please don’t hesitate to contact us.

Additional Cybersecurity Resources You Might Find Helpful:

<![CDATA[The Transformation of IT and Hedge Fund Operations]]>, 01 May 2014 00:00:00 -0400 eci Regulatory oversight, competition for assets and investor due diligence concerns have left investment management firms with more pressure than ever to succeed. And technology innovations like the cloud have turned the traditional hedge fund operations model on its head. The questions remain: how do fund managers evolve in 2014 and meet the increasing demands of the financial services industry? And how do firms compete with the incoming crop of new launches that continue to emerge and vie for investor allocations?

The following presentation takes a closer look at these key transformations within the hedge fund industry and examines the shift firms are making from traditional, on-premise IT infrastructures to cloud-based platforms. It also highlights managed disaster recovery services and offers best practices for security in the cloud.

Take a look, and if you can, join us in New York on Tuesday, May 6 as a panel of experts discusses these topics and more at our Transformation seminar.

<![CDATA[SEC Outlines Cybersecurity Questions, Sets Magic Number at 50 Firms]]>, 22 Apr 2014 00:00:00 -0400 eci SEC Cybersecurity and logoThe SEC last week provided even more clarity into its growing focus on cybersecurity at broker dealers and registered investment advisers. A key takeaway in a Risk Alert issued on April 15, 2014, is that the Office of Compliance Inspections and Examinations (OCIE) will be conducting examinations of more than 50 registered broker-dealers and registered investment advisers, focusing on areas related to cybersecurity.

In order to help compliance professionals prepare and assess their firms’ responsive cybersecurity preparedness, OCIE has created a sample cybersecurity request document that outlines the types of questions firms can expect. OCIE is good to point out that these questions should not be considered all inclusive of the information that OCIE may request. OCIE will alter its request for information as it considers the specific circumstances presented by each firm’s particular systems or information technology environment.

You can find the Risk Alert and questions HERE.

Now What? Preparing for the SEC Cybersecurity Exam

The SEC was kind enough to provide a proverbial map of the directions it may take during a cybersecurity exam; now firms need to assess their internal processes and procedures as well as supporting technology. It is important to note that the SEC is just as interested in your Written Information Security Policy (WISP) as they are in your technology safeguards.

The areas the SEC outlined include:

  • Identification of Risks/Cybersecurity Governance

  • Protection of Firm Networks and Information

  • Risks Associated with Remote Customer Access and Funds Transfer Requests

  • Risks Associated with Vendors and Other Third Parties

  • Detection of Unauthorized Activity

  • Other: Identity theft red flags; Security breach incidents; Reported incident history.

Here at Eze Castle Integration, we are going through the questionnaire and beginning to work with clients to answer the various sections. Our WISP team is also on-call to begin the process of developing more comprehensive internal and external policies and procedures around security.

Your IT provider should be able to provide assistance, but policies and procedures are key too.

Cybersecurity Hedge Fund Report

<![CDATA[A Public Reminder on the Private Cloud Debate]]>, 25 Mar 2014 00:00:00 -0400 eci Earlier this week, it was reported that Nasdaq was reconsidering its Amazon-based cloud product, FinQloud. According to the Financial Times, FinQloud has failed to gain significant traction in the marketplace amongst financial services firms including broker-dealers and exchanges. If Nasdaq pulls out of the deal with Amazon Web Services (AWS), it would be a major disappointment to Amazon, who is actively pitching AWS to large financial institutions and enterprises.

Whether the limited adoption of FinQloud is a sign of a product flaw or a larger industry trend, we feel it important to draw attention to a longstanding debate within the financial services industry – a debate that we’ve shared our thoughts on here on Hedge IT many times: public vs. private clouds.

It’s certainly possible that the slow adoption of FinQloud is a result of concerns over mass public cloud usage – a stern reality for many financial services firms who expect and demand that their critical applications and data be stored in a highly secure and available environment. Hedge funds and investment firms, in particular, cannot afford unexpected downtime, and unfortunately, we’ve seen several public cloud providers experience major outages in recent years. Just last week, Dropbox users logged in to find the service was unavailable, and Amazon and Google have both found their services in the headlines in recent years due to very large and public disruptions.

Security in the public cloud remains a bit of a question mark, as public cloud providers are still lacking in transparency and are less likely to disclose the specific security and compliance protocols that support their infrastructures. Particularly as regulatory bodies stress the importance of security measures in the world of heightened cybercrime (the SEC is holding a cybersecurity roundtable this week), it is imperative that investment firms leverage secure systems to power and protect their operations.

Service and support are also critical factors to consider when selecting a cloud provider. Hedge fund service providers have the experience and expertise to handle any IT issues that arise and are often available on a round-the-clock basis to meet the needs of their clients. Public cloud providers may have general support lines or customer service representatives available, but the odds that their expertise lies in financial services technology are slim. Any application or investment technology-related questions or problems would be easier answered by a provider whose business is designed to meet the industry’s unique demands.

To read more about the differences between public and private cloud environments and the considerations for each, take a look at some of our other resources:

Cloud Usage Survey Report: Download Now

<![CDATA[Finding Agility & Focus by Hosting Your Hedge Fund Applications]]>, 20 Mar 2014 00:00:00 -0400 eci Earlier this week, we hosted a webinar on the topic of application hosting in the cloud and featured our newest partner, Black Mountain Systems. Our speakers looked at the benefits firms can realize from hosting their hedge fund applications in the cloud as well as the future of cloud adoption. Let’s take a closer look at what was covered. If you’d like to watch the full event replay, click here.

Here at Eze Castle Integration, we see the adoption of cloud computing continuing to grow in a significant way, particularly among new startup firms. Realizing the operational and financial benefits of a cloud infrastructure, nearly 95 percent of new startup funds are opting to utilize the cloud. Existing firms are also shifting in this direction (though at a much slower pace), and we’re seeing on-premise infrastructure deployments starting to decline.

Firms can reap significant operational benefits from hosting applications in the cloud. For one, the cloud provider (and not the hedge fund) is responsible for management and maintenance of the infrastructure as well as managing upgrades and software procurement. There is a quicker turnaround time when firms need to add users or resources, and adding an application to an existing cloud platform becomes a much simpler process than dedicating servers and on-premise equipment. Another operational benefit is that firms who have existing technology staff can reallocate those internal resources and refocus their attention on higher priority areas of the business.

Application Hosting Webinar

From a financial perspective, there are no costs for the firm to incur relative to upgrades or maintenance, and in some cases with smaller firms, overall costs can be lowered as a result of application hosting or cloud adoption.

How Do I Choose a Cloud Service Provider?

Choosing who to work with to manage your firm’s cloud environment can be a daunting task. Here are a few key considerations to keep in mind as you go through the evaluation process.

Type of Cloud (Public vs. Private/Managed)

A public service provider provides the CPU, memory, and storage resources you need and gives you the control to build your application. But beyond that, you might not receive a whole lot from that relationship. A managed service provider (such as Eze Castle) delivers these essential building blocks but also provides staff and industry expertise to truly manage your firm’s infrastructure and resources.


Consider where your firm’s offices are located and where you’d like to be in relation to “the cloud.” Firms engaged in high-frequency trading, for example, will benefit from low latency and therefore short distances to financial markets and stock exchanges. You should also consider the distance between your office(s) and cloud infrastructure and how the end user experience may be affected by said distance.

Quality of Data Center Facilities

Keep these factors in mind as you evaluate cloud providers:

  • Level of Operations/Support (Who manages the facility?)

  • Redundancy (Is it a N+1 configuration?)

  • Power/Cooling Resources (Are multiple power grids utilized to protect uptime?)

  • Certifications and Standards (Is it SSAE-16 certified?)

  • Security (Are there physical and digital security standards in place?)

Data Transit Options

Some clouds charge firms every time data is sent in and out of the cloud. This charge is based on the size of the data. Other providers offer a subscription service which allows for an unlimited amount of data to be sent in and out at a fixed monthly price. Depending on your transmission levels, one of these options may make more sense for your firm than the other.

Backup & Disaster Recovery

When it comes to protecting your firm’s critical data and infrastructure, you can never be too careful. Be sure to ask if backup and DR are included and where your data is stored. Are there limitations on restored data if a disaster occurs? What is the time frame to restore data to a secondary location?

Documentation and Transparency

Ensure your cloud provider is open and honest with you about both the cloud infrastructure and the processes that support it. Are Service Level Agreements in place and do they align with your business requirements? Can SLAs be revised if and when your business changes?

Trending to the Cloud

A recent report by CEB TowerGroup, expects the majority of applications will be delivered via the cloud in 2015 and “cloud adoption is potentially highest for post-trade activities, such as accounting, reporting and performance measurement.”

Here at Eze Castle, we see the movement to the cloud continuing, whether it be for hosting applications or full technology outsourcing. Either way, firms are shifting away from deploying costly infrastructure on-premise and leaning towards the operational and financial benefits the cloud offers.

To watch the full replay of our Application Hosting webinar, click here.

Guide to Cloud Computing

<![CDATA[Why are Hedge Funds Moving to Miami?]]>, 13 Mar 2014 00:00:00 -0400 eci What comes to mind when you think of Miami, Florida?

Beaches and sun, exciting nightlife, a popular Will Smith song. These are typical associations with Miami. How about finance? This might not be the first thought that comes to mind, but the city of Miami is hoping that will change. Miami is a major financial hub and growing, and according to the president of the Miami Finance Forum, it’s the second most concentrated financial hub behind New York City.

Currently home to over 60 international banks and 100 alternative investment companies, Miami and its busy Brickell Avenue has emerged as “Wall Street South,” and according to Forbes is luring many financial firms away from more traditional hubs such as New York and Greenwich, CT.

In 2013, the Miami Downtown Development Authority began an initiative to attract Miami Skylinemore hedge funds, investment firms, and family offices. In an effort to attract financial firms and encourage them to relocate or expand into the city, they have included one-on-one meetings and recruitment trips to the Northeast. The initiative is sparking interest, and inquiries into real estate are piling up. So why is the financial flock heading to Miami? Here are some of the key drivers we’re seeing:

  • Weather: The warm Florida weather is a natural attraction, and many fund managers often vacation and spend time in Florida during the winter months.

  • Location: The short distance between Miami and Latin America offers the perfect opportunity to expand into this emerging market. Latin America has a thriving investment community, and with direct flights to many Latin cities, Miami makes it easy to network and expand business opportunities.

  • Financial Incentives: Miami offers hedge funds and investment firms a variety of tax breaks including no individual income or estate taxes and only federal capital gains taxes.

  • Reduced Travel Costs: Many fund managers spend their winters traveling to investment conferences in the South. With permanent offices in Miami, managers can reap the benefits of reduced travel expenses.

At this point, all signs point to growth in Miami continuing for the financial industry.

Whether your firm is relocating to Miami or moving to a new office down the street, don’t forget there are a host of project management-related considerations. Here are some additional resources to review before your project commences:

Photo Credit: Flickr

<![CDATA[Microsoft XP Extends Antimalware Support, Cybersecurity Concerns]]>, 11 Mar 2014 00:00:00 -0400 eci Back in October of last year, we learned that Microsoft was ending support for its XP operating system – a move that would force users to upgrade to its more current software. Fast forward to today, and more than 29% of PC users are still using XP (according to NetMarketShare). In an interesting move, Microsoft announced recently that it will continue to provide updates to its antimalware signatures and engine for Windows XP users through July 14, 2015. Microsoft did caution that its research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited.

But why?Windows XP End of Life

We can assume this is a move at least partly fueled by slow adoption of software upgrades, based on the figure NetMarketShare has provided. Beyond private PC users, however, there may lie an even greater reason for extending security support. Reports suggest that more than 90% of ATMs across the United States are operating with Windows XP – a potentially crippling situation if hackers were able to breach the operating system. Last year, “a high-profile criminal group in Europe took advantage of a security vulnerability in XP that allowed them to use flash drives to infect ATMs with malicious software, emptying the machines of cash one-by-one. Researchers estimate that they may have gotten away with millions of Euros.”

Even beyond ATMs, the cybersecurity threat to Windows XP is still very real. Avoiding or delaying the software upgrade can pose critical risks to firms as their PCs continue to deteriorate and become more susceptible to breaches and attacks. Financial services firms, in particular, should take note, as a recent study published by PricewaterhouseCoopers (PwC) revealed the financial industry is the most targeted group in the cybersecurity world. The PwC study found that 39 percent of financial services respondents had been affected by cybercrime, compared to the next highest industry at 17 percent.

Here are Eze Castle, we strongly advise you to investigate your firm’s current operating system (or if you’re an Eze client, talk to your client relationship manager) in order to ensure measures are taken to avoid any downfall as a result of Windows XP’s end of life. Despite the malware protection extension, XP’s demise still poses a significant threat to users and businesses who have not successfully upgraded.

In the event you aren’t overly tech-savvy and can’t be sure which operating system you’re currently using, Microsoft has made it simple to find the answer by visiting their website.

To continue reading about security, here are a few handy resources we’d recommend:

Photo Credit: Microsoft

<![CDATA[Dropbox Alternatives Coming to a Hedge Fund Private Cloud Near You]]>, 04 Mar 2014 00:00:00 -0500 eci Dropbox Alternative for Hedge FundsIs Dropbox becoming a noun? For the sake of this article, let’s say it is.

With over 200 million users, Dropbox (and similar services) is gaining popularity based on its ability to allow users to share files and sync data between devices. These capabilities are very appealing but rely on a public cloud platform that can introduce security and compliance concerns for hedge funds.

Dropbox made headlines last year when it was discovered by security researchers that the service opens some files once they are uploaded. While Dropbox provided an explanation, this can be a serious issue for businesses where employees are using Dropbox to share sensitive company and investment data.

So are your employees using Dropbox? Probably. A study conducted by Gigaom of 1,300 business professionals found that one out of five use public file sharing services, such as Dropbox, with work documents. And, half of those users know their companies have rules against it. This raises the question, how do you give employees access to a valuable tool in a way that meets compliance and security protection obligations?

Hello, Dropbox Alternatives

In the hedge fund space, private cloud providers (like us!) are adding enterprise-class file sync and sharing capabilities into their offerings using technology such as Varonis DatAnywhere. Eze Castle Integration recently rolled out DatAnywhere to our Eze Private Cloud clients.

DatAnywhere aims to strike a balance between security and convenience, which it does well. Employees are able to easily share files and access them across multiple devices while the company is able to set sharing and access control permissions for data. Additional benefits of this Dropbox alternative include:

  • Users have the same drag-and-drop experience as shared network drive or cloud sync folders

  • Data is automatically backed up and version controlled

  • Data is transmitted securely over SSL

  • All access is monitored and abuse is alerted

  • No user gets access to data unless they already have permission to access the data

  • Ability to create and easily share collaboration templates for teams, departments and individuals.

The power of file sharing tools is significant, and users will continue to be drawn towards them even when preventative corporate policies are in place. As a result, hedge funds should consider alternatives to empower their employees while staying compliant.

Contact Eze Castle Integration

<![CDATA[A Hacker's Tool Kit: Cyber Security Threats to Financial Firms]]>, 27 Feb 2014 00:00:00 -0500 eci It has been said that cyber weapons can be as dangerous as weapons of mass destruction. To emphasize this, at last night’s FBI Citizens Academy seminar on cyber security in financial markets, the speaker noted that if you take out an industry (think financial, teleco) you can cripple an entire country.

But just how would this happen? What’s in a hacker’s tool kit? Quinn Shamblin, executive director of information security at Boston University, provided a glimpse into the cyber security underworld.

Targeting Your Favorite Device

Let’s start with Mobile Device Security. Hackers are shifting their focus and resources to mobile devices. They recognize that a user’s life is virtually encapsulated on his/her mobile device. From contacts and email to documents, passwords and banking apps, mobile devices now hold as much as or more personal information than PCs or laptops. And most devices do not have anti-virus/malware software installed.

Just last Friday, Apple released a critical update to its iOS 7 operating system after a flaw was identified that could give an attacker with a privileged network position the ability to capture or modify data in sessions protected by SSL/TLS (aka public key encryption). Following that announcement, researchers at a cyber security firm (FireEye) published a proof of concept for a surveillance app that, if created and distributed by hackers, could capture every tap on an iPhone’s screen. The information captured, including passwords and credit card numbers, would be accessible to the attacker. These are just two examples of the cyber security threats facing mobile devices. Users need to be aware that these threats exist and practice smart computing on all devices.

DDoS: A Hacker's Version of Leverage

Next let’s talk DDoS (distributed denial-of-service) attacks, a common strategy used by hackers. We are nearing the one-year anniversary of the largest DDoS attack that was dubbed the “DDoS that almost broke the Internet.” As the story goes, Spamhaus (non-profit, anti-spam organization) came under attack by two individuals who were able to harness open DNS resolvers to send incredible amounts of traffic at the Spamhaus website. It is reported that, at one point, 300GB of traffic per second were being pushed.

In a statement on its website, Spamhaus explains that “preventing attacks like these depends on two key technical measures. First, all networks should ensure that they do not allow traffic to leave their network that has 'spoofed' (forged) sending addresses. Without the ability to spoof traffic there would be no reflection attacks possible. Secondly, open DNS resolvers should be locked down and secured. These attacks should be a call-to-action for the Internet community as a whole to address and fix those problems.”

No Update Here

Another vulnerability hackers love to exploit is out of date software. April 9, 2014 will be a big day for the hacker community, because on April 8th, Microsoft officially ends support of Windows XP. This means no more security patches or updates. We can assume that for the last year or so, hackers have been holding Windows XP-related malware just waiting for Microsoft to end support. (Read more on end of life here.)

For the most part, professionals at hedge funds and investment firms have upgraded from Windows XP, but it is not uncommon for a few of these systems to still be on a corporate network and it only takes one highly connected Windows XP device to let hackers into an entire corporate network. So if you haven’t already, now is the time to start planning to have your systems upgraded. At Eze Castle Integration, we are working with clients to set an upgrade timetable for their systems.

As a final thought, the most commonly infected file types are PDF, Flash and Java so make sure you install updates when they are rolled out by the vendors. Also, never open an attachment from a sender you don’t know.

For more cyber security guidance, check out these articles:

Hedge Fund Cyber Security Guide]]>
<![CDATA[Three Reasons the Private Cloud is Just like Olympic Curling]]>, 20 Feb 2014 00:00:00 -0500 eci Have you been enamored by the coverage of the Winter Olympics the last two weeks? We sure have. And watching all of these great sports we don’t normally get the chance to witness got us thinking – there are a lot of similarities between technology and Olympic sports. They’re both complex in many ways and require experts (engineers and athletes) who are the best of the best at what they do.

One of our favorite sports to watch is curling. And we couldn’t help but notice that Olympic curling and the private cloud are a lot alike. Don’t believe us? Take a look.

Both are safe and secure.

Secure Private Cloud

Let’s be honest: curling clearly presents the least amount of danger and lowest risk for injury at the Winter Olympics. Skiing and snowboarding? We’ve seen our fair share of wipeouts this year. Bobsled, luge and skeleton? Those are terrifying enough just as a spectator. Even figure skating poses a risk when skaters are leaping and twizzling left and right.

But curling? Extremely safe. Athletes can be fairly certain – whether they are curling or sweeping – that they will come out of the event unscathed.

Similarly, users in a professionally managed private cloud environment can rest assured their data and infrastructure are safe and secure. As an investment manager, you should not have to worry about the integrity of your firm’s assets and applications. In a private cloud environment, your infrastructure is protected and monitored by technical experts 24x7x365. To have complete confidence in your firm’s cloud environment, inquire about specific security measures your cloud provider takes to ensure your firm is protected at all times.

Both have a global presence.

Global Cloud

Okay, technically this applies to all Olympic sports, but the countries competing for medals in curling this year cover a wide geography. Male and female athletes from Great Britain, Canada, Sweden, China and Switzerland are vying for Olympic medals this week, and we think it’s great to see so many regions showing off their premier athletes on a global platform.

A cloud platform can only properly support your firm on a global level if it also has a global presence. When looking for a cloud provider, look for a company that can support your operations with data center facilities and employees on the ground in multiple locations. We’re proud to say our Eze Private Cloud supports investment firm users across the world – in the United States, United Kingdom and Asia.

Both require specific technique.

Olympic Curling

At first glance, curling might seem like a simple sport. But in fact, it requires an incredible amount of concentration and skill. The curler (or thrower) is responsible for the delivery of the stone, lunging forward and releasing the stone along the ice. The sweepers are then instructed to sweep the ice in front of the stone in an attempt to reduce friction and control the stone’s trajectory. Strategy and technique are critical to navigating the stone to a place within the house (that series of circle targets you see marked on the ice).

Think you could excel at curling? We’re willing to bet it’s harder than it looks.

Much like curling, the operation and management of a private cloud is not for the average person. Not everyone can design and manage a robust and secure private cloud platform. That’s why relying on an expert cloud provider can make a lot of sense, especially for busy hedge funds and investment management firms. When looking for a cloud services provider to support your firm, seek a company with expertise deploying cloud environments across the globe (see above) and supporting the unique needs of financial services firms. To make it easy, here is a list of questions to ask a potential cloud services provider during the evaluation process.

Visit our Facebook page and tell us which sport in the Winter Olympics is your favorite to watch!

Photo Credits: Wikipedia and Flickr

<![CDATA[Ledgex Tackles Liquidity Management Challenge for Fund of Funds]]>, 18 Feb 2014 00:00:00 -0500 eci Asset Allocator Liquidity Management Software Effectively managi­­ng liquidity and reporting within investment portfolios has been a struggle for fund of funds, institutional investors, pensions and endowments. No manager wants to in a position where their investor liquidity does not match portfolio liquidity but at the same time firms are trying to offer investors more frequent liquidity options as a competitive edge. In some case, investors are even asking for no liquidity limits.

To adapt to the changing liquidity risk landscape, firms are selecting portfolio management systems from companies like Ledgex Systems. Recently, Ledgex released the next generation of its portfolio management platform that delivers new liquidity management and manager research modules. These new tools give firms real-time visibility into their existing and proposed portfolio liquidity options while providing the research and analytics that support the manager selection process.

The Ledgex Liquidity module provides an advanced liquidity modeling utility and reporting engine, which can generate all available options for accessing assets given certain conditions by processing each tranche and their respective trade characteristics with a manager’s liquidity terms. Ledgex can model 90% of the manager liquidity terms used in the industry.

The Ledgex Research module combines CRM, document management and research management capabilities within a single system that removes silos and puts manager research in context with the entire investment portfolio management strategy. Ledgex Research allows investment professionals to efficiently manage, navigate and report on mass amounts of research data, while only acting on the right information. The module adapts to existing processes, from manager selection to manager monitoring, while providing a comprehensive tool to track firm defined manager attributes, including exposures, allocation weighting, attribution, AUM and investor concentration.

Ledgex Liquidity and Ledgex Research further enhance the existing Ledgex platform, which includes:

  • Ledgex Portfolio Manager, a comprehensive portfolio management system that allows managers to easy manage complex portfolio structures and look through these portfolios for exposure, performance and allocation weights.

  • Ledgex Workbench, a front office decision support tool for managing projected capital activity and fund activity and evaluating the impact that these decisions have on your portfolio.

  • Ledgex Investor Relations, a highly configurable tool designed specifically for managing communications, capital movements, meetings, and client interactions in a centralized system that brings organization to the investor relationship management (IRM) process.

Learn more about Ledgex at

Ledgex Liquidity Management for Asset Allocators, Family Offices

<![CDATA[Give Back this Valentine’s Day: Like for Life Campaign]]>, 13 Feb 2014 00:00:00 -0500 eci For the past few years, Eze Castle has held a "Like for Life" Campaign in the hopes of bringing attention to and raising donations for charitable endeavors. Continuing this important tradition in 2014, this year we will be supporting One Laptop Per Child, an organization that focuses on empowering the world’s less fortunate children through education. OLPC’s goal is to provide every child it can with low-cost, low-power, connected laptops. The organization has designed its own hardware, content and software to support this self-empowered learning and to give children the potential for growth and a love of learning.

Because of our love for and obvious interest in technology and hardware, this charity seems like a natural fit. But we cannot support this great cause without your help. To support this worthy organization, Eze Castle is hosting a social media fundraiser in which we pledge to donate $1 to One Laptop Per Child (up to $1,000) for every new “like” we receive on our Facebook page and every new follower received on Twitter (@EzeCastleECI). The pledge campaign will run between February 13, 2014 and March 13, 2014 and we hope you'll make this small move in the hopes of making a big change.

Please take a minute and “like” us on Facebook and follow us on Twitter to help us support One Laptop Per Child and help change the lives of children across the world who deserve the chance to learn.

One Laptop Per Child

If you'd like to learn more about One Laptop Per Child, watch the video below.

<![CDATA[How Is Your Firm Mitigating Technology Risk?]]>, 06 Feb 2014 00:00:00 -0500 eci Investment risk plays an important role in the life of a hedge fund manager, but technology risk should not. When it comes to your firm’s technology systems and operations, you want things to run efficiently, not add more stress to your already crowded plate.

Mitigating technology risk is a critical step to ensuring your hedge fund operates smoothly and successfully. Following are a few areas to keep in mind as you evaluate your firm’s technology risk:

Layers of Redundancy

One way to reduce your firm’s technology risk is to add layers of redundancy throughout your infrastructure. Whether you’re utilizing a cloud infrastructure or an on-premise environment, your servers, networking and telecomm lines should feature N+1 availability, a configuration in which multiple components have at least one independent backup component to ensure system functionality continues in the event of a failure. Mitigating Technology Risk

Disaster Recovery & Business Continuity Planning

Beyond redundant systems, it’s critical your firm employs DR and BCP strategies to protect systems and the overall business from succumbing to an outage or disruption. A complete disaster recovery solution will leverage replication technology to mirror your production environment to an offsite location. If and when a disaster strikes, employees can access data and applications virtually without missing a beat. Outside of technology systems, you can mitigate risk by relying on a business continuity plan to protect employees and processes. Ensure your BCP plan is communicated throughout the firm and all individuals have a thorough understanding of what to do and where to go if business is interrupted.


One area investment firms need to be especially aware of in today’s age is security, as cyber-attacks and other security-related incidents can pose a real threat to a business’ welfare. In order to mitigate these risks, firms need to take the necessary steps to protect their technology environments from internal and external breaches. Security best practices should be implemented at both the physical and infrastructure levels – meaning wherever your servers are located (cloud facility, colocation, Comm. Room), cages should be locked and monitored 24x7x365. To support these practices, strict and enforceable policies should be adhered to regarding access control and information security management. Read more about security best practices here.

Outsourced Technology Solutions

In order to better mitigate all of the above risks we’ve mentioned, your firm can leverage the expertise of a third-party technology provider. By placing the burden of risk on an outsourced provider, you free up your firm’s resources for other projects – whether they be IT or investment focused. Whether its project-by-project or on a part- or full-time basis, your outsourced IT provider can offer a vast array of services and solutions designed to meet your firms unique needs – and, of course, to reduce your firm's inherent risk.

Looking for more on outsourced technology? Read our Guide to Technology Outsourcing for Hedge Funds.

Guide to Technology Outsourcing

Photo Credit: Flickr
<![CDATA[Video: Security Incident Response Priorities for Your Hedge Fund]]>, 23 Jan 2014 00:00:00 -0500 eci At the end of last year, we predicted security would continue to be a hot topic in 2014 - and our experts agree. It's still such an important topic for hedge funds and investment firms to be educated on that we even dedicated our first webinar of the year to it.

Expert speakers from Eze Castle Integration and eSentire spoke earlier today about security incident response priorities and offered best practices for investment firms looking to plan before a security breach occurs.

Watch the video below and learn more about the three critical phases of security incident management:

  • Planning

  • Response

  • Resolution

Be sure to come back to Hedge IT on Tuesday for a more detailed recap of the event! And don't forget to check out some of our other security articles:

<![CDATA[Android Apps Coming to a BlackBerry Near You]]>, 14 Jan 2014 00:00:00 -0500 eci It’s true, the Canadian smartphone maker BlackBerry is preparing to launch a new firmware upgrade to its BB10 OS smartphone, including the Q5, Q10, Z10 and Z30 phones, that will allow Android apps to become available to its users via the BlackBerry World portal.

There is no question the BlackBerry handsets have been struggling because of a significant “app gap.” Consumers have come to expect unimaginable numbers of apps at their fingertips, which can easily be found on iOS and Android.Android Apps

In the past, BlackBerry only accepted apps created using their own proprietary format. The 10.2.1 upgrade to its BlackBerry operating system will support Android apps.

The company has been approaching big games and apps firm developers to upload their Android apps to a new section on its online app store, BlackBerry World. Developers will only need to submit screenshots and descriptions to have their software listed in the BlackBerry World, which means almost no effort from them. Users, on the other hand, will be able to download and install the apps just as they would any content built for their smartphones.

What are the new improvements to the BlackBerry 0S 10.21 upgrade?

The upcoming BB OS 10.2.1 update is set to bring in new features. The new update is expected to add a new section to BlackBerry World where all Android applications will be listed. The Android runtime is also expected to be upgraded, meaning that users will be able to run newer apps.

The new improvements will now include:

  • Android Native Support: Android apps that use shared libraries written in native-code, such as C and C++, will now be supported on BlackBerry 10. Support is limited to the recommended system headers and APIs as documented by Google. Headers and APIs outside this scope may not function correctly.

  • Bluetooth: Android applications using Android Bluetooth APIs will now work on BlackBerry 10. Bluetooth Low Energy for Android is planned to be supported in a future OS release. As a reminder, Bluetooth LE is supported in the BlackBerry 10 Native/Cascades SDK.

  • MapView v1: Applications that use MapView from Google Maps v1 API are now supported using OpenStreetMaps. Support for MapView v2 API is being planned for a future release.

  • Share Framework: Android applications that register with the share framework in Android will now also appear as share targets on the BlackBerry 10 share menu.

  • Spellcheck: Applications that use text input can now leverage support for spell checking and correction, and the ability to add words to the BlackBerry 10 dictionary.

No date has been confirmed for when BlackBerry is expected to release the OS 10.2.1 update.

<![CDATA[Five Ways the SEC Will Impact You in 2014]]>, 07 Jan 2014 00:00:00 -0500 eci This week we have a contributed post from Deborah Prutzman, CEO of The Regulatory Fundamentals Group.

Since the summer of 2012 the SEC has embarked on a drive to change the culture within financial services firms, including those in the alternatives space. At first the SEC focused on education—both of its staff and of industry participants. Now the SEC is actively using enforcement as a hammer to drive deeper change. Enforcement cases in 2013 included a focus on boards that failed to properly steer the valuation process and on individuals who misled compliance, as well as the highly-publicized cases involving insider trading.

What does this mean for you in 2014?

Five Ways SEC Will Impact You in 20141. The SEC will continue to focus on governance and on gatekeepers. This means you. Whatever your role-- as an adviser, on a board, or as a service provider-- you must have a grasp of key regulatory requirements. The SEC has announced an initiative to bring enforcement actions for inadvertent (or in technical terms “non-scienter”) violations. Do not let your firm be on that list. Take the time to learn what is required of you. Doing otherwise is like crossing the street with your eyes closed. Some may make it across, but do you want to be the one hit by a truck?

2. The SEC will continue to follow the money. This means continued focus on conflicts, valuation, expenses and compensation. Exam questions will change accordingly, as will enforcement proceedings and investor scrutiny. Recent enforcement proceedings illustrate that staff can be reluctant to raise issues with senior management that have the potential to hit the bottom line. Reflecting point #1, senior managers must encourage staff to raise these issues and demonstrate their importance by undertaking their own meaningful inquiries. Guidance may come from the UK regulators which have instructed management to undertake an internal conflicts assessment. (In fact, again reflecting point #1, UK regulators required some CEOs to attest that an assessment of conflicts has been presented to their firm's governing body and that the firm’s process for handling conflicts is adequate.)

3. Your protection will be a strong governance process. Senior management will need to be able to clearly articulate how it satisfies its “duty to supervise”— to drive both business results and to comply with legal requirements. There can always be a bad actor in an organization. Should enforcement personnel determine this to be the case, senior management will protect their firm and its staff during the enforcement process by showing that the individual acted alone. In short, strong governance provides coverage and credit if a bad actor is discovered. On a related note, the SEC relies heavily on cooperation and strong supervision can lead to meaningful cooperation in the regulator's eyes.

4. A strong governance process will include a full-fledged compliance program. This is compliance as an organic part of the organization and incorporates risk assessments and enhanced testing, not just the existence of a compliance manual. It will also include self-reporting and other behaviors underscored in the U.S. Federal Sentencing Guidelines.

5. Investors will focus on these issues even more in 2014 than in 2013. They will add a third leg to their due diligence efforts—legal and regulatory due diligence, which complements market and operational issues that were the focus of due diligence in the past.

The upshot of all this is that understanding the issues, and staying ahead of any changes, will help you run a tighter ship, understand your business better and protect you, your staff and your firm should something go awry. Doing so will not only keep regulators at bay, but will also instill greater confidence in your investors. In a tough market where investors are increasingly concerned with legal and regulatory exposure, managers who master regulatory requirements will enjoy a competitive advantage over firms that do not provide their investors with the same level of protection.

<![CDATA[Best of the Year Blog Posts: 2013 Edition]]>, 31 Dec 2013 00:00:00 -0500 eci I know, I know, we say it every year. But can you believe another year has come to an end? Even more amazing? We’ve now been bringing you fresh content on Hedge IT for nearly four years – including close to 400 articles! As we look ahead to 2014, we want to extend a huge THANK YOU to our loyal Hedge IT readers and hope you’ll stick around to see what we have up our sleeves in the New Year. Here’s a hint: it may even include a fresh new look...

With that said, as we do every year, let’s take a look back at some of our most popular Hedge IT articles from 2013. Here are some of your favorites (and ours, too).

Most Investment Firms Are In the Cloud: Are You?

Back in September, we revealed the results of our 2013 Survey: Examining Cloud Usage within the Investment Management Industry. In conjunction with IDG Research, we surveyed more than 100 financial services firms and found that nearly all of them (87%) are using the cloud in some way. Other key findings included the dominance of the private cloud (74%) and the growing belief that the private cloud is just as secure as an on-premise infrastructure. Read the complete survey report here.Happy new Year 2014

A Look at Liquidity Risk Management

Investment firms face a host of liquidity risk and data management challenges in today’s changing environment. But new and robust tools are designed to assist firms with these challenges and help them achieve the highest levels of liquidity management efficiency. Our partners at Ledgex Systems have built one such tool.

AIFMD’s Impact on US Hedge Funds: An Expert’s View

The Alternative Investment Fund Managers Directive (AIFMD) went into effect in 2013, but before its inception, we hosted a webinar with Bill Prew, founder of INDOS Financial, and he took us through the legislation’s goals and objectives and how both UK and US fund managers might be affected. Read his key highlights and watch a full replay of the webinar.

10 Signs it’s Time to Rethink Your Approach to DR & BCP

Another one of your favorite webinars of 2013 was our session on rethinking disaster recovery and business continuity. Our resident DR & BCP experts, Steve Banda and Lisa Smith, took us through their 10 signs to look for, which included everything from hardware refreshes and due diligence reviews to organizational changes and incident response practices.

The Business Case for Moving to the Cloud: A Hedge Fund Manager’s View

While the technology benefits of moving to the cloud are well-known, the business case is just as important – and often misunderstood. Some of the key business benefits realized as a result of cloud services include transferring from CapEx to OpEx, enhancing operational efficiencies and hosting applications with increased ease.

The Hedge Fund CFO’s IT Checklist: Questions to ask about the cloud

Speaking of the business case for the cloud, it oftentimes falls to a hedge fund’s CFO to manage technology – but what if that person doesn’t have a technology background? We provided a handy checklist for hedge fund CFOs to reference when asking about the cloud. Important information to gather should include upfront costs, budgeting & forecasting, security concerns and compliance considerations.

Training Your Employees on Information Security Awareness

Security was one of the hottest topics of 2013 – and we predict it will remain so in 2014. One often overlooked component of hedge fund security is remembering to train and educate employees on security vulnerabilities and what they can do to protect themselves and their firm. Coordinating a formal training session is a good strategy for ensuring everyone is on the same page.

Is Bigger Always Better? Advice for Hedge Funds Named David

This year in San Francisco we gathered an exciting panel of experts to talk about technology and hedge fund outsourcing. Their conversation focused mostly around how smaller and mid-sized firms can leverage outsourcing to compete with their larger counterparts. (We’re talking David vs. Goliath here!). Read the full article for some insight into advantages your firm may have if you’re on the smaller side, too.

That’s it for us in 2013! We wish all of our clients, partners, colleagues and friends a safe and happy New Year and hope to see you in 2014!

Photo Credit: Google]]>
<![CDATA[New Year, New Trends: What to Look for in Technology in 2014]]>, 26 Dec 2013 00:00:00 -0500 eci It’s hard to believe, but it’s already the time of year we look into our crystal ball and predict the top technology trends for the coming year. 2014 is right around the corner, so here’s a look at what we think will be some of the dominant topics in the tech world.

Hedge Fund Outsourcing Grows in Popularity
One dominant topic that came up during our Boston hedge fund event earlier this month was outsourcing. According to several experts, hedge funds and investment firms can and should continue to outsource areas of their business to service providers as a strategic initiative. Outsourcing leave the nuts and bolts of any area (be it technology, fund administration, etc.) to the service provider, and it allows the fund to focus on higher value areas including, naturally, investment management.

Cloud Solutions Become the Standard
There is no denying the steady adoption of cloud services among hedge funds and investment firms over the years. In fact, our 2013 Cloud Usage Survey shows adoption has risen to nearly nine out of ten firms across the U.S. In 2014, we believe the cloud will become the de facto solution for 2014 Fireworksbusinesses as firms gravitate towards the simplicity, flexibility and ease of management the cloud has to offer.

Security Remains Top Concern
For the last few years, security has been a prominent area of focus for businesses of all kinds, especially investment firms. We’ve spent countless hours talking about hedge fund security and offering our best practices and tips for firms to rely on to stay protected. Unfortunately, cyber-attacks and security threats still pose serious risks, and all firms must work diligently in 2014 to stay educated on the topic and implement sound practices to mitigate any internal breaches or external vulnerabilities. We believe security is such a serious topic, in fact, we’re even kicking off our 2014 webinar series with an installment on Incident Response. To pre-register for this event, email us.

BlackBerry’s Decline Continues
BlackBerry made headlines again this week, as its co-founder abandoned plans to buy the company outright and reduced his stake in the company to under five percent. The announcement comes on the heels of news that BlackBerry lost $4.4 billion last quarter and is discontinuing hardware development to focus more on the software side of the business. In 2014, we expect Apple and other smartphone devices and operating systems to continue their dominance as BlackBerry, sadly, becomes a name of the past.

The War Goes On: PC vs. Tablet
Speaking of changes, one could argue there will be no greater transition on the technology front than the current shift away from PCs and toward tablets and smartphones (BlackBerry excluded, apparently).

According to some, tablets are the new PCs and will account for about half of the “PC” global market share in 2014. Others predict traditional PC purchases to increase in the future as refresh cycles hit and more traditional consumers opt to stay true to the devices they have previously owned. Earlier this year, Intel sponsored an InfoBrief which found that U.S. adults are still using traditional PCs as their primary computing devices. Productivity will play a significant role is how both consumers and businesses select which devices to use and recommend.

Be sure to come back next week as we take a look back at our top Hedge IT blog posts of 2013!

Photo Source: Google]]>
<![CDATA[Happy Holidays From Eze Castle!]]>, 24 Dec 2013 00:00:00 -0500 eci In honor of the holiday season we would like to wish our clients, partners, colleagues and friends a happy and healthy new year. May it be filled with success and good fortune!

Click here to see our 2013 Holiday eCard.

Happy Holidays

<![CDATA[2013 Benchmark Study Reveals Top Hedge Fund Applications]]>, 19 Dec 2013 00:00:00 -0500 eci The results from our Global Hedge Fund Technology and Operations Benchmark Study are in and here is a snapshot of the 2013 findings. You can find the complete report here. We surveyed 538 buy-side firms across the United States, UK and Asia in order to discover their front, middle, and back office technology and application preferences.

Respondent Profile

All survey respondents fell into the following categories within the financial industry: hedge fund (60%), asset/investment manager (13%), private equity firm (8%), fund of hedge fund (5%), non-financial firm (5%), advisory firm (1%), broker dealer (1%), venture capital firm (1%), quant fund (1%), or ‘other’ (3%).

The firms resided in three different asset classes: 30 percent reported their AUM as $100 million and under; 32 percent fell between $101 and $500 million; and 38 percent reported over $500 million in assets under management.

In regards to investment strategy, long/short equity continues to dominate as the most favorable with 45 percent of respondents reporting this to be their primary investment strategy. Other preferred strategies include fixed income (8%), credit (7%), global macro (6%), emerging markets (6%), distressed debt (5%), and event driven (4%). The top prime brokers employed by firms in 2013 are Goldman Sachs, Morgan Stanley, Credit Suisse, JP Morgan and UBS (same as last year).

Front Office

OMS: Firms use order and execution management systems in order to support trading, operations, compliance and portfolio management. Once firms have passed their initial launch phase and start seeing investment growth, a robust and efficient solution becomes critical to their continued progress and development. Our survey found that most firms rely on Eze Software Group’s Eze OMS, followed by Bloomberg’s Asset and Investment Manager (AIM), Advent’s Moxy and RediPlus EMS.

Market Data & Analytics: Bloomberg continues to be at the head of the pack as far as market data services and analytics in the financial industry. Respondents reported that 92 percent are using Bloomberg for market data and 82 percent for market analytics.

Research & Document Management: Even with the growing need for research and document management tools, more than half (55%) of firms responded that they are not using a formal RMS tool. Most firms (34%) are still using an in-house or proprietary system for research and document management. For those firms using a specific tool, Advent’s Tamale, Microsoft’s SharePoint, or Code Red RMS are the most common.

Middle & Back Office

Portfolio Accounting: Advent Software continues to be the primary market leader in regards to portfolio accounting with its APX and Geneva products remaining the top two choices among investment firms surveyed. Both APX and Geneva users represent 27 percent of the market share, accounting for more than half of the total responses from firms surveyed.

Risk Management: We are still seeing slow growth towards the adoption of risk management solutions despite the high demand for firms to manage risk in all areas of business- including portfolio, compliance and operational risk. This may be due to firms outsourcing risk management capabilities to a fund administrator instead of using a formal RMS system. For those firms that do have a formal solution in place, the most popular vendors used outside of proprietary systems include Advent, Calypso, Risk Metrics and SunGard.

Outsourced Administration: While not all firms choose to utilize an outsourced fund administrator for more comprehensive services, those that do tend to work with a variety of different vendors. Citco was the top choice among our survey respondents, followed by SS&C GlobeOp, and Goldman Sachs. Northern Trust, State Street and US Bancorp also made the list of top administrators.

