ECI Blog Mon, 30 Nov 2015 06:35:57 -0500 en-US <![CDATA[10 Tech Holiday Travel Tips to Keep You and Your Data Safe]]>, 24 Nov 2015 00:00:00 -0500 eci Traveling with electronic devices puts personal and critical business information at risk. As we embark on the busy holiday travel season, we decided to share some useful tips to help prevent your data and devices from falling into the wrong hands. Here are our top 10:

  1. Back up Your Data Before You Leave: Prior to traveling, back up data that is stored on your device(s) onto media that will not be taken with you on your travels. For example, on a storage card, cloud, or computer, if you are not bringing the latter device on your trip. Furthermore, ensure you do not have social security numbers, passwords, credit card information and other sensitive data stored on your devices. If you do, save this information in a more secure place and remove it from your portable devices.

  2. smartphones tablets mobile devicesTravel Light: If you do not need it, do not bring it on your trip. Only devices that are necessary should accompany you while traveling.

  3. Encrypt All Information: We strongly recommend all portable devices be encrypted. When utilizing public networks, the threat of other users from within or outside your network capturing your login credentials and emails increases drastically. Encrypting your data makes it unreadable and unusable to those lacking the necessary tools to unlock it.

  4. Protect Devices with Anti-Virus Software: We suggest installing anti-virus software and updating it regularly on your personal computers so that your data is safe no matter where you are.

  5. Lock Your Devices: Lock your computer and mobile device when you are not using them. We recommend doing so to prevent unauthorized users from gaining access to your computer’s hard disk and critical business data.Mobile Device Security

  6. Password Protect Your Device(s): Portable devices are extremely popular targets for criminals because they are small and easy to sell. To help mitigate the risk of sensitive data falling into the wrong hands, all devices should be password protected. This applies to laptops, tablets, mobile phones, etc. We recommend using a combination of upper and lowercase letters, numbers and special characters. Additionally, avoid obvious passwords, such as birthdays, anniversaries and pet names. Smartphones should have passcode locks, and if applicable, Touch IDs in place. For iPhones, this can be configured in Settings > General. In the same location, you can also set your device to erase all data after 10 failed passcode attempts. From a business perspective, any device that accesses corporate email or networks should have a complex password and be managed by mobile device management tools.

  7. Remove Saved Passwords on Your Device(s): Although login credentials that are saved for websites may be convenient, it can also leave your personal and confidential business data at risk. We recommend removing this feature from all websites.

  8. Do Not Leave Your Devices Unattended in a Public Place: Leaving your device in plain view increases the risk of your property being stolen. You should always keep your devices in a secure bag, zipped pocket or within close proximity to your body. If your device is stolen or lost, you should report this immediately to help protect sensitive and confidential information. Additionally, corporate devices should have the ability to be remotely wiped to safeguard confidential data or networks from unwarranted access.

  9. Connect to Encrypted Networks: When connecting to networks, ensure they are encrypted and only visit websites with the prefix “https”. You can also contact your service provider to purchase a global data package while traveling internationally. For the highest level of security, utilize virtual private networks (VPNs).

  10. Find My iPhone/iPad/Mac: In the event that your device is lost or stolen, enable Find My iPhone/iPad/Mac to locate your device.

Additional Articles:

  1. Apple to iPhone Users: Here's How to Protect Your Devices

  2. A Hacker's Tool Kit: Cyber Security Threats to Financial Firms

  3. Developing a BYOD Policy for Your Hedge Fund

<![CDATA[Acceptable Use Policy: A Recipe for Success]]>, 19 Nov 2015 00:00:00 -0500 eci Here at Eze Castle Integration we have a pantry full of thoughtful policies that help ensure we keep everything in tip-top shape. In past Hedge IT articles, we’ve shared our recipes for creating security incident policies, BYOD policies and social media policies.

Today, we are going to share our recipe for creating an Acceptable Use Policy, which governs how a company and its employees use computing resources. The SANS Institute, which has policy templates galore, also has an Acceptable Use Policy template that you can find HERE and is the foundation for our award-winning recipe.

First, define the purpose and scope of your policy by answering questions including:

  • Why are the rules in place (i.e. protect firm from virus attacks, compromising of the computing network, etc.)?

  • Who does the policy apply to (i.e. employees, consultants, contractors, etc.)?

Next, select the meat for the actual policy. While every firm’s palate is different, this gives you a taste for the types of ingredients typically included:

General Use and Ownership

  • Users should understand that the data created on the corporate systems is the property of the company, and that the company cannot guarantee the confidentiality of the information stored.