Customer Relationship Management: The top three CRM tool providers remain consistent from last year's survey. However, has moved forward as the most popular solution with Backstop in second and Pertrac slipping to third place.

Message Archiving: A vast majority of survey respondents (82%) are relying on Global Relay for their email and IM message archiving services. This figure also includes Eze Castle’s Eze Archive service, which is powered by Global Relay. The remaining firms are primarily using Smarsh, Frontbrige, Postini, Symantec or Microsoft Exchange.

Mobile Technology: We continue to see firms using BlackBerry (92%) as their primary mobile solution. However, iPhone use has increased because of the recent trend in BYOD and the deployment of mobile device management solutions.

What’s Next?

Like past years, we expect to see the rise in adoption of cloud services will remain a major game changer in how hedge funds and investment firms choose the technology that supports their operations. According to the results of our survey: Examining Cloud Usage within the Investment Management Industry, which came out earlier this year, nearly 9 out of 10 firms are using cloud services currently or plan to do so in the near future. Additionally, we expect to see firms select their technology based upon the influence of investors. Investors have become more knowledgeable about the technology landscape and are placing greater demands on the quality of technology used by investment firms. Firms should expect to see greater expectations, and in return be optimistic for greater rewards!

We hope our 2013 Hedge Fund Technology Benchmark Study will serve as a guide and assist firms in making these critical decisions.

2013 Hedge Fund Technology Report

<![CDATA[Painting a Picture of Hedge Fund Technology (Infographic)]]>, 17 Dec 2013 00:00:00 -0500 eci They say a picture is worth a thousand words so here is an infographic of our 2013 Global Hedge Fund Technology Benchmark Study that explores the most common front, middle and back office applications and technology used at today's hedge funds.

You can download the full report HERE or come back Thursday for more interesting findings from the study.

<![CDATA[Five Years Later: How Bernie Madoff Has Transformed the Investment Industry]]>, 12 Dec 2013 00:00:00 -0500 eci Yesterday marked exactly five years since the infamous Bernie Madoff was arrested for executing the largest Ponzi scheme in U.S. history. As a result, Wall Street and the investment community has undergone a plethora of changes designed to avoid such scandals in the future. Let’s take a look at the lasting impact of Madoff and what changes we can still expect to see in the future.

The History

Unless you’ve been living under a cave for the last several years, you’ve heard the name Bernie Madoff and understand its association with all things negative: scandal, fraud and disgrace. The former NASDAQ chairman and founder of Bernard L. Madoff Investment Securities LLC (BLMIS) swindled billions of dollars and affected more than 12,000 investors, faking investment returns over the course of multiple years.

Amidst the nation’s most serious financial crisis since the Great Depression, we all learned of Madoff’s devastating scheme. He eventually turned himself in at the urging of his sons and is currently serving 150 years in federal prison for his crimes.

The Impact Bernie Madoff - Cover of Portfolio Magazine

The effects of Madoff’s investment scheme can still be felt throughout the investment community and across Wall Street. Shortly after Madoff’s confession (and the US financial crisis), the Securities and Exchange Commission (SEC) began taking steps to combat similar scandals and protect future investors. One of the first initiatives put into place post-Madoff was the Dodd-Frank Act, also known as the Wall Street Reform and Consumer Protection Act In addition to registration requirements and new rules for exemptions, Dodd-Frank also prompted hedge funds and investment firms to adhere to new reporting requirements and gave the SEC authority to monitor financial firms with the potential to pose systemic risk.

Around the time Congress began working on Dodd-Frank, the investment industry also began making general calls for greater transparency to investors. The rise in comprehensive due diligence inquiries from investors over the past years has been significant, as investors want more clarity and insight into the funds they are allocating their investments to. We continue to assist our hedge fund clients in completing due diligence questionnaires relative to their technology and security practices to satisfy investor requests and give them greater piece of mind.

More recently, the SEC has adopted additional reporting requirements to prevent future Madoffs from arising. In July 2013, the SEC voted to approve a rule requiring brokers to file quarterly reports detailing how they maintain customer securities and cash.

Lastly, according to Forbes, the SEC has continued to file record numbers of investigations and enforcement actions against advisors and other investment firms, making good on their promise to pay closer attention to the actions of those in the investment world.

The Future Due Diligence Prep Tools

Though Bernie Madoff may reside in a North Carolina prison, the fallout of his incredible Ponzi scheme is very much part of our world today. Five former Madoff employees are currently standing trial for their alleged participation in the scandal. Beyond their individual fates, Wall Street and the greater investment community will continue to feel the effects of Madoff’s fateful decisions. Investors have come a long way in demanding greater transparency and reporting standards from firms, and we expect that will only continue in the years to come. On the technology side, investors are careful to inquire about the specific systems and infrastructure used to secure and protect their assets – another critical component to ensuring a similar financial crisis does not take place. Only time will tell how else the industry will continue to adapt following the Madoff scheme and other financial crises.

To read more about hedge fund due diligence, check out these articles:

Photo Credit: Flickr]]>
<![CDATA[The Who, What, When and Where of the Bad, Bad Cryptolocker Ransomware]]>, 10 Dec 2013 00:00:00 -0500 eci At last week’s Hedge Fund Launch 2.0 seminar, the topic of the malicious Cryptolocker malware that is circulating was highlighted as a wakeup call for why backup and security are nonnegotiable IT components. Questions abounded about this new evolution in malware so today’s post aims to address the who, what, when and where of Cryptolocker as well as a few other common Qs.

What is Cryptolocker?

Cryptolocker is a new variant of ransomware that restricts access to infected computers by encrypting them and demanding that the victim pay the attackers a ransom in order to decrypt and recover their files. Some versions of Cryptolocker can encrypt local files as well as external hard drives, network file shares and even cloud storage services that allow local folders to sync with online storage. The malware is severe and a real threat. If a company becomes infected and does not have their files backed up the files may be lost.

At Eze Castle Integation we have had clients become infected. Thankfully in these cases the clients had the appropriate backup systems in place and were able to restore the files to the pre-infection state. As of this time, the US-CERT says the primary means of infection appears to be phishing emails containing malicious attachments. The attachments may look like legitimate emails, so it is important to remind users not to click on any email links if they do not know the sender.

Fake Email

Who is behind Cryptolocker?

This is a difficult question to answer as it appear there may be a few different cyber-attack groups using CryptoLocker at the moment. What is known is that attackers demand a ransom payment in a number of different payment methods, including Bitcoin, that allows them to stay anonymous. Bitcon is an open source peer-to-peer payment network.

Where and who is Cryptolocker targeting?

According to Kaspersky’s Costin Raiu, this malware primarily targets users from US and UK, with India, Canada, Australia and France being second-tier targets.

What’s the difference between Ransomware and Cryptolocker? (This Q&A comes direct from Symantec)

The difference between Ransomlock and Cryptolocker Trojans is that Ransomlock Trojans generally lock computer screens while Cryptolocker Trojans encrypt and lock individual files. Both threats are motivated by monetary gains that cybercriminals can make from extorting money from victims.

What happens if my computer is infected?

According to Kaspersky, once infected, the ransomware-interface displays a countdown clock of three days, warning users that if time elapses, the private decryption key will be deleted forever, and there will be no way to recover the encrypted files.

At this point, users have two choices: 1) pay the ransom and hope the attackers make good on their “promise”or 2) recover their data from backups. Any hedge fund or investment management firm should be able to confidently select option number 2. Regular backups are a nonnegotiable part of a hedge fund’s data protection strategy and the cryptolocker virus highlights just why.

CryptolockerUS-CERT also suggests the following possible mitigation steps that users and administrators can implement if they believe a computer has been infected with Cryptolocker:

  • Immediately disconnect the infected system from wireless or wired networks. This may prevent the malware from further encrypting any more files on the network.
  • Users who are infected with the malware should consult with a reputable security expert to assist in removing the malware.
  • If possible, change all online account passwords and network passwords after removing the system from the network. Change all system passwords once the malware is removed from the system.

What can we do to avoid getting infected?

Here are a few things you can do to prevent your PC from being infected:

  • Most viruses are introduced by opening infected attachments or clicking on links to malware usually contained in spam email. Have users avoid opening emails and attachment from unknown sources, especially zip or rar archive files.
  • Don’t open attachments from an unknown sender.
  • Maintain up-to-date anti-virus software.
  • Use a drive that is backed up to save important files – do not save them to a local machine/PC that is not backed up regularly.
  • If you must save files locally, make sure they are backed up somewhere and regularly.
  • Keep your PC and software up-to-date.

Some handy articles on security best practices:

Hedge Fund security guidebook]]>
<![CDATA[Expert Tips for Launching a Hedge Fund in a New Environment]]>, 05 Dec 2013 00:00:00 -0500 eci As we look forward to 2014, we can expect that the hedge fund and investment management industry will continue to evolve and experience change as in years past. As more and more new funds launch, the competition for investors will increase and firms will be hard-pressed to live up to the successes of the top performing funds in the industry.

Earlier this week, we gathered several panels of experts in Boston to share their insights into the hedge fund landscape for startups in 2014 and the tips and advice for firms looking to compete in the changing marketplace. Following is a brief recap of the event.

Building a Hedge Fund is Like Building Any Successful Business

When starting a new firm, it’s critical to think about all aspects or forming a new business. Yes, your investment strategy is important, but if the foundation of your business is not critically thought out, it will wreak havoc for your firm. Following are a few areas you shouldn’t overlook as you go through the launch process:Open for Business

  • Talent identification: As you build your business, choose employees who complement you and your vision for the firm. Be sure to spend time with people on your team from the start to avoid clashes down the road.

  • Planning for growth: It’s critical to think beyond your initial startup. Investors want to see growth plans, and you should expect to develop one that details your goals for the next 3 to 5 years.

  • Story-telling. Speaking of investors, you only get so many opportunities to impress them. Be sure to tell your story (and make it interesting!). Keep the lines of communication open as you secure an investor base.

  • Maintaining privacy: In Massachusetts, there are strict regulations about keeping client and investor personal information confidential and private, in other words, encrypted. MA 201 CMR 17 should be taken seriously and not overlooked as Boston-area firms look to launch. Keep in mind, the regulation applies to firms who have clients/investors in MA – so even if your firm isn’t based there, you may be subject to compliance.

Achieving Institutional-Grade Technology

One way to set yourself apart from your competition is by ensuring your technology is up-to-snuff. As you look to implement a technology solution (either in-house or with an outsourced provider), remember that investors are more tech-savvy than ever and expect to see robust systems and practices in place to protect their investments.

One of the biggest technology priorities for 2014 is security. With threats and ‘hactivism’ at an all-time-high, it’s more important than ever that firms implement sound security best practices to thwart attacks and protect critical infrastructure. Adding various layers of security will help ensure your firm doesn’t succumb to an attack or breach. At a baseline, firms should implement secure firewalls, anti-virus protection and spam and web filtering solutions, plus ensuring strong passwords are maintained and changed often. If you want to add additional layers of redundancy, you should consider real-time monitoring and intrusion detection. Malicious virus attacks such as the Cryptolocker virus have circulated recently and are important reminders to employ security best practices throughout your firm.

Other technology priorities for 2014 include maintaining comprehensive DR and BCP plans. Investors expect to see that your firm is prepared for an outage or disaster – whether it be an office power outage or a regional disaster. Educating and training employees on proper procedures is also essential to ensuring your business remains operational regardless of the situation.

Capital-Raising in a New Era

As the investment industry continues to evolve, capital raising becomes more of a strategic effort for hedge fund firms. And with the recent implementation of the JOBS Act – allowing firms to openly market and advertise to investors – firms need to get serious about their fundraising strategies.

It’s important to understand what investors are looking for. Here are a few qualities:

  • High positive returns

  • An experienced portfolio manager with the ability to raise assets

  • Proven track record

  • Insight into the non-investment side of the business (e.g. operations, technology, etc.)

  • Follow up and communication

  • Better terms and less complexity

Once you have a firm understanding of what your potential investors are looking for, it’s time to pull yourself together and begin preparing. Follow these simple tips outlined by our speakers:

  1. Define your story. Formulate your vision and tell investors who you are. Seize the opportunity and make sure you get it right.

  2. Identify your audience. Does your target have an appetite for your product? Highlight the importance of having a targeted marketing plan.

  3. Do your research. Know who you are meeting with.

  4. Make yourself available. Maintain regular communication with investors and give them access to other members of your firm to speak with.

That’s it, folks! Our speakers had a lot to say. If you have any questions about tips and best practices for starting a hedge fund, please reach out to speak to one of our experts.

Contact an Eze Castle representative

Photo Credit: Flickr]]>
<![CDATA[Reflecting on What We're Thankful For This Thanksgiving]]>, 25 Nov 2013 00:00:00 -0500 eci It’s almost Thanksgiving, and like always, we are reflecting on what we are truly greatful for. This year, we thought we’d ask some of our Boston employees what they’re thankful for this holiday season.

View our slideshow below to see their answers!

Click to play this Smilebox slideshow
Create your own slideshow - Powered by Smilebox
A digital slideshow by Smilebox
<![CDATA[Cybersecurity Insurance Evolving to Protect Businesses From Increasing Threats]]>, 07 Nov 2013 00:00:00 -0500 eci Last month, former Secretary of Homeland Security Michael Chertoff said the most significant threat we face as a nation is cybersecurity. That’s a pretty jarring statement given the threats our country faces in terms of terrorism and war, for instance. But the reality is, cyber networks have become the gateway for risks both on the global terrorism front as well as within our internal circles at our places of business.

With watchful eyes geared towards security threats, interest in cybersecurity insurance continues to rise. The Department of Homeland Security and the Department of Commerce have identified cybersecurity insurance as a viable opportunity to thwart the effects of security breaches and attacks by:

  • Promoting widespread adoption of preventative measures;

  • Encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection; andSecurity Headlines

  • Limiting the losses that companies face following a cyber-attack.

Cybersecurity insurance can cover risks including data breach or loss, network damage, and cyber extortion, though less tangible damages such as client losses or reputational damages may be more difficult to find coverage for.

The cybersecurity industry, particularly the insurance companies themselves, are working diligently to address increasing concerns and identify potential risks so as to properly protect businesses in the future. Insurance companies, for example, have a naturally vested interest in promoting greater security to minimize risks, as they will, in the end, be required to pay out cyber losses to any affected parties. Therefore, according to Bloomberg Law, “an insurer can require a policyholder to establish that it has adopted certain precautions and practices before the insurer will issue coverage. The [Internet Security Alliance] asserts such requirements may eventually become de facto standards that are tailored to fit the needs of diverse businesses.” Insurance companies may also exercise the benefit of offering lower premiums to firms already employing cybersecurity best practices.

What is the future of cybersecurity insurance?

It’s hard to say at this point, as the industry continues to evolve at a rapid pace. With security risks of a diverse nature, it will take time for the proper authorities, including Homeland Security and the Internet Security Alliance – as well as the insurance providers – to work together in identifying a list of comprehensive cyber risks and encouraging effective precautions and best practices. We’ll be keeping our eyes and ears open to any developments on this in the near future.

For more information on cybersecurity, check out these interesting reads:

Contact an Eze Castle representative

Bloomberg Law, Cybersecurity: Moving Toward a Standard of Care for the Board,”

Department of Homeland Security,
Photo Credit: Eze Castle Integration

<![CDATA[While Your Traders Watch Twitter, Is Your Fund Still Compliant?]]>, 31 Oct 2013 00:00:00 -0400 eci Happy HalloweenFirst and foremost, Happy Halloween!

In honor of Halloween, I’m going to share a trick and a treat about the world of social media and investment firms.

First the trick.

Did you hear the story about how shares of bankrupt Tweeter soared when Twitter announced its IPO? If not, here goes According to WallStreetInsanity, on October 4, 2013, “shares in bankrupt TWTR Inc. (OTC: TWTRQ) were up over 1500 percent as the company’s stock soared from $0.0 to $0.15 on extremely heavy volume. Seems some people thought the consumer electronics retailer was Twitter.”

This story demonstrates that traders are monitoring social media outlets for investment ideas even if they are not personally participating. It also shows that many of those folks buying TWTRQ didn’t quite understand how an IPO works or what Twitter will be valued at (certainly not pennies), but we’ll ignore that fact for the sake of this article.

Now for the treat.

Social media can be a powerful tool for business development as well as investment idea generation. If a hedge fund is participating in social media they absolutely need an archiving solution in place, because like other forms of electronic communications, social media is also subject to regulatory requirements. According to Global Relay, FINRA Notice 10-06 and 11-39 advise that firms must ensure they have an archive in place to retain all records of social networking communications as per SEC Rules 17a-3, 17a-4 and FINRA Rule 4511 — much the same as with business email and instant messaging.

However, what if the fund isn’t participating, but traders are monitoring Twitter for investment ideas?

Good question. Increasingly, traders are using social media for a real-time barometer of what is going on in the markets. Analyzing data can help firms spot new trends and gauge whether traders are optimistic or pessimistic. This information can be useful in ascertaining if a stock or asset is gaining attention and ready to move. At the same time, at the Reuters Investment Outlook 2013 Summit, an FBI agent said the FBI is using social media tools to investigate insider trading.

The growing use of social media for trade ideas combined with increasing regulations is making it even more important for hedge funds and investment firms to be aware of how and where employees are using these tools. If traders are actively monitoring Twitter, we recommend firms put a policy in place and consider supporting technology such as Global Relay Archive for Twitter.

Beyond just capturing all messages (i.e. tweets, mentions, direct messages, etc), Global Relay Archive for Twitter captures a user’s actual Twitter feed along with its contextual metadata. According to Global Relay, the end result is a rich representation of the messaging data within the Archive for review and supervision.

Here are a few other articles on social media you may find interesting:

Contact Eze Castle Integration

Photo Credit: Teacher Worksheets

<![CDATA[Opalesque Radio: Answering Fund Operational Challenges]]>, 29 Oct 2013 00:00:00 -0400 eci Eze Castle on the RadioThis week Opalesque Radio featured an interview with Bob Guilbert, managing director here at Eze Castle Integration, on addressing operational challenges facing hedge funds with cloud solutions.

The 9:30-minute podcast covers a range of topics. You can listen to the full podcast HERE, just jump to the sub-features that interest you most below.

Hedge Fund Differentiation & the Cloud

Can you tell us something about the hedge fund clients you service and the kinds of challenges they are confronted with today? How can such hedge funds differentiate themselves? What are the business needs that make such hedge funds consider or switch to cloud-based solutions?

Duration: 02:39

Play now

Cloud Adoption Rates

So how has Eze Castle seen the rate of cloud adoption increase over the last few years? What are the different ways in which cloud-based solutions can be used?

Duration: 01:18

Play now

Public, Private or Hybrid

Are hedge funds primarily using public, private or hybrid clouds?

Duration: 00:32

Play now

Hot Topics: DR, BCP and Security

How can hedge funds achieve improved disaster recovery and business continuity? What level of security does it, and can it, offer in the context of cybercrime?

Duration: 02:33

Play now

Cloud Security?

Based on your survey findings, security is identifiable as a primary reason for hedge funds to embrace the private cloud. What sort of security practices should firms be looking to put in place, or expect from their service providers?

Duration: 01:23

Play now

The Future of Hedge Fund IT?

How are you expecting hedge fund service related technology to evolve? Will cloud-based services still be the technology-of-choice for investment firms?

Duration: 01:03

Play now

Hedge Fund Cloud Adoption Survey Report 2013

<![CDATA[Goodbye Windows XP and Office 2003: Are you ready for End of Support?]]>, 24 Oct 2013 00:00:00 -0400 eci On April 8, 2014 two Microsoft products – Windows XP and Office 2003 – will reach "end of support". End of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance for these products.

What Does This Mean?

Microsoft XP End of Life

End of support is significant for a number of reasons. First, this means that Microsoft will no longer be a support option should complex issues arise surrounding the software.

Secondly, Microsoft will no longer provide security hotfixes or any patches for these systems. This means that any security vulnerabilities left in these systems will no longer be addressed by Microsoft and calls to their support will not be worked.

The longer workstations keep Windows XP and Office 2003 versions the more vulnerable they become to virus/malware/rootkit infestations and risk potential data compromise.

What Should I Do?

If you haven’t already, now is the time to start planning to have your systems upgraded. At Eze Castle Integration, we are working with clients to set an upgrade timetable for their systems.

It is important to note that, as of now, Bloomberg software is not supporting Office 201. Therefore, Bloomberg users may select to have any new PCs downgraded to Outlook 2010. Bloomberg’s September 2013 release notes for their software state a TBA answer for support of Office 2013.

If you are an Eze Castle Integration client, please contact your client manager with any questions.

Related Articles:

Image Credit: Microsoft
<![CDATA[A Best Practices Guide to Business Continuty Planning]]>, 17 Oct 2013 00:00:00 -0400 eci There has been a lot of discussion about “best practices” lately when it comes to business continuity and disaster recovery planning, especially as we approach the first anniversary of Hurricane Sandy. In fact, I had the pleasure of speaking about some specific DR and BCP best practices earlier this week during a webinar, 10 Signs It’s Time to Rethink Your Approach to DR/BCP.

If you do a Google search for “business continuity and disaster recovery best practices,” you’ll get several options to choose from. However, if you are in working in the financial industry, the first resource you should consider taking a look at is the best practices guide published by the SEC, FINRA and CFTC in August 2013.

Sandy was a remarkable storm that affected many businesses along the East Coast, including hedge funds and investment firms based in the tri-state area. Post-Sandy, regulatory bodies including the SEC, FINRA and CFTC met with several registered advisors to ensure they were prepared for future disasters. Based on the findings, these organizations developed a four-page best practice guide for investment firms.

As a Certified Business Continuity Planner, I’ve had the pleasure of working with some of Eze Castle’s clients to compare these best practices with their own BCP and DR planning strategies. Below I’ve outlined some of the primary best practices offered by the SEC/FINRA/CFTC and how they can be applied to your firm. I encourage you to take these to heart as you are developing new BCP/DR plans and modifying existing strategies.SEC Best Practices for Business Continuity Planning

1. Communication Plans

  • Outline procedures for communicating with external business partners (regulators, exchanges, emergency officials, etc.)

  • Ensure your website is kept current and can post a recovery status.

  • Consider multiple broker-dealer relationships to allow for multiple market entry points

2. Remote Access/Telecommunication

  • Validate that employees have the ability to work remotely, especially essential personnel.

  • Assess the resources being utilized by employees to work remotely to identify areas for improvement to increase efficiency.

  • Validate your firm’s infrastructure can accommodate telecommuting of all employees.

3. Review and Testing

  • Conduct full BCP tests at least annually.

  • Validate critical functions can operate regardless of location.

  • Ensure employees complete annual BCP Training.

4. Telecommunications Services and Technology Considerations

  • Implement telecommunication redundancy.

  • Evaluate contingency plans for telecommunication vendors.

  • Review multiple alternative staffing scenarios.

5. Vendor Relationships

  • Ensure adequate BCPs for clearance and settlement, banking and finance, trading support, fuel, telecommunications, electricity, etc.

6. Regulatory and Compliance Considerations

  • Define time-sensitive regulatory requirements.

  • Keep BCP current to meet changing industry demands.

7. Telecommunications/Transportation/Utility

  • Plan for widespread outages that could impact:

    • Telecommunications
    • Office
    • Public transportation
    • Utilities

These were just some of the highlights from the best practices guide. You can download the complete guide from the SEC/FINRA/CFTC here.

Every company is organized differently, and therefore, each organization’s BCP and DR plans will vary. These best practices, however, will serve as a guide for firms reevaluating or updating their plans. Be thoughtful in choosing strategies that will ensure your business can stay operational in the event of any type of disaster.

Download: Guide to BCP and DR Planning

<![CDATA[If I Were a Cloud, I'd Be...]]>, 10 Oct 2013 00:00:00 -0400 eci After reading (and enjoying) one too many “you know you’re [insert age/town/job] if you’re [insert something funny]” articles, we decided to have a little fun with our favorite technology topic – the cloud (surprise!).

So, here is how I envision life as a cloud.

I wouldn’t care what I consumed because scalability would be one of my greatest traits. You might even catch me yelling, “More, more, more…”

Scalable Cloud Image

I’d never have to waste time on sleep, not even in Brooklyn. I would be available 24x7x365.

No Sleep Til Brooklyn

Thunderstorms and lightning strikes wouldn’t bother me a bit. I’d say bring it on, I’m 100% resilient and built for high availability. No scaredy cats here!

Resilent private cloud

I’d be international, supporting people around the world, and there is a good chance I might even be internationally known.

Global Cloud

My standards would be high, my practices the best and my secrets would be locked up tight. There would be no getting past my security team.

And in case you are curious what flavor of cloud I would be, I’d be an Eze Private Cloud (of course)!

<![CDATA[What is Hypervisor-based Replication? (We know!)]]>, 08 Oct 2013 00:00:00 -0400 eci Are you like one of the millions of people pondering the answer to ‘what is hypervisor-based replication and how will it change my disaster recovery approach’? I know I was.

So, let me help you with that!

Our technology experts here at Eze Castle Integration spent some time in the lab testing and evaluating hypervisor-based replication and recently incorporated it into our Eze Disaster Recovery 2.0 offering. We think it delivers excellent benefits, but let’s start with the basics.

What is hypervisor-based replication?

TechTarget defines hypervisor-based replication as “a technology that automatically creates and maintains replicas of virtual hard disks or entire virtual machines (depending on the platform that is being used).” Analyst firm IDC goes on to say that this replication approach “protects virtual machines (VMs) at the virtual machine disk format file level rather than at the LUN or storage volume level, thus replication can be done without the management and TCO challenges associated with array-based replication.”

Here is a diagram of how it works in our Eze DR solution, which uses Zerto hypervisor-based replication technology.

Eze Disaster Recovery with Hypervisor Replication

How does it compare with other software-based replication?

Before answering that question let’s quickly review the other replication category segments. Following are IDC’s definitions:

  • Host replication software typically resides at the file system or logical volume level within the operating system and makes a point-in-time copy or snapshot of a data set to disk used for disaster recovery (DR), testing, application development, or reporting.

  • Fabric and appliance-based replication software makes use of intelligent switches and heterogeneous array products to provide block-level replication within the SAN. The intelligent switches have technologies that perform the volume management and replication process and eliminate the overhead on the host while providing any-to-any replication.

  • Array-based replication software makes a block-based point-in-time block copy or snapshot of storage to disk used for disaster recovery, testing, application development, reporting, and other uses.

Okay, but what’s the difference?

According to Zerto, “before virtualization, replication was managed at the storage layer, which made perfect sense because that’s where the information was…but in a virtual environment, the boxes aren’t (or aren’t all) physical, so putting a physical sensor on a virtual box isn’t going to help you protect its contents.”

Hypervisor-based replication moves replication up into the virtualization/hypervisor layer – above the resources abstraction layer. The benefits of this approach, according to Analyst George Crump, can include:

  • Being VM aware, which can simplify storage setup and minimize storage requirements at a DR site

  • Gaining a hardware-neutral solution

  • Reducing DR-related costs

  • Delivering flexiblity

Who are the players?

Well you’ve heard me mention one already – Zerto. Analyst firm IDC identifies Zerto as “the first to launch a hypervisor-based replication approach in June 2011. VMware followed suit in August 2011, with its vSphere SRM 5.0 data replication feature.” Given the potential of this technology we expect to see more firms targeting this space.

Disaster recovery planning for hedge funds


<![CDATA[Software Spotlight: Five Questions with Ledgex Director Brian Macallister]]>, 03 Oct 2013 00:00:00 -0400 eci We are happy to announce that our friends over at Ledgex have just launched their new website. In light of their recent achievement, I sat down with their Managing Director Brian Macallister to pick his brain on who Ledgex is and where he sees the company going in the future. Brian is the chief architect and product visionary of the Ledgex platform and is responsible for leading the company’s engineering, support and client service teams.Brian Macallister, Managing Director at Ledgex

Q: It has been a while since we covered Ledgex on Hedge IT. Four readers not familiar with Ledgex, can you give us your elevator pitch?

A: Ledgex provides a portfolio management system for managers who invest with multi-firms. It delivers key functionality that supports portfolio management, investor relations and manager research for firms that invest with other managers. Through a series of intensive processes we make our clients’ data repeatable to improve integrity, increase efficiency, and reduce error. We have produced a unique enterprise reporting platform and process management system tailor-made for the financial industry.

Q: Who are the primary users of Ledgex?

A: Our primary users are within the portfolio management teams of firms such as fund of funds, endowments and pensions. Ledgex has capabilities that are ideal for a variety of end users: liquidity management and portfolio modeling for portfolio managers, manager research, due diligence and document management for analysts, client communication and reporting for client service teams, and trade workflow for operations and back-office teams.

Q: What pain points does Ledgex solve? Historically, what have firms done to address these pain points?

A: Ledgex addresses numerous pain points across a firm’s portfolio management team. Firms historically were forced to work off of old data, but Ledgex has created a system that supports real-time information, greatly improving data integrity. Ledgex removes the need for data shadow systems and retains data accuracy by gaining increased transparency reporting on the investments fund of funds have exposure to.

With Ledgex, analysts can create a centralized repository for data management, enabling ease of access and sharing of information. Users can quickly generate reports and respond to client requests, as well as manage communications for all investor-facing activities. Ledgex also streamlines trade acitivty and balances by automating a previously manual workflow.

Historically all of these pain points were addressed individually, reducing efficiencies and accuracy and requiring a significant time commitment.

Q: What do the results and return on investment look like for a company that implements Ledgex?Ledgex

A: Companies will see accurate and transparent investment management with Ledgex. They will also see repeatable reports that match each investor’s specific preferences and allow firms to reallocate client service resources to be more productive and efficient, while improving the integrity of data. With Ledgex, you know what you own and where you want to invest – this is paramount in the fund of fund industry. Ledgex allows firms to replace existing systems that are proprietarily built, supported and maintained, which can translate into cost-savings.

Investors will see improved processes and highly efficient and accurate reports that reflect the quality of the fund of fund. Investors now want to see firms that are invested in new technology, ensuring their information is up-to date. The Ledgex system solves this. It easily removes duplicate entry and manual processes. Too often the same information is entered in multiple times in different systems by different groups. Ledgex solves this by delivering a centralized system that shares information across key portfolio management functional areas.

Q: What can our readers expect to see from Ledgex in the coming months?

A: We are continuing to add some exciting features and expand across the firm, from manager research and analytics to cash projects and estimated investor balances. We are also expanding our sales team as well as opening an office presence in New York City.

We are also very excited about launching our new website. It was an extensive process, and we are enthused to see it up and running.

Be sure to head over to to check out their brand new website!

<![CDATA[Diary of a Happy Cloud User: Cloud Survey Results Part 2]]>, 01 Oct 2013 00:00:00 -0400 eci Welcome back to Hedge IT! Now that you’ve read Part I of our Cloud Survey Findings recap, let’s take a look at some of the other results we found.

Cloud Users = Satisfied

One of the most interesting findings our 2013 survey revealed was the level of satisfaction investment firms have with their current cloud deployments. Over 90 percent of respondents indicated their clouds (whether public, private or hybrid) were meeting or exceeding expectations in each of the following areas:Satisfaction Levels of Current Cloud Users

  • Reducing IT costs

  • Improving users’ IT experience

  • Simplifying management of IT

  • Allowing firms to reallocate resources to more valuable activities

  • IT performance, scalability and resiliency

  • Providing a high return on investment

Private cloud users appear to be the most satisfied with their cloud services. When asked how their cloud services reduced their IT costs, nearly all (98%) private cloud users said their cloud model was effective in this regard. In contrast, only 83 percent of firms using the public cloud felt the same.

One benefit many firms see from the use of cloud services is the ability to reallocate internal resources to more valuable activities. For example, if outsourcing cloud services to a third-party provider, a firm’s internal IT department no longer needs to focus on the day-to-day management and maintenance of the cloud – thereby allowing those employees to focus on higher-value areas of the business such as meeting regulatory and compliance requirements and improving security practices across the firm. Eighty-nine percent (89%) of overall cloud users believe the cloud is currently meeting or exceeding their expectations in this area, but once again, there are some discrepancies between cloud types. While 39 percent of hybrid cloud users say their cloud type exceeds expectations in this area, only 22 percent of private cloud users feel the same.

Cloud Forecasting Looks PositiveReport: Cloud Usage in the Investment Industry

Given their overall happiness in the cloud, it shouldn’t come as a surprise that many hedge funds and investment firms we surveyed are planning to maintain the same cloud usage levels or increase them in the near future. For example, within the next year, 41 percent of firms expect their use of private cloud services to increase. Thirty-nine percent of firms expect to use the hybrid cloud more; only 28 percent will increase their use of public cloud services.

Many firms (37%) also reported their budgets for cloud projects had increased in 2013 compared to 2012. The majority (52%) indicated their budgets had remained the same year over year.

Benefits Gained from Cloud Usage

The cloud continues to entice hedge funds and investment firms of all types and asset classes, and based on our survey findings, most users are happy with their current technology deployments. The benefits firms gain from cloud services continue to impress. Our survey found that firms expect to realize the following outcomes from the cloud:

  • Improved data management ability (60%)

  • Improved ability to manage applications (55%)

  • Improved resource utilization (54%)

  • Improved disaster recovery/business continuity (52%)

  • Simplification of the infrastructure (51%)

  • Cost savings/lower total cost of ownership (48%)

  • Improved application service levels or IT responsiveness (47%)

  • Lower support costs (46%)

  • Improved scalability/flexibility (46%)

  • Increased agility in bringing in new business applications (45%)

To hear more about our 2013 Cloud Usage Survey Results, watch our 30-minute webcast. You can also download the full report of survey findings here.

Photo Credits: Eze Castle Integration

<![CDATA[Most Investment Firms Are In the Private Cloud. Is Your Firm?]]>, 26 Sep 2013 00:00:00 -0400 eci Earlier this week, we announced the findings of our 2013 market survey: Examining Cloud Usage within the Investment Management Industry. If you haven’t already, check out our infographic here.

If you’re not up for reading the full report yet, here’s Part I of our Cloud Survey Recap. Be sure to come back next Tuesday for Part II!2013 Cloud Deployment Models

As a follow up to our 2012 Cloud Adoption Trends Survey, we wanted to take a closer look at how and why hedge funds and investment firms are leveraging cloud services in today’s marketplace. Working again with IDG Research, we surveyed 101 investment firms across the U.S. about their current and planned cloud usage.

Firms covered a wide range of asset bases: 38 percent reported less than $100M; 20 percent fell between $100 and $499.99M; 19 percent between $500M and $999.99M; and 20 percent said they had more than $1B.

You might recall that last year, our survey found that 8 out of 10 investment firms were using or planning to use the cloud. In 2013, that number has increased, and we found that 87% of firms are currently leveraging cloud services for some or all of their business needs. More than 6 in 10 firms are using the cloud for basic business/office functionality including email, file services, and storage solutions. Other key uses of the cloud include financial application hosting and complete IT outsourcing. About a quarter of firms (24%) also said they were using the cloud in other ways, which may indicate increased usage of SaaS applications or cloud-based disaster recovery solutions.

The move to the private cloud continues to be the dominant journey for hedge funds and investment firms, as 74 percent of firms said they are currently using a private cloud solution either exclusively or as part of a hybrid deployment. When asked why they selected their particular deployment method (public, private or hybrid), those who went with the private cloud cited security as the primary factor. One firm said:Security: Cloud vs. On-Premise

“Security is the number one driving factor above everything else.”

Speaking of security, it appears firms have come a long way in feeling comfortable about their data and applications in a cloud environment. According to our survey results, investment firms overwhelmingly believe that private cloud deployments are more secure (60%) or just as secure (33%) as an on-premise technology infrastructure. Firms are less confident in the public cloud, however; 61 percent said it was less secure than an on-premise environment.
We also asked respondents to indicate the top business requirements driving their move to the cloud. Top results included:

  • Easy access to applications and simplified application management

  • Greater control and predictability of IT costs and budgeting

  • Reduced complexity and management of IT

  • Improved disaster recovery and business continuity

Interested in reading more about what your peers had to say? Download our full survey report here. And don’t forget to come back to Hedge IT on Tuesday for Part II of our findings recap!

Cloud Survey 2013

Photo Credits: Eze Castle Integration

<![CDATA[Cloud Survey Sneak Peek: 2013 Results (Infographic)]]>, 24 Sep 2013 00:00:00 -0400 eci Psssst.

Do you want the inside scoop on how and why your investment firm peers are using the cloud? We're in the know.

Check out our infographic below for a sneak peek at the results of our 2013 survey: Examining Cloud Usage within the Investment Management Industry. Next week, we'll share a more detailed recap of the findings. If, of course, you can't bear to wait until next week, you can download our full survey report here.

Enjoy peeking!

Survey: Cloud Usage in the Investment Industry

<![CDATA[Hedge Fund Case Studies: Why The Cloud Made Sense for Two Firms]]>, 17 Sep 2013 00:00:00 -0400 eci Last week, Mary Beth Hamilton and Steve Schoener hosted a webinar to discuss hedge funds moving to the cloud and the experience and benefits that they receive as a result. During this discussion, they highlighted two client case studies to provide examples of various scenarios that drive firms to use cloud services.

Case Study #1: OMS Says Hello to the Cloud

The first client we discussed was a growing hedge fund based out of Chicago with about 15 employees and $300 million in assets under management. The firms’ goal was to identify what areas of their technology systems needed improvement. After thorough evaluation, the firm decided they didn’t want to deal with the burden of controlling their own infrastructure and servers and needed the flexibility and resiliency to allow many employees to work remotely.

This fund ultimately decided to leverage the Eze Private Cloud because of its resilient and robust infrastructure, application hosting services, scalability and 24x7x365 support.

Here’s a brief synopsis of the conversation Mary Beth and Steve had about this case study:

MH: What is the migration process like when moving an order management system to the cloud? Will the user experience be the same?

SS: The migration to the cloud is not bad – very similar to updating or upgrading your system. There will always be a bit of a change for end users, but hopefully by putting in something new or upgrading, you’re adding more functionality. As for moving to the cloud, we are actually able to make it less risky than doing an upgrade to the office. For example, we are able to set up a new system, import the data, provide the application over Citrix, and confirm that everyone is on the same page. We can then pick a cut-over date for a data refresh.

MH: How is application performance effective when running out of the cloud as opposed to on-premise?

SS: It’s very much the same technology we are running in firm’s offices – a storage area network (SAN), Dell servers, VMware virtualization. A firms’ technology performs as well as the performance we give it, both in someone’s office and in the cloud. In the cloud, if requirements change, we have infinite capacity to add more performance behind the scenes, and it’s an OpEx cost, not a huge hardware refresh.

Case Study #2: Goodbye On-Prem, Hello Cloud

The second case study we featured is an established New York City investment firm with around $3 billion in assets and 30 employees. There were two primary reasons they opted to move to the cloud. First, it was time to refresh their network technology. Secondly, they were unhappy with their existing IT provider. The firm recognized the benefits that a move to the cloud could deliver, and Eze worked closely with them to design a cloud-based solution that would address all their infrastructure and application requirements.

MH: How did moving to the cloud impact this firm’s disaster recovery?

SS: Firms have been running DR in the cloud for a long time. What’s interesting is replicating an environment from a primary office to the cloud. When you look at running both production and DR out of cloud data centers, it oftentimes is only a minimal cost increase to solely running DR in the cloud. In our case, we control the hardware infrastructure 100 percent and the data center management, and firms are often surprised when it is only a 30 percent increase to add production services to the cloud on top of disaster recovery.

These two particular case studies demonstrate how moving to the cloud can provide a better and more flexible technology solution for hedge funds. With the cloud, firms can say goodbye to comm. rooms, physical hardware, extraneous costs and a higher chance of failover to DR. Click here for a full audio version of Mary Beth and Steve’s conversation.

To speak to an Eze Castle Integration cloud expert, contact us today.

Contact an Eze Castle representative today
Photo Credit: Istock

<![CDATA[Is Bigger Always Better? Advice for Hedge Funds Named David]]>, 12 Sep 2013 00:00:00 -0400 eci Like David bravely dueling with the larger Goliath, small and mid-sized investment firms are often faced with insurmountable odds when competing against larger (and better endowed) funds. With more experience and more assets, larger firms have the advantage when it comes to soliciting investor allocations. But do these inherent shortcomings equal certain failure? If David can emerge victorious, can’t smaller hedge funds?

Earlier this week, we gathered a panel of experts in San Francisco to discuss this topic at length. Following is a brief synopsis of the topics they covered.

In 2012, more than 90 percent of hedge fund allocations went to fund managers with over $1bn in assets. Interestingly enough, certain studies have shown that smaller funds actually provide better returns, despite their limited assets. An ICL study, for example, examined returns over a 16-year period (1994 to 2010) and found that excess return decreased as firm size grew (9.89% for firms with $10mm AUM or less; 5.45% for firms with greater than $1bn).David vs. Goliath

Despite performing well, smaller funds continue to require creative solutions to compete in the investment marketplace. Operational infrastructure is a critical component of any successful investment firm, and in many cases, can provide added value to small firms and help put them on par with larger funds. There are a variety of areas where small-to-mid-sized funds can look to leverage service providers and other creative outsourcing solutions to boost operations and appeal to investors.

Real Estate: Leasing commercial real estate space may not make the most sense for a firm with limited staff and budget. Firms should consider a hedge fund hotel or incubator space, whereby they may be able to leverage other services (e.g. administrative, technology, etc.). Avoiding real estate hotspots, so to speak, may also be worthwhile. For New Yorkers, a Chelsea or Tribeca office may reap greater benefits than a Midtown or Downtown location.

Technology: The reality is, smaller investment firms cannot afford to skimp on technology. Luckily, cloud services and other solutions can dramatically alter a fund’s budgeting, particularly when it comes to upfront capital expenditures. Investors are also keen to see firms leveraging third-party cloud solutions, rather than hosting their own IT equipment in-house and putting the firm’s critical data at risk for a disaster.

Accounting/Middle & Back Office Administration: Firms should carefully determine what types of middle and back office services they require and where they might be able to get creative. Can an outsourced administrator assist with accounting? These are often areas where outsourcing makes the most sense and firms can save on personnel costs while leveraging the expertise of third-party vendors. Compliance and human resources can also fall into this category.

Even with solid performance and operational infrastructure, it is still challenging for smaller investment firms to compete with their larger counterparts. A few possible advantages to remember for the Davids out there:

Smaller funds tend to deliver more alpha.

A smaller fund can access thinner markets than larger firms.

Many investors value a higher-touch service and more personal communications afforded by smaller firms.

Special thanks to our esteemed panelists for sharing their expertise this week in San Francisco!

  • Jason Gerlach, Managing Partner, Sunrise Capital Partners

  • Ted Bruenner, Portfolio Manager, Cypress Point Solutions

  • Joseph Doncheski, Chief Operating Officer, Kayak Investment Partners

  • Ed Tedeschi, Principal, Rothstein Kass

  • Mike Hartig, Director, Eze Castle Integration

Guide to cloud computing in hedge fund industry

Photo Credit: Deviant Art

<![CDATA[The Latest from Apple: 5C, 5S and iOS 7]]>, 10 Sep 2013 00:00:00 -0400 eci In traditional fashion, Apple conducted their latest smartphone release event today at their headquarters in California. This year’s hot topics were the company’s two new product models: iPhone 5C and iPhone 5S, as well as the new iOs7 software update. If you missed the announcement, here’s a quick recap:

Software Updates

  • iOs7 will be officially released on September 18. The new software has a beautiful, feature-rich design. One of the key feature changes is the restructuring of the camera roll. iOS7 now groups all of your photos into different moments (legible thumbnails), based on time period, similar to iPhoto. There are also additional photo effects that can be applied during or after shooting.

  • Siri has also vastly improved. Her new voice command capabilities allow for the search and pull of information directly from both Wikipedia and Twitter.

  • iOs7 will also feature iTunes radio (a competing service to those like Pandora and Spotify) a revamped notifications center and a variety of new sound effects. The new software update supposedly gives a totally new feel to the iPhone.

iPhone 5S

Set to be released on September 20, the 5S is an incremental update to the iPhone 5, similar to previous ‘S’ updates. It comes in three new colors: champagne, silver and graphite. It’s most impressive feature is a fingerprint sensor for increased security and convenience. The sensor is made from laser-cut sapphire crystal and is built into the home button, providing 360 degrees of readability. In addition to unlocking the home screen, the sensor can also authenticate App Store purchases, negating the annoyance of having to enter long and complicated passcodes on multiple occasions.

The 5S is powered by a new A7 chip. Phil Schiller, Apple’s Senior VP of Marketing, calls it the first 64-bit smartphone chip on the market. It is supposedly twice as fast as other processors withgraphics dramatically faster than those of its competitors. They also installed a M7 chip which acts as a motion co-processor, enabling a new line of health and fitness apps – a move that signifies the potential for an iWatch in the near future.

There is also an upgrade to the camera; megapixels were not clearly defined, but there is a new image censoring system and a dual-LED flash. This new high-end model will sell for $199 for the 16GB, $299 for 32GB, and $399 for 64GB (with a wireless contract).

iPhone 5C

The iPhone 5C is Apple’s new “beautifully plastic” phone. It is significantly cheaper in price -$99 (with a contract) for a 16GB model. Apple is trying to break into new economic brackets with this model, as well as appeal to emerging markets such as Brazil, Russia, India and China. The 5C comes in five different shades, including white, pink, blue, green, red and yellow. The iPhone 5C is very similar to the current iPhone 5, including dual-core CPU, 4-inch retina display and a 8-megapixel camera. An exciting upgrade: the battery life is projected to be better than the iPhone 5.

Today’s information release proved to be fairly standard and in tune with Apple’s steady progression. With Samsung making leaps and bounds in the past calendar year, Apple needs to deliver with these recent updates in order to stay in control of the market. The iPhone was revolutionary when it initially came out, but rival products continue to come out at better prices and with newer features. Apple needs to keep up with their creative regimen in order to stay on top of the innovation pile.

The pressure is on.

Photo Credit: Flickr & Wikipedia

<![CDATA[From the Comm. Room to the Cloud: Webinar Recap & Replay]]>, 05 Sep 2013 00:00:00 -0400 eci While it’s not the sexiest aspect of a hedge fund’s operations, a firm’s technology infrastructure is critical to its success. But a major consideration lies in choosing what type of infrastructure to use, and accordingly, where to host it.

Earlier today, we picked the brain of our Vice President of Client Technology, Steve Schoener, and asked him to share his expertise on the key drivers for firms migrating to the cloud. He also shared two examples of clients who’ve successfully transitioned to the cloud for various reasons. Below is a short recap of Steve’s presentation.

Would you rather watch the full replay? Scroll down or click here.

The Right Time to Think About the Cloud

We find that there are typically three points in time when it makes sense for an investment firm to think about moving to the cloud.

Office Relocation
If you’ve outgrown your office space or need to relocate for any reason, it may be a good time to evaluate your infrastructure. Firms can save money by eliminating the need to build out a new Comm. Room in a new office, as the price of real estate, power, cooling and other resources can be quite expensive to incur. Plus, think about how easy the moving process will be without having to worry about moving your complete infrastructure. There is inherently less work and less risk involved in moving to the cloud during this time of relocating offices.

Hardware Refresh
There comes a time when your firm’s hardware will reach the end of its lifecycle, and it will be time to make a significant investment in new technology. Similar to relocating offices, the idea of transitioning from in-house hardware to the cloud offers promising results and less upfront expenses. The migration process is mostly painless and similar to upgrading to new hardware on an on-premise solution.Inquiring Minds Want to Know

Adding a New Application
Your firm may also decide to reevaluate its infrastructure options when the time comes to add a new application to its suite. For example, adding an order management system, with the cloud, can take merely hours, and firms are no longer tasked with unpredictable costs as a result. In most cases, adding a new application to the cloud is non-disruptive and does not affect the user experience.

Inquiring Minds Want to Know

Here are Steve’s answers (paraphrased, of course) to some commonly asked questions we see from our clients about the cloud:

  • What are my peers doing? Nearly everyone is moving to the cloud; we’re seeing almost all new business clients choose a cloud solution, and many existing firms are migrating over as a result of many of the circumstances mentioned above.

  • What will investors think? While investors were previously skeptical of the cloud and asked endless questions during due diligence requests, nowadays investors are extremely comfortable with cloud solutions and are oftentimes asking firms why they AREN’T in the cloud. Not to mention, in a post-Sandy world, investors do not want to see firms with infrastructures located on-site.

  • What are the cost differences between the cloud and on-premise solutions? In many cases, the long term costs between the two solutions will not vary dramatically. The real savings from the cloud are realized upfront, as firms do not have to commit to capital expenditures of day one and, instead, utilize predictable, ongoing cost models.

  • What about security in the cloud? In my opinion, the cloud is more secure than many technology infrastructures managed in-house by investment firms. Eze Castle invests significantly in our cloud in an effort to make it the most secure environment for our clients.

Client Case Studies

We examined two client scenarios whereby firms made the move to the cloud for different reasons. Watch the replay below and listen to what Steve had to say about each of these circumstances and why it made sense for these clients to choose the cloud over an on-premise solution. (Jump to 17:32 for our first case study).

Contact an Eze Castle representative

Photo Credit: iStock

<![CDATA[National Preparedness Month: The Why, How & What]]>, 03 Sep 2013 00:00:00 -0400 eci Would you be ready if there were an emergency today? Would your employees know what to do? September is National Preparedness Month (NPM) which is sponsored by the Department of Homeland Security and FEMA’s The Ready Campaign in an effort to increase awareness for individuals, businesses, families and communities. NPM aims to encourage the public to make preparedness a part of their daily lives and stresses the importance of being ready for the unknown.

Why should you focus on being prepared?

By teaching your employees why to prepare, your firm will not only demonstrate its importance, but employees will also maintain this knowledge and expertise that will help keep the business operational. Preparation can mean the difference between a successful and failed recovery, both personally and professionally. Educating your employees on what they’ll need at home, where to go, who to contact, etc. will equip them with the right information they’ll require at the time of an incident. With the proper information readily available, employees can focus on helping resume business operations more quickly. Preparedness Month - September 2013

How do you prepare your employees?

Preparing your employees begins with training geared towards how to respond to an incident. Training is typically more helpful if conducted multiple times, various ways and with additional variables involved in the program. There are a number of ways you can begin preparing your employees. Following are some of the techniques we recommend:

  • Employee training exercises – A great starting point for any awareness program. This employee training should focus on where to go, who to contact and what to do at the time of an incident.

  • Tabletop exercises – Typically includes key members of the firm who are responsible for ensuring their employees are accounted for, safe and able to continue business operations. Tabletop exercises take these members through an imitation real-life scenario and focus on how to recover.

  • Posters – Typically high-level information posted throughout the firm’s high-traffic areas to increase awareness.

  • Checklists – These can be lists on crucial items to have on-hand, key contacts, local hotels, etc. These checklists are typically provided for employees to fill out and keep with them for a time of need.

  • Guides on Personal Preparation – This includes key information assisting employees on how to prepare, respond and recover on a personal level.

What should be included in your awareness program?

It’s important for your firm’s awareness program to first define who in the company will be the leaders of the incident response. These leaders will be the main points of contact Preparedness Month - September 2013for employees throughout the response process. Other key information to include in the firm’s awareness program is where employees will go and how they will access the firm’s network. Not only should employees have this information readily available to them, but the awareness program ought to also include high-level material such as the items below:

  • An assembled emergency kit – For the office and suggestions for employees’ homes

  • An emergency plan – For the firm, your employees’ families and/or homes

  • Staying informed – Identifying what information is available to the firm and the employees

  • Getting involved – Having employees test remotely, knowing what resources are available at the time of an incident, etc.

Through various training exercises over time, your employees will begin to understand the importance of being prepared for the unknown. Equipping your employees with the right information both personally and professionally will give them peace of mind that they’re ready and can handle anything that comes their way. Once they know what to do, where to go, and have the vital resources to assist in recovering, your employees will be able to return their focus to business operations easily and quickly.

Eze DR/BCP Guidebook for Hedge Funds

<![CDATA[What to Look for at the Hedge Funds World Asia Conference]]>, 29 Aug 2013 00:00:00 -0400 eci Next week, from Wednesday 4th – Thursday 5th September, Eze Castle Integration will be participating at Asia’s most established & strategic hedge fund gathering - the 2013 Hedge Funds World Asia Conference at the Harbour Grand Hotel in Hong Kong. Eze Castle’s representatives will be in attendance for both days to tech talk and answer any questions, so stop by our booth and say hello!

Hedge Funds World Asia is now running in its 16th year, bringing together Asia’s leading family offices, pension funds, sovereign wealth funds and private banks with the world’s leading hedge funds, fund of funds and asset managers for two days of discussion and debate designed to formulate solutions to the key challenges affecting the Asian alternative investment industry.

In preparation for the conference, I have reviewed the agenda and selected a few topics that will interest our readers.

Due diligence

The 2008/2009 financial crisis prompted stricter regulations on the financial services industry and significant changes in the way investors evaluate investment managers in an effort to increase transparency.

Operational due diligence has become a hot topic amongst the alternative investment industry. Investor’s due diligence requirements now focus heavily on increased transparency, robustness of infrastructure and quality of service providers. Most common questions you can expect to see in a due diligence questionnaire are around a service provider’s organisation, annual assessments and audits, and access control. Network and physical security policies, disaster recovery, and backup procedures are also critical areas of focus.


Hedge funds are more welcoming to the idea of outsourcing their technology needs to expand their offerings and enhance productivity in today’s climate.

There are many important factors for hedge fund managers to consider when evaluating a service provider. These range from the breath of solutions, depth & quality of staff, experience in development, project management experience, hosted/private cloud infrastructure options, disaster recovery policies & procedures, and vendor relationships.

Download our guide to technology outsourcing, which outlines:Eze Outsourcing Guidebook for Hedge Funds

  • Laying the foundation of an outsourcing plan

  • Cloud computing

  • Hosted IT environments and managed services

  • Colocation

  • Outsourcing FIX connectivity

  • Outsourced staffing options

  • Pricing models

Implications of recent global regulatory developments for the Asian fund manager

The rapidly evolving world of global regulations continues to present many challenges for the financial services industry, and Asia is not immune to global regulatory developments. Further regulatory changes to enhance investor protection may be inevitable, albeit with different priorities.

Check out some of our recent articles on global regulation:

And don't forget to stop by our booth at Hedge Funds World Asia for some tech talk and a chance to win an iPad mini!

To learn more about the conference, visit:

<![CDATA[The Good, Bad and Ugly of the Nasdaq Outage]]>, 27 Aug 2013 00:00:00 -0400 eci The three-hour outage on the Nasdaq last Thursday has us channeling Clint Eastwood as we look at the Good, the Bad and the Ugly of the outage. As a refresher, the Nasdaq exchange halted trading shortly past noon ET after it became aware of a problem disseminating price quotes.

With a few days to hone our 20/20 hindsight glasses, here is my take.

Nasdaq outageThe Good (We use the term “good” pretty loosely.)

  • The Nasdaq shutdown appeared to occur in an orderly manner and didn’t disrupt other parts of the stock market.
  • Timing was “good” as it happened during the summer on a relatively quiet day and certainly didn’t have the same impact as the Flash Crash of 2010, which also happened on a Thursday.
  • Technical issues were resolved in the first 30 minutes of the shutdown according to Nasdaq and the remaining time was used to coordinate with other key stakeholders (i.e. exchanges, regulators, etc) for an orderly re-opening 35 minutes before the market close.

The Bad (This category is pretty self-explanatory. Nobody likes downtime!)

  • Trading came to a halt for three hours and as a result about 3,200 Nasdaq-listed stocks were paralyzed.

  • The shutdown was sudden, unexpected and certainly made investors nervous.

  • Some Nasdaq officials are sourced as saying “their technicians should have been able to manage the problems and avoid the halt,” which isn’t exactly a vote of confidence that this won’t happen again. That said, exchanges as well as regulators are taking this very seriously.

The Ugly (What are the aftershocks from the outage?)

  • The heat is on. The Nasdaq outage places more pressure on the exchange and others to ensure something of this nature doesn’t happen again.

  • Some say if glitches continue it could “undermine confidence at a time when U.S. stock indexes are near records but many investors are anxious about asset prices.”

  • Finger-pointing between Nasdaq and NYSE has begun as the SEC asks both sides for a recount of events leading up to the shutdown. The role in the outage of NYSE's electronic stock market, Arca, is at the heart of the disagreement as the halt was proceded by connectivity problems between Arca and Nasdaq’s Securities Information Processor (SIP).

  • On September 12, SEC Chair Mary Jo White will meet with the heads of Nasdaq and NYSE to discuss the outage. Sources say part of the meeting will cover the resiliency of Nasdaq’s SIP, which is used to consolidate and distribute stock prices.

We'll certainly be tuning into the September 12 meeting. Will you?

Source: WSJ, Nasdaq in Fresh Market Failure

<![CDATA[Giving Back: Eze Castle Philanthropy Goes 'Back to School']]>, 22 Aug 2013 00:00:00 -0400 eci Every once in a while, it’s important for us to talk about issues bigger than technology. At Eze Castle Integration, we make a conscious effort to stay philanthropic and keep the larger community in our minds and hearts.

As you know, we are global sponsors of Help for Children (formerly Hedge Funds Care) and regularly participate in their fundraising efforts both in the United States and abroad. Our Managing Director of Service, Vinod Paul, even sits on HFC’s Global Board of Directors and is involved in planning and organizing efforts to raise money for children affected by child abuse.

Each February, we hold a ‘Like for Life’ campaign through our Facebook page, and for every new like we receive, we donate $1 to a charitable organization. In 2012, we supported The Alliance for a Healthier Generation, a foundation recognized by the 100 Women in Hedge Funds annual philanthropy conference in Boston.Back to School Backpack Drive

This summer, we are proud to say we’ve organized our 4th Annual Back to School Backpack Drive in our Boston office and are collecting school supplies to support School on Wheels of Massachusetts, a nonprofit dedicated to improving the lives of children living in homeless shelters.

This year, we’ve even extended our Backpack Drive efforts to other US offices and will be supporting the following organizations:

  • Stamford, CT: Southern New England Salvation Army

  • Chicago, IL: SOS Children’s Village IL

  • New York, NY: Volunteers of America

  • San Francisco, CA: United Way of the Bay Area

Beyond efforts organized directly by Eze Castle, we also encourage our employees to support their communities individually, and we are committed to matching gifts our employees make to charitable organizations. Whether it’s a backpack full of school supplies or a fundraising event sponsorship, here at Eze Castle we recognize the importance of community involvement and hope to spread that awareness and significance to other organizations and individuals.

A BIG thank you to our employees who participated in this year's Back to School Drive!

Photo Credit: Eze Castle Integration

<![CDATA[Living the PC Life: Intel Study Shows Consumer 'Digital Dependence' on PCs]]>, 15 Aug 2013 00:00:00 -0400 eci In contrast to frequent news articles declaring that the end is near for the PC market, a new study by IDC reports that consumers still rely on PCs most of the time.

The Intel-sponsored InfoBrief surveyed nearly 4,000 U.S. adults about their computing trends and purchases and found that 97 percent of them use a PC as their primary computing device. Yet conflicting reports show that PC sales are declining at rapid rates, and tablets, in particular, are eating up the market share. Lenovo reported this week that their tablet and smartphone sales outnumbered PC sales in the first fiscal quarter – a quarter in which all of the top five PC vendors saw a decline in shipments.

But Intel’s report maintains that PCs are necessary, particularly for consumers, and especially when it comes to maximizing productivity. Tablets and smartphones, it suggests, are not designed to enable users to be productive, which may explain why respondents indicated they spend 50 percent of their digital device time on a PC (compared to 31% on a smartphone and 20% on a tablet).

Intel Digital Dependence on PCs

From a business and enterprise perspective, the jury is still out on whether tablets or traditional PCs and notebooks are more effective. With the ‘bring your own device’ trend gaining steam, many expect tablets to maintain an edge. But don’t forget to carefully analyze your business’ needs when determining whether PCs or tablets are the right fit. Be sure to evaluate the following factors when comparing devices:

  • Short and long-term costs

  • Integration with applications and multiple operating systems

  • Storage capacity

  • Screen size and interface (keyboard vs. touch)

Where do you stand? Are you a PC believer or a tablet convert?

Photo Credit: Intel

<![CDATA[Welcome MixBit (and Eze Boston!): The newest video sharing app]]>, 08 Aug 2013 00:00:00 -0400 eci Every once and a while we like to deviate from our business technology and operations articles to look at a new technology that has applicability to consumers as well as businesses. Today we look at the newly released MixBit, which in all honesty, is more applicable to consumers at this point.

MixBit was created by the founders of YouTube and just released today for iOS. MixBit fills the void (if you can call it that) between Vine and Instagram Video. With Vine videos can only be 6-seconds and with Instagram they can be 15-seconds.

MixBit not only takes the bold step of increasing the size to 16-seconds but also makes blending multiple clips together easy so videos can be longer.

Aside from the 1 second advantage, MixBit is unique in its ability to let users remix video clips with others they find on the site.

To see what MixBit can do, I created this 16 second “tour” of our Boston office. Nothing fancy, but certainly user-friendly.

Will you be giving MixBit a test drive?

<![CDATA[Why a Disaster Recovery Activation is So Much More Than a “Test”]]>, 06 Aug 2013 00:00:00 -0400 eci As you know, we encourage our clients to regularly test their disaster recovery systems (at least twice a year!). But believe it or not, there is actually an even better preparation for a DR situation - a planned activation.

In recent years, Eze Castle has seen a large increase in requests for planned activations amoungst our hedge fund clients. Why? A few notable reasons include:

  • Compliance purposes

  • Investor due diligence requests

  • A desire for more comprehensive scenario-testing

“But isn’t a planned activation the same thing as a DR test?”

I thought you might ask that! Believe it or not, they are two very different scenarios. Here’s the basic difference:

  • Planned Activation: The DR site is actually active and in use, and replication back to the production site is required.

  • Test: The DR site is only being accessed and tested, and any changes made during the DR test are overwritten when replication is restarted.

Below are a few other distinctions between DR activations and DR tests.

Disaster Recovery: Activations vs. Tests

With a planned activation, your DR provider has the luxury of time to prepare for the failover and failback, as this is not an automatic process and does not occur with ‘the flip of a switch.’ In this case, the disaster recovery team has ample time to notify internal groups and third parties, identify any risks or key areas of focus, and secure necessary service resources.

While there are a lot of cogs in the DR wheel and parties involved in making sure your DR activation runs smoothly, here is a quick snapshot of what the activation process looks like on both ends:


  1. Production services are disabled, including Exchange, SQL, Citrix, file shares, etc.Disaster Recovery Cog

  2. Replication is stopped from production to DR.

  3. Applications are brought up in the DR site.

  4. Clients work out of the DR site until test activation is completed.


  1. Replication begins from DR to production.

  2. Access to the DR site is closed.

  3. All applications and services in DR are shut down.

  4. Replication is completed between DR and production.

  5. Service is restored in production and all applications are tested and verified.

  6. Upon confirmation of restoration, replication is restarted from production to DR.

Our Eze Disaster Recovery Team works diligently with our hedge fund clients to plan activations and tests to meet the individual needs of each firm. You can learn more about our Eze DR service here.

Finally, you may also enjoy the following reference articles on hedge fund disaster recovery:

Contact an Eze Castle representative

Photo Credits: Eze Castle Integration and Pixabay

<![CDATA[In Business Continuity Planning, Employee Communication is Vital]]>, 01 Aug 2013 00:00:00 -0400 eci Remember earlier this week when we said we’d be talking more about BCP communication? Well, you know we always keep our word!

A successful business recovery requires more than the ability to access critical systems and applications. It also requires effective communication. It is vital to communicate with your employees about the procedures of your business continuity plan before, during and after an incident. By doing so, you set the wheels in motion by creating the guidelines for the firm’s recovery.

Effective communication should include, but not be limited to:

1) Accounting for employees;

2) Setting workload expectations; and

3) Providing employees with recovery status updates.

Let’s take a deeper look into those strategies.

In a disaster, account for all employeesAccounting for Your Employees
At the first sign of any major disruption, accounting for your employees should be at the top of the to-do list. At the core of every product or function within a firm are the people. And ensuring those people stay safe should be one of your company’s main concerns. Ask yourself critical questions:

  • Who isn’t in the office today?

  • Do you have emergency contact information in case you can’t get in touch with someone?

  • Were there any employees near the affected area?

A designated member of the Incident Response Team (the firm’s leaders who oversee the incident) should work with Human Recourses to track down and reach out to every employee, ensuring their safety. If employees are in an affected area, determine whether the firm will offer assistance to those in need. Accounting for employees’ safety will illustrate to employees that the priority is not only resuming business operations, but also ensuring the safety of the firm’s staff. Once employees are safe and accounted for, workload expectations should be set.

Set employee expectations during a disasterSetting Workload Expectations
Have you ever been left in the dark wondering what was happening? Leaving your employees to wonder can cause confusion about their responsibilities and next steps and ultimately lead to downtime. By reaching out to employees at the beginning stages of an incident, you are able to demonstrate the firm’s awareness and set the workload expectations for the organization as a whole.

Here are some more critical questions to ask:

  • Will staff be allowed to work from home?

  • Is it safer to keep them in the office for the time being?

  • Will you be sending employees home in waves or all at once?

Setting these expectations at the first sign of disruption will demonstrate to your employees that someone within the firm is in control of the situation and that they needn’t worry. Once these expectations are set and business operations resume, the incident response leaders should focus on providing timely updates ensuring awareness of the firm’s recovery efforts.

updated employees during a disasterProviding Recovery Status Updates
By providing recovery status updates throughout the incident, employees will calmly be able to support the recovery efforts. Depending on the severity of the incident, it should be communicated to employees that these status updates will be provided in a well-timed manner.

For instance, during Hurricane Sandy some firms set the expectation that status updates would occur every few hours. These high-level updates should include a recap of the event, what the firm knows and what response leaders are proactively doing to recover. If there are multiple offices, employees traveling, etc. those updates should be included in how they are being affected by the incident. Once the incident has been resolved, the last recovery status communication should be an incident recap.

Provide answers to the following critical questions:

  • What happened?

  • What did the firm do?

  • How did the firm react?

  • What was successful?

It is extremely important to have a communications plan outlined prior to an incident occurring. Delegating who will communicate to employees and what will be communicated is a vital piece to any business continuity plan and any firm’s successful recovery. By communicating effectively, your firm demonstrates its proactive approach to not only your employees, but external business partners as well.

About the Author: Katharine Washburn is a Business Continuity Analyst at Eze Castle Integration and regularly works with our hedge fund and alternative investment firm clients on their business continuity planning. Learn more about our Eze BCP Services HERE.

disaster recovery articles for hedge funds]]>
<![CDATA[Three Critical Steps to Business Continuity Planning Success]]>, 30 Jul 2013 00:00:00 -0400 eci Successfully implementing your business continuity plan requires more than just ensuring your systems are operational and accessible. Success starts with your employees – those who maintain the expertise and knowledge to keep your business operational. Communicating appropriate BCP steps to your employees is essential in ensuring your business is not impacted by a disaster or disruption. But more about BCP communication on Thursday…

Following are three critical steps firms should take to find business continuity planning success:

1. Identify a specific evacuation site in the event of a disaster. Designate a safe location for employees to gather if your firm’s building is evacuated. Don’t forget to:

  • Make sure the site is ALWAYS accessible. For example, don’t choose a restaurant as your evacuation site if they don’t open until 11 a.m. or are closed on Mondays.

  • Communicate the evacuation site details to all employees, including those who work at client sites. Because not all employees will necessarily be in the office when a disaster occurs, anyone off-site or returning from a meeting should know where to report to.BCP Success

2. Designate a team of disaster leaders. Determine who will make the executive decisions when a disruption occurs. This team is often referred to as an Incident Response Team, Recovery Management Team or Business Recovery Team.

  • The goal of this team is to ensure that a group of employees in leadership roles are responsible for declaring the situation a disaster, overseeing the incident, and delegating tasks as necessary.

  • The leaders will also determine whether employees should be sent to another location to work (e.g. home, alternate office, etc.) or remain at the evacuation site in hopes that the office will reopen.

3. Provide remote office instructions for employees. If your employees can’t return to the office, but your business needs to remain operational (which, of course, it does!), then employees will either need to work from their homes or an alternate location. Managers should be clear about setting expectations for employees when they are working outside of the primary office location. Be sure to provide employees with the following critical information:

It is important to have a complete and well-detailed business continuity plan, but it’s even more essential to ensure all employees understand the plan and what their individual responsibilities and expectations are. The information we’ve outlined above can easily be printed on a wallet card or quick reference card (QRC) and distributed for employees to keep on them or at their homes.

Once it’s clear to employees what is expected of them, they will focus on ensuring their daily tasks are completed, and ultimately, this will lead to ensuring your business does not suffer additional disruptions at the hands of a disaster.

Be sure to return to Hedge IT on Thursday to learn more about the importance of communication in business continuity planning!

In the meantime, you can read up on more of our BCP resources, such as these:

Photo Credit: Seeking Alpha

<![CDATA[Training Your Employees on Information Security Awareness]]>, 25 Jul 2013 00:00:00 -0400 eci You guessed it. It’s Security Week here on Hedge IT! Today, we’re diving into a topic that we’re passionate about – education and awareness.

We’ve told you about the types of threats that can harm a business, the steps you should take in the event of a security incident, and the policies you should create to keep your organization safe. But now it’s time to talk about training your employees to understand each of these.Security Awareness Training

A firm’s security strategy will only work if employees are properly trained on it. Therefore, the importance of providing information security awareness training cannot be understated. The goal of an awareness program is not merely to educate employees on potential security threats and what they can do to prevent them. A larger goal should be to change the culture of your organization to focus on the importance of security and get buy-in from end users to serve as an added layer of defense against security threats.

Once you have buy-in from employees, your focus can turn to ensuring they get the necessary information they need to secure your business. An effective security awareness program should include education on specific threat types, including but not limited to:

  • Malware

  • Trojans

  • Viruses

  • Social engineering

  • Phishing

Another important area to address is the importance of password construction and security. Seems minor? It’s not. Believe it or not, password cracking is remarkably easy, particularly for advanced hackers. And this ‘minor’ step that users take every day could make a significant difference in protecting your firm’s sensitive information. Read more about creating safe and original passwords here.

Training materials should also review corporate policies and clearly detail consequences for any suspicious or malicious behavior amongst employees. For your convenience, we’ve compiled a variety of information on various security policies, including:

As far as logistics are concerned, the size and scope of your organization will be a key factor in deciding whether you want to design and implement your own security awareness training or leverage the expertise of a third-party company. Be sure to weigh the pros and cons of each.

PRO to using an outside training company? Your firm saves its time and resources by allowing an experienced firm to implement the training. Materials can also be pulled together and implemented much quicker.

CON? It will likely be a standard training program and won’t necessarily be tailored to meet the unique needs of your firm.

For additional resources on developing an information security awareness program, visit the National Institute of Standards and Technology (NIST).

Hedge Fund Security Guidebook

Contact an Eze Castle representative

Photo Credit:

<![CDATA[Oracle Warns IT Security Not Protecting the Right Assets: Hedge Funds Take Notice]]>, 23 Jul 2013 00:00:00 -0400 eci man thinking about securityIt has been said that cyber security is becoming what disaster recovery was 20 years ago -- the threat is real and increasing at a notable rate, and precautions must be taken. As a result, studies abound about the potential impact of security threats on a company.

Just last week, CSO Custom Solutions Group and Oracle raised the question of whether companies are protecting the right assets. Based on a survey of 110 companies, including financial services firms, CSO and Oracle found that most IT security resources in today's enterprises are allocated to protecting network assets, even though the majority of enterprises believe a database security breach would be the greatest risk to their business.

Following are specific survey findings pulled from the report that aim to make the case that firms should focus more on protecting core systems (i.e. apps, databases) versus the network layer:

  • Nearly 66 percent of respondents said they apply an inside-out security strategy, whereas 35 percent base their strategy on end-point protection.

  • However, spending does not align, as more than 67 percent of IT security resources -- including budget and staff time -- remain allocated to protecting the network layer, and less than 23 percent of resources were allocated to protecting core systems like servers, applications and databases.

  • 44 percent believed that databases were safe because they were installed deep inside the perimeter.

  • 90 percent reporte the same or higher, level of spend compared to 12 months prior. The survey shows that 59 percent of participants plan to increase security spending in the next year.

  • In 35 percent of organizations, security spend was influenced by sensational informational sources rather than real organizational risks.

  • 40 percent of respondents believed that implementing fragmented point solutions created gaps in their security, and 42 percent believe that they have more difficulty preventing new attacks than in the past.

The study highlights the need to take a thoughtful approach to IT security and understand the changing landscape. However, companies, especially smaller ones, need to be realistic about the amount of security they can handle/afford. Eze Castle Integration helps clients tackle this consideration on a daily basis and can be a great resource.

Here are some other helpful articles:

Hedge Fund  Security Guidebook

Source: Oracle
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

<![CDATA[Ok Glass, Let's See What You Can Do]]>, 18 Jul 2013 00:00:00 -0400 eci Mirror, mirror on the wall. Ok Glass, who is the fairest of them all?

Goggle GlassThis is how I envision the modern day queen in Snow White receiving her daily validation. Why? Because Google’s Glass, a wearable smartphone, has the potential to shift how we function and put us all on the path to talking to ourselves on a daily basis.

Google Glass is one example of how smartphone technology is ditching the confines of phones and moving into new form factors including glasses and watches.

Currently, about 8,000 “Explorers” are testing Glass and experiencing how beginning a sentence with “Ok Glass” can dramatically change how you receive information. Earlier this month, Google provided more details on Glass and promised wider availability in 2014. They also took steps towards squashing privacy concerns.

The Glass screen, when activated, looks “a lot like a 25 inch color TV floating about 8 feet in front of you,” and the glasses weigh about as much as a pair of sunglasses.

So what can Glass do?

Pretty much anything your smartphone can do but with the added benefit that it is hands-free and looks {insert your descriptor}. Here is a rundown of the features:

  • Google Glass MapSearch: Saying “Ok Glass” gets you the information you need whether it is trivia answers or language translation.

  • Navigation: No more taking your eyes off the road to check out your GPS. Glass projects the turn by turn directions right in front of your eye.

  • Gmail & Calendar: Glass makes checking “email quick and easy” (according to Google).

  • Phone & SMS: Ditch your Bluetooth ear piece for Glass and gain the benefit of speech-to-text transcription.

  • Photos, Videos & Video calls: This is where the privacy concerns really start because early versions of Glass do not have a dedicated indicator light to show when a video or photo is being taken.

Google aims to easy privacy concerns by explaining, the “device’s screen is illuminated whenever it’s in use, and that applies to taking a picture or recording a video.”Additionally, Glass requires a verbal command to operate, so listen for “Ok Glass, take a picture” or “Ok Glass, record a video.”

Here’s a video on how life feels through Glass

Sources: Google
<![CDATA[As BlackBerry Woes Continue, We Wonder ‘What’s Next?’]]>, 16 Jul 2013 00:00:00 -0400 eci This week, Research in Motion officially became known as BlackBerry Ltd. But will the name change really change anything for this struggling company? It’s hard to say.

BlackBerry’s woes have multiplied of late, with personnel changes, price cuts and stakeholder dissatisfaction making headlines. Just this month, two long-time board members announced they will be stepping down, while CEO Thorsten Heins continues to ask shareholders for patience as the company tries to reinvent itself and compete with its successful rivals.BlackBerry Z10

On the smartphone market front, BlackBerry’s struggles continue. According to Gartner, BlackBerry's market share has dwindled from over 50 percent in 2009 to less than 3 percent. BlackBerry’s newest device, the Z10, has already lost its luster. US smartphone carriers including AT&T and Verizon have slashed prices from $199 to just $99, less than four months after the phone’s initial release. Retailers like Amazon and Best Buy are doing one better, and selling the phones for as low as $49 under contract.

To make matters worse, speculation is that BlackBerry is also planning to cut more jobs, signaling to many that the company is a long way from rebounding. There is positive news, however. Believe it or not, BlackBerry revenue was up 15 percent in the first quarter of fiscal 2014 compared to the previous quarter.

The company also recently announced it sold 18,000 iterations of its BlackBerry Enterprise Service (BES) 10 since its launch at the beginning of the year. More than 60 percent of US Fortune 500 companies have deployed BES 10 or are currently testing it, demonstrating the company has yet to relinquish its hold on the enterprise market. As you'll recall, the Z10 must be managed by the BES 10.

So, what’s next?

Only time will tell what the cards hold for BlackBerry and whether the organization will be able to bounce back and play a competitive role in the enterprise and consumer smartphone markets. Stay tuned!

To read more about mobile devices on Hedge IT, check out these posts:

Photo Credit: Flickr]]>
<![CDATA[Prohibition Era Ends, Hedge Fund Advertising To Resume]]>, 11 Jul 2013 00:00:00 -0400 eci In a move likely to redefine the financial industry, the SEC voted this week to rescind an 80-year-old ruling prohibiting hedge funds from public advertising. The ruling comes as the result of the Jumpstart Our Business Startups Act (JOBS Act), which is intended to make it easier for small businesses to raise capital.

The Securities Act of 1933 was originally implemented following the stock market crash in 1929 as a means to regulate and control securities sold, requiring that funds register with the SEC unless they met an exemption.Hedge Fund Advertising

Under the new rule, hedge funds, private equity funds and other investment firms will have the opportunity to publicly solicit capital via a variety of commercial advertising outlets, including websites, print ads, and social media. Hedge funds have historically been quiet on such mediums, largely due to fear of noncompliance with regulations.

Many, however, do not expect advertising fever to catch on too quickly. According to Forbes, “it’s more likely hedge funds will start slow. Some may start thinking about a real marketing strategy for the first time. Others might find the new rule as an opportunity to provide some more detail on their website, or speak in public about their funds.”

More Details:

  • Hedge funds and other firms will be required to notify the SEC 15 days prior to a public offering

  • Companies who fail to notify the SEC in advance of advertising will be barred from making public offerings for one year

  • Investments in the offerings remain restricted; Only “accredited investors” with a net worth of at least $1 million may invest

  • The ban will be officially lifted 60 days after the ruling is published in the Federal Register

The SEC also voted to propose a “package of investor protections” in hopes of better policing the private offerings that will ensue.

Looking for more information on hedge fund marketing? Check out our Hedge Fund Marketing Knowledge Center and learn how to stand out from the crowd!

Photo Credit: CNN Money

<![CDATA[Acceptable Use Policy: A Recipe for Success]]>, 09 Jul 2013 00:00:00 -0400 eci Here at Eze Castle Integration we have a pantry full of thoughtful policies that help ensure we keep everything in tip-top shape. In past Hedge IT articles, we’ve shared our recipes for creating security incident policies, BYOD policies and social media policies.

Today, we are going to share our recipe for creating an Acceptable Use Policy, which governs how a company and its employees use computing resources. The SANS Institute, which has policy templates galore, also has an Acceptable Use Policy template that you can find HERE and is the foundation for our award-winning recipe.

First, define the purpose and scope of your policy by answering questions including:

  • Why are the rules in place (i.e. protect firm from virus attacks, compromising of the computing network, etc.)?

  • Who does the policy apply to (i.e. employees, consultants, contractors, etc.)?

Next, select the meat for the actual policy. While every firm’s palate is different, this gives you a taste for the types of ingredients typically included:

General Use and Ownership

  • Users should understand that the data created on the corporate systems is the property of the company, and that the company cannot guarantee the confidentiality of the information stored.

  • Employees must exercise good judgment when it comes to personal use and know that for security purposes, in some cases, authorized company individuals may monitor equipment, data or systems.Acceptable Use Policy - Recipe for Success

  • The company has the right to audit networks and systems on a periodic basis to ensure policy compliance.

Security & Proprietary Information

  • All computers and mobile devices should have password-protected screensavers with an automatic activation feature set to five minutes or less (ideally). Also, users should be trained to lock their computers and mobile devices when leaving them unattended.

  • Passwords should be kept secure, and employees should not share accounts. Additionally system-level passwords should be changed at least quarterly, and user level passwords should be changed every 90 – 120 days (ideally).

  • Employees should take all necessary steps to prevent unauthorized access to confidential information that resides on the company’s Internet/Intranet/Extranet-related systems

  • Employees must use caution when opening email attachments from unknown senders as they may contain viruses.

Unacceptable Use

Define what activities are generally prohibited unless necessary for the job function and what activities are 100% prohibited (i.e. illegal activities). Following is a sample list provided by the SANS Institute:

System and Network Activities
The following activities are strictly prohibited, with no exceptions:

  • Introduction of malicious programs into the network or server

  • Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws

  • Unauthorized copying of copyrighted material

  • Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations

  • Revealing your account password to others or allowing use of your account by others

  • Making fraudulent offers of products, items, or services originating from any company account

  • Effecting security breaches or disruptions of network communication

  • Circumventing user authentication or security of any host, network or account

Email and Communications Activities

  • Sending unsolicited email messages, including the sending of "junk mail"

  • Any form of harassment via email, telephone or texting

  • Unauthorized use, or forging, of email header information

  • Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type

Blogging & Social Media

Define your company’s policy on employees’ participation on social media sites while at work. Be sure to reaffirm that confidential information should never be shared via these outlets.


What disciplinary action will an employee be subject to if they violate this policy?


Be sure to define any terms included in the policy that you think employees may be unclear on – better to cater to the lowest common denominator to help ensure there is no confusion.

There you have it, a wonderful Acceptable Use Policy recipe. If we’ve piqued your appetite, be sure to give our other policies a try:

Bon Appetit!

Photo Credit: Istock]]>
<![CDATA[Happy Independence Day from Eze Castle!]]>, 03 Jul 2013 00:00:00 -0400 eci We hope all of our readers, clients, partners and friends have a great Fourth of July holiday! We'll see you back here on the Hedge IT on Tuesday, July 9th for more tech talk!

happy fourth of july from eze castle integration

Photo Credit: Istock

<![CDATA[Snapchat "Disappearing" Messages: What it is & why you should care]]>, 02 Jul 2013 00:00:00 -0400 eci You may have heard of it – the newest social media app that’s sweeping the 18-25 year old demographic – Snapchat. But what is it, and how could the technology behind it affect the business world?

What is Snapchat?

Snapchat is a photo messaging application in which users can take photos or record short videos on their smartphones, then add text or drawing and send them to select contacts. When sending the content, users have the ability to set a time limit for how long the recipients can view it (up to 10 seconds), after which the photo or video will disappear from the recipient's device.

Here’s a recent Snapchat ad that depicts how the app is used:

How could it affect businesses?

While the app itself is primarily intended for use in the social sphere, the technology that powers Snapchat has caught the attention of some developers in the business world. Companies that regularly send and receive emails with highly sensitive or proprietary information are interested in having the ability to make those messages disappear after they’ve been read.

The idea is that email content would never actually reach the recipient’s internal server. The sender enters the content into an email, then the recipient gets a separate email containing a link to access the content entered by the sender. After a pre-determined period of time (typically chosen by the sender), the link will no longer work.

But, as with any new technology, there are certain benefits and pitfalls to be cognizant of before employing these tools in the workplace.

The Prossnapchat logo
According to a recent Wall Street Journal report, proponents of this technology believe that vanishing emails could be very useful in an era when forwarding, printing or sharing sensitive emails with unauthorized third parties is as easy as one click of a mouse or tap on a touch screen. It can also help reduce the risk of a cybersecurity breach. Email, as with other forms of online communication, has a high degree of permanence. An organization could face a public relations nightmare if years of stored emails are compromised. In theory, this technology could help prevent that scenario.

The Cons
In May, 2013, a Forbes investigation into Snapchat showed that the photos and videos don’t actually disappear from the receiver’s device. In fact, with just basic IT skills, they found the content can be retrieved long after its time limit expires. The Electronic Privacy Information Center has also filed a complaint with the FTC stating that Snapchat has been deceiving users by leading them to believe that their images are destroyed within seconds of being viewed. In a business setting, this flaw could result in sensitive information becoming easily accessible to even the most minimally-skilled hackers, which could make the firm susceptible to a major security breach.

In the financial services space, email archiving and retention are among companies’ top compliance concerns. Disappearing emails could pose a challenge in this area. So far, no direct legislation has been put in place to regulate the types of content that must be retained versus those that can be used in vanishing emails, so this is a bit of a gray area for the time being.

As developers continue to enhance this technology and regulators begin to formulate guidelines for using it in a business environment, disppearing content will likely become a hot discussion topic. Keep an eye out for more developments, and be sure to consider all of the pros and cons before deploying this technology for personal or professional use.

Hedge Fund Security Guidebook

Photo Credit: Shuttershock

<![CDATA[...And Many More: Happy 18th Birthday, Eze Castle!]]>, 27 Jun 2013 00:00:00 -0400 eci This month, Eze Castle turns 18! The company, founded in 1995 by childhood neighbors John Cahaly and Sean McLaughlin, has grown into a global technology operation with offices in the United States, Europe, and Asia. In honor of the Castle’s (that's our little nickname for ourselves) 18th birthday, let’s take a look at 18 fun facts highlighting not only our successes on a company level, but those of the wonderful employees who make it all possible.