  • Employees must exercise good judgment when it comes to personal use and know that for security purposes, in some cases, authorized company individuals may monitor equipment, data or systems.Acceptable Use Policy - Recipe for Success

  • The company has the right to audit networks and systems on a periodic basis to ensure policy compliance.

Security & Proprietary Information

  • All computers and mobile devices should have password-protected screensavers with an automatic activation feature set to five minutes or less (ideally). Also, users should be trained to lock their computers and mobile devices when leaving them unattended.

  • Passwords should be kept secure, and employees should not share accounts. Additionally system-level passwords should be changed at least quarterly, and user level passwords should be changed every 90 – 120 days (ideally).

  • Employees should take all necessary steps to prevent unauthorized access to confidential information that resides on the company’s Internet/Intranet/Extranet-related systems

  • Employees must use caution when opening email attachments from unknown senders as they may contain viruses.

Unacceptable Use

Define what activities are generally prohibited unless necessary for the job function and what activities are 100% prohibited (i.e. illegal activities). Following is a sample list provided by the SANS Institute:

System and Network Activities
The following activities are strictly prohibited, with no exceptions:

  • Introduction of malicious programs into the network or server

  • Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws

  • Unauthorized copying of copyrighted material

  • Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations

  • Revealing your account password to others or allowing use of your account by others

  • Making fraudulent offers of products, items, or services originating from any company account

  • Effecting security breaches or disruptions of network communication

  • Circumventing user authentication or security of any host, network or account

Email and Communications Activities

  • Sending unsolicited email messages, including the sending of "junk mail"

  • Any form of harassment via email, telephone or texting

  • Unauthorized use, or forging, of email header information

  • Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type

Blogging & Social Media

Define your company’s policy on employees’ participation on social media sites while at work. Be sure to reaffirm that confidential information should never be shared via these outlets.


What disciplinary action will an employee be subject to if they violate this policy?


Be sure to define any terms included in the policy that you think employees may be unclear on – better to cater to the lowest common denominator to help ensure there is no confusion.

There you have it, a wonderful Acceptable Use Policy recipe. If we’ve piqued your appetite, be sure to give our other policies a try:

Bon Appetit!

Photo Credit: Istock]]>
<![CDATA[Think Your Password is Safe and Original? Here's Some Password Best Practices]]>, 12 Nov 2015 00:00:00 -0500 eci Is your password “123456” or just plain old “password”? If so, you’re not alone. When media company-Gawker Media’s million plus user database was compromised by hackers, the passwords of nearly 200,000 users were decoded and made public. Of those exposed, over 3,000 people used the password “123456” and nearly 2,000 were using “password” as their password.

top gawker passwords

Think your name is an original password? Apparently lots of Michelle’s and Jennifer’s did because those made the most common password list as well. Check out the complete list to see if you have a popular password.

This past weekend on the dark web hackers were offering to sell 590,000 Comcast email addresses and associated passwords. Of those, Comcast verified that 200,000 accounts were still active and had the account owners reset their passwords. According to Cnet, hackers didn't breach Comcast's computers to steal the information. Instead, they created their list of passwords with information stolen from [people across the web]." Hackers are skilled at tricking individuals into sharing their passwords. Then, since people often use the same password for multiple sites, the hackers have gold.

Gawker and Comcast being hacked are yet more reminders of the importance of having strong passwords and updating them regularly, especially in the hedge fund and investment management industry. Here are some tips to create safe passwords and keep them safe:

  • First off, passwords are essential but simply having one isn’t enough. Remind users not to leave passwords on sticky notes or under their keyboards. One way to remember a new password is to use it immediately and often.

  • Require complex passwords that incorporate letter, numbers and symbols. Also, don't allow users to reuse the same password within a certain time frame.

  • ​Don’t change a password before leaving on vacation or on a Friday, as you’re more likely to forget it when you return to work.

  • A good password is easy for a user to remember but hard for someone to guess, which may sound easier said than done. Think about substituting letters for numbers and vice versa.

  • Avoid using personal information in your password that may be easy for someone to figure out. Things to avoid include your name, address, date of birth, pet’s name and children’s names.

  • Don’t use the same password for all your accounts – switch it up. For example, you can use the same word but change it up by capitalizing different letters or substituting letters for numbers.

  • Be sure to change your password often. We recommend changing a password every 30- 90 days. Many of our clients already have automated procedures in place to enforce this policy.

Concerned about the strength of your password? Use Microsoft’s online password checker to test the strength of your passwords. Access it here.

For more Security advice, checkout the following articles and watch our quick IT Dos/Donts Video:

contact eze

Source: WSJ, Anonymized set of 188,279 leaked Gawker Media passwords. Current and former Gawker Media sites are highlighted in red.