Happy Birthday Eze!

<![CDATA[IT Ownership & Data Protection: A Security Roadmap]]>, 20 Jun 2013 00:00:00 -0400 eci Earlier this week, our friends at Varonis Systems joined us for a webinar to talk about information technology ownership and hedge fund data protection. IT threats as a result of external hackers or internal security breaches are on the rise, and therefore firms are encouraged to protect and audit file data in order to answer two simple questions:

Who has access to my data?
Who has accessed my data?

Let’s take a closer look at how Varonis helps investment firms accomplish this.

Context is king

Firms can hasten data protection by achieving a greater amount of context awareness. Some contextual questions to ask are:

  • Who owns the data?

  • Who uses the data?

  • Who should have access?

  • Who should not have access?

  • Who granted access?

  • Who moved my data?

Firms have complex ecosystems in which there are many different people who will interact with data (business users, IT and data owners), formats through which data will be presented (PDFs, media, video), and IT infrastructures to manage data (Exchange, Windows, SharePoint). Answering the above questions is necessary for a firm to understand how it can efficiently protect its valuable and sensitive data. Companies should optimize metadata functionalities to answer these questions and protect data through accessibility, collaboration, self-service, analytics and modeling, retention and storage, metadata collection, access monitoring, and content classification.

Protecting data in the real world

In order to protect sensitive information, firms should employ a metadata framework that has the ability to expand when necessary. This framework, which must not interrupt daily office activities, should be used to gather and evaluate metadata, systemize workflows to be efficient, and auto-generate reports. There should also be a clear and dependable operational plan in place to guarantee that data is always assigned to a unique owner.

How does Varonis leverage metadata to raise context awareness?

Varonis uses metadata to identify risks, and in turn prevent the occurrence of data leaks. There are four types of metadata to be collected in a non-intrusive way:

  1. File system and permissions information – Allows the company to understand who has access to which data

  2. User and group information – Permits the company to understand the groups and users that have access to certain data

  3. Access activity – Tells a company who is interacting with/accessing its data, and what they are doing with it

  4. Sensitive content indicators – Helps a company to identify where its sensitive data is, where it is overexposed, and how it can be protected

All of the above can be used to gather actionable data governance information that can assist data owners in the generation of automatic entitlement reviews and allow them to play a role in the authorization of workflows.

The following five-step process is used by Varonis to reduce the risk of data leaks:

Risk Reduction Operational Plan

We recommend our clients use Varonis to protect and audit their data as a means to thwart impending security attacks (whether internal or external). Varonis bases their model on these three pillars:

  • Governance – Firms must monitor employee data access to constantly guarantee that the correct people have access to the right data. This will allow for these firms to clearly see when data privileges are being exploited.

  • Access/collaboration – Firms should use shared drives on existing servers to allow for file synchronization and management, mobile access, and a way to securely share information with a third party.

  • Retention – Firms must use information technology to optimize data disposition, archiving, and migration processes, utilizing metadata.

To learn more about Varonis Systems, visit

Varonis Logo

<![CDATA[A Step-By-Step Guide to Dealing with a Security Breach]]>, 18 Jun 2013 00:00:00 -0400 eci If your firm hasn’t had to cope with the aftermath of a security breach, you’re probably one of the lucky ones. According to an analysis conducted by Ponemon Institute and Symantec in 2013, human errors and system glitches caused nearly two-thirds of data breaches globally in 2012.

With the threat of security incidents at all all-time high, we want to ensure our clients and partners have a system in place to cope with any threats that may arise. Here is a step-by-step guide to follow in the event your firm suffers from a security breach.Panic Button

1. Establish an Incident Response Team.

Choose a select group of individuals to comprise your Incident Response Team (IRT). Assign each member a predefined role and set of responsibilities, which may in some cases, take precedence over normal duties. The IRT can be comprised of a variety of departments including Information Technology, Compliance and Human Resources.

2. Identify the type and extent of incident.

Before your IRT can alleviate any incidents, it must clearly assess the damage to determine the appropriate response. For example, if the incident is a computer virus that can be quickly and efficiently detected and removed (and no internal or external parties will be affected), the proper response may be to document the incident and keep it on file. This task could effectively be handled by the IT department.

If however, an incident occurs that affects multiple clients/investors/etc., the incident should be escalated to the IRT.

3. Escalate incidents as necessary.

Certain departments may be notified of select incidents, including the IT team and/or the client service team. These parties should use their discretion in escalating incidents to the IRT. Any event suspected as a result of sabotage or a targeted attack should be immediately escalated.

4. Notify affected parties and outside organizations.

One member of the IRT should be responsible for managing communication to affected parties. Depending on the severity of the incident, the IRT member will act as the liaison between the organization and law enforcement.

5. Gather evidence.

When appropriate and necessary, the IRT is responsible for identifying and gathering both physical and electronic evidence as part of the investigation.

6. Mitigate risk and exposure.

A technical member of the IRT should be responsible for monitoring the situation and ensuring any effects or damage created as a result of the incident are appropriately repaired and measures are taken to minimize future occurrences. The IRT will also need to define any necessary penalties as a result of the incident.

Here are a few more resources on hedge fund security you may find helpful:

Hedge Fund Security eBook

Source: 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute & Symantec

Photo Credit: Flickr

<![CDATA[The New CIO: From IT Manager to IT Innovator]]>, 13 Jun 2013 00:00:00 -0400 eci For years, the role of the chief information officer (CIO) has been to acquire and maintain cost-effective IT services for the organization. Technology was viewed as a basic necessity, so managing costs and ensuring systems were running smoothly were the primary areas of focus for corporate IT leaders.

Today, technology is much more than a commodity. In fact, for many investment management firms, it has evolved into a source of competitive advantage. This change, combined with stagnant IT budgets, has caused the role of the CIO to move away from basic IT management to become more of a forward-thinking innovator for the organization. Here are a few strategies to help ease this transition.

IT outsourcingRather than looking at your IT budget first, start with your employees.
How is your staff using technology to perform their jobs? Are there changes that could be made to help them become more efficient? If you have employees who travel frequently or telecommute, consider how they’re accessing critical systems and applications. If many members of your staff are working remotely or using smartphones, tablets or laptops on a regular basis, what changes can be made to make their experiences more seamless?

Think like a CMO.
A recent Gartner study found that CIOs are highly focused on efficiency and processes, while chief marketing officers (CMOs) are more concentrated on delivering strategic value and developing long-term relationships. Try examining your firm’s needs from the marketer’s perspective. How are your clients using technology to interact with the firm? What information are they seeking when doing so? Could these experiences be enhanced in any way to foster a stronger relationship? Also, consider speaking directly with your Sales and Marketing personnel to gain a better understanding of how they're seeing clients interface with the company and where IT can get involved to ensure smoother interactions.

Take a close look at new tools and trends.
For many investment firms, cloud-based infrastructures are proving highly beneficial, especially in helping to increase operational efficiency without major capital outlays. Another new trend to keep a close eye on is BYOD (Bring Your Own Device). Enabling employees to utilize their personal mobile devices and tablets for business purposes can result in cost savings and greater computing flexibility for the organization.

Consider outsourcing options.
You IT staff is likely over-worked, and increasing headcount is an expensive solution. To supplement your existing team, it may make sense to outsource some aspects of the IT and operational aspects of the firm. Outsourcing options abound, so you can offload as little or as much are you’re comfortable with. Hosted IT services are a major area where we’re seeing firms outsource, but there are many others as well, including:

  • Help desk support

  • Staffing

  • Application hosting

  • Colocation

  • FIX connectivity

  • Disaster recovery

  • Project management Photo Credit: Istock

For more information, be sure to check out our article on “Examining the Changing Role of the CTO,” or contact an Eze Castle Integration representative.

contact an eze castle integration representative

Photo Credit: Istock

<![CDATA[What Not to Do When It Comes to Your IT]]>, 06 Jun 2013 00:00:00 -0400 eci We spend a lot of time here on Hedge IT making suggestions about what hedge funds and investment firms should do when it comes to their technology. But today, we’re not going to tell you what you should do. In fact, these are things we definitely DON’T want you to do!

Plan your infrastructure only for the short-term.

A crucial mistake often made by funds is not planning for the future. Even at launch, you should be thinking about what your firm will look like and what technology you will require down the road. Planning out two to three years in advance is recommended in order to reap the most benefits when it comes to your infrastructure. Plus, if you don’t plan ahead, you may wind up incurring more costs if technology decisions need to be made unexpectedly.Stop

Ignore the importance of a business continuity plan.

It has become commonplace for hedge funds to employ disaster recovery strategies to protect mission-critical data and applications (due to a number of reasons including investor expectations, new regulations and the effect of unexpected natural disasters, e.g. Hurricane Sandy). But firms often overlook the equally important business continuity plan, which provides guidelines for what employees need to do in the event of a disaster. Yes, focusing on your infrastructure is essential to keeping your business afloat, but that business also cannot survive without its employees. Don’t forget to test that BCP plan once you’ve developed it – a good plan will only work if people know how to follow it.

Skimp on security.

This one is a no-brainer, right? There are times when firms think it’s okay to cut back on security, or they easily dismiss the idea that a firm could ever become the victim of a cyber-attack. Hackers have become more advanced over the past few years, and financial services firms are at the top of their list for targets. It’s worth investing in premium network security to ensure your firm does not become a victim, whether it’s at the hands of a professional hacker or a simple computer virus.

Fail to comply with industry regulations.

Regardless of whose jurisdiction your firm falls under, it’s essential you take the appropriate steps to ensure you’re meeting all necessary regulatory directives. Whether its system safeguards enacted through the Dodd-Frank Act or increased transparency requirements as a result of AIFMD, you can bet there’s some type of legislative requirement your firm is responsible for meeting. Can regulatory bodies like the SEC keep tabs on all hedge fund firms? Maybe not. But if the day comes when you receive an audit notice, you don’t want to be the firm who’s noncompliant.

Be opposed to change.

Just like the investment industry, technology is constantly evolving. Just a few years ago, firms were building out large Comm. Rooms to store massive servers and other equipment. That practice is fading today as firms rely on the cloud to meet their technology needs without unnecessary hardware purchases. Remember that just because you’ve always done something one way, it doesn’t mean it’s the only way. Learn to adapt with the changing industry and be open to trying new things. Who would have guessed just a few short years ago that we’d all be plugging into the cloud to do our day-to-day tasks?

Contact an Eze Castle representative

Photo credit: Flickr

<![CDATA[Data Protection Changes Coming to EU Firms]]>, 04 Jun 2013 00:00:00 -0400 eci Big changes are coming in the form of European Union data protection mandates. In January 2012, the European Commission announced a proposal to reform the current European Union's data protection framework, currently known as the 1995 EU Data Protection Directive, to better protect the personal data of EU citizens and update the current legislation to fit in with the 21st century requirements and rapid evolution of technology (including the prevalence of social networking and smartphones).

The EU proposal will give individuals more control over their data while also serving to promote the importance of data protection in a globalised world. The European Commission expects the rules will go into effect two years after they have been adopted by the member countries - officially around 2014 or 2015.

While some of the current proposals will undoubtedly be amended over the course of this lengthy process, let’s look at some of the practical steps companies should be considering now.

Move towards compliance

One of the main recommendations of the proposed regulation would ensure that companies have only one regulatory authority that supervises their activities across all EU member states. Businesses with multiple offices across several European countries should therefore consider which regulatory authority would be its supervisor.

Right to be forgotten

The new directive will enforce a right to be forgotten, which will allow people to request firms to delete their data permanently. Companies faced with a request for deletion of data will have the responsibility to pass that request on to companies that have copies of that data.

This rule will certainly affect Internet platforms, which tend to never forget. For example, even if data is taken down from a social networking site, such as Facebook or Twitter, it is not completely gone and will remain within the Internet cache.

Don't delay, get ready

Given the timeframe, many firms may feel they have plenty of time to get ready for the new data protection framework in Europe, but that is not the case. The clock is ticking.

While there may be a lot of work that still needs to be done before the proposals are finalised, firms should not wait to start preparations. It is important that firms get their privacy policies, procedures and documentation in order and keep them up to date.

Best Practices to Start Employing Now Checklist

  • Appoint a data protection officer to act as the focal point for all data protection activities.
  • Take a closer look at your privacy policies. In some cases, they will likely need to be re-written (new guidance states they must be written in plain English).
  • Refresh your information asset register so it clearly identifies what data is held, where, how and why.
  • Write and employ processes and procedures to handle data subject and data deletion requests.
  • Review your technical and procedural controls around your data. A serious breach could cost your firm up to 2% of its global turnover.

<![CDATA[Psst. Are you in the know about SSD (aka Solid State Disk)?]]>, 30 May 2013 00:00:00 -0400 eci To quote PC World, “A high-end SSD is the pinnacle of computer storage today. Ditching your hard drive for one of the latest SSD models is like dumping your go-kart and hopping into a Formula One car.”

But what is SSD?

SSDSSD is a storage device that stores persistent data on solid-state flash memory, using integrated circuit assemblies as memory. SSD has no moving parts, which is one of many distinctions between SSD and traditional hard drives that have spinning disks.

SSD offers huge performance gains over other commonly used storage drives including SAS (serial attached SCSI) drives. For perspective, the typical enterprise spinning disk is a 15K SAS drive, which offers approximately 200 IOPS. Mainstream enterprise SSD on the other hand can offer 10,000-100,000 IOPS.

Why should I care?

Investment management firms are presented with an increasing amount of data, much of which holds the potential to uncover new investment opportunities. For some strategies (think high frequency trading and algo), the speed at which the data is processed is linked to the size of competitive gain.

This is where SSD comes in. The huge performance gains delivered by SSD have the ability to speed up large database applications and online transaction processing, which can be hugely impactful. Big-data analytics is another example of where SSD is appropriately suited.

Compliments of Wikipedia, here are some other advantages SSD provides:

SSD Comparison Chart

Is SSD Panacea?

SSD delivers numerous performance advances as outlined above, however, there is a price (literally) associated with these gains. The typical enterprise spinning disk is a 15K SAS drive, which costs about $0.50 per gig and offers approximately 200 IOPS each. Enterprise SSDs vary in cost and performance, but $3.00-5.00 per gig, and 10,000-100,000 IOPS covers most of the mainstream drives.

As the price comes down, you can expect to see SSD more widely deployed.

Source: Jon Jacobi. (May 13, 2013). The proper care and feeding for SSD storage. PC World

<![CDATA[Managing Your Applications in the Cloud: Webinar Recap & Replay]]>, 23 May 2013 00:00:00 -0400 eci We hosted a webinar earlier this week, App Hosting 101: Managing Your Essential Applications in the Cloud, in which Steve Schoener, Eze Castle Integration’s Vice President of Client Technology, and Martin Sreba, Senior Director at Advent Software, discussed topics such as industry trends in application hosting, key drivers of application solutions, common myths about the cloud, and the right time to put an application into effect. Continue reading for an overview of the webinar.

Industry Update: What’s Going On?

Increasing demands from hedge funds’ current and target investors are driving a variety of trends. Due diligence requirements are more advanced, as investors expect to see candid looks into a fund’s systems, disaster recovery capabilities and more. The increasing complexity of investments is also driving the need for more complex systems to handle these instruments.

Firms are starting smaller in today’s environment, with many starting with under $100mm in assets under management. Startup funds are looking for technology solutions to complement their size and give them the tools to efficiently run their businesses.

The Key Driver for Application Solutions? Managing Risk.

When it comes to implementing applications, there are many considerations to think about, some of which include addressing investor due diligence concerns, addressing regulatory requirements, and supporting client service demands. The most importance goal for many firms, however, is mitigating risk. There are three types of risk to manage:

  1. Operational. A firm without a system already in place has most likely used Excel. It is important to transfer spreadsheets into an application because these systems are made to support the direct investment decision process, and therefore all data must be correct. Cloud Computing

  2. Counterparty. Firms need to be able to connect with a multitude of third parties, including fund administrators and prime brokers. Clients now want to be more operative, and therefore use multi-prime environments in which counter-parties have different specializations utilized by the firm. Many more firms now foster these counter-party relationships, and therefore need a system to bring everything together into one holistic setting.

  3. Investment. Investment decision makers want to see accurate information. A research management system, for example, would allow a firm to track and save their investment research and choices for a possible audit.

Deploying Your Application: Top Considerations

When deploying an application, a firm must consider not only the up-front, short-term costs of supporting the application, but also the long-term costs. The firm must be sure that the overhead expense of the application is not too much of a burden on the business.

An application that is being deployed must be scalable. A firm may want to start with an application on a smaller scale, whose base can grow as the company does. The firm should be sure that the application being used will not force an arrangement that will limit its ability to scale up in the future.

Infrastructure Options: On-premise vs. Cloud

Deciding where to host your application is a major consideration. Many firms today are opting to host their apps in the cloud, an option that provides for more flexibility and cost-effectiveness. Beyond the on-premise vs. cloud debate is the decision about whether to utilize a public or private cloud.

Security continues to be the biggest concern in regards to the public cloud. Investors want to make sure that their data is as secure as possible because it is a fundamental part of the fund’s core. Access into private clouds is much more controlled, and there are fewer questions about the encryption of data at rest and the ability to access that data. A public cloud provider will make sure that its physical infrastructure is up and running, but will not necessarily be concerned about whether or not their clients’ applications are functional. Therefore, working with a smaller, niche provider may be better for many firms.

The Right Time to Implement an Application

Many more start-up funds are now bringing applications in on day one because they do not want to deal with the conversion and transfer of the data at a later date, and the cost is much more affordable from the get-go. However the firm philosophy also plays a part in the timing of an application’s implementation particularly depending on whether the firm is relying on outsourced application services or hosting their applications in-house. Budget may also play a large role here.

Application Provider Must-Haves

  1. People. The application and/or hosting provider must have a structure that allows for them to be available when needed (whether through a help desk, etc.), and must be able to comfortably adapt to changes in its clients’ businesses.

  2. Scalability. The provider must be able to be there for the long run, providing a system that handles the company’s growth without having to reinstall a new system and convert the data.

  3. Strong Ecosystem Support. Firms can turn to the experts and create trusted partnerships with counterparties and consultants who have worked with similar client types (which will allow for them to understand the products being provided).

  4. Ease of Use. This is not as important as the above three because most systems have the same functionality. A firm must survey the big picture when it comes to choosing a provider.

When it comes to evaluating which application vendor is right for your business, here are five key questions to ask:

  • Does your software work in hosted environment?

  • How is the application deployed? (e.g. via the Internet, Citrix, etc.)

  • Are there any limitations?

  • Do you have recommended hosting partners?

  • Will there be any changes to my Service Level Agreement?

If you would like to speak to an Eze Castle representative about application hosting at your firm, please contact us today!

Contact an Eze Castle representative
Photo Credit: Shuttershock
<![CDATA[A How-To on Appraising the Strengths and Weakness of a Hedge Fund Application]]>, 21 May 2013 00:00:00 -0400 eci We were recently asked by a COOConnect member about the best sources for information about the strengths/weaknesses of the various hedge fund applications including front, middle and back office. Since we know many folks have this same question, today I am going to expand on the original answer given by our expert, Mark Coriaty.

Now the way a hedge fund uses an application will vary based on its investment strategy, and therefore the perceived strengths and weaknesses may vary as well. However, there are multiple ways to establish a baseline of strengths and weaknesses.

Service Provider Reports: Balancing Bias with Value

First up are free reports from hedge fund service providers such as Eze Castle Integration. Each year we publish a benchmark study that outlines top applications used in select front, middle and back office categories by hedge funds. This report will provide a baseline of the top three application vendors used in each category, but doesn’t dive into specific feature sets. The report can be downloaded HERE.

Vendor reports can be helpful in getting an initial understanding of the most frequently used applications and top features used by firms. You should always consider the source, as some vendor reports or whitepapers will be biased.

Industry Analyst Reports: Balancing Cost with Real Life

Next up are analyst groups, such as Aite Group, Celent and CEB TowerGroup, who regularly publish reports looking at hedge fund applications. Aite Group, for example, published a report titled “Buy-Side OMS Market Update 2013: Calm Before the Storm?” in March 2013. These reports can provide insight into the top application players in each market. It should be noted that some reports must be purchased, and free ones may be slightly biased if they are funded by an application vendor.

Here is a handy list of where to find reports published by these firms:

  • CEB TowerGroup: HERE
  • IDC Financial Insights: HERE

Phone a Friend

Finally, talking to hedge fund peers is extremely valuable in understanding the strengths and weaknesses of various applications. In addition to calling the references provided by the vendors (who you can assume are happy), try and find a few other users to speak with. Here are some questions to ask:

  • How long have you been using the application?

  • Did you receive any incentive for being a customer reference?

  • Why did you select this application?

  • Has the application met your expectations?

  • What are the most important features to your firm?

  • Did your firm customize the application? If so, what was that process like?

  • What features do you wish they would add to the application? Areas for improvement?

  • How responsive is customer support?

  • Is there anything you would have done differently as part of the selection or implementation process?

Happy App Searching!

P.S. Here is another link to our 2012 Hedge Fund Technology Benchmark Study.

Hedge Fund Application Benchmark Study

<![CDATA[Corporate Essentials for Successful Hedge Fund Startups]]>, 14 May 2013 00:00:00 -0400 eci Tomorrow, we are co-hosting an exciting seminar in New York City with our friends at KPMG on the topic of launching a hedge fund. The half-day event, Hedge Fund Launch 2.0: Navigating the New Environment, will feature expert panel sessions on variety of topics including technology, regulations, capital raising, application platforms and more.

One panel we’re particularly interested in – beyond the technology panels, of course – is Corporate Essentials, a program focused on the often forgotten-about aspects of launching a new business. These aspects include human resources, compensation, insurance and real estate. Here’s a sneak peek at some of the content our panelists will be discussing at tomorrow’s event:

Human Resources

  • Essential components of a human resources infrastructure

  • Front and back office staffing requirements

  • Employee benefits typically provided by hedge funds


  • Typical compensation structures for front, middle and back office

  • Compensation trends in financial services

  • ‘Hot’ functions in terms of recruiting and compensation


  • The types of insurance needed for a business, including professional liability, employment practices liability, and property & casualty

  • The right time to investigate insurance options for your hedge fund

  • The effect of the Affordable Care Act/Healthcare Reform on hedge fund insurance decision-making

Real Estate

Be sure to come back to the Hedge IT on Thursday for a recap of our Hedge Fund Launch 2.0 event! In the meantime, download our brand new Manager’s Guide to Establishing a Hedge Fund.

A Manager's Guide to Launching a Hedge Fund

<![CDATA[Recapping a Busy Week in Cyber Security Across the Globe]]>, 09 May 2013 00:00:00 -0400 eci In case you missed it, this week the Pentagon released its Annual Report to Congress looking at the military and security developments involving China. According to the New York Times, the report is virtually the first time “the Obama administration has explicitly accused China’s military of mounting attacks on American government computer systems and defense contractors, saying one motive could be to map 'military capabilities that could be exploited during a crisis.'"

The report states that cyberwarfare capabilities could serve Chinese military operations in three key areas.

  • First and foremost, they allow data collection for intelligence and computer network attack purposes.

  • Second, they can be employed to constrain an adversary’s actions or slow response time by targeting network-based logistics, communications, and commercial activities.

  • Third, they can serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict.

In other cyber security news, the UK is setting up a new £7.5 million government fund as part of the National Cyber-Security Strategy to create two research centers to combat the increasing threat of cyber-attacks.

And finally, this week Japan and the US held the first bilateral comprehensive dialogue on cyber security with the goal of establishing international rule and discussing countermeasures to cyber-attacks.

Here is a snapshot to recap this week in Cyber Security.

Cybersecurity headlines

Be sure to check out these helpful security articles:

Hedge Fund Security Guidebook

<![CDATA[What Do Hedge Fund Investors Ask About IT? A Technology DDQ cheat sheet]]>, 07 May 2013 00:00:00 -0400 eci Question markIt is becoming cliché to say, but the investor due diligence process has truly evolved from a ‘check the box’ activity to a detailed and analytical process. Today, hedge fund investors want to see a tested investment strategy coupled with institutional-grade business processes.

Here at Eze Castle Integration, each year we help more and more hedge fund clients complete the Technology portion of investor due diligence questionnaires (DDQ). So we thought it would be helpful to share some of the more common technology related questions we are seeing. Not surprisingly, you’ll see security and disaster recovery questions on the list.

As you consider your responses to these questions, keep in mind that in some cases investors are more concerned with your decision process as opposed to seeing the “right” answer. The reality is that often the “right” answer varies from firm to firm and depends on a number of factors, including investment strategy.

On to the questions…also, you can download our more extensive Technology DDQ list HERE – it includes questions on your company and processes.

The Questions

  • Provide an overview of your IT and telecom infrastructure. Please specify whether this solution is hosted onsite, outsourced to a cloud/hosting provider or whether you use a variety of approaches.

  • Where are your primary, secondary, business continuity and disaster recovery data centers located and what technology is located in each?

  • Who is responsible for IT support? Describe the service they provide.

  • Please list any outsourced technology service providers. Please give an overview of the providers and their credentials, as well as background of the relationship.

  • Describe your physical and application security protocols to protect building, office, hardware, and data accessibility.

  • Detail user login and password requirements for staff accessing systems while in the office as well as remotely.

  • Describe your process for application/system change management, including:

    • Who is responsible for authorizing changes,
    • Who has access to the development and production environments, and
    • The process to release code/changes into the production environment.
  • Describe the organization’s Business Continuity and Disaster Recovery philosophy and provisions, including any relationships with third-party providers.

  • Describe your provisions for data back-up, including the frequencies and methods of the back-up. How would data be restored in the event of a loss, and how long would this take? How would you operate in the meantime?

  • What would happen in the event that a key decision maker became incapacitated, for example the chief investment officer or portfolio management staff?

  • How often is the BCP/DR plan tested? What was the last test date and describe the results.

In addition to downloading our complete IT DDQ list, you can also check out these articles:

<![CDATA[Webinar Recap: What Investment Firms Need to Know about Social Media Compliance]]>, 02 May 2013 00:00:00 -0400 eci Yesterday, we hosted a webinar, “Going Social: What Investment Firms Need to Know about Social Media Compliance” along with Global Relay, an Eze Castle Integration partner and provider of enterprise message archiving and monitoring services. Global Relay's vice president of sales, Bryan Young, and our own vice president of marketing, Mary Beth Hamilton, discussed a range of topics including the changing SEC guidance on social media, compliance requirements for hedge funds and key components of instituting a social media policy at an investment management firm. Read on for a recap of the event.

Bryan Young vice president of sales global relaySocial Media Trends

In recent years, social media usage has expanded rapidly in the business sector. Of the various social media offerings currently available, Twitter, Facebook and LinkedIn tend to be the most widely utilized within business settings. Reasons for connecting through various social networking websites range from a desire to keep in touch with friends and family to researching products and services and keeping up with news. Social networking comprises a huge portion of the time spent online, with 25% of all time on the Internet spent on these websites. Furthermore, not only do social media users access these platforms via their computers, but 40% also visit social media sites via mobile devices. Additionally, social media applications are now the third most utilized by smartphone owners, an essential statistic for companies to keep in mind when crafting their social media policies.

Social Media and the Investment Industry

In the past, the investment industry largely avoided social media. However, more recently, many firms have begun to embrace the various social media platforms. Earlier this year, the SEC released a guidance update on social media usage, as well as a statement indicating that social media platforms are acceptable vehicles for investment firms to use for communications with the public. Leading this move towards social media is Goldman Sachs, who created a Twitter page in 2012 which now has 44,000 followers. Today, up to 50% of financial advisors now use social media to communicate with clients and other stakeholders. However, the rules and regulations regarding social media usage by investment firms continue to be highly complex, causing some hedge funds to continue steering clear of these sites.

social media word cloud cube

Currently, only 1% of hedge funds are actively taking advantage of Twitter’s offerings. Despite this, firms' employees are increasingly using social media platforms on their own, which is why it's becoming more and more important for firms to develop a social media usage policy to govern these online communciations.

Here at Eze Castle, we're seeing hedge funds handling the changing regulatory landscape regarding social media in the following ways:

  1. A small percentage of firms take the approach of completely blocking all social media use by employees.

  2. Some firms take the approach of blocking just the communications side of social media sites in the workplace.

  3. A large number of firms do not limit social media usage at all.

How do regulators view social media?

In the eyes of regulators, social media is viewed in the same regard as other forms of electronic communication. The SEC has deemed social media a suitable platform for distributing public information, as long as the public is directed where to look for it. Specifically, social media falls under the existing “media-neutral” requirements, including the following:

  • Record Keeping. Firms must be able to capture and preserve all electronic business records.

  • Supervision. Firms must supervise and enforce supervisory policies.

  • Audit Readiness. Firms must consider their preparation for an audit when producing data for auditors.

  • Social Media Specific. Before engaging with social media, firms must be certain that they have the technology required to record and retain their communications.

However, there are also some key differences to be aware of when it comes to social media communications. These include:

  • Static Content. Static content is content that remains posted until changed by the firm or individual, and is accessible to all website visitors. This type of content -- including initial tweets, Facebook wall posts and LinkedIn network updates -- necessitates principal pre-approval.

  • Interactive Content. Interactive content is considered real-time communication and requires supervision after the fact, on a risk basis. This type of content ranges from emails, IMs and Facebook wall comments to LinkedIn network comments and retweets.

  • Linking to Third-Party Content. When linking to third-party content, firms are responsible for the content of linked sites and what reps endorse. It is vital to be aware of the fact that “linking” or endorsing can trigger entanglement principles. Examples of this include Facebook “likes,” Twitter “retweets” and LinkedIn “recommendations.”

Mary Beth Hamilton vice president of marketing eze castle integrationPersonal vs. Corporate Information

Even as some investment firms are still steering clear of social media, there is an increasingly indistinct boundary between the personal and professional realms of social media usage, especially with the rise of LinkedIn. Social media platforms such as LinkedIn also pose further challenges to firms because, unlike email, employees own and control most social media accounts. One way to handle this challenge is to require employees to opt in for social media archiving. To protect employee privacy, firms must ensure that employee passwords will not be shared. Also, firms must ensure that their social media compliance solution covers content originating from mobile devices, home computers and public computers.

Best Practices for Creating a Social Media Policy

When crafting a social media policy, investment firms should use the following three questions to frame their approach:

  1. Is it appropriate or necessary for employees to visit social media sites such as Facebook, LinkedIn or Twitter during the work day?

  2. Are employees considered to be representatives of the company in their online interactions?

  3. Is it the firm’s responsibility to limit or control what employees are able to access on the Internet while at work?

There are also a variety of other considerations that go into drafting a successful social media policy. These include:

  • Representation. Employees must not represent their opinions published through social media channels as those of the company. If an employee has chosen to document his or her relationship with the firm, he or she must take care to guarantee all online actions and opinions reflect those of the firm.

  • Defamation. Employees must not defame or post any type of abusive content online, under any circumstances. The firm policy should clarify that any such actions will result in disciplinary action for the offending employee.

  • Responsibility. Employees must exercise strong judgment whenever using the Internet, and should expect to be responsible for any liabilities that arise from their online interactions.

  • Time. Employees should be sure that their social media interactions do not become so time consuming that their work performance is negatively impacted.

  • Record Keeping. If employees choose to communicate through social networking sites, firms should implement social media archiving technology such as the solutions provided by Global Relay to ensure compliance.

  • Regulations. A company’s social media policy should reflect the current regulatory requirements.

For more information on social media compliance for investment firms, contact an Eze Castle Integration representative. In the meantime, check out the full replay from our webinar, “Going Social: What Investment Firms Need to Know about Social Media Compliance” featuring Global Relay.

contact an eze castle integration representative
Photo Credit: Shuttershock
<![CDATA[What to Look for at the 2013 SALT Conference]]>, 30 Apr 2013 00:00:00 -0400 eci Next week – Tuesday, May 7 through Friday, May 10 to be exact – one of the largest annual gatherings of investment management professionals will be taking place at the beautiful Bellagio Las Vegas. The SALT Conference will feature over 100 expert speakers participating in 36 panel discussions, individual speeches and breakout seminars throughout the four-day event. The focus of this year’s conference is on macro-economic trends, the political environment and opportunities for alternative investment firms within the context of the global economy.

As in past years, the SALT Conference is sure to be a who’s who of industry professionals. Past keynote speakers have included such notable names as Bill Clinton, George W. Bush, Al Gore, Mitt Romney, Colin Powell and Tony Blair. Who is on the docket to speak this year? What will the specific discussions and hot topics be? Following are some highlights we’re looking forward to at next week’s event.

Our Favorite Topics

SALT Conference hot topics schedule

The A-List Speakers

SALT Conference featured speakers schedule

The Best (and most fun!) Networking Opportunities

On Wednesday, May 8 and Thursday, May 9, Eze Castle Integration is teaming up with Eze Software Group to host a Cabana Party at the Bellagio Pool! Stop by to meet our team members, talk tech, have a cocktail and enjoy the beautiful Las Vegas weather!

Here are a few other SALT-sponsored events we'd highly recommend checking out:

  • Fiesta Latina: A Poolside Party of Food, Drink & Entertainment (Wednesday, 8:00pm, Bellagio Pool)

  • Starry Night: A Night of Cocktails & Entertainment Featuring Grammy Award-Winning Band TRAIN (Thursday, 8:30pm Bellagio Ballroom)

For more information on next week’s SALT Conference, visit If you’re planning to attend this event, be sure to let us know, and stop by the Eze Cabana Party!

contact an eze castle integration representative
<![CDATA[Video Week Continues! Channel Partners 360° Puts the Spotlight on Eze]]>, 25 Apr 2013 00:00:00 -0400 eci We hope you're enjoying this week full of videos here on the Hedge IT blog! On Tuesday, we shared footage from our friends at Zerto featuring our vice president of client technology, Steve Schoener, who spoke about cloud disaster recovery during a recent webinar.

Today, we're excited to share with our readers a video spotlighting Eze Castle Integration that was produced by the team at Channel Partners Online. Recently, the group honored Eze with its Channel Partners 360° Award, which celebrates excellence in innovation, technology solutions and customer satisfaction.

Check out the video they created about our team, solutions and services. And, of course, a special thanks goes out to Channel Partners Online for their fantastic work!

<![CDATA[A Look at Liquidity Risk Management]]>, 18 Apr 2013 00:00:00 -0400 eci take risk? yes noIn the wake of the 2008 financial credit crisis, investment firms have recognized the need for more robust liquidity risk management tools and procedures. However, due to shifting regulations and detailed fund and investment structures, fund of funds, private equity firms, hedge funds, and institutional investors continue to grapple with liquidity management and reporting within their investment portfolios. The following is a high level overview of both the liquidity risk challenges facing firms today, and the ways in which some fund managers are overcoming these challenges.

What is liquidity risk, and how does it affect funds?
Liquidity is the extent to which an asset or security can be bought or sold in the market, while not impacting the asset’s price. The concept of liquidity is comprised of illiquid assets, which are the result of liquidity risk and cannot be instantly sold due to value uncertainty and lack of a market. Liquidity risk refers to the concept that an asset or security cannot be traded at the rate necessary to achieve returns and bypass losses. In the last several years, worldwide economic challenges including rising liquidity costs, a more uncertain market and lower levels of market assurance have contributed to the liquidity management challenges facing funds. Liquidity risk’s ability to negatively impact and compound other types of risk, such as credit risk, also has far reaching consequences for the financial markets. These consequences make it even more imperative for firms to get a handle on their liquidity risk management practices.

Hedge funds and fund of funds are directly impacted by liquidity risk. Hedge funds undergo both position and fund liquidity. Position liquidity refers to how quickly the instruments employed in the strategy can be converted to cash at a known value. On the other hand, fund liquidity refers to how fast the stated terms will allow an investor to exit a fund investment. Fund of funds typically offer superior liquidity in comparison to hedge funds. This is due to their investment strategy, which involves investing in groups of various unregistered hedge funds rather than stocks, bonds or other securities. Other types of fund of funds include private equity fund of funds, mutual fund of funds and investment trust fund of funds.

Data Management Challenges
Data management continues to be a serious challenge for many funds. This is the result of funds’ limited analytical capabilities and lack of a centralized, systematic approach to examining liquidity risk. Because liquidity has the ability to compound many other types of risk, it’s important for firms to take a centralized approach to analyzing liquidity. Employing a siloed approach prevents managers from fully understanding their liquidity position on a wider scale.

liquidity risk managementThe lack of efficient data management technologies prohibits firms from accurately predicting cash flows. However, many software solution providers are attacking this challenge head on by offering state-of-the-art financial automation platforms. One such company is our partner, Ledgex Systems, whose Ledgex Platform product suite simplifies the management of these complex requirements. According to the experts at Ledgex, there has been a recent shift in the investor/allocator community that calls for cutting-edge liquidity analysis capabilities. Using this advanced platform is one way that fund of funds are dealing with the stringent requirements.

How are firms dealing with liquidity risk management challenges?
Tools such as the Ledgex Platform are especially helpful when it comes to data management, which is directly linked to a firm’s liquidity management practices. In order to achieve the highest level of liquidity management efficiency, it’s vital for data to be collected, analyzed and conveyed at a variety of aggregate levels. Because many funds have not yet undertaken the necessary data management measures, they have incurred heavy and undesirable financial costs in addition to having their liquidity risk management procedures severely stalled. Software tools like Ledgex enable funds to gain a stronger understanding of their internal liquidity management practices and allow them to achieve a higher level of operational efficiency within their technology infrastructure. Specifically, the Ledgex Platform streamlines data management practices across all facets of the firm, clarifying its level of liquidity risk and enabling portfolio management, monitoring, reporting, and risk and compliance tasks to be run more effectively.

Of course, funds must also remained focus on compliance. Many liquidity issues have arisen as a result of poor or non-existent stress testing procedures. In light of the financial crisis that plagued 2008 and the newly imposed regulations which resulted from it, firms are now required to develop appropriate stress management procedures and consistently undergo testing. In addition, regulators are now looking for evidence that management has been deeply involved in the development of the stress testing procedures.

Following are some frequently asked questions regarding the challenging issue of liquidity risk management:

liquidity risk management frequently asked questions

For more information, or to speak with a liquidity management expert, contact an Eze Castle Integration representative, or visit the Ledgex Systems website.

contact an eze castle integration representative

Image credits: Google, Sungard

<![CDATA[Keeping Boston in Our Hearts]]>, 16 Apr 2013 00:00:00 -0400 eci In the wake of the horrible tragedy that unfolded at yesterday's Boston Marathon, we'd like to express our deepest sympathies to the victims and everyone who was affected. We're keeping the great city of Boston in our hearts and thoughts, and we stand with you during this difficult time.

To honor those who lost their lives, those who were injured and those who are mourning for loved ones, we have compiled the following photo collage depicting just a few of the many instances of heroism, support and unity that were on display in Boston and around the world during and after the attacks.

Stay strong, Boston.

Photo Credit: Wikipedia
<![CDATA[Webinar Recap: BCP Tips - Are Your Employees Ready for a Disaster?]]>, 11 Apr 2013 00:00:00 -0400 eci Yesterday, we hosted a webinar on business continuity best practices, featuring Eze Castle Integration’s own business continuity experts: Lisa Smith, a Certified Business Continuity Planner and Manager of Business Continuity and Data Privacy, and Katharine Washburn, Business Continuity and Data Privacy Coordinator. The presentation covered everything from developing business continuity best practices to ensuring that a company’s employees are personally prepared. Read on for a quick recap of everything covered during the event.

Business Continuity Planning

Although many companies recognize the importance of crafting an effective business continuity plan, few actually feel that they have prepared one adequately. According to Continuity Compliance, while 70% of businesses have created a robust business continuity and emergency response plan, only 25% have also accounted for human resiliency. Furthermore, a recent survey commissioned by the Ad Council found that only 17% of the 60% of Americans that feel preparation for natural or manmade disasters is essential consider themselves to be very prepared for an emergency situation.

Business Impact Analysis

There are several areas companies should cover when developing a business continuity plan. The first step for putting together your plan is developing the Business Impact Analysis. This is the foundation of the business continuity plan and determines what the firm needs to focus on protecting. An essential component of the firm that needs to be protected is its employees. When looking at employees, consider:

  • How they are going to recover;

  • Where they are going to go; and

  • What resources they will need (applications, data, and what resources they can access at home).


The second step is to analyze the strategies used by the company and its employees in order to identify the company’s risks and exposures. The plan must examine potential scenarios and decide the most effective way to react to them.


The third step is to identify the most effective way to provide information about particular scenarios to employees, internally and externally.

Employee Resources

In order to efficiently deal with a potential emergency incident, specific steps must be taken in order to ensure the safety of each employee. These include:

  • Ensuring employee specific documentation: Information contained in the business continuity plan is contained on Quick Reference Cards, Wallet Cards, or Regional Reference Guides.

  • Mapping out employee locations: It is essential to map out where employees are located in regards to the office, in order to recover most effectively during an emergency incident.

  • Developing manager guides: Develop manager guides in order to validate employee remote connectivity, redirect incoming calls, and secure contact information in case of an emergency.


One of the most important aspects of developing a successful business continuity plan is undergoing testing (we recommend at least twice per year). Every aspect of the plan needs to be tested, although it is not necessary for them all to be tested at once. Here are some tips to keep in mind when developing the plan:

  • Make the scenario real

  • Test it bi-annually

  • Ensure participation from all business units

  • Test on a slow day

  • Test each component of the plan

  • Document all issues, resolutions, and results

Preparing Your Employees

  • Critical Contacts: Ensure that critical contacts are available outside of the office. These include both critical people and businesses such as members of the household, insurance agents, schools, places of employment for family members, local hotels, and healthcare providers.

  • Build your Emergency Kit: Make sure that employees take care to build emergency kits and know where to access them inside and outside of the office. Suggested resources include a first aid kit, photo ID, cash, aspirin or tylenol, blankets, clothes, water, canned food, maps, battery-powered radio, pocket knife, flashlight, matches, and candles.

  • Considerations: Employees should take care to prepare for an emergecy if time allows, and consider if they have enough of the above resources to be prepared for an emergency. Preparing in advance will also alleviate stress during the incident. Other items to stock up on include gas for the car and fully charged electronic equipment. Employees may also want to consider investing in a Power Dome, which allows electronics to be charged even if there is a lack of power.

  • Recommendations: Employees should make sure that they are aware of where they can receive vital information at the time of an incident. Some of these places include emergency management agencies, local news, local hospitals, emergency radio stations and social media outlets.

To watch the complete replay of our BCP Tips webinar, click here or click the video below.

Photo Credit: Wikimedia Commons

<![CDATA[What’s up at VMware? End-User Computing]]>, 09 Apr 2013 00:00:00 -0400 eci VMware, the original virtualization company, is continuing to evolve as virtualization technology heads towards the commodity department. The company’s newest push is around the concept of End-User Computing.

With its end-user computing products and strategy, VMware is aiming to give IT the tools and means to transform “siloed desktops, applications, and data into centrally managed IT services, delivered to end-users securely, on the device of their choice.” This means allowing IT to centrally set policies, encrypt data, ensure corporate governance is followed and do much more on all devices a user may use.

The products under VMware’s End-User Computing umbrella carry the moniker “Horizon” and include:

  • VMware Horizon View

  • VMware Horizon Mirage

  • VMware Horizon Workspace

  • VMware Horizon Suite

Here’s a quick video to hear VMware’s strategy straight from the proverbial horse’s mouth:

<![CDATA[BlackBerry Z10 Is Special, So Check With Your Friendly IT Expert]]>, 04 Apr 2013 00:00:00 -0400 eci Mobile phoneIn honor of the mobile phone turning 40 years old this week, today’s post is on the BlackBerry Z10. (BTW: did you know the first mobile phone weighed 2.5 pounds and took 10 hours to charge?!)

Back to the topic at hand. In January, when the BlackBerry Z10 was just officially unveiled, we took a look at the bells and whistles available on the device (Read: BlackBerry’s Reinvention: A look at BlackBerry Z10). And now that the BlackBerry Z10 is available in over 35 countries, by all accounts it is just what the company needs if they have any hope of taking back market share from iPhone and Android makers.

As part of its promotional push, BlackBerry is even letting iPhone and Android users test drive the new operating system by pointing their mobile browsers to

Wait One Second!

While people are rushing out to purchase the new device, it is important to understand that the new device is quite different from previous versions, and I don’t mean from a look and feel perspective (well, that too.) The BlackBerry 10 operating system uses ActiveSync (think Android, iPhones and Windows Phones), which means that they cannot be managed from an existing Blackberry Enterprise Server (BES).

This has implications for corporate users and IT departments. Chances are your IT department already has a plan in place to support the new device, but it is important to check before purchasing the BlackBerry 10.

How is it Different?

Let’s get semi-technical here. The BlackBerry Z10 devices need to be managed from a BlackBerry Enterprise Service 10 server, which is an upgrade from BES 5. BlackBerry is allowing customers to trade up their existing licenses for the new BES 10 for free (learn how here).BlackBerry Z10

However, this new software cannot be installed on the same server as an existing BES version. Previous BlackBerry devices (software running 7, 6, 5) cannot be managed directly by BES 10, which means that an additional server may be required if there are users with new and old BlackBerry devices.

Now if your firm has already embraced the bring your own device (BYOD) trend and is using Androids/iPhones/Windows phones with a TMG/NetScaler, there is a good chance the BlackBerry 10 devices can be configured to send and receive email easily. To receive added functionality and security (like that of BES 5) a Blackberry Enterprise Service 10 – Enterprise Mobility Management is needed.

What Now?

Check with IT or your trusty service provider (Eze Castle Integration!) to discuss how you can start using the BlackBerry Z10.

Photo Credit: americanlivewire & blackbetry

<![CDATA[SEC’s Social Media Guidance Is Changing, Here's What You Need to Know]]>, 02 Apr 2013 00:00:00 -0400 eci Historically, financial services firms have not been the most active group in the social media sphere. In a 2011 survey of hedge fund managers conducted by MHP Communications, only 1% of firms were active participants on Twitter, and none of the managers surveyed were active on Facebook. More recently, however, the tides have begun to change. Following Goldman Sachs’ entrance into the Twitterverse in May 2012, investment management firms and their employees have started to increase their social media participation. With this growing trend comes the added layer of social media compliance with industry legislation.

social media compliance for investment firmsThe Legal Perspective of Retaining Social Messages

According to the SEC’s Rule 17a-4(b), registered investment advisers and broker-dealers should archive (think Eze Archiving!) all business communications on social media for a minimum of three years. As the frequency of discovery audits continues to rise, firms should ensure these communications are easily searchable and can be recovered quickly in the event of an SEC inquiry.

Additionally, Section 24(b) of the Investment Company Act of 1940 requires investment firms to file all advertisements or other promotional materials to investors within 10 days of their release. A 2010 update to this regulation issued by FINRA declared that interactive content on social media platforms qualifies as advertising, and therefore falls under Section 24(b). The FINRA update also states that social media content falls under the jurisdiction of Rule 482 which requires firms to file registered investment company performance ads and promotional content.

New Guidance from the SEC

Since these FINRA updates were announced in 2010, little advancement has been made in the regulation of social media correspondence by investment organizations – until about two weeks ago.

SEC Social Media HeadlinesOn March 15th the SEC issued its first “Guidance Update,” which – according to the Commission’s press release – will be the first in a series of upcoming guidances designed to express its views on emerging technologies and issues. The goal is to “increase transparency and enhance compliance with the federal securities laws and regulations.” And then today, the SEC officially stated that social media is okay for company announcements as long as investors have been alerted about which social media will be used to disseminate such information.

This first SEC Guidance Update addresses the requirement of investment firms to archive content that is posted on real-time social media sites such as Facebook and Twitter. The SEC notes that many firms have been extremely thorough in their compliance efforts, and have been filing nearly all of their social media correspondences (well done, fund managers!) regardless of content or context.

The new Guidance Update indicates that investment companies can now relax this practice somewhat, and need not file ALL social media content. Instead, consider the content, context and presentation of the communications in order to determine whether they are within the jurisdiction of the pertinent SEC rules and regulations. For instance, firms do not need to file social media correspondence that is simply a response to a question or sharing of existing content from another source.

According to the legal experts at Bingham, the following types of online communications are examples of those which do not need to be filed according to the most recent guidance:

  • Content which only contains incidental mention of the fund’s name

  • Incidental use of the word “performance”

  • A factual statement including a hyperlink to a fund prospectus or to information already filed in accordance with SEC regulations

  • A factual statement not related to a discussion of the investment merits of a fund which includes a hyperlink to general financial information

  • Responses to another social media user’s inquiry in which “discrete factual information” is conveyed, and/or a hyperlink to sales literature is shared

Key Takeaways

This new SEC update is a sign that regulators are aware of the importance of social media communication in today’s business world. By clarifying the types of content that do and do not need to be filed, they’re paving the way for more real-time interaction between investment organizations and their online communities.

As your firm moves forward with incorporating social media into its business strategy, it’s important to develop a written social media usage policy to outline acceptable and unacceptable use of social media for employees. This is a highly recommended best practice for managing effective social media campaigns, especially given the uptick in discovery audits administered by the SEC.

Additionally, firms should utilize social media archiving tools such as Eze Archiving to ensure compliance with SEC regulations. As Twitter and Facebook become mainstream platforms for communication in the financial services industry, you’ll want to ensure your firm is always putting its best foot forward on all interactive social media sites.

To learn more about social media compliance for investment management firms, be sure to check out these helpful articles:

contact an eze castle integration representative
<![CDATA[Our 60-Second Answer to Why Go Eze Private Cloud?]]>, 28 Mar 2013 00:00:00 -0400 eci Cloud computing is becoming a standard IT deployment method for the investment management industry. In fact, our 2012 survey found that 8 in 10 investment management firms are either currently or planning to use a cloud service. So once a hedge fund or alternative investment firm decides to go cloud the next question is "Why go Eze Private Cloud?"

Well, we have the perfect answer to that, and you can have it in just 60-seconds. Watch our quick video and learn why Eze Private Cloud is the investment industry standard for cloud services.

Learn about Eze Private Cloud

<![CDATA[Recapping the 2013 London Hedge Fund Cloud Summit]]>, 26 Mar 2013 00:00:00 -0400 eci On 19th March, the Eze Castle Integration team in London hosted their first-ever Hedge Fund Cloud Summit at the Prince Philip House.

Eze Castle Integration along with leading experts in the financial services industry - INDOS Financial Limited, Morgan Stanley Prime Brokerage, Bloomberg, Credit Suisse Prime Services, Lucidus Capital Partners LLP, Portman Square, LLP, eSentire, Global Relay, and Simmons & Simmons - came together to provide a half day educational seminar featuring a wealth of information on the cloud to over 100 hedge fund and alternative investments firms.

Technology has undergone tremendous change in the past five years, and many hedge funds and investment firms have started to look for ways to increase efficiencies while reducing costs.

The half day conference was spilt into three panel sessions covering the following topics:

Defining the Private and Public Clouds: This panel explored the key differences and advantages in cloud models and solutions, the considerations for migrating to the cloud, selecting the appropriate cloud solution or mix and the deployment expectations and long-term outlook.

The most common choice is moving into a private cloud, such as the Eze Private Cloud. Private clouds are typically better suited for the alternative investment industry which requires a great deal of sophistication, application integration and support.

Application Hosting: This panel explored the front, middle and back office systems, which can now be supported in a cloud environment. But how do you know when the cloud is a good fit for your applications? This panel included experts from companies that taut some of the leading hedge fund applications on the market and examined the pros and cons of hosting your key hedge fund applications in the cloud. The panellists on this panel covered:

  • The business case for moving apps to the cloud

  • What applications are ideally suited for a cloud environment?

  • Evaluating providers and putting SLAs in place

download the hedge fund cloud computing survey reportCloud Security: The last and most talked about topic was cloud security. Security still remains a top concern for firms when evaluating moving into the cloud.

Last year, Eze Castle Integration conducted a survey of 125 financial services firms to learn how hedge funds and investments firms are currently using cloud services, as well as to provide insight into the factors influencing this growing trend and the barriers to adopting the cloud. According to the survey, concerns about security was top followed by concerns about meeting regulatory or compliance requirements.

Find out more about the cloud! Check out the useful resources below:

Cloud Forum - 100% dedicated to the topic of cloud computing for hedge funds and investment firms, the Cloud Forum has a wealth of information available via articles, videos, whitepapers and much more.

Also, be sure to download our 2013 Guide to Cloud Computing in the Hedge Fund Industry. This comprehensive guidebook examines:

  • Why Are Firms Going to the Cloud?

  • Public and Private Clouds: Why Private?

  • What Are the Use Cases for the Cloud?

  • Secure Computing in the Cloud

  • Checklist Questions to Ask Cloud Providers

Guide to Cloud Computing
contact an eze castle integration representative]]>
<![CDATA[Best Practices for Managing Security Risks (Webinar Recap)]]>, 21 Mar 2013 00:00:00 -0400 eci Last week, we hosted a webinar with eSentire on best practices for managing security risks. eSentire is the leading managed security service vendor protecting 25% of the global hedge fund market by AuM. During the webinar, the company's director of marketing, Mark Sangster, and our own vice president of client technology, Steve Schoener, explored topics including the scope of cyber threats, the anatomy of a cyber attack, continuous security monitoring and security policies and procedures for hedge funds to consider. Read on for a full recap of the information covered during the event.

The Current Scope of Cyber Threats

mark sangster esentire headshot

In his March 12th address to congress, Director of National Intelligence James R. Clapper identified cyber attacks as the most immediate threat to global security. Clapper’s remarks emphasize the importance taking measures to prevent cyber attacks today. These intrusions can originate from a variety of sources, including:

  • criminal organizations

  • nation states

  • insiders

  • “hacktivist” groups such as Anonymous

It is widely believed that government support is making hacker groups more powerful than ever. Currently, one of the largest threats to cyber-security originates from a China-based group known as Unit 61389 of the People’s Liberation Army. According to a report produced by Mandiant, an information security company, the group is comprised of up to a thousand members, and has been responsible for stealing hundreds of terabytes of data from 141 companies in 20 industries. Groups similar to Unit 61389 have cropped up in other countries as well.

According to the 2012 Verizon Data Breach Investigations Report, an international study of cyber-security violations:

  • 70% of cyber attacks target large organizations (over 1,000 employees)

  • 50% of intrusions take several months or even years to be recognized by the victim organization

  • 75% of the time it takes several days to steal data from larger companies

So, what should you be aware of to help protect your firm from an intrusion? There are a variety of sources from which cyber attacks can originate, including:

  • Phishing scams: In these scenarios, a member of the organization receives a socially engineered email attempting to steal information. Upon opening the email, the employee allows the malware to infiltrate the network.

  • USB media devices: This is a very common source of attack that has been widely improved over the years. In this case, an infected USB drive is dropped or left unattended in a public space, intending to be picked by a well-meaning employee who will plug it into his or her computer to see who the device belongs to. Once plugged in, the device emits malware into the network.

  • Universal Plug & Play (UPnP): UPnP allows computers and other network-enabled devices to efficiently communicate with one another. Recently, however, these devices have come under harsh criticism due to a variety of security weaknesses such as programming flaws and a lack of required authentication, making the devices easy targets for viral attacks.

  • Malware via Drive-by Download: Drive-by downloads occur when a person downloads an infection, either knowingly or without understanding the consequences. The infection typically takes the form of a computer virus, spyware, malware or crimeware.

The Future of Cyber Security

steve schoener eze castle integration headshot

Increasingly, security threats threatening the investment management industry are low volume, high value (aka targeted) in nature. In these cases, the attacker possesses a great deal of knowledge regarding the value of the victimized company’s assets, and wants to steal this information for his or her own benefit. These attackers will employ intricate plots to gain access to the information. The problem with typical security protection programs such as anti-virus software and firewalls is that they are not preventative, and can only identify threats that have already occurred.The industry has been shifting from the use of managed security service provider (MSSP) to continuous monitoring as a service (CMaaS). The primary components of CMaaS are:

  • Sensor on the Network: Network sensors gather data.

  • Risk-Status Displays: Data is gathered from the sensors and used to develop reports.

  • Security Consulting: Security experts analyze the reports so that they can develop appropriate security measures.

  • Real-time Detection and Mitigation: Security firms such as eSentire have added this step due to the belief that security concerns need to be resolved immediately rather than after they have occurred.

Tips to Protect Your Firm Against Malware and Hacking

eSentire has developed a list of steps hedge funds should follow to protect themselves against security threats. The steps are based off the concept of the cyber kill chain, which states that the earlier a threat is recognized, the better.

  • Perform a vulnerability assessment. It is essential that companies authenticate firewall configuration and anti-virus patching, network device security and evidence of criminal activity. You'll want to know where vulnerabilities exist before implementing additional security measures.

  • Establish privileged access to core data. Companies should only designate access to necessary employees and place private data on password-backed servers.

  • Develop an Acceptable Usage Policy. Firms should ensure that their Acceptable Usage Policy provides guidelines for software downloads, personal mobile devices, cloud-based email and storage services as well as the access and distribution of privileged data.

  • Engage real-time intrusion detection/mitigation solutions. Be sure to track and observe all network actions to be aware of breaches, attacks or the access of sensitive information.

  • Establish legal safeguards. Companies should ensure that they utilize confidentiality, non-disclosure, non-competition and non-solicitation arrangements to protect intellectual property.

  • Know who you're hiring. Employers should screen employees pre-hire and conduct trainings to make all employees aware of appropriate and inappropriate conduct, contractual arrangements and firm policies and procedures.

  • Monitor and log network activity. Restrict electronic transfers, enforce password protection, encrypt computer systems, limit accessibility to core assets, and observe and track all network and email actions.

Policies & Procedures

Here at Eze Castle, we recommend that all hedge funds employ multiple layers of security to reduce the amount of undesired traffic on the network, and thereby reduce the opportunities for a security breach. This is often called the Principle of Defense in Depth. Examples of defense layers may include having Windows protected by anti-virus software with up-to-date virus definitions and all Internet and DMZ facing hosts protected by OSSEC host-based intrusion detection.

In addition to these layers, we also recommend that investment firms employ the following policies and procedures to ensure their critical systems and data do not fall into the wrong hands.

  • Principle of Least Privilege: This involves restricting access to only those employees who need it. Keep access control lists on all applications and data and inbound/outbound internet access to keep track of who can gain access to what. Also, log the use of audited one-time passwords and minimum privilege shared accounts.

  • Secure User Authentication Protocols: Secure user authentication protocols include:

    • Assigning unique domain user IDs to each employee
    • Implementing strong domain password policies
    • Monitoring data security passwords and ensuring that they are kept in a secure location
    • Limiting access to only active users and active user accounts
  • Information Management Security Policy: Develop a plan that details how the firm will handle a security incident. The plan should outline who is in charge of managing a security incident, the required reporting and investigation procedures, communications policies for contacting clients and the post-incident remediation procedures.

  • Visitor/Contractor Premise Access Policy: It is essential that firms keep track of all people who have visited the site through the use of physical security checkpoints and surveillance.

  • Mobile Device Policy: Develop guidelines for use of personal mobile devices in the workplace, and train staff on mobile device security. Firms should employ security measures such as requiring passwords, having the ability to remotely wipe devices and employing encryption tools.

Having a high level of security in place at your investment firm helps to restore faith in investors who are undoubtedly hearing about cyber attacks regularly in the media. Following industry best practices and implementing the appropriate tools and policies demonstrates that the firm has planned in advance instead of scrambling to handle a security breach after it has occurred. This also ensures that costly disasters are averted and normal business operations can be restored efficiently in the event of a security breach.

replay webinar now

<![CDATA[Hedge Fund Infographic: You know you're a Private Cloud User if...]]>, 19 Mar 2013 00:00:00 -0400 eci Today, we're excited be hosting the 2013 London Hedge Fund Cloud Summit at the Prince Philip House in London. The event features a variety of industry experts participating in thought-provoking panel disccussions focused on the cloud adoption trends shaping the investment industry. Conversations will touch on everything from the differences between public and private clouds to cloud security and application hosting.

In honor of this event and to provide a visual to help encapsulate the many benefits that come from leveraging a private cloud, we have published a new infographic entitled “You Might be a Private Cloud User If…” Check it out to see the top 10 signs that you are likely a private cloud user. Also, be sure to look read the London Hedge Fund Summit event recap HERE!

you know you're a private cloud user if....infographic

Guide to cloud computing

<![CDATA[What are Investors Thinking...When it Comes to Hedge Fund IT?]]>, 14 Mar 2013 00:00:00 -0400 eci Yesterday our VP of client technology, Steve Schoener, presented on a California Hedge Fund Association webinar about building an institutional infrastructure at today’s hedge funds. A lofty topic (so consider this a basic primer), Steve focused on four key discussion areas, which we’ll recap here. They were:

  • Investor Expectations of IT

  • On-premise & Cloud solutions: Which is right?

  • Security Risks & Best Practices

  • Disaster Recovery How-Tos

You can watch the 30-minute webinar now or keep reading below.

What are Investors Thinking?

Today’s investors grew up with technology and as a result are asking much more detailed questions (here is a handy list). Also, just having an answer is no longer enough. So what is the perfect answer? The reality is that there isn’t one perfect answer that is right for every firm. More than looking for a specific answer, investors want to see that your answer is well thought out and logically addresses your specific fund operations.

Take security, for example. Not every firm needs every layer of security, but you do need to be able to discuss why you made the security decisions you did when it comes to protecting the fund from threats.

Here are the key areas investors are asking about:

  • Annual assessment and audits

  • Access control policies

  • Network security policies

  • Physical security policies

  • Disaster recovery and business continuity plans

Going to the Clouds or Staying Firmly Planted on the Ground?

The question start up hedge funds regularly ask is, “should we go with on premise or in a private cloud?” Increasingly, the answer for new firms is the cloud. And when it comes to public versus private, we see very little adoption of public clouds in the hedge fund space for a number of reasons (service, integration with third-party applications, disaster recovery, etc).

Established hedge funds typically first enter the cloud through hosting of applications including, OMS, Risk and Accounting, or when it is time for a technology refresh. Additionally, we are increasingly seeing that hedge fund teams are small and looking for ways to leverage third-party services, such as the cloud, to streamline operations and outsource non-critical business functions.

A final note on selecting a cloud provider – be sure to have a conversation to understand how you can move your data off a cloud. With a reputable provider, migrating off a cloud should not be an arduous process (here are some handy cloud provider questions).

2013’s Hot Topic – Cyber Security

Security headlinesJust this week the US director of national intelligence, James Clapper, identified cyber security as the top global threat – even more treacherous than terrorism. So what is the anatomy of a cyber attack?

Many of the most successful attacks today are through malware that is delivered via email, drive-by or USB to an unsuspecting user. In the case of email malware, a user typically receives a message with a link to something that appears legitimate, such as an ADP paycheck. Clicking the link then infects the computer.

A high number of viruses are looking to take information. They want to get at financial information and other information they can sell. Basic security components that every hedge fund should already have in place include:

  • Anti-virus protection

  • Network firewall

  • Web filtering

  • Strong password policy

Thinking about securityWhen it comes to passwords it is important to note that changing passwords is essential. The longer a password is out there the more damage can occur. Some hackers may just watch your email to gather information and get ahead of you in trades, for example.

More advanced security components firms should consider are:

  • Intrusion detection

  • Advanced Password Policy

  • Multi-factor authentication

  • Policies & Procedures for Security Management

Four Steps to Disaster Recovery and Business Continuity Planning

There are many steps to creating a DR and BCP, however, here are four considerations to help frame your planning.

1. Identify critical systems

2. Identify design requirements

  • Look at all your systems and determine how old the data can be in the event of a disaster – this is your Recover Point Objective. When does a system need to be up and running? – this is your Recovery Time Objective.

3. Choose your DR method

  • This is a discussion of on-premise versus a cloud solution. With Cloud DR, the responsibility to manage everything is removed from the hedge fund. There can be trade-offs. For example, if your trades are based on proprietary algorithms you may prefer to own the physical servers. Also, if you have in-house IT, they may prefer to manage in-house.

4. Choose a data center location/facility

  • Investors are going to want to know about access controls and security at the data center.

  • Half the data centers in NY lost power during Sandy. Not all of them were able to get fuel. All Eze Castle Integration data centers stayed up because we conduct extensive due diligence on all our data centers before selecting one. Be sure to do thorough due diligence on your service providers.

Want to discuss technology further? Contact us or subscribe to our Hedge IT blog.

<![CDATA[Hackers are Watching: New security threats facing investment firms]]>, 12 Mar 2013 00:00:00 -0400 eci As you’re probably aware, the topic of cybersecurity has been splashed prominently across headlines lately. Earlier today, the US director of national intelligence, James Clapper, identified cybersecurity as the top global threat – even more treacherous than terrorism.

Security HeadlinesIn his testimony before the Senate Intelligence Committee, Clapper cited several attacks on banking websites where sensitive customer data was compromised, as well as a security breach at an oil company that resulted in the destruction of 30,000 computers. If hackers are capable of such large-scale, damaging attacks, could investment management firms be at risk? What should you be doing to better protect your firm’s critical systems and data?

The truth is both large, well-established hedge funds and smaller startups are equally at risk of intrusion. Hackers may target large firms because they see an opportunity to profit from their substantial asset pools. Additionally, they might be after the notoriety associated with successfully hacking a well-known fund’s critical systems, especially in cases that will likely garner media attention. For smaller funds, hackers are likely after intellectual property, namely business plans, market forecasts and investment strategies.

What new threats are out there and how can firms better protect themselves from a cybersecurity breach?

Hackers are always seeking new ways to gain access to protected systems and accomplish their goals. Antivirus and anti-malware developers are likewise on the hunt for ways to protect these systems and data from new intrusion methods. To increase protection, investment firms should employ a “defense in depth” strategy. This includes maintaining up-to-date antivirus and anti-malware software as well as network firewalls, deep inspection proxy and IDS/IPS to reduce the amount of traffic on the network. (Checkout: Malware Definitions & Security Tips.)

Unfortunately, even a network that’s equipped with the most recent O/S and fully upgraded applications with robust anti-malware tools in place can still be vulnerable to a cyber attack. This is because, in the ongoing Hackers v/s Anti-malware Developers Arms Race, hackers maintain the upper hand. They simply familiarize themselves with the most widely used antivirus tools, exploit software vulnerabilities that have not yet been acknowledged by the vendors and outsmart endpoint protection programs.

The Good News? It has historically been that the anti-malware developers have deeper pockets than hacker groups. However, it appears that this is beginning to change. One troubling new trend that has emerged recently is state-sponsored hacking. According to a recent New York Times report, the Chinese government has been accused of fostering the efforts of hackers targeting organizations in the US and around the world to gain access to sensitive information. Similar stories have begun to surface from Russia and other nations as well. With sponsorship from national governments or other large resource pools, hackers are going to get more sophisticated and more difficult to detect.

So, what should you do to protect your fund? First, be sure to have all of the defense layers in place that we mentioned earlier, such as antivirus and antimalware tools and firewalls. You may also want to consider a more robust, comprehensive intrusion detection systems such as the one provided by our friends at eSentire, which can mitigate a potential threat before irreparable damage is done.

Once these tools are in place, fund managers should educate their employees on potential security risks and train them on best practices for mitigating those threats. Policies should be in place around:

  • Access Control

  • Acceptable Use

  • Information Security Incident Management

  • Personal Communications/Mobile Device Management

Often times, staff members don’t realize the extent of the risk to the organization if a cybersecurity attack occurs or sensitive company data is compromised. Employees who understand security threats and how to thwart them will serve as your fund’s best asset for keeping systems and information secure. Read more about Security Policies in this article.

Hedge Fund Security Guidebook
Photo Credit: Flickr]]>
<![CDATA[Is the Asia Hedge Fund Market Going Cloud? A Q&A with Serge Bukhar]]>, 07 Mar 2013 00:00:00 -0500 eci Last year, Eze Castle Integration expanded their award winning Eze Private Cloud services to Asia. The Eze Private Cloud is used by more than 2,000 hedge fund professionals worldwide to simplify operations, minimise upfront capital costs and gain a highly resilient, enterprise-grade IT infrastructure on par with billion-dollar funds.

I recently sat down with Serge Bukhar, Executive Director of International Operations at Eze Castle Integration, to talk about the hedge fund market in Asia, and the attitude and adoption of cloud computing.Serge Bukhar

What is the current state of the hedge fund industry in Asia?

Singapore and Hong Kong are the hedge fund capitals in Asia. We have seen a contrast between the status of large and small hedge funds in Asia. Many larger funds are struggling, with some shutting down, while smaller funds are increasingly doing well and delivering positive results to their investors. Both groups, however, are looking for ways to increase efficiencies and reduce costs.

Has Asia adopted the cloud?

There is a tremendous opportunity for private cloud services in Asia, however, cloud adoption in the region has yet to reach its full potential. The regulatory landscape in the UK and US, and the varying market maturity levels have fragmented the adoption of cloud computing. Many hedge funds and the alternative investment industry are still taking a measured approach to cloud computing, as the industry awaits further clarity on cloud computing regulations and better articulation of business benefits by IT vendors.

What are the barriers to cloud adoption?

Asia is a tough market to tap into, especially with increasing regulations both in the UK and US. The Alternative Investment Fund Directive (AIFMD), for example, can be one of the reasons why it could be difficult for many hedge fund managers to attract investor capital. Many managers in Asia are less inclined than their US or UK peers to make significant capital expenditures in technology on day one. Data privacy and lack of knowledge and understanding of the cloud are some of the obstacles preventing firms from benefiting from this technology.

The attitudes in Asia towards cloud computing are similar to those we had seen in the UK a few years back when cloud computing was the buzz word, but no-one really knew what the cloud was and the benefits it could bring.

What is the future for cloud computing in Asia?

There is a future for hedge funds and investment firms to adopt cloud computing in Asia. Asia offers the tallest buildings, which do not have air conditioning 24/7, so it is very difficult for firms to build out their own communications rooms on premise, and the cost of real estate, especially in Hong Kong is expensive, so the alternative for hedge fund managers is to host their infrastructure with a trusted private cloud service provider.

The cloud provides many benefits such as:

  • To increase the speed of technology deployment

  • To simplify IT management and support

  • To improve IT flexibility and scalability of on-demand resources

  • To take advantage of built-in disaster recovery and business continuity features and functionality

View our market survey on hedge funds and investment firms’ adopting the cloud. The 18-page report includes details on:

  • Current & Future Adoption of Cloud Services

  • Investment Firms' First Cloud Initiatives

  • Cloud Deployment Models (Public vs. Private vs. Hybrid)

  • Factors Influencing the Decision to Use the Cloud

  • Barriers to Cloud Adoption

  • Evaluation of Cloud Services Providers

contact an eze castle representative

<![CDATA[AIFMD’s Impact on US Hedge Funds: An Expert's View]]>, 05 Mar 2013 00:00:00 -0500 eci Last week, we hosted a webinar covering AIFMD’s impact on US based hedge funds. The event featured Bill Prew, Founder of INDOS Financial Limited, and provided a high level overview of the changes that AIFMD will potentially bring to the alternative investment industry. Prew specifically focused on how US based managers will be impacted by this legislation. Read on for a summary of the main topics covered during the event, including an overview of AIFMD and the considerations and upcoming changes for US managers.

About the Expert
Bill Prew is the founder of INDOS Financial Limited. Before founding INDOS, he was the chief operating officer at James Caird Asset Management, a hedge fund with offices in London and New York. He has also served in various senior roles at Barclays Global Investors and PricewaterhouseCoopers. Following a summary of the information presented by Mr. Prew during our recent webinar.

Overview of AIFMD
Beginning on July 22nd, 2013, The Alternative Investment Fund Directive, also known as AIFMD, will go into full effect throughout all 27 EU member states. AIFMD is an EU regulation of alternative investment fund managers and alternative investment fund (AIF) such as hedge funds and private equity funds that are either managed or based within the EU or marketed to EU investors. The directive places them under the jurisdiction of an EU regulatory agency. With some exceptions noted below it will be challenging for any fund to fall outside the scope of AIFMD and not be considered an AIF, regardless of their legal form. The directive encompasses many key tenets, described below:

  • An AIF is broadly defined as any non UCITS vehicle that raises capital from a variety of investors. The majority of hedge funds, fund of hedge funds, private equity funds, real estate funds, infrastructure funds, and commodity funds will be considered AIFs.

  • There will be exemptions for certain funds, such as single investor funds or managed accounts (both subject to certain conditions), as well as family offices.

  • The majority of Cayman Island hedge funds, whether master or feeder or in corporate or limited partnership form will be designated as AIF. This is important to consider because several US managers manage Cayman funds in order to target their marketing efforts towards European investors.

  • Each AIF must be assigned an individual alternative investment fund manager (AIFM). An AIFM is considered any business that delivers portfolio management and risk management services to one or more AIFs. The designation stands regardless of where the business is located.

  • AIFMs do not have to be EU managers to be considered AIFMs. If a US manager is providing an AIF with portfolio management services or risk management services, they will be considered a non-EU AIFM. Every AIF must possess a single AIFM.

  • US based firms that are only engaging in US business will be designated as non-EU AIFMs under the AIFMD.

  • It is essential that US entities with EU affiliates examine which entity will be considered the AIFM, due to the fact that the regulations governing EU AIFMs are significantly more burdensome.

  • The decision regarding which entity will be considered the AIFM should largely be founded on the degree to which investment management functions (defined by the directive as being portfolio management and risk management) are performed in either the US or by an EU affiliate.

  • US firms managing an EU-based AIF or marketing a non-EU based AIF to EU investors will be caught by AIFMD.

Which US Managers are within Scope?
AIFMD US Impact WebinarThe level to which US managers are impacted depends on whether they manage EU AIFs or market non-EU AIFs to European investors. If US managers are not marketing their funds to EU investors, then they should fall outside the scope of AIFMD and will not be impacted by the regulations. When determining whether your firm and funds are within scope, keep the following in mind:

  • According to the AIFMD, marketing is defined as a “direct or indirect offering or placement at the initiative of the AIFM, or by another firm acting on behalf of the AIFM.

  • Another key area to look out for is passive marketing, also known as reverse solicitation. In this case, investors contact the manager directly to express interest in the AIF. Reverse solicitation is considered outside of the scope of AIFMD. Managers who engage in this type of marketing should have clear practices and controls in place to ensure their efforts are not viewed as active marketing.

  • US managers not marketing their non-EU or EU funds to EU investors should not be subject to the AIFMD regulations even if EU investors occupy the funds.

  • EU countries employ different laws governing direct marketing to professional investors through national private placement regimes (NPPR). This will be the only route to actively market to EU investors, at least until 2015. Also, in many European countries private placement is not allowed, so it’s essential that managers are familiar with the rules of the particular EU country in which they intend to market.

What Will Change?
With the onset of AIFMD, managers can anticipate a variety of changes that will characterize the alternative investment industry. Beginning on July 22nd, 2013, US managers marketing an EU AIF or a non-EU AIF in an EU state under NPPR must satisfy certain transparency and reporting requirements. These include:

  • Making disclosures to their investors pre investment;

  • Publishing an annual report for the pertinent AIF and;

  • Reporting to national regulators in the countries that AIF is being marketed into.

The Future

  • From July 2015, there is a possibility that EU managers will be able to access the pan-European marketing passport subject to becoming authorized under the AIFMD and complying with the full requirements of the directive.

  • From 2015 onwards, non-EU AIFMs managing EU AIFs may also be required by the AIFMD to become authorized. In this case, they would also be able to access the EU marketing passport.

  • From July 2018 onwards, there is the potential that the existing NPPR may cease altogether. In this case, managers with the desire to market an AIF within the EU would need to be authorized under AIFMD in order to access the EU marketing passport.

The AIFMD is a complex regulation and US managers should consult their professional advisors for further specific advice as to how it will impact their business.

For more on hedge fund regulations and AIFMD, check out these articles:

Subscribe to Hedge IT

<![CDATA[We've Reached 300 Posts! It's time for the Hedge IT Blog Awards!]]>, 28 Feb 2013 00:00:00 -0500 eci It's hard to believe it, but we have officially reached the 300th post here on the Hedge IT blog!

To commemorate this special occasion, we're bringing back the Hedge IT blog awards honoring the best articles, topics and trends from the past year as a way of saying "thanks" to all of our loyal readers. We look forward to continuing this tradition of sharing valuable, thought provoking content with you again this year. Here's to the next 100 posts!

Enjoy! (And be sure to click into the presentation to experince our winners.)

subscribe to the Hedge IT blog

<![CDATA[Sneak Peek: Hedge Fund Manager's Guide to IT Security]]>, 26 Feb 2013 00:00:00 -0500 eci Today we released our Best Practices for Managing IT Security Risks: A Hedge Fund Manager’s Guide, which we developed with eSentire. Following is a sneak peek of the guidance included in the 10-page guidebook. Assuming we have whet your appetite, you can download the entire guidebook here or attend our upcoming webinar on the topic (register here).

Managing Security Threats Facing Hedge Funds

Most successful cybersecurity attacks in today’s environment occur via three different methods: malware via email, malware via a website download (drive-by download or man-in-the-middle) and transfer via USB. In most cases, an employee will download an unsuspecting virus or open an unsuspecting email, triggering a malware attack that could open the door for further intrusion. Alternatively, a trend becoming more common is the threat of employees transferring information onto USB drives (whether knowingly or unknowingly), resulting in an internal security breach. Externally –and regardless of the intrusion method – attacks typically follow a similar path from start to finish. Global security firm Lockheed Martin has identified steps to what they call the “cyber kill chain.”

  • Reconnaissance: Collecting information and learning about the internal structure of the host organization

  • Weaponization: How the attacker packages the threat for delivery

  • Delivery: The actual delivery of the threat (via email, web, USB, etc.)

  • Exploitation: Once the host is compromised, the attacker can take advantage and conduct further attacks

  • Installation: Installing the actual malware, for example

  • Command & Control: Setting up controls so the attacker can have future access to the host’s network

  • Actions or Objections: The attacker meets his/her goal (e.g. stealing information, gaining elevated privileges or damaging the host completely)

While these steps may seem well thought-out and can be easily executed by an attacker, the benefit to understanding the cyber kill chain is that it gives the host a chance to counteract. The sooner into the cyber kill chain the host can identify the threat, the better chance it has of thwarting it. And there are several options for thwarting attacks, depending on the stage in which the attack is identified.

Mitigation activities on the host’s part can include: detection, denial, disruption, degradation, deception and destruction. Creating a course of action based on various scenarios and a firm’s current abilities to thwart attacks can gauge effectiveness against such intrusions and provide areas for improvement in a firm’s defense strategy. As part of an overall strategy, firms should also look to implement the following simple best practices to help prevent costly attacks:

  • Enforce strong passwords and (at least) two-factor authentication

  • Remove local administrative privileges when possible

  • Keep patches up-to-date for Microsoft, Adobe, Java Runtime and browsers (the most common threats originate here)

  • Restrict executable downloads and installations

In addition to implementing technical measures to protect their infrastructures, firms must also employ operational policies and procedures to document incidents and provide transparency to investors and auditors.

Mobile Device Security: Navigating the BYOD Trend

By allowing employees to supply their own devices, an organization inherently loses control over the hardware, how it is used and must ask the question how the company can be affected. Governing the fine line between personal and professional use on the same device can be challenging. But without clearly defined policies in place companies are making themselves vulnerable to a number of security risks.

For instance, 48% of respondents in a recent InformationWeek survey indicated that employees within their organizations had their mobile devices lost or stolen in the past year, with 12% of those cases requiring public disclosure, causing inevitable harm to the business. If proper security measures are not in place, the information contained on that device could become accessible to unauthorized parties and the company's reputation may suffer irreparable damage.

Additionally, there are many security risks involved in using one’s personal device for business purposes that most users may not even be aware of. Many popular smartphone apps, such as public file transfer services, could allow sensitive information to be easily intercepted. Other common activities that could result in leakage of sensitive data include using personal devices to automatically forward work emails to public webmail services and using smartphones to create open Wi-Fi hotspots. Both of these practices make a company’s data extremely vulnerable to hackers.

But there are steps you can take to protect your firm from BYOD security threats – we outline these in our Best Practices for Managing IT Security Risks Guide.

Additional topics covered in the Guide include:

  • Working with Service Providers

  • Hedge Fund Cloud Security Checklist (See how Eze Castle Integration fared on this test HERE)

  • Looking Ahead

Hedge Fund Security Guidebook

<![CDATA[Be our Social Media Valentine…for a Good Cause!]]>, 14 Feb 2013 00:00:00 -0500 eci Today, as you know, is Valentine’s Day. So, for the third consecutive year, we’re taking this opportunity to spread the love.

This year, we’re dedicating our efforts to support School on Wheels, an organization focused on increasing the educational opportunities available to the more than 1.6 million homeless children in the United States. The group’s mission is based on these three fundamental premises:

  • Every child deserves the right to a quality education.

  • Education is the key to unlocking a brighter future and breaking the cycle of homelessness.

  • Community support is vital in helping achieve the goal of providing academic stability and hope for all children who have no permanent home.

School on Wheels achieves these goals through a variety of programs, most notably its volunteer tutor program, which trains and matches tutors to homeless students in the community. Tutors are trained and paired with one student in order to ensure a sense of stability, and assist students with not only school related projects but also confidence building exercises. Volunteers also work with the students to help them stay on track in school and reach their educational goals, which include attending college. Through its High School Plus Program, School on Wheels of MA has already helped 15 homeless students reach college.

To support this worthy organization, Eze Castle is hosting a social media fundraiser during which we pledge to donate $1.00 to School on Wheels (up to $1,000) for every new “like” we receive on our Facebook page and every new Twitter follower obtained between February 14, 2013 and March 14, 2013.

Please take a moment and “like” us on Facebook or follow us on Twitter to help us support this amazing cause. In addition to the good karma you’ll earn, you’ll also have the added benefit of enjoying innovative hedge fund technology insights and news directly on your Facebook and Twitter feeds!

2013 Facebook Twitter charity promotion image

<![CDATA[Hedge Fund Industry Outlook: What can you expect in 2013?]]>, 05 Feb 2013 00:00:00 -0500 eci

Last week, we hosted a webinar on the Hedge Fund Industry Outlook for 2013 with speakers Deborah Prutzman, CEO of the Regulatory Fundamentals Group, and Mary Beth Hamilton of Eze Castle Integration. Following is a recap of the key topics discussed around operational due diligence, regulations and technology trends.

Insights from Deborah Prutzman, Regulatory Fundamentals Group

2012 was a year marked with significant regulatory changes in the world of investment management. So far, we’re expecting to see more of the same in 2013. This time, the direction and manner of change will likely be more predictable. Some important themes we expect will permeate throughout the year include:

  • A need for trust

  • A focus on governance

  • Pensions searching for yield

  • Central counterparty risks

  • An arms race between regulators

  • A need to focus on supervisory processes around marketing

External Factors Driving Change in 2013
As always, investors are hungry for yield, but they are smarter now thanks to lessons learned in the post-Madoff era. This year, the “typical” investor that invests in alternatives is changing. We expect the importance of institutional investors to increase, while pension funds and endowments start to seek greater allocations.

So, what does this mean? First and foremost, we’ll see an increased focus on operational due diligence amongst hedge funds. Additionally, this will raise the stakes for asset managers. If word gets out to the media that a high net worth individual lost money in a questionable investment scenario, the media and the public will not see this favorably. But, if a teachers union or group of nurses loses pension funds, there will likely be far greater backlash.

Major Changes to Look For
2013 is likely going to be the year of regulatory enforcement in the alternatives industry. We’re seeing that the regulatory bodies that govern this space are especially invigorated right now. The SEC has a new Asset Management Unit in place, and is changing its approach to focus more on conflicts, human motivation and deep knowledge of the industry. We expect much of the same at the CFTC as well. Other US regulators, such as the FERC (Federal Energy Regulatory Committee) and state governance groups will start to play a more influential role this year as well.

Another change to look for is the tendency for regulators to focus on the personal liability of firms’ senior management. The media is applying pressure to the industry to hold these executives accountable for the inner workings of their funds, and popular belief is they should be taking a more supervisory role going forward.

In 2012, we began to see increased litigation coming from the investor base and we believe this will continue to grow, especially as the “whistleblower” phenomenon gains momentum. Last year, the SEC received 3,000 tips from whistleblowers (about 8 per day) – a number that is expected to increase in 2013.

What Adjustments Should You Make?
Develop an enterprise-wide understanding of needs as they pertain to the firm’s strategy, governance, operations and technology. Requirements should be innately built into the firm, using clear governance and strong policies. As a best practice, we recommend the following framework for governance:

  1. Perform a comprehensive risk assessment.

  2. Implement a process for initiating business changes and new activities.

  3. Implement a process for monitoring for external environmental changes (such as taxes, laws, best practices, etc.)

  4. Ensure your staff has a clear understanding of expectations.

This will result in a more mature, agile fund that is in a better position to navigate the tough competitive environment and upcoming regulatory changes.

Insights from Mary Beth Hamilton, VP of Marketing, Eze Castle Integration

DR & BCP In the Spotlight
Recent events have tested the preparedness of firms across the United States and internationally. From the London Olympics and summer power failures to Hurricane Sandy and the recent flu season concerns, the need for well thought out DR and BCP is pretty clear.