<![CDATA[Why Start-Up Fund Managers and Private Equity Firms Need a Website]]>, 11 Nov 2015 00:00:00 -0500 eci This post was contributed by Frank Serebrin, president and founder of InCapital Marketing.

If you don’t have a website, you don’t exist.

That’s the takeaway from…well, I can’t cite a study, but it’s my opinion.

Less than a generation ago, few businesses would consider not having their phone number published in the yellow pages. (Remember them?) Today, search engines have replaced phone books as the place most go for research and information. How can your potential new clients search you if you don’t have a website or social media presence?

Yet fifty-five percent of small businesses don't have a website, according to a 2013 survey of more than 3,800 small businesses conducted by Google. That's a slight improvement from the year before, when 58 percent said they didn't have a website.

You may think of yourself as a start-up hedge fund manager, or a Registered Investment Advisor, or a real estate private equity manager. And you’re still also a small business, too, at least as defined by the SBA.

Here are ten reasons why you may not have a site yet, and what you may do to correct the oversight:

1. I Don't Have the Time

Is this you? "I'm too busy trading…I’m on the road making sales calls…my partners and I have full time corporate jobs, too.” With all the demands on your time, a website can help sell your story while you build relationships and multi-task.

2. There’s No Money in the Budget

Is it that you don't have the money, or you haven’t figured out what your marketing budget should be? As a start up, your focus might understandably be on the legal costs of a private placement memorandum, and administrative, accounting, technology, trading, office space, and sales expenses.

How much capital are you looking to raise, and it what period of time? Is it $25 million? $50 million? $250 million or more? And you want to raise that from professional and sophisticated investors without the credibility of a website?

3. Marketing Success Can’t Be Quantified

Investment managers want to know what ROI they can expect from marketing. Costs, pipeline growth, profit, and revenue can all be quantified by keeping track of which site pages, landing pages, blogs, and calls to action prospects came to you through.

4. I’m Waiting For My First Client Capital Infusion

Or are your initial clients waiting to see if you have a website that helps verify who you are?

5. I Think I’m Credible Without a Website

Well, maybe not. A website can establish trustworthiness, honesty, dependability, and build relationships, customer loyalty, and search engine visibility.

6. A Website Can’t Create Leads

Your website and its mobile cousin can indeed be a hub for all incoming leads, and a magnet for potential new investors. Blogs, landing pages, and calls to action can help create leads, too, as prospects search for information. If you have relevant and abundant content on the web, they are more likely to find you than if you have no web provenance.

7. I’m Waiting for My Performance Numbers to Reach the One-Year Mark

Performance can drive sales, of course, but it’s not the only factor investor’s look at. According to a recent story in The Wall Street Journal, a private equity real estate manager came to an initial meeting with an investor prepared to discuss fund performance. During the 60-minute meeting, however, the investor wanted to test the manager’s personality and style: he mostly wanted to talk about what the portfolio manager did on his time off.

8. I Don't Know How to Do Coding, SEO, or Anything Technical

To build a site, investment managers have more pre-built options than just a few years ago. Go Daddy, Google, HubSpot, SquareSpace, Wix and Weebly require no coding or technical skills. You (or your marketing agency) can choose and modify a template, keep or change color schemes, cut and paste text, and drag in images. As for SEO, your agency can help create long-tail and short-tail keywords as part of a robust SEO strategy.

9. Hedge Fund Managers Can’t Advertise, So Why Should I Have a Website?

The JOBS Act permits hedge fund managers to advertise to accredited investors. While the specifics are still a might murky, and caution is required, a professional website, with appropriative legal disclosures and protections, allows you to build your brand and to communicate with targeted potential investors.

10. I Don’t Know How to Provide Investor Access to Data

Your site can include a password-protected link to your fund administrator’s site. A back-end database can give your investors access to benchmark fund performance data or even performance data at the account level.

Want More? Download The Investment Manager's Guide to Website Redesign.
Hedge Fund Guide to Website Design

<![CDATA[Hedge Fund Marketing Essentials: Materials, Strategies and a CRM]]>, 05 Nov 2015 00:00:00 -0500 eci Effective hedge fund marketing strategies and materials allow firms to capitalize on new opportunities and stand-out from the crowd. However, crafting a unique story that reaches and motivates investors is challenging.

Today I moderated a webinar with speakers from Ovis Creative and Ledgex Systems looking at the current marketing landscape, marketing pitchbook best practices and the role of a hedge fund CRM platform.

Below you can watch the whole webinar or download the slides HERE.