It is important to note that each of the scenarios above impact a business in different ways and, highlight the importance of conducting thorough risk analysis and scenario planning when developing a disaster recovery and business continuity plan. It is important to think through the different types of scenarios that can impact your firm.

Movement to the Cloud
Adoption of cloud services by hedge funds and alternative investment firms continues to increase at a rapid rate. Eze Castle estimates that 40% of our clients are using some sort of cloud service. A 2012 independent cloud market survey found that nearly 8 in 10 hedge funds & investment management firms are using the cloud for at least some of their IT infrastructure or application needs.

  • The key reasons firms are moving to the cloud are:

  • To reduce IT infrastructure investment/costs (transfer from CapEx to OpEx)

  • To increase the speed of technology deployment

  • To simplify IT management and support

  • To improve IT flexibility and scalability of on-demand resources

  • To take advantage of built-in disaster recovery and business continuity features and functionality

Navigating the BYOD Trend
Today, the acronym BYOD is becoming common place amongst professionals responsible for overseeing a firm’s IT functions. After resisting it for years, firms are starting to recognize that by allowing employees to bring their own devices they can experience potential cost savings, productivity increases and make some employees a little bit happier.

A survey by Good Technology found that 90% of financial organizations support the use of personal mobile devices at work. It also found that the most popular model for BYOD at financial institutions is for employees to purchase and pay for their own device with the company offering support in the form of access to corporate systems. The next-most popular is a model where the enterprise reimburses users for "eligible expenses" up to a point

The prevalence of employees bringing their own devices also has implications on corporate security and policies. Hedge funds need to be thoughtful about their policies and ensure employees are knowledgeable about responsible practices.

More Resources
Here are some additional sources of (free!) information to help you stay up-to-date on the latest in hedge fund regulations:

To hear the complete presentation, be sure to view the webinar, Hedge Fund Industry Outlook: Trending Topics for 2013 (below)!

<![CDATA[BlackBerry's Reinvention: A Look at the BlackBerry Z10]]>, 31 Jan 2013 00:00:00 -0500 eci BlackBerry has finally unveiled the long awaited BlackBerry Z10 in hopes that this will bring them level with Android and Apple who have taken a large chunk of the market share.

With the new Z10, BlackBerry has moved away from their traditional screen and keyboard approach to a total touch screen experience. The new device is bigger and thicker at 130mm x 65.6mm x 9mm than an iPhone but has almost everything diehard BlackBerry fans have been waiting for: a sleek, modern, and professional touch-screen with an up-to-date OS to match and 4G LTE support. But what else is new? Here at Eze Castle we have done our research and bring you all the information you need.


BlackBerry has merged home-screens, widgets, app lists and a unified inbox into one slick interface, offering up an easy-to-navigate user experience. The main home-screen comprises of 'Active Frames' (mini-applications), which gives you an overview of information from a particular app and launch the full version when tapped. Users can select up to eight of these active frames, which arrange themselves in order of most recently used, with the latest app appearing in the top left position.

BlackBerry Hub, Flow and Peek

The new operating system features a string of new additions to the BlackBerry to equip it to compete with modern smartphones. The new system will have features called the BlackBerry Hub, Flow, and Peek, which make it easier for users to move between apps, emails and social media platforms.


The BlackBerry Z10 has a touch screen keyboard, which includes a ‘gesture typing’ feature that allows users to ping predicated words into their messages. The new touchscreen keyboard aims to provides an effortless typing experience. It learns your writing style and suggests words to help you type faster, more accurately and with the least amount of effort.

BlackBerry Messenger (BBM)

The popular BlackBerry Messenger app has also been updated to include a video facility allowing users to chat face-to-face as well as a picture editing feature. This new picture editing feature allows the user to pinpoint and adjust elements of their picture to get the photo they want.


The new ‘Time Shift’ feature captures milliseconds before and after your photo—so you can scroll back on the dial to open and create the perfect picture. For example; open one friend’s eyes and then forward to catch your other friend smiling, before combining it all to create that picture perfect moment.


More than 70,000 apps will be available to download, including Skype, Kindle, WhatsApp and Angry Birds, however, this is still a far cry from the iPhone's nearly 750,000 apps.

Pre-loaded Apps: BlackBerry Hub, Contacts, Browser, Calendar, BBM, Text Messages, BlackBerry World, BlackBerry Remember, Docs To Go, Pictures, Music, Videos, Story Maker, Facebook, Twitter, LinkedIn, Foursquare, BlackBerry Maps, Games, YouTube , BlackBerry Newsstand, Voice Control, Weather, Clock, Calculator, Compass, File Manager, Box, BlackBerry Connect for Dropbox, Print To Go, Smart Tags, Settings, Adobe® Reader, Phone, Camera/Video Camera/Time Shift, Setup, Help, SIM Toolkit and Search.

Our Assessment?

Overall the BlackBerry Z10 delivers the must have features that will allow it to compete with the iPhone, however, many are wondering if it is too little to late to effectively capture market share from its strong competitors. We'll just have to wait and see user reactions. It is now available for sale in the UK, however, US users will have to wait unti March 2013 to give it a test spin.

Check out a Product Demo HERE and decide for yourself.

Subscribe to the Hedge IT Blog to stay up-to-date with the latest trends in technology.

Contact an Eze Castle representative

Photo credit: Flickr

<![CDATA[A Snapshot of Financial Regulation in 2013]]>, 24 Jan 2013 00:00:00 -0500 eci As 2013 begins, managers of hedge funds and other financial services firms should be aware of upcoming changes within the regulatory environment. Investment firms in the US can expect to be impacted by stricter controls, laws and more detailed investigations imposed by the SEC and other governing agencies. Here’s a high level overview of some of the most important regulations to keep your eye on this year:

The JOBS Act
The Jumpstart Our Business Startups Act, also known as the JOBS Act, was signed into law by President Obama on April 5th, 2012. It’s intended to assist eligible companies in seeking initial public offerings by simplifying the procedure for going public. This legislation eases federal regulations and allows for crowd funding – enabling individuals to become investors. As a result of the JOBS Act, small business startups will be able to collect money from private individuals without making an IPO.

There are many predictions regarding how the JOBS Act will impact hedge funds. Some believe it will likely result in a wider investor base and higher net inflows to the industry. The act will also affect the ways in which firms market themselves in the coming years by encouraging funds to make more detailed information accessible to their investors. In theory, this should make it much easier for investors to compare managers on a number of criteria.

There are conflicting opinions as to whether the JOBS Act will actually increase the number of companies seeking IPOs. One point of contention is the newly permitted confidential filing process, which allows new companies to privately submit draft registration statements to the SEC. Arguments focus on whether the confidential filing process will, in fact, result in a lack of transparency for investors when advising clients.

Although the JOBS Act was signed into law in April, some tenants of the bill have yet to go into effect, including the lift of the solicitation ban that prohibits hedge funds from advertising to potential individual investors. The ban was intended to be lifted in August, but the rule was not finalized because the SEC missed the July 4 deadline, in part due to former SEC Chairwoman Mary Schapiro’s departure and alleged opposition to lifting the ban. While there is no clear date set for when the JOBS Act will take full effect, there is discussion that more investor protections need to be added.

SEC’s Asset Management Unit Directives
In 2013, hedge funds can also expect continued vigilance by the SEC through several initiatives imposed by the Asset Management Unit (AMU) of its Division of Enforcement. The AMU is tasked specifically with preventing fraud in the hedge fund industry. The hedge fund managers and private equity analysts who comprise this unit help provide a more transparent overview of the inner workings of these firms, and aid in developing policies, investigations, exams and trainings. Although in the past, hedge funds and private equity firms were lightly regulated by the SEC, in 2013 managers can expect to see a much stronger SEC presence and a higher level of regulation within their firms. Additionally, expect a higher level of in-person investigations focused on specific workings of the firm. The AMU’s new focus will center on investor/client relationships and aim to prevent hedge fund managers from giving out any recommendations to potential clients that are not well intentioned.

The Dodd-Frank Act
In 2013, hedge fund managers can expect to see the SEC advance with the rulemaking required by the Dodd-Frank Act. Although the Dodd-Frank Act has been passed for some time, there are aspects of this legislation that will be taking effect this year. For instance, there will be a much higher level of onsite risk-based presence exams, during which SEC staff will investigate high risk areas of the fund. The SEC’s continued emphasis on hedge fund regulations requires that a high level of detail and focus is placed on risk and compliance initiatives within these firms.

Some of the Dodd-Frank updates that will be occurring this year include finalizing the Volcker Rule, which bans proprietary trading by banks (expected in early 2013) as well as the development of a new regulation that will allow for greater supervision of foreign banks’ US operations. The rule will require foreign banks with substantial US operations to uphold stronger capital and liquidity positions in the US as well as create an intermediary holding company over its US subsidiaries. In 2013, the Consumer Financial Protection Bureau (CFPB) will also examine crucial issues surrounding fair lending. Reports indicate that the CFPB is developing new rules in order to reinforce regulation surrounding fair lending practices. These rules are connected to the Truth in Lending Act, Equal Credit Opportunity Act and Home Mortgage Disclosure Act.

Hedge fund regulations knowledge centerFor more information, be sure to check out our collection of complimentary resources on helping your firm navigate the complex regulatory environment, or contact an Eze Castle Integration representative.

<![CDATA[Eze App Cloud Debuts, Delivers ONE Cloud Platform]]>, 22 Jan 2013 00:00:00 -0500 eci Eze App Cloud for Hedge FundsHave we mentioned we dig the cloud? Well we do and we are happy to introduce you to the newest addition to our cloud family – Eze App Cloud.

Weighing in at 60+ applications, Eze App Cloud comes to us from the Eze Private Cloud and is tailor made for application vendors servicing hedge fund and investment management firms.

The App Cloud has been a long time in the making and aims to address many challenges, including the need for a central, consolidated cloud platform to run all hedge fund applications and IT services. With adoption of cloud services growing, there are many disparate cloud platforms with varying degrees of quality and customization. We are increasingly seeing clients challenged to integrate applications (i.e. OMS, Risk, CRM) all running on different cloud platforms and networks. The cloud is supposed to simplify operations, not make them more difficult.

Eze App Cloud is prepared (and designed) to be the ONE cloud platform for everything a hedge fund needs.

Application Providers: Here's what the Eze App Cloud has for you.

Combine your proven software with our premier cloud infrastructure to give clients a complete, cost-effective package that speeds time to value. A few benefits of using our Eze App Cloud are:

  • Meet the market’s growing preference for cloud

  • Use our Private Network which serves as the communications gateway to more than 400 buy-side firms and offers direct connectivity to key trading counterparties

  • Breakdown international deployment barriers – the Eze Private Cloud spans three continents

Client (i.e. the VIPs) Benefits

  • Gain cost-effective access to an enterprise-grade infrastructure that is highly available and professionally managed and monitored

  • Focus on business priorities and core competencies rather than application and IT management

  • Transfer technology costs from capital expenditures to operating expenses, and eliminate the need to purchase, maintain and refresh equipment

Watch & Learn: Eze Private Cloud Overview

contact an eze castle representative
<![CDATA[It's Flu Season: 10 Tips to Keep Your Hedge Fund Safe (Video)]]>, 17 Jan 2013 00:00:00 -0500 eci The Center for Disease Control (CDC) has reported high activity levels of Flu cases in 24 states including New York, Massachusetts, New Jersey, Illinois, Minnesota and Pennsylvania. The illness is spreading at a much more rapid rate this year than in previous winters. To date, over 750 cases of the Flu have been reported in Boston. New York state has reported 20,000 cases of the Flu thus far this season. By comparison, only 4,400 cases of the Flu were reported in New York state for the entirety of the 2011-2012 Flu season.

So, what does this mean for investment firms? It is now more important than ever to ensure your firm can and will remain functional if it is affected by this outbreak or, worse, a pandemic. Business leaders must be mindful of the repercussions of the virus, as a decrease in staff could cause a great strain on the firm and potentially costly downtime.

We asked our Business Continuity Planning experts to give 10 tips on keeping your firm up and operational during flu season. Watch and learn or download our handy 10 Tips Article.

You can also download our Preparing Your Firm for Flu Season article, which outlines tips for keeping your hedge fund up and running during Flu season and advice on pandemic planning.

Our BCP experts are also always available to assist with planning.

contact an eze castle integration representative

<![CDATA[New Year, New Goals: Resolutions for 2013]]>, 03 Jan 2013 00:00:00 -0500 eci 0Happy New Year everyone!

2013 is off and running, and the time has come to look ahead and set goals for your investment firm to ensure a successful and prosperous year. Many of the resolutions we recommended last year still hold true, including testing your disaster recovery system, reviewing and evaluating all telcom contracts, ensuring your business continuity plan is SEC-compliant and performing a comprehensive IT systems audit.

This year, it’s time to take those resolutions to the next level. We asked some of our internal experts here at Eze Castle to share some important resolutions hedge funds could consider making for 2013. Here’s what they had to say:

Jason Nolan, Product Manager: Perform comprehensive evaluations before selecting a cloud service provider.

Last year at this time, we were encouraging our clients to learn more about the cloud and consider moving to a cloud-based IT infrastructure to take advantage of cost benefits and increased operational efficiencies. Today, the hedge fund industry has a much deeper understanding of this technology and is ready to take the cloud discussion to a deeper level. Our big push for 2013 is to encourage investment firms to thoroughly vet potential cloud providers on a number of key areas including backup and retention procedures, security and monitoring practices in place at data centers, Service Level Agreements (SLAs), SSAE 16 certifications and more. Also, be sure to gain an understanding of the service provider’s internal policies as they relate to data access and security procedures.

Lisa Smith, Business Continuity & Data Privacy Manager: Review and enhance your BCP and communicate it well.

visit the disaster recovery and business continuity planning knowledge centerIf there is one thing we learned from Hurricane Sandy, it’s that, for alternative investment firms, having a comprehensive and robust business continuity plan in place is crucial to achieving success. Of course, this is not new information, and most firms already have plans in place to protect their businesses from these types of events. However, simply having a plan in place is not enough. We encourage our clients to review and discuss their BCPs on an ongoing, regular basis to ensure they continue to evolve as business needs, key personnel and other factors change over time. In addition, it’s important to effectively communicate these plans to all employees within the organization, as well as any pertinent third parties (clients, vendors, investors, etc.), so that everyone understands what to do in the event of a disaster or outage. Keep in mind communicating the details of your company’s BCP can be done through training sessions, information sessions and testing. These are the most effective ways to ensure your employees know what to do during a disaster.

Bob Guilbert, Managing Director: Don’t overlook the importance of security.

In 2013, security will be one of the most discussed topics in the world of hedge fund technology. While we’ve been preaching strong security practices for quite some time, this year will bring a host of new challenges in this arena, especially in the areas of mobility, cyber-attacks and internal breaches. Firms should develop a strategy to combat these security threats, including implementing best practices such as enforcing strong passwords and multi-factor authentication, keeping patches up-to-date for Microsoft, Adobe and the like, restricting executable downloads and creating a mobile computing policy that addresses both company-issued devices and BYOD management.

Marc Gold, Director of New York Client Service: Be prepared for an operational due diligence questionnaire.

It’s no surprise that the hedge fund industry has become increasingly competitive. Investors’ expectations are on the rise, and they’re looking for funds that display the highest levels in operational excellence. At the same time, new regulations are aimed at increasing transparency. As a result, operational due diligence has become a hot topic amongst alternative investment firms. Now, more than ever, it’s critical to ensure your firm meets these high standards by preparing for – or completing in advance – a due diligence questionnaire (DDQ). Operational DDQs cover a wide range of topics, including the fund’s IT infrastructure and the accompanying security procedures. At Eze Castle, our client service team regularly assists funds in completing DDQs. Be sure to download our sample DDQ for hedge funds to help you get started.

contact an eze castle integration representative

Photo credit:

<![CDATA[Best of the Year Blog Posts: A Look Back at Hedge IT in 2012]]>, 27 Dec 2012 00:00:00 -0500 eci Here we are again – at the end of another year and recapping some of the best and most popular posts from the Hedge IT Blog in 2012. This year, we spent a lot of time talking about cloud computing, security, and disaster recovery, among other topics.

As always, we welcome your feedback and would love to hear your suggestions for future articles on Hedge IT. In the meantime, we’ll continue to bring you new and interesting posts related to all of your favorite hedge fund technology topics.

At last, here is a recap of our most popular blog articles of 2012:

Cloud Adoption Survey Results Revealed: Part 1

This year, we undertook a research study surveying 130 hedge funds and alternative investment firms in regards to their adoption of cloud technology. The results revealed that more than eight out of ten investment firms are either currently using or planning to use cloud computing services in the near future. This shift towards the cloud signifies a major trend in the financial services space as firms look to move away from costly on-premise technology infrastructures. You can download the complete survey report here.Happy New Year

Hedge Fund Cybersecurity: Preparing Your Firm For an Intrusion

In 2012, we announced a strategic partnership with eSentire, a leader in managed security services for hedge funds. The partnership comes at a time when firms are on high alert regarding security concerns and are shoring up their businesses to mitigate future threats. In a live webinar, eSentire’s CTO reviewed internal and external security threats to hedge funds and strategies for thwarting such attacks.

Operational Due Diligence: Common DDQ Questions

As competition for investors continues to increase, firms are looking for ways to stay ahead of the crowd. The investor due diligence process has become much more thorough as investors have become savvier about operations and technology matters. Here is a list of common due diligence questions your firm may be asked as part of the DDQ process.

Examining the Changing Role of the Hedge Fund CTO

One of the panels at our first annual Hedge Fund Cloud Summit this year took a look at how the role of the head of technology at an investment firm is changing, particularly with increasing regulatory demands and reporting requirements from investors. Find out more about the new responsibilities hedge fund CTOs are undertaking and where the future of the role is headed.

Why Outsource? The Advantages of Using a Third-Party Help Desk

Earlier in 2012, Eze Castle was awarded with the prestigious Help Desk Institute (HDI) Team Excellence Award. Go, Eze! The win was great validation for our 24x7x365 outsourced help desk, which works with our clients day in and day out to resolve their issues and meet their immediate technology needs. This article takes you through some of the key advantages of using a help desk service like ours.

Take a Tour of Eze Castle's Data Centers (New Video!)

One of our favorite videos of the year was an inside look at our colocation facilities. Take a tour with this short video to see where our data centers are located worldwide and how our technology team works to keep your data and infrastructure safe and sound.

Hedge Fund Tech Compliance: Archiving, Security & Mobile Device Management

Our most popular webinar of the year focused on hedge fund compliance directives and covered everything from Form PF to message archiving and mobile device management. The regulatory requirements for hedge funds continue to mount, so read on to find out which directives your firm needs to comply with.

What Hedge Funds Can Learn from Hurricane Sandy

One of the most significant and devastating events of 2012 was Hurricane Sandy. The superstorm affected countless businesses and residences up and down the East Coast. Many of our clients were directly affected, and hence, we learned a lot through the course of the storm and in the aftermath. Disaster recovery and business continuity planning are essential to all firms, and Hurricane Sandy was another reason why firms should work diligently to prepare for unexpected events like these in the future.

From all of us here at Eze Castle Integration, we wish you a Happy New Year and look forward to seeing you in 2013!

Contact an Eze Castle representative

Photo Credit: Shutterstock]]>
<![CDATA[Happy Holidays from Eze Castle Integration!]]>, 20 Dec 2012 00:00:00 -0500 eci The holiday season is upon us, and we'd like to wish our clients, partners, colleagues and friends a happy and healthy new year. Looking forward to a successful 2013 for all!

Click here to view our 2012 Holiday e-Card!

Happy Holidays from Eze Castle Integration
<![CDATA[What’s the Word on Windows 8?]]>, 18 Dec 2012 00:00:00 -0500 eci A few months ago, we took our readers on a tour of the newly released Microsoft Office Suite. This updated version of such tools as Word, PowerPoint, Excel and Outlook made it easier for users to take advantage of tablet and mobile computing devices. Now, with the recent release of its new Windows 8 operating system, Microsoft is continuing its foray into the mobile computing environment.

We’ve been receiving questions on Windows 8 from several clients and other industry professionals (What new features are included? What’s changed since previous versions?), so we’ve done some research and tapped our internal experts to provide you with an overview of Microsoft’s newest release.

What’s New?

The Windows operating system has been around for years, but there are now new players within the computing industry. Competitive offerings such as the Android and iOS platforms are rapidly gaining popularity as iPhones, iPads and Droid phones become more common. As a result, Microsoft is introducing significant changes with this new release, primarily aimed at enhancing users' experience when accessing the platform on tablets and mobile devices and taking advantage of new and emerging technologies.

Compatibility with Mobile Devices

Windows 8 is optimized for use on touch screens as well as traditional mouse-and-keyboard systems. Microsoft has also improved the start screen, now called the “Modern UI,” featuring a full-screen tile display of real time, customizable information. Users can install apps from the new Windows Store in order to quickly access news, weather updates, tweets and other timely information in a single tap. Additionally, a new function allows users to multitask by grabbing and swiping several apps at a time – a feature we haven’t yet seen perfected by competing operating systems.

Here is an example of what the Windows 8 start screen looks like:

microsoft windows 8 start screen image

Note: You may be hearing references to Windows RT in addition to Windows 8. To clarify, these two platforms are virtually the same, however RT refers to the version which runs on tablets. It contains nearly all of the same features, and users can navigate it the same way they would operate its counterpart on a desktop PC.

Increased Security

One important change in Windows 8 is a significant improvement in security features. Users can lock their devices and choose to protect them with either a traditional password or a “picture password” which involves drawing gestures on the screen with a finger (for touchscreens) or a mouse. Also, only the first account that is created on each device has administrative privileges. This means that only one person is able to install/remove most programs and access is limited for secondary users.

Windows 8 also boasts better malware protection than previous versions, increased protection for core files and a new system for memory management that is much more robust. Most individual apps are isolated, and can only access information from one another if you choose to allow it. This helps to quarantine malware and prevent it from spreading from one app to the next. For added security, users can add the Microsoft Defender app which decreases the chances of acquiring a virus.

Improved Searching and Navigation

Another new feature of note is the Charms bar. This appears when a user swipes his or her finger from the right edge of the screen or hovers the cursor over either the top or bottom corners on the right side of the screen. When the Charms bar is activated, it provides easy access to buttons that allow users to search, return to the home screen, switch to the most recent app that was used or adjust settings. You can also swipe up from the bottom of the screen to quickly reveal a list of all apps installed on the device.

Mousing Around Windows 8

So you may be wondering what it is like to navigate Windows 8 with a mouse. We've heard mixed reviews, but here are some handy shortcuts The Verge magazine recently published:

  • Windows + H = Opens the Share charmWindows 8 Start Image

  • Windows + I = Opens the Settings charm

  • Windows + K = Opens the Devices charm

  • Windows + Q = Search for apps

  • Windows + F = Search for files

  • Windows + W = Search for Windows settings

  • Windows + X = Access common admin tools

  • Windows + E = Launches File Explorer in the desktop environment

  • Windows + O = lock screen orientation

  • Windows + R = Opens a Run dialog

  • Windows + L = Lock the computer

  • Windows + Print Screen = Saves a screenshot to your Pictures > Screenshots folder

  • Windows + any of 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 = Launches the corresponding program pinned to the taskbar

  • Ctrl + Shift + Esc = Open Task Manager


Many analysts are calling Windows 8 the most drastically different operating system Microsoft has developed since Windows 95. For those of you who are used to the older platforms, this may require some getting used to. However, as we all know the world is moving away from the desktop and onto the touchscreen, and Windows 8 has the makings of a very solid operating system for this new age of computing. Keep an eye on this product – we expect to see a number of enhancements and add-ons in the coming year that could be very useful for business users.

Looking for more information on current trends in technology? Don't miss our recent article on what to look for in 2013. And of course subscribe to the Hedge IT blog!

Photo Credits: & PC Advisor

<![CDATA[Ready for Liftoff? Launching a Hedge Fund in 2013]]>, 13 Dec 2012 00:00:00 -0500 eci We’ve said it before, and we’ll say it again. Starting a hedge fund is a thoughtful and time-consuming process that requires skillful considerations and supportive collaborations to drive success. But with the changes that have swept through the industry of late, now seems like as good a time as any to launch a new fund.

We recently hosted a webinar with KPMG to examine the current hedge fund landscape for startups and determine whether 2013 is the right time to begin the launch process. Below is a short summary of the topics discussed. To watch the full event replay, click here.

Forming a Hedge Fund

There is a wealth to consider when launching your first (or second or third) hedge fund. From organizational and personnel matters to grappling with regulatory and compliance requirements and infrastructure needs, the list seems to never end. With the help of experienced prime brokers and service providers, however, managing these tasks has never been easier.

Some areas to consider:

  • Where will your fund be based? Are there tax implications based on which geography you select?

  • Will you be required to register on a state and/or federal level?

  • What type of governance model should you employ?Rocket

  • What are your investors’ expectations? (re: compliance, infrastructure, reporting, etc.)

The decision to outsource or take internal control over certain functions will also weigh heavily on your business. The functionality of a CCO or CFO is one that is often up for debate, and there are firms who will provide staff to fill these roles and assist with SEC and CFTC compliance requirements, registration forms and other needs. Be sure to consider what your investors’ perceptions of an outsourced CCO/CFO would be, though. Do they expect you to have someone on staff full-time? If the idea of outsourcing such an important role makes them uncomfortable, you may want to retain someone in-house.

For services and functions you do choose to outsource, it’s important to remember that managing those relationships is essential to success. The one function you cannot outsource is vendor relationship management, so taking the time to properly vet and communicate with your service providers will serve you well as you launch your business. Some vendors you will likely work with during the course of your launch include a fund administrator, attorney, audit or tax firm, prime broker and technology provider.

The Technology Shift

Fifteen years ago, hedge fund firms followed a “traditional” path, managing their IT in-house and making significant investments in technology infrastructure. They likely had Comm. Rooms directly in their office space and rarely relied on outsourced service providers. Fast forward to present day, and you’ll see that times have changed dramatically.

Disaster situations such as Hurricane Sandy and the global adoption of new technologies (read: cloud computing) have prompted hedge funds, particularly startups, to re-evaluate their technology strategies and leverage outsourcing.

On the cloud front, most firms seems to understand what it is and how it works. But the reality is that every cloud is not created equal, and all hedge funds should do their due diligence before settling on a cloud platform. Performing a SWOT analysis should give you a good indication of how cloud providers stack up against one another. One area to examine closely is cloud security. Again, not every cloud is secured in the same way or employs the same security measures. A reputable cloud vendor should provide you with clear documentation defining the technology infrastructure and security layers as well as the policies and procedures in place to manage the security of the cloud (and of your data). Security is one area where you don’t want to take shortcuts, so be thorough in your evaluation and selection process.

The technology infrastructure you choose (cloud computing vs. on-premise hardware) may very well be influenced by your real estate situation. Are you working from a home office? Sub-leasing a space in the city? Operating out of a hedge fund hotel? Your situation may affect if you have the ability to manage IT in-house or build out a Comm. Room, or perhaps it makes more sense to utilize the cloud. As you investigate real estate options, be sure to consider your location and accessibility to clients, any future expansion of your firm and, of course, economics.

A few other technology areas you’ll want to put some thought into:

Eze Castle Integration has helped over 2,000 hedge funds launch and is adept at working with firms throughout the entire launch process and beyond. If you’d like to speak with one of our experts to talk through your options, please contact us.

Photo Credit: Wikipedia

<![CDATA[What's Trendy in Technology? Predictions for 2013]]>, 11 Dec 2012 00:00:00 -0500 eci It’s that time of year again: time to take a look ahead and make predictions for the top technology trends of 2013. I don’t think any of these trends will come as a surprise to you, but let’s take a closer look.


I know - we had this topic on last year’s list, too. But it’s so important, it deserves another nod. Smartphones and tablets have invaded the enterprise world like never before, and we’re seeing companies work more diligently to manage the use of these devices. Strategies such as Bring Your Own Device (BYOD) give firms the ability to allow employees to use personal devices for work purposes. While this provides employees with flexibility in terms of which devices they can use (and eliminates the need to carry more than one), it also highlights the importance of enhancing security measures to protect sensitive company information from getting into the wrong hands. Speaking of security…


It’s another repeat topic from 2012, but who can deny that it will still be one of the most talked about topics next year, too? In addition to focusing on BYOD challenges, firms will continue to grapple with the range of security issues facing hedge funds today. These include cyber-attacks and intrusions as well as internal security breaches and threats.

Whether your firm is relying on on-premise infrastructure or cloud services to support your operations, you will surely be expected to perform regular security checks and implement policies and procedures to thwart future issues. Examples of important security policies to employ include Acceptable Use, Access Control and Security Incident Management policies.

Big Data

One of the biggest phrases of 2012 was “big data.” Have you figured out what it is yet? If not, read up on it in a previous HedgeIT post. We expect the big data trend to continue into next year as, concurrently, the amount of data continues to grow. Firms will continue looking to harness the power of big data through management and analytical tools, and we may even see big data go mainstream.


One final tech trend for 2013 is the idea of crowdsourcing – outsourcing tasks or seeking the input of a group of people. While technically, this process can occur offline too, it seems to have found its home on the Internet. Specialty sites like Quora and even more mainstream outlets such as Facebook, LinkedIn and Twitter allow individuals to reach out to large groups of people for assistance, advice or feedback. These forums are expected to continue to grow, nurturing the conversation process and allowing for the continued sharing of information across the globe.

So tell us…

Which of these trends do you think will be the hottest in 2013?

Contact an Eze Castle representative

<![CDATA['Tis the Season for Giving Back: A Great Year for Hedge Funds Care]]>, 06 Dec 2012 00:00:00 -0500 eci With the holiday season just around the corner, we’re reminded to take a moment to appreciate what we have, and give back to those who may not be quite as lucky this year.

In keeping with the spirit of the season, we’d like to take this opportunity to recognize the amazing work of one of our favorite nonprofit organizations, Hedge Funds Care. This group is committed to preventing and treating child abuse by raising money to fund programs that support victims in their local communities around the world. These noble efforts are made possible by the generous support of individuals and companies throughout the hedge fund industry. We encourage you to learn more and consider becoming a supporter by visiting the Hedge Funds Care website.

After a highly successful year, the Eze Castle London team is honored to be joining Hedge Funds Care at the 7th Annual London Benefit Gala at the Science Museum this evening. As we join other investment professionals to celebrate a great fundraising year and prepare to kick off 2013, we also have a very special announcement to make: our managing director, Vinod Paul, has been named to the Hedge Funds Care Board of Directors! We’re beyond proud to have a member of our team joining the ranks of this fantastic organization and helping to lead the way toward a brighter future for children in need.

Check out the pictures below of the Eze Castle team participating in several Hedge Funds Care events:

hedge funds care events collage
contact an eze castle integration representative

<![CDATA[Eze Castle Gives Thanks]]>, 20 Nov 2012 00:00:00 -0500 eci This week marks the unofficial kickoff of the 2012 holiday season. With Thanksgiving just around the corner, we've been thinking about what we’re truly thankful for this year.

As you might recall, we've had a lot to be thankful for the past few years. In 2010 we acknowledged our thanks to some of our favorite charitable organizations such as Hedge Funds Care and Big Brothers Big Sisters. We also shared our gratitude for our awesome network of partners and clients around the world.

Last year, we asked our employees what they were thankful for and videotaped their responses. Since that was a such a big hit, we thought we'd ask some other employees that same question this year. Take a look at what they had to say:

what we're thankful for - eze castle employee collage

<![CDATA[What's Happening in Asia? Hedge Fund Industry Update & Cloud Expansion]]>, 15 Nov 2012 00:00:00 -0500 eci Hedge funds and investment firms are making the move to Asia, evidenced by the industry’s expansion to a record number of funds in Q3 2012 (according to Hedge Fund Research). With a healthy flow of both new startup funds and existing firms expanding their presence to the region, the Asian hedge fund market has quickly become the go-to locale for financial services.

Asia can be a challenging market to tap into, however, particularly as regulations take center stage. In addition to local regulations, Asian funds also need to keep an eye on what’s happening in the U.S. and Europe. According to HFMWeek, legislation handed down by the EU’s Alternative Investment Fund Managers Directive (AIFMD) “could make it very difficult for Asian managers to access European capital, affecting diverse facets of a fund’s operations including remuneration, leverage and custody.”

Technology is also on the minds of regulators – and investors too. HFMWeek states that “investors and regulators have shown little tolerance for allowing a fund’s infrastructure to ramp up over time, instead insisting that they feature best practice systems and processes at launch.” So if funds need to have a robust technology in place from day one, what are their options?

With costly real estate in financial hubs like Hong Kong (some of the most expensive square footage in the world), many Asian cities make it challenging for firms to build out their own technology infrastructures on-site. The answer for many firms, therefore, has been the cloud. Keeping in line with their US and UK counterparts, many Asian funds are leveraging private cloud services to help ramp up their operations quickly and cost-effectively.

With the growing demand for cloud services in Asia, Eze Castle Integration proudly announced this week the expansion of our Eze Private Cloud to Singapore and Hong Kong. Supporting more than 2,000 users and spanning three continents now, the Eze Private Cloud is the preferred private cloud for hedge funds on a global scale. Our expansion is further validated by two recent award wins, including #1 cloud computing provider (Hedge Funds Review) and best cloud computing/outsourced IT services provider (HFMWeek).

Read our complete announcement here.

The award-winning Eze Private Cloud provides hedge funds with seamless access to the technology and applications they require to effectively and efficiently run their businesses. With the Eze Private Cloud, hedge funds simplify operations, minimize upfront capital costs and gain a highly resilient, enterprise-grade IT infrastructure on par with billion-dollar funds. To learn more, click here.

Download the Cloud Survey Report

<![CDATA[A Guide to Hedge Fund Technology: 2012 Benchmark Study Results]]>, 01 Nov 2012 00:00:00 -0400 eci Last week, we revealed the results of our 2012 Hedge Fund Operations & Technology Benchmark Study, which surveyed over 300 buy-side firms about their front, middle and back office technology and vendor preferences. This year’s findings underscore the need for investment firms to employ robust systems to support trading operations and meeting increasing regulatory and investor demands.

Below is a summary, but you can download the full report here.

Respondent Profile

Within the financial services industry, Eze Castle surveyed 320 firms including hedge funds (61%), investment managers or investment banks (12%), private equity firms (7%), fund of hedge funds (4%), broker/dealers (2%), and venture capital firms (1%). Additional firms included in an ‘Other’ category include family office, legal, real estate, endowment, quant, biotech and insurance brokerage.

Firms surveyed fell into three asset classes: 30 percent reported their AUM as $100 million and under; 32 percent fell between $101 and $500 million; and 38 percent reported over $500 million in assets under management.

The most popular investment strategy among firms is Equity Long/Short (37%); multi-strategy approaches are also common and employed by 23 percent of firms. The top five prime brokers employed by firms are Goldman Sachs, Morgan Stanley, JP Morgan, Credit Suisse and UBS.

Front Office

  • OMS: Firms use order and execution management systems to support trading, operations, compliance and portfolio management; therefore, they require a robust and efficient solution to meet their growing needs. Our survey found that the majority of firms rely on ConvergEx Group’s Eze OMS solution (32%) or Bloomberg’s AIM (23%). Other market OMS systems include Advent’s Moxy, RediPlus, and Charles River.Order Management System - Hedge Fund Benchmark Study

  • Market Data: Bloomberg is, by far, the leading provider of market data services in the financial industry, as evidenced by its use by 90 percent of survey respondents. Thomson Reuters is the second most commonly used solution; however, 80 percent of firms using Thomson Reuters are also using Bloomberg.

  • Market Analytics: This year’s survey showed respondents’ inclination for bundled solutions, which makes it understandable that Bloomberg is also the leader in market analytics (73%). Other market analytic solutions in the marketplace include Thomson Reuters, Capital IQ, and Factset.

  • Research & Document Management: Most firms are not currently using research management systems (54%) to manage the influx of data and information flowing into their firms. For those who are, popular systems include Advent’s Tamale (22%), Code Red (14%) and Microsoft SharePoint (12%).

Middle Office

  • Portfolio Accounting: With the ability to automate trade capture, allocation and lifecycle management, a portfolio accounting platform is essential to any investment firm. Advent holds the market share, according to our survey, with their APX (20%) and Geneva (17%) products used by many of our respondents.

  • Risk Management: As hedge fund investors demand greater transparency, firms are implementing strategic risk management systems to mitigate threats. Adoption is slow – 60 percent of firms are not using risk management systems currently – but market solutions in use include Advent, SunGard, RiskMetrics and Calypso. We expect many firms are outsourcing risk management functions to third-party administrators.

  • Outsourced Administration: Speaking of administrators, the most common admins according to our survey include Citco, Goldman Sachs, SS&C GlobeOp and State Street. State Street recently purchases Goldman’s administration practice, and we expect them to play a larger role next year.

  • CRM Solution: Of firms currently using customer relationship management tools, most are using Petrac (17%), Salesforce (17%), Backstop (13%) or Netage (13%). CRM tools may gain traction in the near future as firms look to do more advertising as a result of the JOBS Act.Message Archiving - Hedge Fund Benchmark Study

  • Message Archiving: Email and IM communications are required to be archived under Dodd-Frank. Global Relay and Eze Archive are the most popular solutions for investment managers, with 50 percent of respondents using one or the other. Less frequently used vendors include Smarsh, FrontBridge, Postini and Rackspace.

  • Mobile Technology: While many firms are still using BlackBerry to support their operations, the adoption of the BYOD trend has shifted companies toward Apple devices. Last year, only 10 percent of firms were using iPhones and iPads; in 2012, approximately 30 percent of firms are using Apple-powered devices for business.

Looking Forward

We expect to see continued adoption of crucial applications, including OMS and PMS systems, particularly as these applications can easily be supported in the cloud. Beyond cloud computing, there is sure to be an increased focus on hedge fund regulation in the future, and this will affect the systems and vendors firms choose. Investors, also, are becoming more technologically savvy and therefore require that investment firms do their due diligence and implement robust and secure infrastructures to support operations and mitigate risk. These trends will continue to play important roles that shape the technology and operational choices investment firms make. We hope our Benchmark Study will serve as a guide and assist firms in making these critical decisions.

Eze Castle Integration is well-versed in the understandings of the alternative investment market and provides consultation to hedge funds looking for advice on various hardware and software platforms. For more information on how we can help your firm make critical operations and technology decisions, please contact us.

Download Hedge Fund Tech Benchmark Study

Photo Credits: Eze Castle Integration

<![CDATA[Apple's 'mini' Additions to Your Christmas List?]]>, 25 Oct 2012 00:00:00 -0400 eci Earlier this week, Tim Cook led Apple's latest keynote and announced product upgrades across the board. New additions here and spec upgrades there are prompting users around the globe to update their holiday shopping lists and hope for steep discounts on Black Friday. In-between what were many foreseeable announcements, Apple also threw in a few surprises.

Here are the big ones:

The new new iPad. In what might have been the biggest surprise, Apple announced it is phasing out the new iPad (released only a few months ago) and replacing it with a newer one (due out next month). Same look. Same price. Less issues. In simplest terms, they fixed all the complaints. There is now more LTE support (including Sprint in the US and local providers in the UK), a faster processor, faster WiFi and some better camera features. Oh and with the help of a new power adapter, quicker charging too. No major changes, but it does help to know you are getting your money’s worth and that the company you are buying from really listens to users’ input.

Comparing Apple iPad vs iPad mini

The iPad mini. Users want small. Technology has always been about making devices smaller; even the iPhone 5, with its bigger screen, has smaller components and a smaller weight. And now your iPad can be smaller too. Just as powerful as the current $399 model, the iPad mini has more features (Siri and LTE just to list a few) and a lower price (starts at $329). At over $250, many users might not make the jump away from their Kindle Fire HD or Nexus 7, but for users considering Apple and for users who want small, I wish them short lines in the store and quick initial shipments.

13" MacBook Pro with Retina Display. Powerful. Beautiful. Small. Expensive. Four words to perfectly describe the newest addition to Apple's killer line of laptops. It perfectly complements its 15" big brother. With a screen that dominates every other laptop (except for the 15” version released a few months ago) this machine is beautiful. And with specs that are great for any laptop, it'll be great for anyone who wants to multitask, edit pictures or play video games all night. If I could afford it, it would already be in my shopping cart.

Mac mini. In keeping with Apple's theme of minis, they upgraded their everyday desktop computer. It's not their most well known product, but anybody trying to replace an older computer who wants to switch to a Mac, here is their gateway drug. It's just as powerful as any of the other entry-level machines out there, and it has an adapter that can be used with any nice monitor (or TV) you might already own. Plug in a keyboard and mouse (or buy them from Apple), and you are good to go. It’s simple, small and just as powerful as any of their laptops available at twice the price.

Apple iMac mini

And my favorite announcement...

The 27" (and 21") iMac. Ultrasleek and ultrapowerful. And at points only 5mm thick (and at others over 20" long). This machine is ridiculous. Shipping in December (November for the 21"), this machine has already made it to the top of my holiday list. And I have a version that's only two years old! Apple took their last model (which was very powerful for an all-in-one computer), cut the size and upped the specs. Simply put, it’s an ideal announcement. How exactly the edges are 5mm is beyond me (and don't worry -as soon as they are on display in Grand Central, ill find out), but until then just "wow". For those intensive users (and big time gamers), here’s a machine capable of it all. I bet it even runs Windows smoothly.

Finally, the Fusion Drive. Available as an upgrade on the Mac mini and iMac, this is Apple's take on a hybrid drive, but bigger in specs, not physical size. Although details are still slim, the Fusion Drive has 128GB of solid state storage and up to 3TB of typical hard drive storage. Coming from someone who made the switch to solid state drive (SSD) a few months ago and has only looked back to wonder why it took so long to do so, this sounds like exactly what I want in my computer: storage space to make my apps run fast and tons of space to store my music and files. But Apple says they've taken it one step further.

In a typical hybrid drive, the solid state storage is used as a cache - a temporary quick-to-access spot to store copies of what you are running/accessing often. Apple's software beyond their hybrid drive eliminates this need for redundancy. The files and applications you need and access a lot are automatically shifted in the background to solid state. And this will dynamically change over time. Promises of boot speeds and access speeds that near that of full SSD solutions means the potential for what will seem like over 3TB of solid state storage. This will either be one big gimmick or one huge spec jump. We all know what I'm hoping for when I put one in my iMac configuration on my holiday list.

To read more about Apple technology innovations, check out these blog posts:

Photo Credits: Apple, PC Mag

<![CDATA[Infographic: What Technology Do Hedge Funds Prefer?]]>, 25 Oct 2012 00:00:00 -0400 eci Yesterday we unveiled our 2012 Hedge Fund Benchmark Study, which looks at the technology preferences of 300+ hedge funds and alternative investment firms. Since a picture is worth a thousand words (or about 4,000 in the case of our report), we decided to publish this handy little infographic on our findings.

For you lovers of words, you can download the complete report here.

Hedge Fund Tech Infographic.

<![CDATA[SAS 70, SSAE 16 & SOC: Understanding Audit Terminology]]>, 23 Oct 2012 00:00:00 -0400 eci When assessing technology options and evaluating outsourced IT providers, there are a number of questions hedge fund managers should be asking in order to make the best decision for their firms.

As we talk with investment managers – especially those whose firms are considering a move to the cloud – we’re hearing many of these great questions on an increasingly regular basis. One particular area where there tends to be some confusion, however, is the topic of audit standards which govern service organizations and the data centers they manage on behalf of client firms. To help you navigate through the evaluation process, we’ve pulled together a guide to understanding audit terminology and industry standards.

Audit Terminology Defined

You’ve probably heard several different audit-related terms being used to assess service organizations and data center quality. Here are some of the most important terms to be familiar with:

SAS 70
This stands for the Statement on Auditing Standards No. 70, which was developed over 20 years ago by the American Institute of CPAs (AICPA) primarily to report on the financial controls of service organizations. It was later adapted (inconsistently – more on that later) in an attempt to report on non-financial controls. Clients and end users often request to see the results of a provider’s SAS 70 audit, as this was believed to demonstrate that the provider has undergone a comprehensive examination of its financial controls and related processes.

aicpa service organization control reports logoThe issue with a SAS 70 audit is that it simply verifies that a data center manager has certain controls and processes in place. There’s no benchmark to which providers are held accountable. Therefore, a data center with very robust data protection measures could achieve the same level of audit as one with relatively weak controls in place. The only true way these differences are expressed is within the lengthy SAS 70 audit report which is time consuming to read and complex to decipher.

Last year, the AICPA acknowledged the deficiencies of the SAS 70 standard in its abilities to provide in-depth information on a service organization’s non-financial controls or enable user organizations to effectively compare service providers. As a result, the group elected to replace SAS 70 with new standards which better reflect the quality of these providers.

As of June 15, 2011, SSAE 16 (Statement on Standards for Attestation Engagements No. 16) effectively replaced SAS 70 as the authoritative guidance for reporting on controls at a service organization. According to CPA firm Feeley & Driscoll, this new audit standard better accommodates international businesses, as it is on par with similar global standards such as ISAE 3402. Additionally, a SSAE 16 audit provides much more detailed and accurate information for all stakeholders of service organizations.

According to the updated standards, an audit that is conducted under SSAE 16 results in a SOC 1, or Service Organization Control No. 1 report. This report is focused on the internal financial controls of the service provider. SOC 1 reports are intended for use only by existing data center clients and are not recommended for prospective customers or the general public.

SOC 2 provides much more stringent guidelines than SAS 70 or SSAE 16, and is specifically designed to assess the quality of data centers and service organizations. SOC 2 and SOC 3 combined provide a benchmark against which two data center audits can be compared using the same set of relevant criteria – a major enhancement to previous audit standards.

Specifically, SOC 2 reports focus on the service provider’s non-financial controls which are referred to as Trust Service Principles: Security, Availability, Processing Integrity, Confidentiality and Privacy. An organization is not required to meet all five of these principles in a SOC 2 engagement, but they do provide a more comprehensive evaluation of the provider and its data centers.

SOC 3 is similar to SOC 2 in that it provides a similar level of assurance regarding the five Trust Service Principles. The primary difference is that a SOC 3 report is intended to be released publicly. As such, it contains a less detailed summary opinion provided by the auditor which gives an overview of the effectiveness of the controls that the data center or service organization has deployed.


The transition from SAS 70 to new audit standards is a welcome change for the outsourced technology industry. SOC reports provide data center operators and service organizations with a more comprehensive set of guidelines on which to base their controls and policies. They also benefit clients and end users, as they provide better assurance that providers are meeting high standards when it comes to security, availability, processing integrity, confidentiality and data privacy. Essentially, these new audit standards have raised the bar, leading to what is sure to be a more effective and efficient future for data center technologies.

For more information on data centers and outsourced technology options, be sure to check out these articles and resources, or explore Eze Castle's cloud computing services:

explore eze cloud solutions

Image Credit:

<![CDATA[Public vs. Private Clouds: There's a Time and Place for Each]]>, 18 Oct 2012 00:00:00 -0400 eci It’s no secret that hedge funds and investment firms have been divided over the use of public and private clouds for some time. We’ve discussed it in depth here on the Hedge IT Blog, explaining the differences between the two and why most funds are choosing to go with a private cloud solution.

A case can be made, however, that there’s a time and a place for each cloud platform and both offer their own advantages for hedge funds. We’ve taken a look at some of the key areas firms will consider when looking at public and private clouds and identified who we think takes the cake.

Service & Support

Public versus Private cloudInvestment firms demand uptime to ensure operational efficiency and profitability. Public cloud providers, however, do not offer hedge fund-specific IT support and rather have limited customer service representatives troubleshooting the most basic of email and desktop support issues. In the event of a crisis situation or an outage, hundreds of thousands of users will be trying to reach a limited number of support personnel, creating additional problems and highlighting a severe lack of customer support. As we’ve seen in recent years, many public cloud providers (such as Google and Amazon) have had outages last hours or even days at a time – situations that prove costly to any investment firm. With a hedge fund-specific private cloud platform, funds often have access to 24x7x365 engineering support that is tailored to meet the demands of their unique business.

Edge: Private Cloud

Scalability & Application Integration

While a public cloud offering may entice small start-up firms in particular, it is likely these firms will soon outgrow these services and be forced to migrate their data and infrastructure to a larger, more tailored platform. For example, traditional public cloud services do not offer or support vertical-specific application integration; as a firm grows to require a portfolio accounting platform or order management system, they will find that these applications are incompatible with their current cloud offering. On top of that, currently no public cloud providers will support any form of custom application integration or hosting of any hardware dedicated specifically to the fund.

With a private cloud solution, firms can easily grow and scale upwards as well as incorporate financial-specific and custom applications. Hedge fund private clouds are building up their lists of hosted applications (Eze Castle’s cloud currently hosts over 65 applications), allowing firms to reduce hardware costs and scale upwards by adding new users.

Edge: Private Cloud

Testing & Development

One area where the public cloud shines for many is for purposes of testing and development. Traditionally, test and dev environments have required dedicated infrastructures and significant resources, putting pressure on firms to invest in additional costly hardware. Unfortunately, testing environments can also fall by the wayside, deeming these investments wasteful. According to a report from Cognizant in March 2011, “test labs in companies typically sit idle for longer periods of time, consuming capital, power and space. Approximately 50% to 70% of the technology infrastructure earmarked for testing is underutilized.” With the public cloud, firms can easily and cost-effectively set up testing and development environments without the fear of overspending or underutilization.

Edge: Public Cloud

Security & Compliance

From a security perspective, a lot remains unknown. Public cloud security likely varies from provider to provider, but overall, is limited in its scope. Additionally, there is less transparency on the security front, and firms using the public cloud are less likely to be provided with deep knowledge around the infrastructure and security controls maintaining their data and assets.

Larger, public sites such as the Googles and Amazons of the world are inherently more susceptible to viruses, cybersecurity attacks and intrusions. Experienced hackers are much more likely to target a large, public enterprise that has greater potential for a breach – and greater potential for headlines. Private cloud providers are much more likely to employ strict access controls and implement security practices that will prevent and detect intrusions and maintain the safety of firms’ data and infrastructure.

On the compliance front, there are a number of demands placed on hedge funds and investment firms. Currently, the SEC advises funds to retain all internal and external email and instant message communications that are business-related. Many private cloud solutions offer firms message archiving services, which will allow firms to store communications for the designated period of time and recover any necessary communications in the event of an SEC inquiry. Some public clouds, however, are unclear on whether they offer such a service.

Edge: Private Cloud


The low-cost option of public cloud computing platforms is seriously appealing to many firms; who wouldn’t want a service priced at $20-$30 per user? Behind the low cost, however, remain a lot of questions. The amenities and services included with a public cloud platform can be limited (see previous sections above), and therefore, warrant a closer look by investment firms. While cost is and should be a significant factor in the decision-making process, it should not be the only factor and should be weighed in accordance with other considerations, many of which we’ve highlighted in this article.

Edge: There’s no real winner here. The reality is you get what you pay for regardless of which option you choose.

To dig a little deeper into public vs. private clouds, check out our other Hedge IT articles:

Visit the Cloud Computing Knowledge Center

<![CDATA[Safeguards for Trade Malfunctions: As Much About People as Technology]]>, 16 Oct 2012 00:00:00 -0400 eci On Tuesday, October 2, the SEC held a roundtable discussion in Washington D.C. focused on technology use within the investment management sector. The following article from our guest blogger, Deborah Prutzman of the Regulatory Fundamentals Group, offers some highlights and insights from that meeting.

The 2010 Flash Crash, the securities and exchange commission logoKnight Capital incident, the Facebook IPO and the BATS IPO were all rooted in technological failures. An SEC roundtable held on October 2, 2012 at the SEC headquarters in Washington discussed ways to prevent future incidents like these from occurring again.

The roundtable gave a “thumbs up” to the adoption of a “kill switch” and focused on a number of best practices that are likely to find their way into managers’ procedures and investors’ due diligence questionnaires. Perhaps the most important takeaway, however, is that the role of the technology team, and that of the CTO, will continue to grow in importance.

A related development—that indicates safeguards for trade malfunctions are as much about people as technology—was the emphasis placed on enterprise-wide training and communication. Panelists noted that the Knight Capital incident was actually the result of two problems—a technology malfunction and the failure to respond effectively to that malfunction. Any system that notifies a firm of a trading error, or even halts trading, will only be effective if the firm has a process in place to implement once the issue has been identified.

Those attending the SEC program discussed the need to have two well-coordinated crisis management teams:

  1. One composed of IT experts to address the technical issues; and

  2. Another made up of senior management (that includes compliance) to guide the overall process and address internal and external communications, including contact with regulators and investors.

In addition, participants discussed how clarity about underlying business processes and related documentation set the stage for more effective and efficient system design, the creation of targeted testing protocols and highly effective crisis planning and management. The topic of kill switches received extensive attention. Many participants expressed skepticism about a fully automated kill switch mechanism that takes too much control away from a trading firm and various exchanges.

Roundtable participants concurred that this objection can be mitigated by setting warning thresholds prior to triggering a kill switch in order to give market participants the opportunity to have human consultation and intervention before an automated kill switch would be activated.

Key Meeting Theme

Technology is great, and robust technological solutions are needed for trading systems. But in the end, an experienced and trained staff is both the first and the last line of defense.

hedge fund regulations knowledge centerIf you are interested in learning more about the SEC Roundtable on Technology and Trading, please send a request to:

Also, for more information on regulations affecting the investment management industry, check out the Hedge Fund Regulations Knowledge Center and don't miss these recent Hedge IT articles:

<![CDATA[iPhone 5: New Features Review]]>, 04 Oct 2012 00:00:00 -0400 eci The new iPhone 5 – what do you think?

Anyone who has picked up a newspaper or read the Internet over the past two weeks since the iPhone 5's much anticipated release knows it has issues. The black model scuffs too much. Pictures look too purple. The Maps app is horrible. Everyone seems to have an issue with at least some new feature of the iPhone 5.

But in my observations, there is one thing that stands out among all those articles and negative reviews - everyone has an iPhone 5, and nobody can stop talking about it. And that's rightfully so!

The iPhone 5 comes preloaded with all the new features of the latest iOS, and it rocks. Below I've highlighted a few that you may find most intriguing. I know I've left a lot out (a review of 200 features would keep you here all weekend!), but I’ve tried to highlight some of the most significant changes.

line at the apple store in new york cityMail

The mail app is just as simple as before and just as reliable. It’s quicker than previous versions simply because the entire device is quicker, but now Mail has a few cool features to make email that much better. First up, VIP. This allows for a list of people of your choosing whose emails always get filtered to a special folder so you never miss one. The best part is, it works. The worst part? I have no excuse for missing one of my boss's emails.

There's also now a whole "right-click" menu. You can click on a word and highlight it to bold/underline/italicize and even define. You can also easily insert pictures and videos. It seems like a basic feature, and it is, but the new method for doing so makes it simple and quicker and thus makes me more efficient!

My favorite feature is the ability to create separate signatures for each email account. Now my friends can see my personal quote, and my clients can see my professional company signature. It sounds silly, but it definitely makes quite the difference.


It took Apple a little while, but since Google released the Chrome app for iOS, Safari has been truly lacking. With iOS 6, they seem to be running neck and neck. Safari's reading list feature from iOS 5 - the feature that allowed you to bookmark webpages - now allows for entire webpages to be cached for viewing later. For those that take the subway, use this! You can open our Hedge IT blog, cache it, and read it on the subway every day!

iCloud Tabs is a really cool feature, too. This is a feature similar to what Google does for Chrome. It essentially allows you to see what tabs you have open in Safari on your other devices and sync them via the iCloud. Beautiful. Start reading at your desk and continue reading on your iPhone when you get on the train. This makes life simpler - something Apple seems to be very good at.


The personal assistant you can talk to is still in beta, but she can do a lot more. Apple kept her personality (which I actually enjoy) and gave her access to a multitude of new databases. She can answer questions now spanning from sports scores for your favorite team to movie times at your local theater. And my favorite new task - Siri can make reservations for dinner, so I don't get caught off guard and yelled at for forgetting. Overall, she’s simple, elegant and even more useful.


Ironically, most people forget that the real purpose of the iPhone is to make and receive calls. It’s something we all do but never pay attention to. It’s also something Apple seems to have neglected and hardly updated over the past few years. Until now. Here’s a look at a few new features:

  • First up, users now have the ability to ignore a call and auto-reply with a text. This is a great feature. With just two clicks, I can ignore a call and let the caller know I’ll call back later. Brilliant!

  • Call reminders are another cool way to deny incoming calls. Click the button, and the phone will remind you later, at a more convenient time, that your mom called so you don't forget and make her angry by not calling back.

  • You can also put your phone in “do not disturb mode” at night so it doesn't wake you. Simple. Smart. But there's more, of course. What if you want the ability to answer important calls only? Set certain contacts to bypass this feature. What if work calls me? Do I want my boss to wake me up? I can tell my phone that if it's important and he calls me twice, my phone should ring the second time. That's spectacular.


Like I said, there are over 200 new iPhone 5 features, and I know I haven't begun to scratch the service. From more Facebook integration for the addicts like myself to the new camera features, there are plenty more for you to love. So ignore the bad press and remember: nothing’s perfect. With millions of owners, you need to expect a few unhappy ones out there.

contact an eze castle representative

*Image credit: Bloomberg Tech Blog

<![CDATA[Hedge Fund Cybersecurity: Preparing Your Firm For an Intrusion]]>, 02 Oct 2012 00:00:00 -0400 eci We hosted a webinar on hedge fund security and the internal and external threats firms should be aware of. Following is a short recap of the material presented by Eldon Sprickerhoff of eSentire – a leader in the managed security services space.

For hedge funds and their investors, the reality of cybersecurity threats is a serious one and one that must be proactively and consistently monitored. Investors today expect firms to take steps to thwart potential security threats, which means using vulnerability assessments and penetration tests to identify possible risks.

The truth is that most successful cybersecurity attacks in today’s environment occur via three different methods: malware via email, malware via download and transfer via USB. In most cases, an employee will download an unsuspecting virus or open an unsuspecting email, triggering a malware attack that could open the door for further intrusion. Alternatively, a trend becoming more common is the threat of employees transferring information onto USB drives (whether knowingly or unknowingly), resulting in an internal security breach.Lockheed Martin's Cyber Kill Chain

Externally – and regardless of the intrusion method – attacks typically follow a similar path from start to finish. Global security firm Lockheed Martin has identified steps to what they call the “cyber kill chain.”

  1. Reconnaissance: Collecting information and learning about the internal structure of the host organization

  2. Weaponization: How the attacker packages the threat for delivery

  3. Delivery: The actual delivery of the threat (via email, web, USB, etc.)

  4. Exploitation: Once the host is compromised, the attacker can take advantage and conduct further attacks

  5. Installation: Installing the actual malware, for example

  6. Command & Control: Setting up controls so the attacker can have future access to the host’s network

  7. Actions or Objections: The attacker meets his/her goal (e.g. stealing information, gaining elevated privileges or damaging the host completely)

While the steps may seem well thought-out and can be easily executed by an attacker, the benefit to understanding the cyber kill chain is that it gives the host a chance to counteract. The sooner into the cyber kill chain the host can identify the threat, the better chance it has of thwarting it.

And there are several options for thwarting attacks, depending on the stage in which the attack is identified. Mitigation activities on the host’s part can include: detection, denial, disruption, degradation, deception and destruction. Creating a course of action based on various scenarios and a firm’s current abilities to thwart attacks can gauge effectiveness against such intrusions and provide areas for improvement in a firm’s defense strategy.

As part of an overall strategy, firms should also look to implement the following simple best practices to help prevent costly attacks:

  • Enforce strong passwords and (at least) two-factor authentication

  • Remove local admin privileges when possible

  • Keep patches up-to-date for Microsoft, Adobe, Java Runtime and browsers (the most common threats originate here)

  • Restrict executable downloads and installations

Watch below for a full replay of the webinar: Turning Hedge Fund Security Inside-Out!

Be sure to come back to Hedge IT on Thursday for Part 2 of our webinar recap featuring an overview of essential policies and procedures to support technology and operations management as well as a look at mobile device management!

Visit our Knowledge Center: Hedge Fund Security

Photo Credit: eSentire

<![CDATA[iPhone 5 and iOS 6: First Impressions]]>, 25 Sep 2012 00:00:00 -0400 eci Five a.m. on September 21, 2012. Do you remember where you were? (C’mon, it was only last week!)

For millions around the world, they were eagerly anticipating the new iPhone 5. Be it in line outside a store (like yours truly) or at their doorstep waiting for the UPS/FedEx drop-off (like those who plan ahead), over 2 million people anxiously waited for the next iPhone to hit the streets. And they didn't just do it because the Kool-Aid tastes good.iPhone 5

The iPhone 5 is bigger and faster. The screen is bigger, yet the entire phone weighs less - big perk. And its tech specs, for my fellow geeks out there, are faster across the board. Everything from the processor to memory to cellular connection is a step up. Pretty much the same phone we've all come to love but faster. No down side there!

But specs alone aren't enough to impress people, and that's where the Apple Operating System, iOS, comes in to play. Every year Apple releases a new iOS with 200+ new features. This go-around is no different. From the little things (like new emoticons or a new share menu) to the big things (a revamped Mail app and better Facebook integration), Apple has kept the feel and made it better in iOS 6.

As has become custom with each new iOS announcement, Apple is getting a lot of backlash. With all the lawsuits going on and fighting between companies, Apple has been cutting ties with a lot of partners. Because of this, Apple has removed both the original YouTube and Maps apps from iOS 6 and the new iPhone 5. Many users are unhappy with the changes. Apple has developed its own Maps app for the new iOS, but according to many, it is subpar to Google’s. There is no replacement for the YouTube app, but Google has released one which users can download. Change is good, but too much appears to be a bad thing.

So what’s the verdict? I haven't had enough time to play around just yet, but I look forward to updating you soon after I review these new features and apps. Stay tuned for future posts to hear more about the good, the bad and the iMazing.

Contact an Eze Castle representative

Photo Source: PC Mag

<![CDATA[What's Hot: Social Media Compliance and Archiving for Investment Advisers]]>, 20 Sep 2012 00:00:00 -0400 eci When it comes to compliance, hedge funds and investment management firms have a lot to think about. Dodd-Frank, registration, Form PF, oh my! And these days they can add one more thing to their plates: social media.

Social media, in the mainstream, may be a tool for chatting, researching or staying up-to-date on current events. But for investment firms, social media can be a great marketing opportunity and a way to spread their message. It must also be closely monitored, though, particularly as regulators seek to address its prevalence with archiving requirements.

A History of Social Media in the Financial World

Earlier this year, Goldman Sachs – one of the largest investment banks in the world – joined Twitter. It was a remarkable day, and with 132 characters (barely within the 140-character limit!), Goldman announced that it would be posting updates in the future about its work and its employees. You’re probably thinking “why so remarkable?” The reality is that the financial services industry has traditionally steered clear of social media, worried that it would only pose problems and concerned about bodies such as the SEC reacting in an unfavorable way.

Social Media ComplianceIn 2011, MHP Communications surveyed 77 hedge fund managers about their social media activity and found that only 1 percent of firms were actively on Twitter and none were active on Facebook. According to MHP, “the findings did not surprise us. Historically, hedge fund managers have deliberately kept a low profile and managed their reputations accordingly. They are also concerned about the regulatory implications of social media. As such, adoption of social media is extremely low.”

The Legal Requirements

We all know that emails and instant messages are required by the SEC to be archived for five to seven years. But where do they stand on social media content? According to SEC Rule 17a-4(b), registered investment advisers and broker-dealers should archive all business communications on social media for at least three years. With discovery audits on the rise, firms should ensure these communications can be easily searched and recovered in the event of an SEC inquiry.

Despite the requirements, social media is still a hot topic among registered investment advisers. According to the seventh annual Investment Management Compliance Testing Survey, released earlier this year, social media was the “hottest” compliance topic for firms, with 80 percent of RIAs stating they have adopted formal social media policies (up from 64 percent in 2011 and 43% in 2010). However, 54 percent of firms reported that their firms have prohibited the use of social media – another indication that full-scale adoption and acceptance has not yet arrived.

What’s Next for Social Media Compliance?

As investment firms continue to introduce social media into their business strategies, they must also develop written social media policies to ensure proper procedures are outlined for employees relative to acceptable and unacceptable use of social media. This will be a firm’s best defense for managing an effective social media campaign. Firms will also continue to implement social media archiving tools – such as those from Global Relay, Smarsh and Hootsuite – to comply with SEC regulations, particularly as the SEC begins to administer discovery audits. The reality is that social media sites such as Twitter, Facebook and LinkedIn have become mainstream avenues for business communication (even in financial services), and therefore, firms must work diligently and carefully to ensure they put their best foot forward whether it be via status update or tweet.

Learn more about social media and compliance:

Contact an Eze Castle representative

Photo Credit: Global Relay

<![CDATA[Big Data and Storage: What's the Breaking Point?]]>, 13 Sep 2012 00:00:00 -0400 eci Last week we explored what big data is and what its implications are on the hedge fund industry. Diving a little deeper, today we are looking at the storage considerations for the endlessly growing amounts of data with which companies must cope.

We create 2.5 quintillion(!) bytes of data every day, so not surprisingly, big data is breaking today’s storage infrastructure barriers and creating new challenges for companies. NetApp has pinpointed three areas where storage is faltering – complexity, speed and volume.

  • Complexity. Data is no longer just about text and numbers; it's about real-time events and shared infrastructure. The information is now linked; it is high fidelity, and it consists of multiple data types. Applying normal algorithms for search, storage, and categorization is becoming much more complex and inefficient.

  • Speed. How fast is the data coming in? High-definition video, streaming media over the Internet to player devices, slow-motion video for surveillance – all of these have very high ingestion rates. Businesses have to keep up with the data flow to make the information useful. They also have to keep up with ingestion rates to drive faster business outcomes – or in the military, to save lives.

  • Volume. All collected data must be stored in a location that is secure and always available. With such high volumes of data, IT teams have to make decisions about what is “too much data.” For example, they might flush all data each week and start all over the following week. But for many applications this is not an option, so more data must be stored for longer periods of time – without increasing the operational complexity. This can cause the infrastructure to quickly break on the axis of volume.

The Solution?

Not surprisingly, NetApp also has a solution to the hurdles big data is creating for companies. Coined the ‘ABCs’ of big data solutions, it focuses on addressing challenges in three key areas – analytics, bandwidth and content.

  • Analytics. Analytics is about gaining insight, taking advantage of the data explosion, and turning data into high-quality information that allows for deeper business insights and better decision-making. In order to do this, companies should look for storage solutions that improve response times for ad-hoc and real-time inquiries as well as deliver overall storage performance increases.

  • Bandwidth. To leverage big data, companies need to obtain better performance for very fast workloads and high-bandwidth financial applications. Large financial database applications process and analyze large amounts of data in real-time. In order to execute these real-time, intense processes, high-bandwidth storage must be available.

  • Content. This focuses on the need to provide boundless, secure, scalable data storage. Content solutions must enable the storage of virtually unlimited amounts of data, so that companies can store as much data as necessary and have the ability to find it when they need it.

<![CDATA[Beyond Financial Services: How Cloud Apps are Evolving]]>, 11 Sep 2012 00:00:00 -0400 eci Cloud computing is without doubt a term most of us have already heard and read about. However, the boom of its characteristics - richer user experience, immediate response to user actions, and offline mode compared to web applications or programs installed in user devices or PCs - makes this platform very convenient and even a necessity.

Recently more software developers have gone beyond using the cloud just for business purposes to create more entertaining experiences, ensuring cloud services rule the personal lives of consumers too.

The Evolution of Consumption

In our daily business and leisure activities we utilize multiple devices to consume and produce data that go from PCs and laptops to smartphones and tablets. The main function of cloud services is to allow us to centralize and sync our content across those devices.

Consumer cloud apps provide functions that go over and above simple storage or sharing, and do not need to be installed on a PC or smartphone. It offers the best of both worlds - applications for both personal and professional use.

The Battle of the Clouds

You’ve probably heard or even currently utilize some of the market’s most popular consumer cloud apps: Apple’s iCloud, Google’s Docs and Calendar applications, Microsoft’s SkyDrive and its Windows Live products, as well as Amazon’s Cloud Drive. A very recognized cloud service for Apple customers is CloudApp, powered by Heroku, which is available to Mac OS and iOS users. This application has built its own ecosystem around it. Users can easily store files and objects within the app and, in exchange, it produces a Uniform Resource Identifier (URI), which is copied to the clipboard for the user to share and have future instant apps

The above listed cloud platforms are generally free or have a very low monthly fee for more features. This is one of many reasons why people are utilizing their convenient features for personal purposes. Nowadays. however, it has become apparent to businesses and individuals who use the cloud that it is not always safe to share information without ensuring certain security standards are in place.

A recent incident happened to reporter Mat Honan whose entire digital presence was hacked via a loophole in AppleCare. He probably thought that no one would want to access his family pictures or music library, but hackers are usually looking for weak spots that lead to sensitive personal information. Therefore, it’s important that users do their due diligence around security best practices and ensure they are careful in what personal information they store via cloud applications.

Optimizing Cooperation

Other popular consumer cloud apps include those that serve as “collaboration platforms”. Their main purpose is enabling the sharing and exchange of documents among groups of people. These include Beanstalk, Dropbox, Evernote, and GitHub.

For personal work and organization many users have tried Evernote (mostly preferred by students), which collects clips of data from various sites you're reading or the applications you're using and gathers them into categories that can be synced in the cloud and accessed from multiple devices.

The Salesforce app includes the level and ease of functionality for file sharing and collaboration that enterprises may have already attached to Outlook by way of add-ons, but which aren't available for everyday Outlook users.

Another example, Joukuu, is a storage maintenance service with a based console that displays the contents of files stored to Google Docs,, and Dropbox. When you work with many colleagues on a project, and they all subscribe to different services, Joukuu is a true timesaver. And the drag-and-drop functionality of its outside-the-browser app saves you as many as one thousand clicks per day.

Optimizing Organization

Among the most loved cloud applications by music fans is Spotify which offers access via free or paid subscriptions to its music library. This application’s success has developed into a premium mobile service as well as a radio desktop app.

Another favorite is, a streaming service that works two ways: by enabling users to store the music they own in the cloud (at the cost of $3.99 for 11 GB) and also play that music from any device using the service's own media player. And let’s not forget services like and Pandora, which for many users, are more convenient than music ownership and more interesting than traditional radio.

It’s clear that businesses and personal users alike have many reasons to use the cloud. Not only are cloud consumer apps fun and user-friendly, but they also optimize our daily activities to make life just a little bit easier.

Our Eze Private Cloud may not offer music services, but it is definitely the go-to destination for hedge funds and investment firms looking to reduce costs and benefit from a fully functioning managed service. To learn more about the Eze Private Cloud, click here.

contact an Eze Castke Representative

Photo Source: Michael Walter

<![CDATA[What is Big Data? And What Does it Mean to Hedge Funds?]]>, 06 Sep 2012 00:00:00 -0400 eci The phrase ‘Big Data’ is the rising star of industry buzzwords, but what exactly does it mean? In this article we’ll aim to define big data and potentially more importantly, discuss the implications of big data on the hedge fund market.

Wikipedia defines big data as a “collection of data sets so large and complex that it becomes awkward to work with using on-hand database management tools.” As a result, the top software companies (i.e Oracle, Microsoft, HP) as well as financial application vendors are investing heavily in building systems to help companies harness the power of big data.

And big data just keeps getting bigger. According to IBM, each day we create 2.5 quintillion bytes of data from everyday activities including social media, digital pictures and videos, online transactions, GPS signals and more. Highlighting the explosion of data, it is estimated that 90% of the data in the world today was created in the last two years alone.

What is the Significance of Big Data?

Hello Big Data ImageIf big data can be harnessed, it provides the opportunity to spot trends, find new insights or trading ideas and answer questions that were previously considered outside of reach.

Signaling the importance of big data, the World Economic Forum released a report earlier this year outlining the significant impact big data will have on international development. According to the report, “researchers and policymakers are beginning to realize the potential for channeling these torrents of data into actionable information that can be used to identify needs and provide services for the benefit of low-income populations.”

But harnessing the data is easier said than done. A report last year by the McKinsey Global Institute, the research arm of the consulting firm, projected that to capitalize on big data the United States needs 140,000 to 190,000 more workers with “deep analytical” expertise and 1.5 million more data-literate managers, whether retrained or hired.

Big Data and Wall Street

Quantitative hedge funds and investment strategies are the most obvious application for big data. In a recent article, David Leinweber explains that “many of the ideas from quant investing make sense in [big data] context; histories are huge, and experimentation is easy. There’s an underlying behavioral model, plus, you know your counter-parties. The large volume and variety of data allows use of new “data voracious” statistical and machine learning methods that, in finance, are useful for high-frequency trading, but are worthless on daily or monthly market data.”

Most large Wall Street banks are also looking at better ways to capitalize on large datasets. Bank of America Merrill Lynch, for example, is using Hadoop, which is an open source framework that allows for the distributed processing of large data sets. With Hadoop, Bank of America Merrill Lynch is applying big data strategies to manage petabytes of data for regulatory compliance and advanced analytics.

Bigger and Bigger and Bigger

We can expect both the amount of data as well as the market touting big data solutions to just keep increasing. Just as cloud computing has gone mainstream, so too will big data. The question is how long will it take for the solutions to become viable options for traditional hedge funds.

Photo Credit: Deviantart

<![CDATA[September Preview: Hedge Fund Security Awareness Month!]]>, 04 Sep 2012 00:00:00 -0400 eci We’ve talked about it a lot recently. Security, I mean. We’ve written countless articles (on everything from cloud security to network security) and even put together a fun video busting some common cloud security myths.

But we always have more to share, and that’s why we’ve dubbed September Hedge Fund Security Awareness Month – to bring you more content, reveal more expert advice and generate more education on the importance of keeping your business safe.

Here’s a look at what’s coming up during Security Awareness Month:Security Awareness Month - September 2012

September 13, Live Seminar (New York)
It’s no secret that security and data protection are hot topics for hedge funds and investment firms, but how does your firm know where to start when it comes to protecting your assets? Our panel of experts will examine the ins and outs of security and data protection and provide knowledge to attendees around:

  • The legal ramifications of cloud computing and data protection strategies;

  • Security best practices for maintaining a protected environment; and

  • Disaster recovery and data protection how-tos and technology recommendations.

If you’re a hedge fund in the New York area and would like to register for this event, click here.

September 25, Live Webinar
In addition to proactively preparing for external breaches and security threats, firms must also realize that there’s a chance their businesses are already compromised. “How did we not notice?” you might ask. “And what do we do about it?” Our experts will share their guidance for treating these sensitive situations.

As always, we’ll be recapping these events here on the Hedge IT blog so even if you can’t attend, you won’t miss a thing!

In the meantime, read up on some of our other great security-related content:

Contact an Eze Castle representative

Photo Credit: Eze Castle Integration

<![CDATA[Microsoft Office 2013: What Can You Expect?]]>, 28 Aug 2012 00:00:00 -0400 eci Last month, Microsoft released a preview of its new Office 2013 package to the public so that users could get a feel for the updated versions of Word, PowerPoint, Excel, Outlook and OneNote. As technology lovers and avid tech trendwatchers, we couldn’t help but explore what CEO Steve Ballmer has called the “biggest, most ambitious Office” to date, and share our thoughts with our loyal Hedge IT readers.

What's changed?

microsoft office 2013

You are likely very familiar with earlier versions of the Microsoft Office package, so the basics of each program won’t be a major surprise. However, there are some changes and new features that are being incorporated into this new release.

  • Embracing the mobile and tablet computing trend: Office 2013 is designed to be touchscreen-friendly in order to create a more seamless computing experience for mobile device and tablet users. Many of the same touch features that Apple users are accustomed to will be applied, including swiping a finger to scroll or turn pages, pinching to zoom and writing with a finger or stylus. The goal here is to ultimately smooth out the user experience by unifying the desktop applications with the Windows Phone 8 smartphones and Microsoft Surface tablets.

  • Incorporating cloud capabilities: In order to capitalize on the unification of these various computing platforms, Office 2013 is cloud-ready, so that users can easily synch their PCs, laptops, smartphones and tablets in order to access documents on any of these devices. This new capability signifies Microsoft’s move into the cloud services arena. Office 2013 will be deeply integrated with the company’s SkyDrive cloud platform, enabling easy collaboration via Skype (a recent Microsoft acquisition). Documents can now be saved to SkyDrive by default, making the collaboration process even smoother.

  • A new user interface: The Office 2013 user interface isn't drastically different from Office 2010, but some minor updates have been made. The “ribbon” toolbar design remains, but the icons inside it are slightly larger and more spread apart to take advantage of large monitors. This design is carried across Word, Excel, PowerPoint and all other applications within the suite. Another minor change to look for is the addition of your name and Microsoft account photo in the upper-right-hand corner of the screen in all Office programs, a reminder that the cloud now permeates the entire package.

  • Going social: While social connectors are not new to the Office programs, they will become a focus area within the new suite. Users can now link their Facebook and LinkedIn accounts just as they can on Windows Phone 8 with feeds streaming in. Microsoft also plans to open up the API for developers so that they can incorporate other social network content in as well.

So far, no official launch date for the full version of Office 2013 has been set. Industry experts believe Microsoft will make it available in time for the launch of Windows 8, which Steve Ballmer has indicated will take place later this year.

Here is a CNET video so you can see Office 2013 in action.

Photo Credit: WorldStart

Stay tuned to the Hedge IT blog for the latest tech industry news and updates!

contact an eze castle integration representative

<![CDATA[Cost vs. Location Considerations: A Look at London Hedge Fund Real Estate]]>, 14 Aug 2012 00:00:00 -0400 eci Last week, we took a closer look at the current state of the New York City hedge fund real estate market. Today, we're crossing the pond to provide some updates on new developments in the UK real estate arena.

London remains Europe's number one destination for hedge funds and private equity managers, with Mayfair and St. James's being the most-preferred neighbourhoods. But have mounting economic pressures and increased interest from overseas for property pushed funds away from these areas? How are these factors affecting the popular "hedge fund alley" section of Curzon Street and Berkeley Square in Mayfair?

As of the last quarter of 2011, 51% of hedge funds and investment management firms based in London's West End area were operating in office space in Mayfair and St. James's. This figure is down significantly from five years ago, when 69% of those shops were located in those same areas, according to property consulting firm Cushman & Wakefield. This shows that London-based hedge funds are increasingly moving away from the traditional core areas, as they have quickly become the city's most expensive office neighbourhoods. In fact, after Hong Kong, rental prices in London's Mayfair and St James’s districts south of Oxford Street and West of Regent Street are now the second highest in the world.

So, where are all the funds moving to?

the shard building londonTo avoid paying exorbitant leases, many investment firms are seeking out the more manageable rental figures per square foot on and around Oxford Street. Additionally, there are a growing number of hedge funds setting up shop in areas such as Victoria and the district immediately north of Oxford Street. Rents for premier properties in these neighbourhoods are currently averaging around £65 per square foot, a stark contrast to the £100+ rates we're seeing in Mayfair and St. James's right now. Iconic buildings such as the Shard at London Bridge or the Heron Tower in the City are also becoming more and more attractive to hedge fund managers. Office space in the Shard is about 30% cheaper than comparable buildings in Mayfair.

Well-established investment firms are in a better position to move away from Mayfair right now, since they have an existing base of investors and other stakeholders that are familiar with them and willing to venture outside of this core real estate area in order to meet with them. That said, there are still many firms who are willing to pay top dollar for this premier location in the heart of London’s most sought after area for the hedge fund industry. Despite these costs, most start-up funds also prefer to be located in or near Mayfair to give them a better opportunity to create awareness amongst time-pressed investors who are unlikely to travel far between meetings, especially for firms with whom they are not yet very familiar.

To learn more about real estate options for hedge funds and alternative investment firms, don't miss these Hedge IT articles:

Photo Credits: Google

<![CDATA[Hedge Fund Real Estate Update: Is Midtown Still the NYC Hot Spot?]]>, 09 Aug 2012 00:00:00 -0400 eci In the land of U.S. commercial real estate for financial services companies, Midtown Manhattan has always been the spot. But as the market has evolved, so too have the needs of hedge funds and investment firms – even when it comes to their office space.

Midtown Manhattan has long held the title of most expensive neighborhood for office rents, and this trend continues into 2012. According to a Q2 2012 report published by Newmark Grubb Knight Frank, the average asking price for office rentals in Midtown is $63.54 per square foot, which is significantly higher than the overall Manhattan average of $51.93.Trendy Office Space for Lease

The rising popularity of areas such as Midtown South (generally found between 30th and Canal Streets) has left the traditional Midtown area with more vacancies than in typical years. Companies, including financial services firms, are often opting for trendier neighborhoods within the city, including Chelsea and SoHo, as well as Midtown South. The latter of these areas is averaging just $40.21 per square foot, nearly on par with costs in downtown Manhattan ($40.20) and significantly less than the prestigious Midtown section.

Companies particularly interested in the Midtown South area are technology and media firms, which has earned the area the nickname “Silicon Alley.” And these technology companies are popping up everywhere around the city. According to brokerage firm Cushman & Wakefield, “technology, media and information firms that gravitate to the area took more Manhattan office space than financial companies this year for the first time.”

One explanation for this trend may be that financial services firms are trying to operate more efficiently with less real estate. While employment has risen in the investment industry (including 25,000 jobs since 2010), office vacancies have stayed stagnant, indicating firms are doing more with less.

And yet there are other firms in New York who don’t rely on commercial real estate at all. Some funds prefer a managed office space through which they can leverage office and business support and technology services. Eze Castle Integration’s hedge fund hotel in Midtown remains a hot spot for hedge funds and investment firms looking to leverage the prestigious Midtown address and the benefits of a managed service, including administrative and office personnel and support, telecommunications and the proximity of a first-class team of certified engineers. To learn more about Eze Castle’s hedge fund hotel or to schedule a tour, please contact us.

Be sure to come back next week when we take a look at the office real estate market in Europe’s most expensive city: London!

Contact an Eze Castle representative

Sources: Crain’s New York, Newmark Grubb Knight Frank, and Bloomberg

Photo Credit: Flickr

<![CDATA[Hedge Fund Tech Compliance Update]]>, 26 Jul 2012 00:00:00 -0400 eci On Tuesday, we began our webinar recap by looking at Form PF requirements and recommendations and other essentials for maintaining an effective compliance program. The second half of our webinar focused on technology compliance, specifically around message archiving, email security and mobile device management. Let’s take a closer look at some of the content that was covered. If video is more your style, you can watch a replay of the webinar here.

Record Retention & Message Archiving

The SEC currently requires investment advisers to retain all internal and external electronic business communications. Rule 204-2 mentions the following specific measures:

  • In order to meet the requirements of the SEC, firms must retain and archive more than just email. Instant messages, Bloomberg and Thomson Reuters messages and other electronic communications are also considered required archival material.

  • Messages typically need to be archived for 5 to 7 years.

  • The regulation is very specific in stating that archived data cannot be modified, for obvious reasons. Common practice is to store your archived data in a WORM (Write Once, Read Many) format.

  • Data should be backed up to a remote off-site location to safeguard against local disaster scenarios.Archiving

  • One important aspect of the regulation stipulates that investment firms must be able to ‘promptly’ respond to an SEC request for information. This means firms must have the ability to efficiently search and index their data to access records in a timely manner.

Email Security

Email security is an often overlooked area of important for hedge funds and investment firms, particularly as most assume that standard security practices are in place with any given solution. And while that may be the case oftentimes, it should not be assumed. Four key features to look for in an email security solution are:

  • Outbound Email Encryption: This encryption ensures that every outbound email message that contains sensitive or confidential information is encrypted. The technology behind this service scans messages for pre-defined filters or compliance rules and will encrypt the appropriate messages before delivering to the recipient.

  • Spam Filtering & Anti-virus Protection: Inbound email messages are inspected for unwanted junk email and viruses. These solutions are often referred to as inbound email protection solutions and are typically standard deployments across an organization.

  • Data Loss Prevention: The goal of DLP is to interrogate outgoing email for confidential information that should not leave the company’s network. Some DLP solutions may leverage similar logic to that of outbound encryption solutions, however the goal is different. Rather than encrypting data to be sent, DLP solutions actually prevent outgoing messages from being sent if they are shown to contain sensitive material.

Mobile Device Management

In addition to protecting and archiving your hedge fund's emails and other electronic messages, you should also take a look at solutions for mobile device management to protect your data. As enterprise data moves to smartphones and tablets and companies continue to support BYOD practices, extra care must be taken to ensure sensitive company information is protected while on mobile devices.

Look for a mobile device management solution with the following:

  • Support of various devices, including Apple, Android and BlackBerry;

  • Ability to restrict and monitor application downloads;

  • Content management, including encryption and password protection for company-sensitive materials; and

  • Analysis of user activity including behavioral patterns.

Here are a few more resources on technology compliance to keep you up-to-speed:

Contact an Eze Castle representative

Photo Credit: iStock

<![CDATA[Hedge Fund Form PF: Getting the compliance basics right]]>, 24 Jul 2012 00:00:00 -0400 eci Is your hedge fund registered with the SEC? Do you manage one or more private funds with assets of at least $150 million?

If you said yes to these questions, then you have some homework to do. Under SEC regulations, your firm is required to file Form PF.

During a recent webinar, we asked ACA Compliance Group to talk us through the requirements and recommendations for filing Form PF as well as some additional compliance program recommendations. Below is a short recap of ACA’s presentation. To listen to the full replay of our event, click here.

Form PF: Requirements & Recommendations

Depending on your firm’s fund type and assets under management (AUM), the deadline for your Form PF filing may be sooner rather than later. Larger funds - including hedge fund managers, liquidity managers and private equity managers - will need to file sooner, while the majority of registered investment advisers won’t need to file until early next year [see chart]. All filers are required to complete Section 1 of Form PF, and additional sections may be required for those larger funds with assets upwards of $1.5 billion. Looking ahead, the large hedge fund and liquidity managers will be required to file their reports quarterly; all others will file on an annual basis.

Form PF Filing DeadlinesThe challenge with Form PF lies in the fact that firms must aggregate a wide array of data to complete the filing properly. So in addition to being able to successfully interpret the form, these investment firms must also work to meet the inherent information technology challenges – particularly for firms required to file Sections 2, 3 and 4.

Preparing a test filing is a great way to properly ready your firm for the time when the deadline approaches. For Section 1 only filers – whose deadline is not until April 2013 – there is plenty of time to test their internal systems and processes and determine the best method for collecting data and completing Form PF. This is going to give your firm the best indication of how prepared it is to meet these SEC demands and how long the process is going to take.

Compliance & Technology Webinar: Listen NowInstead of relying on strictly internal personnel to complete Form PF, you should also reach out to your service providers to determine if they can help you in any way. Many prime brokers and fund administrators are working with their clients to assist them with the filing process.

It’s important to point out that the SEC will likely use Form PF as a first step in visits with registered investment advisers. Submissions will undoubtedly drive the examination process down the road.

Maintaining an Effective Compliance Program

While Form PF encompasses an essential set of requirements for SEC registered investment firms, your firm should also look to maintain an internal compliance program to effectively and efficiently maintain your business and reputation.

Consider reviewing emails sent and received by internal parties for suspicious correspondence with competitors, government agents, or other conflicts of interest. Keep an eye out for emails sent with attachments to personal email accounts and other outbound messages of a suspicious nature.

Document your firm’s email reviews and decide in advance how to respond to findings that appear serious. Hopefully, as words spreads throughout your firm that you’re investigating, changes in appropriate email behavior will take place.

Finally, be mindful of your firm’s requirements from a record retention perspective. Under a variety of regulations, many firms are required to retain and archive email and other electronic communications for up to seven years.

Record retention is an important topic all on its own, so we’re going to take a closer look at message archiving and other technology compliance requirements in Part 2 of our webinar recap coming up on Thursday. Be sure to check it out!

In the meantime, here are some other helpful resources:

Contact an Eze Castle representative

Photo Credits: Eze Castle Integration

<![CDATA[Trends, Hot Topics & the Future of Social Media]]>, 19 Jul 2012 00:00:00 -0400 eci Social networking and blogging dominate Americans’ time online, now accounting for almost 25% of total time spent on the Internet. Additionally, four out of five Internet users visit social networks and blogs, a number that has increased drastically over the past two years. Facebook, YouTube and Twitter all rank among the top 20 most visited US sites, as do the popular blogging platforms BlogSpot and WordPress.

It’s clear from these numbers that social media participation is growing at a rapid pace. So, why is everyone flocking to these sites? Some of the top drivers of social media usage among social networkers include: keeping in touch with friends and family (the strongest driver by a longshot), finding new friends, researching products and services, reading and contributing to product reviews, seeking entertainment and seeking an outlet for creativity. While there are certainly other reasons to participate in social networking, the majority of users cite reasons that fit into these general bucket areas.

Now that we’ve taken a look at some current social media figures and trends, let’s dive into what to expect in the future of the ever-changing world of social networking.

New platforms: Foursquare, Pinterest, Tumblr

  • FourSquare: This is an app which allows users to “check-in” at various locations via a smartphone or tablet. This tool, as with other location-based apps, lets users share their current location with their followers. For example, if I were to check-in here at the Eze Castle Boston office, I could share that with my Twitter followers and Facebook friends. If a coworker and I check-in here together we can share this experience with both of our sets of followers. This is where FourSquare and similar apps are gaining popularity – the social aspect of visiting a new or interesting place with friends and being able to share that information instantly with one’s online community.

    Another aspect of location-based services that is rapidly gaining popularity is the ability to discover nearby locations via your smartphone’s GPS system. What is perhaps even more valuable is the incorporation of personalized recommendations which are made based off of a user’s recent check-ins and preferences, as well as those of his or her followers.

  • Pinterest: This site is best described as an online pinboard, where users can “pin” content from any Internet site onto boards which they create, title and categorize themselves. Users pin everything from recipes and quotes to personal photos and art. Upon signing into his or her account, a user can view everything that has recently been pinned by everyone he or she follows. Additionally, users can “re-pin” content they find interesting onto their own boards, which are then likewise shared with their followers. Pinterest is currently one of the fastest-growing online social networks. Earlier this year, it crossed the 10 million unique monthly visitors mark and is now the third most visited social networking site behind Facebook and Twitter.

  • Tumblr: This is a social networking site on which users can create a page to share just about any form of content that is available on the Internet. Tumblrs share everything from text and photos to videos and links with their followers in a format that is often described as a cross between Twitter and a blog. While posts are not limited in terms of characters like tweets are, Tumblr posts tend to be brief and include a combination of different types of media. When a user signs on, he or she can view posts from all followers in a feed that looks similar to a Twitter stream. Tumblr is more customizable than traditional blog platforms, which is a major factor contributing to its popularity. The site has nearly tripled its unique visitors in the US over the course of the past year. It currently gets about 16.5 million page views per month and is the eighth largest site in the US social networks and blogging arena.

What’s next in the world of social media?

So, we’ve taken you through the current state of social media, as well as a look at some hot topics and trends we see unfolding as we speak. Let’s now discuss what’s coming next in the ever-changing world of social networking.

  • Social media becomes mass media. A few years ago, experts questioned the relevancy of blogging and social platforms. They were often considered too informal to be taken seriously. Now the importance of these sites has become evident, and their relevance is only gaining momentum. More and more people are turning to blogs, Facebook newsfeeds, and Twitter streams as their primary sources for news and other content. However, as social networking transitions to mainstream media, it’s becoming increasingly important to recognize what is quality content and what is not. For businesses, this means using social media as a means of engaging in conversations, as opposed to pushing products through a megaphone. For individuals, this means seeking out quality sources of information and not believing everything you read online.

  • Mobile gains traction. Today, more than half of Facebook's 900 million users access the site through mobile devices. Globally, mobile Internet users are set to overtake desktop users by 2015. But despite this growth, social media on mobile devices remains in its early stages. Just migrating desktop features onto phones and tablets isn’t enough. What's coming is improved location-awareness, better video and audio, and integration with third-party apps. Look for these improvements in the near future as mobile social networking begins to take off.

  • Social media embraces the open platform format. Why has Facebook seen so much continued success, while Google+ has struggled to compete for our time? The answer lies in the way Facebook has been established as an open platform, in which outside vendors can contribute to the user’s online experience. Third-party apps, such as the popular Zynga games, enhance a Facebooker’s experience, causing them to remain on the site longer and feel a greater sense of engagement. Similarly, companies such as TweetDeck and HootSuite have benefitted from Twitter’s open layout. Sites that are closed to outside vendors do not have this added layer of entertainment, and therefore lose the interest of their users much more quickly.

  • Crowdsourcing takes over. Crowdsourcing refers to outsourcing the creation of content and ideas to groups of people, instead of tackling these tasks in-house. The most well-known example of this is Wikipedia, which is an encyclopedia developed entirely by contributions from the online masses. Since people tend to trust their friends and other people they know more than corporations, everything from how to bake a cake to which store to shop at for a new pair of jeans will be determined through crowdsourcing. Sites such as Pinterest, Tumblr, Wikipedia and virtual message boards are leading the way in this arena.

  • The personalization vs. privacy debate heats up. Online retailers and social media sites are constantly collecting information about us. They log our likes and dislikes, our interests and the interests of the people with whom we interact online. Soon, users will no longer need to search for information, as the majority of information we seek will find us based on the virtual profiles that are being created as we speak. The negative side of this is the potential invasion of privacy which is already becoming an issue. Not only have government regulators begun to increase scrutiny, but users themselves are becoming more sensitive to how their personal information is being shared. With Facebook going public and shareholders demanding results, the pressure to mine user information will only continue grow. Walking this fine line between personalization and individual privacy is going to be an interesting trend to follow going forward.

For more information on the world of social media, don't miss these Hedge IT articles:

<![CDATA[Hedge Fund Primer: Securities Class Action Settlement Recovery]]>, 17 Jul 2012 00:00:00 -0400 eci Battea LogoInvestor protection and fiduciary responsibility are fundamental principles to the successful operation of the US securities markets. Securities class action lawsuits are a last resort by shareholders and institutional investors to remedy breaches of these principles. For hedge funds, gaining an understanding of the legal process, trends and key concepts of these legal actions is relevant considering the size and scope of these settlements.

Securities Class Action Litigation Process

The securities class action litigation process is complex and lengthy. A multitude of stages and legal procedures can require three to seven years until a single award is distributed. Very few cases actually go to trial due to juries having a history of awarding overly generous settlements to plaintiffs. Consequently, for cases that are not dismissed, the plaintiff and defense typically negotiate a settlement which is then approved by the court. A Plan of Allocation is published which specifies how damages will be calculated and who is eligible to receive a prorated portion of the settlement. A claims administrator is hired to validate claims and disburse settlement awards to the eligible claimants.

Recognized Loss, Proration and Complex Filing Considerations

The Plan of Allocation in a settlement details what is called a Recognized Loss. This is NOT a loss in the real world; the Recognized Loss is the amount calculated by applying the rules of a settlement to determine what a claim is worth. It rarely corresponds to an out-of-pocket loss, and frequently exists despite real-world profits. The recognized loss figure is important because claimants need to be able to confirm the loss number that represents their portion of the settlement fund with the Claims Administrator prior to distribution to ensure settlement awards are accurate. Accurately calculating recognized loss and fund proration is complex as there are many considerations that come into play including: accounts versus subaccounts, netted versus transactional summing, market loss treatment, FIFO versus LIFO, overlapping rules, derivatives, splits, options, IPOs, merger activity and commissions, among others.

Perception versus Reality: the Value of Claims

In order for an investor to recover his/her share of the settlement, a claim must be filed with the appointed claims administrator. Many investors receive class action settlement notices at home and, more likely than not, disregard them as a poor investment of their time. Admittedly, as an individual investor, it may not be worth the time, but institutional investors may be eligible for significant awards and have a fiduciary responsibility to file for their customers. Despite the potential windfall from such settlements and the fiduciary obligation to file, the process of actually recovering awards can be a complex and confounding task. Whether done in-house or by a third-party filing vendor, each institutional investor must evaluate the most efficient means by which they can address their responsibility for filing claims and maximize collection of the awards for which they are eligible.

Outsourcing Class Action Recovery

With securities class action settlements often in the news and an increased scrutiny within the hedge fund marketplace, more hedge fund firms are taking action and attempting to manage the settlement recovery process in-house. Most hedge funds operate with very lean staffing and the task of claims recovery is one of many piled on the Chief Operating Officer or General Counsel. Battea employs a team of 25 professionals to track and manage all securities class action litigation activity for over 300 financial institutions around the globe.

One Battea client was filing claims in-house and, due to resourcing, the firm chose to file claims in well publicized cases where they knew they held a position. They had received some settlement monies, but after talking to Battea, were convinced that they were missing out on settlements by not having a comprehensive securities class action recovery program with mechanisms in place to ensure that no eligible settlement funds are missed. Battea analyzed the firm’s 10+ year trading history and discovered 60 settlements for which they were eligible. Battea filed the claims on their behalf, working closely with claims administrators and in some cases, were even able to recover monies for settlements for which the deadline had already passed. Ultimately, Battea recovered over $6 million for the client.

Fiduciary Responsibility

For firms not filing securities class action claims at all, there is a significant opportunity to not only achieve fiduciary compliance, but to potentially add alpha to their bottom line. One Battea client, a $500 million long short equity hedge fund who had been filing class action settlement claims on their own, had several of their claims rejected by the claims administrators. The fund engaged Battea to analyze their historical trade data and audit their existing filings. Battea identified several issues, determining that their trade data had been formatted incorrectly, rendering their claims inaccurate. After correctly processing the data, Battea identified several missed cases, and after submitting their corrected filings, recovered over $2 million in awards for the client. With a pay-for-performance model, clients only pay for Battea’s recovery services when actual settlement monies are delivered.

Technology & Data Security

Today’s investment advisors have billions of trading transactions, all of which must be processed and compared to the universe of existing securities class action settlements in order to collect all eligible settlement dollars. In addition to significant technological horsepower necessary to process and handle that data, client data is extremely sensitive and must be subject to the highest standards of security.

About Battea – Class Action Services

Battea – Class Action Services, LLC is the leading securities class action settlement recovery firm for institutional investors and counts over 300 institutions among its clients, the majority of which are hedge funds. Through its proprietary technology platform, The Claims Engine®, Battea provides a comprehensive and transparent class action settlement award recovery solution across all asset classes, from calculating recognized loss for every claim through the confirmation, receipt and delivery of settlement payouts. Battea has been recovering funds for clients since 2001.

Photo Credit: Alternative Asset Summit

<![CDATA[Five Simple Security Practices to Keep Your Hedge Fund's Cloud Safe]]>, 10 Jul 2012 00:00:00 -0400 eci Feeling like you don’t have any control over security in the cloud? Think again. The truth is whether you’re managing your IT in-house or working with a third-party cloud services provider, there are a number of steps you can take to ensure your data and information remains safe in a cloud environment.

And I’m not talking about architecting an advanced cloud infrastructure. Here are five simple security practices you can employ to keep your firm’s information protected.Cloud Security Practices

  1. Patch applications such as Adobe PDF viewer, Adobe Flash Player, Microsoft Office and Java. Using the latest versions of these applications – and patching within two days – will help to prevent high-risk vulnerabilities. The same goes for your operating system.

  1. Minimize the number of users with domain or local administrative privileges. Such users should use a separate unprivileged account for email and web browsing.

  1. Employ application white-listing to help prevent malicious software and other unapproved programs from running. Examples are Microsoft Software Restriction Policies or AppLocker.

  1. Use a host-based intrusion detection/prevention system to identify anomalous behavior, such as process injection, keystroke logging, driver loading and call hooking.

  1. Provide user education regarding Internet threats and spear phishing socially engineered emails. Avoid using weak passwords, password re-use, exposing email addresses, and use of unapproved USB devices.

To learn more about cloud security, revisit these Hedge IT articles:

Contact an Eze Castle representative

Photo Credit: Alphabyte]]>
<![CDATA[Happy Fourth of July from Eze Castle Integration!]]>, 03 Jul 2012 00:00:00 -0400 eci On behalf of the entire team here at Eze Castle Integration, we would like to wish all of our readers, clients, partners and friends a very happy and safe Independence Day holiday. Enjoy!

happy fourth of july from eze castle integration
Photo Credit: Istock
<![CDATA[Brand Equity: What Is It and Why Does It Matter?]]>, 21 Jun 2012 00:00:00 -0400 eci Brand Equity. It sounds important. It sounds like you should have it. But what exactly is it? And why does it matter? We recently conducted an internal training to talk about just that, and we thought we’d share some of our insights and tips with our Hedge IT audience!

Eze Castle Integration Website

Brand equity is commonly defined as "a set of assets linked to a brand’s name and symbol that adds to the value provided by a product or service to a firm and/or its customers1." Traditionally, branding elements include a company’s name, logo, images and perceptions.

For example, Eze Castle’s brand can be seen throughout our corporate website (pictured here) in the logo, colors and fonts we use.

So why does brand equity matter? We’ve narrowed it down to 8 key reasons.

  1. Drives buying decisions

  2. Builds customer loyalty

  3. Grows market share

  4. Defends market share

  5. Supports pricing premiums

  6. Creates a halo effect

  7. Helps business expansion

  8. Increases market value

In addition to understanding the importance of your company’s brand, you should also be thinking about your personal brand. Particularly as social networking sites become such important parts of our daily lives, our personal branding becomes even more important.


First impressions are important, in real life and also on social networking sites. Our eyes are naturally drawn to someone’s photo before their posts and ‘about me’ information. But what does your online headshot or profile picture say about you? Best practice here suggests you should be mindful of who you’re connected to on various sites (your Facebook friends likely differ from your LinkedIn connections), and use a photo that best represents the message you want to send to that audience.

Social Content

After someone notices your profile photo, they are going to start taking in the rest of your content. Status updates, photos, personal information, what groups you’re in or pages you like. All of this information is readily accessible to your profile viewers.

Consider your online profiles like marketing pieces. Even if you aren’t trying to sell yourself or look for a new job, you still want to ensure you are giving off the right impression about yourself. Your status updates, tweets, online reviews, LinkedIn recommendations and comments all contribute to your online personal brand. Having a positive online presence can influence how others think of you. But having a negative online presence can also do the same.

Important Tip: Stay in control of your online privacy settings. You have the ability to control who sees what information about you, but you have to actively take steps to ensure your content is protected if you want it to be.

Contact an Eze Castle Representative

1. David Aaker, Managing Brand Equity

<![CDATA[Team iPad or Team Surface? A look at new Apple and Microsoft innovations]]>, 19 Jun 2012 00:00:00 -0400 eci Happenings from the Apple Worldwide Developers Conference (AWDC) were leading the news last week as Apple faithfuls (and investors too) patiently awaited (and speculated) what the world’s innovator had up its sleeve. While no new iPhone was announced, the company didn’t completely disappoint.

Not to be outdone, Microsoft introduced its first tablet this week – the Surface – but more on that later.

Apple WWDC 2012 logo

Here is a snapshot of Apple’s AWDC news:

A Preview of iOS 6: Available this fall for the iPhone, iPad and iPod touch, iOS 6 brings 200+ new features including:

  • A new Maps app with Apple-designed cartography, turn-by-turn navigation and an amazing new Flyover view;

  • New Siri features, including support for more languages, easy access to sports scores, restaurant recommendations and movie listings;

  • Facebook integration for Contacts and Calendar, with the ability to post directly from Notification Center, Siri and Facebook-enabled apps like Photos, Safari and Maps; and

  • Shared Photo Streams via iCloud.

New MacBook Pro with Retina Display: The all-new 15-inch MacBook® Pro features Retina™ display, all flash storage and quad-core processors in a radically thin and light design – it measures a mere 0.71 inches and weighs only 4.46 pounds.

Updates to MacBook Air & Existing MacBook Pro: Not overly exciting but the MacBook Air is now available with the latest Intel Core processors, faster graphics and flash storage that is up to twice as fast as the previous generation. The current generation 13-inch and 15-inch MacBook Pro – not to be confused with the Retina display unit – have also been updated with the latest Intel Core processors and powerful discrete graphics from NVIDIA.

Mountain Lion July Availability: Mountain Lion – not the animal, the ninth release of Apple’s OS X – introduces more than 200 features including the all new Messages app, Notification Center, system-wide Sharing, Facebook integration, Dictation, Power Nap, AirPlay Mirroring, Game Center and the enhanced security of Gatekeeper.

Microsoft Enters the Party

Windows Surface for Hedge Funds

In other tablet-maker news, Microsoft this week revealed its own Windows 8 tablet – the Surface. The impressive new device appears to target the iPad head on, but we are still awaiting more details including the official cost, availability and distribution channels.

What we do know is that the smallest Surface tablet is 9.3 millimeters thick and weighs 1.5 pounds, which is similar to Apple's iPad, at 9.4 millimeters thick and 1.44 pounds. The Surface has a 10.6-inch screen while the iPad's screen is 9.7 inches.

Uniquely, the Surface has a built-in kickstand, full-size USB port and cover that also serves as a touch keyboard, which could potentially win over folks afraid to go completely keyboard-less. Two models of Surface will be available: one running an ARM processor featuring Windows RT, and one with a third-generation Intel Core processor featuring Windows 8 Pro.

You can learn more about the Microsoft Surface here.

All this news leaves one final question -- Are you Team iPad or Team Surface?

Image Credit: Apple, Inc. & Microsoft, Inc.

<![CDATA[Happy Birthday Eze! The Castle turns 17 this month]]>, 14 Jun 2012 00:00:00 -0400 eci Cue the confetti and cake - Eze Castle Integration is turning 17 years old this month!

Just as times and technologies have changed, Eze Castle has continuously evolved over the years. We've certainly come a long way from our founding in 1995, when childhood friends John Cahaly (our current CEO) and Sean McLaughlin pitched their first trading solution to Fleet Investment Advisors - a product they developed in a small apartment above Sean's father's dental practice. Today, we have 12 offices across the US, Europe and Asia with a staff of almost 400 employees supporting over 600 hedge fund and investment firm clients.

Our first 17 years have certainly been an exciting ride! Check out our "History of Eze Castle Integration" timeline and some fun facts about our company below. Also, be sure to stop by our new Wikipedia page, which provides more color on the Eze Castle story.

Fun Facts about Eze Castle

  • The company was named after Eze, a village in the French Riviera.

  • The organization was originally incorporated under the name "Eze Castle Consulting," and was later split into two entities: Eze Castle Software and Eze Castle Integration.

  • Despite personnel changes, reorganization and rapid growth, our headquarters has always remained in Boston, Massachusetts.

  • We were voted one of Crain's Best Places to Work in 2009, 2010 and 2011.

  • We pride ourselves on our commitment to the community. Eze Castle contributes regularly to several nonprofit organizations and matches employee donations to all reputable charities.

history of eze castle integration timeline

contact an eze castle integration representative

<![CDATA[Cloud Adoption in the Investment Industry: Survey Results Part 2]]>, 12 Jun 2012 00:00:00 -0400 eci Last week, we revealed Part 1 of our cloud adoption trends survey results and detailed how hedge funds and investment firms are currently leveraging the cloud, as well as what kinds of cloud deployment models they are using (private clouds take the cake).

Some additional data points we learned as a result of this survey include the driving factors influencing firms’ decisions to use the cloud, potential barriers to cloud adoption and the key evaluation criteria for cloud services providers. Let’s take a closer look at what survey respondents had to say relative to these categories.

Factors Influencing the Decision to Use the Cloud

There are a multitude of factors that alternative investment firms need to take into Factors Influencing Cloud Decisionsconsideration as they evaluate cloud offerings. Survey respondents were asked to rank the importance of several factors related to their cloud decision-making, including cost, flexibility, functionality and speed.

The majority of respondents interestingly noted that all factors provided were either important or extremely important to their organization’s decision to use the cloud now or in the future. Overwhelmingly, 86 percent of respondents ranked the use of the cloud for reducing IT infrastructure investments as important or extremely important.

Increasing the speed of technology deployment was a close second when it comes to factors influencing cloud purchases. 83 percent of respondents ranked it as important or extremely important, and, like cost, only 6 percent consider it an insignificant factor. Particularly for startup firms, the appeal of getting up and running quickly is a great one. Traditional, on-premise infrastructure solutions can take six to 10 weeks to design and implement. Cloud solutions, on the other hand, can take a fraction of that time, with some smaller implementations requiring only days for deployment.

In addition to cost and speed of deployment, another important factor ranked as significant by respondents was the ability to simplify IT management and support. While some alternative investment firms like the ability to control IT in-house and manage the infrastructure from within, the appeal of outsourcing day-to-day functions and support to a third-party cloud provider is a hard one to pass up. Particularly as roles and responsibilities change to increase operational efficiencies, professionals at many firms who were previously responsible for technology are juggling a variety of new tasks.

As firms grapple with increased regulatory requirements and oversight as well as compliance issues and investor demands, they may choose to utilize the cloud as a means to delegate their traditional IT responsibilities and focus on their core competencies. Within this survey, 82 percent of respondents said simplified IT management and support was an important or extremely important factor; 5 percent responded that it was not very or not important at all.

Barriers to Cloud Deployment

While the cloud does hold distinct advantages for alternative investment firms, it should not be a decision that is taken lightly for any firm. Just as significant as the factors influencing the move to the cloud, we also asked respondents to rank the significance of certain barriers or concerns with cloud computing.

As you might expect, respondents ranked concerns about cloud computing security (i.e. risk of unauthorized access, data integrity, etc.) as significant or extremely significant 86 percent of the time.

Second to cloud security, concerns about information governance or meeting regulatory or compliance requirements were also seen as significant or extremely significant barriers to cloud adoption. 71 percent of respondents ranked this factor as significant to them. Regulatory pressures have increased exponentially in recent years, particularly with the introduction of the Dodd-Frank Wall Street Reform and Consumer Protection Act.

Additional “barriers” ranked significant or extremely significant by respondents include:

  • Investors/clients are not receptive to cloud computing (62%)

  • Concern about lack of custom application availability or integration (61%)

  • Fear of outgrowing or overpaying in the cloud (59%)

  • Fear of vendor lock-in (54%)

Evaluating Cloud Services Providers

Finally, we asked respondents to provide guidance on what they use for evaluation criteria of cloud services providers. Cost continues to be a significant factor for nearly all firms currently using or considering using the cloud, as evidenced by 84 percent of firms ranking it as important or extremely important to their cloud provider evaluation process. Only 4 percent of firms ranked this factor as not very or not at all important.

Secondary to cost, alternative investment firms also find value in cloud services providers who have knowledge of and expertise within their specific vertical. Eighty-one percent (81%) of firms reported this as an important or extremely important factor, and just 6 percent ranked it as not very or not at all important.

Evaluating Cloud Services Providers

Other factors ranked as important or extremely important by firms surveyed included experience in establishing security procedures (82%), proven post-sales support and service (82%), the cloud provider’s technology infrastructure (81%), certified application availability (80%), innovative ideas and expertise regarding cloud trends (78%), prior experience with the vendor (74%) and geographic reach and global support (70%).

To download the complete 18-page survey report, Cloud Adoption Trends within the Investment Management Industry, click here.

Download the complete report now

Photo Credits: Eze Castle Integration

<![CDATA[Cloud Adoption Survey Results Revealed: Part 1]]>, 07 Jun 2012 00:00:00 -0400 eci Survey Says: Cloud computing is no passing trend!

If you missed it yesterday, we officially announced the results of our “Cloud Adoption Trends within the Investment Management Industry” survey during a live webinar. You can listen to the webinar recording here.

Our cloud survey set out to investigate how hedge funds and investment management firms are using cloud services today, as well as to provide insight into the factors influencing this trend and also the barriers to adoption. Here’s a look at some of the findings:

Respondent ProfileTotal Assets Managed By Survey Respondents

Our online survey, which was conducted between March and May of 2012, surveyed 125 financial services firms in the United States. Of those 125 firms, 65 percent identified as investment management firms. Additional firm types represented included hedge funds (16%), private equity firms (16%) and fund-of-funds (4%).

The majority of respondent were large firms, with 34 percent reporting they currently manage over $1 billion in assets. Twenty-one percent (21%) of firms are managing assets between $500 and $999 million, and 25 percent between $100 and $499 million. The smallest assets under management (AUM) class represented was firms with less than $100 million in assets – a total of just 15 percent.

Current & Future Use of the Cloud

Of the 125 firms surveyed, 79 percent responded that they were currently using the cloud. When asked how they were currently utilizing cloud services (multiple responses were accepted), 65 percent indicated they were using the cloud for basic business/office functionality. This is a popular trend for investment firms of all kinds, particularly as they get started. Basic office functions that can be leveraged via the cloud include email, file services, storage and mobility functions.

The second most popular use of the cloud for current users was financial application hosting, with 50 percent of firms reporting use of this practice. Financial application hosting in the cloud offers financial firms several advantages to the traditional practice of running and managing an application on an in-house server. With the cloud, firms can leverage the enterprise-grade infrastructure of a third-party provider who is also responsible for the management and monitoring of that application within the cloud environment. Scalability is a factor as well. A hosted platform can provide virtually unlimited computing resources and easy expandability to support a firm’s need to add users or increase resources on-the-fly.

Firms are also using the cloud for complete IT outsourcing (22%) and other infrastructure and application services (35%).

First Cloud Initiative

First Cloud Initiative

As we’ve seen, financial firms are utilizing the cloud in a variety of ways. But what was their first cloud initiative? Similar to how firms are currently using the cloud, the first cloud initiative for 57 percent of firms was basic business and office functionality. Thirty-four percent (34%) of respondents said they first used the cloud to host their key financial applications, and only nine percent (9%) opted for complete IT outsourcing to the cloud on their first try.

Cloud Deployment Models

Cloud Deployment Models for Current Cloud Users

When it comes to cloud deployment models, investment firms continue to rely on a variety of models. The most common choice, however, is a private cloud. While not all private clouds are alike, they are often better suited for hedge funds and investment firms who require a great deal of sophistication, application integration and support.

Of current cloud users, the overwhelming majority (71%) indicated they were using a private cloud solution. Hybrid clouds are the second most popular choice at 37 percent, while public cloud users totaled 33 percent. Additionally, 7 percent of respondents were unsure of their current cloud deployment model.

For those who are not yet using the cloud but are planning to, the responses tended to mirror those of current users. Forty-six percent (46%) of prospective cloud users anticipated using a private cloud solution, while only 23 percent said they would likely use a public cloud. Thirty-one percent (31%) will opt for a hybrid solution when they make the move to the cloud.

Read Part Two of our survey results to learn more about factors influencing cloud decisions, barriers to cloud adoption and top evaluation criteria for cloud services providers. You can also download our full survey report here.

Contact an Eze Castle representative

Photo Credits: Eze Castle Integration

<![CDATA[World IPv6 Launch Day is Here. What Does that Mean?]]>, 05 Jun 2012 00:00:00 -0400 eci It’s alive! It’s alive!World IPv6 Launch Day Badge

Well actually tomorrow, June 6 2012, it (aka IPv6) will officially be alive, but that doesn’t work with our Hedge IT blog calendar so today we look at IPv6.

As a refresher, since the inception of the Internet, we have been using IPv4, which totals about 4.3 billion Internet addresses. But with the increasing number of wireless technologies that support the Internet (smart phones, tablet, etc.), these addresses are depleting.

Enter IPv6. The new IPv6 protocol uses 128-bit addresses and allows for substantially more IP addresses – trillions upon trillions of new addresses. The World IPv6 Launch Day marks a key milestone as companies shift their infrastructures to the new protocol, which will eventually completely replace IPv4.

What Happens on World IPv6 Launch Day?

World IPv6 Launch signifies the largest industry movement towards and deployment of IPv6 in the history of the Internet. The goal of the Launch Day is to motivate organizations to permanently enable IPv6 and begin the transition before IPv4 addresses officially run out.

On June 6, participating ISPs will enable IPv6 so that at least one percent of their residential wireline subscribers visit participating websites via IPv6. Participating home networking equipment makers will enable IPv6 by default on their home router products. And participating companies, such as Eze Castle Integration, will enable IPv6 on their main websites permanently (check!).

Potential Hiccups?

According to the Internet Society, “most Internet users will not be affected. Internet users should enjoy uninterrupted service. In rare cases, users may still experience connectivity issues when visiting participating Websites. As ISPs enable IPv6, and home gateway products support it, users at home with modern operating systems and devices will start using IPv6 automatically. In particular, Windows Vista, Windows 7, and Mac OS X 10.7 support IPv6.”

Bye, Bye IPv4

IPv4 still has some life left in it and won’t be fading into oblivion just yet. World IPv6 Launch Day merely introduces IPv6 in parallel to IPv4. It is worth noting that participating websites (like ours!) will still support IPv4 and provide access.

Got Questions?

Our team is happy to answer your IPv6 questions. Just ask.

<![CDATA[The Queen's Diamond Jubilee: Celebrating 60 Years of Technology]]>, 31 May 2012 00:00:00 -0400 eci As London hangs out the buntings and prepares for street parties to celebrate Queen Elizabeth II's 60 years on the throne with her Diamond Jubilee, we thought it would be fun to look back at how technology has changed over those last 60 years (and admittedly, beyond that!).

When the Queen began her reign back in 1952, the world looked a lot different. Her primary mode of communication with her constituents was the radio during her first few years on the throne. According to a recent article that appeared in the Telegraph, "in 1953, after television cameras were allowed into Westminster Abbey to record the coronation – the popularity of the young queen prompted sales of half a million extra TV sets in the weeks running up to the ceremony."

Through the years, as technology has changed, the Queen's methods of communication and outreach have significantly changed. Today, Her Majesty has her own Facebook and Twitter accounts (not surprisingly, with a team of social media experts making updates on her behalf), and is able to reach a much broader audience and provide information on a near real-time basis.

Let's take a look at exactly how much technology has changed while the Queen has been in the office (and well before then, too!):

Technology Through the Years

A Timeline of Technology Changes

The future of technology is sure to be exciting. What will the next 60 years bring? Only time will tell.

In the meantime, want to hear why our London office loves technology? Watch this video!

Contact an Eze Castle representative

Source: The Telegraph

<![CDATA[Examining the Changing Role of the Hedge Fund CTO]]>, 29 May 2012 00:00:00 -0400 eci Times have changed. There is little doubt that the hedge fund industry has evolved in recent years with the rise of new regulations (e.g. Dodd-Frank) and the emergence of outsourcing and cloud computing, particularly. These changes have affected the way many firms do business on both operational and technology levels.

But what effect do these changes have for the person responsible for technology at a hedge fund or investment firm? As a Chief Technology Officer (or comparable role: Director of IT, Chief Information Officer, etc.), one has historically been responsible for day-to-day IT functions and routine technology refreshes. But as the industry has experienced rapid change over the last several years, so too have the CTOs and their responsibilities. CTOs have to wear many hats

A CTO in today’s world must wear many hats. In addition to needing knowledge on a variety of technical skills such as networking, storage, virtualization, telecommunications and resource management, a CTO must also possess a variety of business and non-technical skills to support the organization. These include:

  • Regulatory Requirements: With the Dodd-Frank Act now in effect, investment management firms have a whole new host of requirements to meet. CTOs have to run daily or intraday reports to satisfy new legal requirements, store and archive emails and other messages, and work with regulators on a regular basis to ensure their firms are complying with all necessary directives.

  • Compliance: In addition to complying with the regulatory requirements above, there are also new internal compliance procedures hedge fund CTOs have to grapple with. Particularly in the post-Madoff era, firms are implementing policies to combat insider trading and other securities risks. Mobile security and BYOD issues are another area for technology directors to focus their attention.

  • Communication Skills: Despite the fact that they are forced to work with inanimate objects all day, technologists must also maintain good communication skills to support their technical operations. The increased focus on transparency and due diligence has led to many CTOs interacting directly with investors on a daily basis, educating them on how technology is supporting and protecting their assets. Working more frequently with investors and regulators means CTOs need to work on their interpersonal communication and ensure they are properly representing their organizations.

  • Security: Okay, so this one is still partially technical, but security has become one of the most important – if not the most important – aspect of a hedge fund’s technical operations. In addition to managing the back end infrastructure, a firm’s technologist may also be responsible for or involved in drafting policies and procedures to support security operations within the firm.

While dealing with increased focus and responsibilities relative to regulations, compliance, and due diligence have added to the plates of hedge fund CTOs, another phenomenon has also contributed to this change in role. The popularity of cloud computing (and outsourcing in general) has prompted many hedge funds and investment firms to reevaluate their technical strategies and reallocate their technical resources.

While some firms have opted to reduce or eliminate their IT staffs and outsource all technology, others have opted to maintain internal technology resources while also utilizing the cloud. It can be done effectively and efficiently, and many larger firms, in particular, find it beneficial to use the cloud and also have internal staff dedicated to other technical projects.

Regardless of the approach, the prevalence of cloud computing in the hedge fund industry is driving technologists to evolve their technical and non-technical skills. The cloud means IT roles shift from hands-on work with hardware and installations to resource management, integration, capacity planning, and technical architecture.

For each firm, the dynamic is different. While many of the traditional roles of the hedge fund CTO are changing, others remain the same. Many firms still maintain that they need an internal resource for troubleshooting and other projects. Others prefer to focus their attention on the newer aspects of “technology” (i.e. compliance, due diligence, etc.) and leave the day-to-day IT functions to an outsourced third party. The role of the hedge fund CTO has certainly changed in recent years, and like the technology these professionals support, it’s safe to say their job functions may be markedly different in the years to come.

Contact an Eze Castle representative

Photo credit: iStock Photo

<![CDATA[Mobile Device Security: Navigating the BYOD Trend]]>, 24 May 2012 00:00:00 -0400 eci InformationWeek recently released the findings from its 2012 Mobile Security Survey which examined the mobile security technology trends and strategies employed at over 300 organizations across North America. Of this group, 86% currently allow their employees to use personally-owned devices for business purposes or are in the process of adopting policies which allow this practice.

With the rapidly growing popularity of this so-called BYOD trend, one might assume that IT departments across the country would be tightening up mobile device security policies to keep pace. Unfortunately, this does not appear to be the case. According to the InformationWeek survey, an alarming number of companies are simply making minor adjustments to their policies as opposed to implementing new ground rules that better reflect the capabilities of the smartphones, tablets and laptops their employees are using.

mobile device security

Why is this such an important issue?

By allowing employees to supply their own devices, an organization inherently loses control over the hardware and how it is used. Governing the fine line between personal and professional use on the same device can be challenging. But without clearly defined policies in place companies are making themselves vulnerable to a number of security risks.

For instance, 48% of respondents in the InformationWeek survey indicated that employees within their organizations had their mobile devices lost or stolen in the past year, with 12% of those cases requiring public disclosure, causing inevitable harm to the business. If proper security measures are not in place, the information contained on that device could become accessible to unauthorized parties and the company's reputation may suffer irreparable damage.

Additionally, there are many security risks involved in using one’s personal device for business purposes that most users may not even be aware of. Many popular smartphone apps, such as Dropbox – a public file-transfer service – could allow sensitive information to be easily intercepted. In a recent interview with MIT’s Technology Review, Jeanette Horan, chief information officer at IBM, shared that many IBM employees who use personal devices in the workplace were found to be automatically forwarding their work email to public webmail services. Others were using their smartphones to create open Wi-Fi hotspots. Both of these (not uncommon) practices make a company’s data extremely vulnerable to hackers.

What can your firm do to protect itself from BYOD security threats?

Today, nearly all employees have personal smartphones, tablets and laptops, and it is becoming more convenient to handle both personal and business tasks on those devices. Whether your firm chooses to adopt a formal BYOD program or not, it is crucial to have clearly defined policies in place to govern what is acceptable, and what measures must be in place before using personal devices in a professional manner. Here are some tips for tightening up your firm’s mobile security:

  • Educate employees about mobile device security, as they may not be aware of the vulnerabilities that exist on their personal devices.

  • Remind users to employ many of the same cautions they would when working on company-owned devices. For example, use discretion when opening email or text message attachments or clicking on links - especially when they are received from an unsolicited sender.

  • Ensure appropriate physical security measures are in place to prevent theft of mobile devices and enable data recovery. Users should lock their devices and use secure passwords. Additionally, firms can install software on the devices such that, if they are lost or stolen, their contents can be erased remotely.

  • Employ encryption tools to ensure all emails and text messages are sent securely and cannot be easily intercepted.

  • Only connect devices to secure Wi-Fi networks.

  • Be careful with downloads. Only download apps from reputable developers. It may be useful to develop a list of unacceptable apps or vendors so that employees understand which ones to avoid.

  • Update devices regularly, or set up automatic updates where applicable.

To learn more, don’t miss our article on “The BYOD Trend: What is it and how could your company be affected?” or contact an Eze Castle Integration representative.

Contact an Eze Castle Integration Representative

Photo Credit: Istock

<![CDATA[Why Hedge Funds are Hosting Applications in the Cloud]]>, 22 May 2012 00:00:00 -0400 eci In last week's article, The Cloud Trifecta: Scalability, Cost and Efficiency, we looked at the top three winning reasons hedge funds are gravitating towards the cloud. In today’s article (again inspired by our Cloud Forum website), we will examine further why firms are outsourcing the IT management of their applications to third-party cloud providers and the questions you should be asking. As validation of this trend, leading application vendors including Advent, ConvergEx, Tradar and Ledgex Systems have introduced efforts to certify third-party hosting providers.

Why Funds Are Moving

Following are some of the key reasons hedge funds are considering using the cloud for application hosting.

  • Enterprise-grade Infrastructure: Cloud provider delivers a resilient and robust infrastructure that includes best practices around N+1 configurations to ensure the application is highly available.

  • Cost-Effectiveness: By hosting an application with a cloud provider, hedge funds can reduce costs and minimize capital expenditure outlays on new equipment. Ongoing maintenance, monitoring and upgrades are all handled by the provider and should be included in the monthly cost.

  • Scalability: A hosted platform can provide virtually unlimited computing resources, a redundant infrastructure and easy expandability to support a firm's needs. In many cases, allocation of CPU, memory, storage resources and Internet bandwidth can be increased on-the-fly.

  • Management: The cloud provider is responsible for monitoring and maintaining the platform to ensure Service Level Agreements are met.

Questioning a Cloud Provider

Asking the right questions is essential to vendor evaluation. Here are some of the must-ask questions when considering moving your application to a cloud provider:

  • Which application vendors have systems operating in the cloud?

  • Does the application vendor confirm their product works in a hosted environment?

  • Are there any issues associated with virtualizing the applications?

  • How is the application deployed? Does the software run native over the Internet, or does it require a delivery mechanism such as Citrix?

  • Are there any limitations with this type of deployment? Are there certain pieces of functionality that will not work if remotely deployed? Are there display limitations?

  • How many clients for the specific application have a hosted implementation?

  • What certification levels does the cloud provider have with these application vendors?

  • Will the application vendor help with a “proof of concept”?

  • Will there be any changes to the level of service if the application is deployed in a hosted environment?

Read the full list of Service Provider Questions HERE.

Check out our Cloud Forum or contact us for further information.

<![CDATA[The Biggest Security Threat to Your Firm Might Be Sitting Next to You]]>, 17 May 2012 00:00:00 -0400 eci Just last week, we talked about network security threats and the best practices your firm can employ to keep information safe. You probably think that your security efforts should be focused on the outside - on external risks. But the reality is that the biggest security threat to your firm could be the person sitting right next to you.

It was mentioned by both eSentire’s Steve McGeown and Eze Castle’s Steve Schoener during our recent webinar that internal threats to security are just as likely to occur when it comes to cybercrime and security breaches.

A recent Wall Street Journal article, IT Protects the Company, Who Protects IT, included statistics from a PricewaterhouseCoopers survey of executives about economic crimes. Several jarring statistics were provided, including:Restrict Computer Privileges