To pique your interest, here is expert advice from Ovis Creative’s Creative Director, Lauren Colonna, about hedge fund pitch book best practices:

  • Don’t go overboard on the content. Create a cohesive but succinct story (total of 20 to 30 pages)

  • Focus on key pages with greatest opportunity for impact

  • Avoid overused terms; remember if a concept or phrase sounds generic to you... they are even more so to an investor who has heard the same theme over 1000 times

  • Maintain a consistent style, voice and tone (reflective of your pitch); Employ perfect grammar, succinctness, clarity and a consistent message

  • Use bulleted form rather than full text paragraphs; Consider a call out/side bar to enforce a key takeawayShe also covers what’s in a pitchbook, the role of a website and much more.

Ledgex’s Managing Director, Jaime Bean, discussed the role of a hedge fund CRM and provide these CRM selection criteria.

Hedge Fund CRM Selection Criteria Image

Watch the Hedge Fund Marketing Webinar

More Articles on Hedge Fund Marketing

<![CDATA[Four Scary Signs You'll Outgrow Your IT Service Provider]]>, 29 Oct 2015 00:00:00 -0400 eci To quote our latest Tech Tips video, "when things are good, they’re good. But when things turn bad, it could be downright scary," so here is our latest video that covers four signs you may be outgrowing your IT service provider.

Want More Insights On Switching IT Service Providers? Check out these articles:

  1. Selecting a Technology Service Provider: Why Experience Matters

  2. Trends in Hedge Fund Technology Outsourcing

  3. Finding Your One-Stop Shop: The Benefits of Choosing an All-Inclusive IT Provider

Ready to upgrade your Hedge Fund IT Provider? Contact Eze Castle Integration.

<![CDATA[Disaster Recovery Testing for Hedge Funds: Frequently Asked Questions]]>, 27 Oct 2015 00:00:00 -0400 eci An often overlooked, but critical component of disaster recovery (DR) solutions is testing. In an interview with HFMWeek, Bob Guilbert touched upon the topic of DR testing. In the discussion, Bob noted that “the best approach that funds can take to ensure an effective disaster recovery system is to test them periodically.” Lisa Smith, a Certified Business Continuity Planner here at Eze Castle, also echoes this advice in her conversations regarding inclement weather business continuity planning.disaster recovery testing for hedge funds

If regular testing is a critical component of an effective DR solution, why do many firms fail to do so? In working on the Eze Disaster Recovery team, I have heard a variety of reasons from clients as to why this is the case. The most common reasons include:

  • a lack of time to commit to DR testing;

  • a lack of understanding as to how to go about testing their solutions;

  • and a belief that testing could hinder normal business operations, and is therefore too risky for the firm.

Here at Eze Castle, we strive to educate our clients on different testing methods so that they find an option that best meets their unique business requirements. Current technologies allow IT providers to overcome just about any objection users may have with regards to DR testing.

As we continue to educate our hedge fund and investment firm clients on disaster recovery testing methods and the available options, we have seen a drastic increase in the number of clients that elect to implement regular testing procedures. More and more clients are requiring their full user base to test as well. Additionally, we are hearing from a growing number of hedge fund clients whose investors now require them to test their DR solutions and report on the results from those tests. This trend is putting more pressure on firms to participate in regular testing than ever before.

Following are some FAQs on DR testing, including common questions we hear from our hedge fund clients:

Q: Why should we test our DR system?

A: Testing helps ensure that the DR site meets your current business needs. We often find that firms grow, evolve, and change their production environments as they develop and expand their businesses. In turn, the DR site needs to evolve and change simultaneously in order to continuously meet business requirements. By regularly testing their DR sites, firms can ensure all of these needs are met and they will be fully prepared to continue operations should a disaster occur.

Q: What should we test?

A: Users should verify that they have the functionality needed to work successfully from the DR site during a disaster. At Eze Castle, we typically recommend that users think about their daily workflow when testing to help ensure all critical applications and data are available in the event of an outage. Results should be documented and provided back to your DR provider so that they can assist you with resolving any issues that may have arisen during the course of the test.

Q: How often should we test our DR site?

A: We recommend that testing be done at least twice per year. Typically, DR solution agreements will include regular testing as part of the service package, and we strongly recommend all firms take advantage of this component.

Q: What happens if we do not test?

A: If a firm fails to test its DR systems, they run the risk of the DR site not meeting current business requirements during a disaster. This could mean major outages for the company, resulting in severe business losses. Regular testing helps to capture the ever-changing requirements of a business, so that gaps or issues can be addressed in advance of a disaster.

Q: Will testing our disaster recovery site disrupt our production site (and therefore normal business operations)?

A: Some firms believe that the only way to test DR systems is to do a full failover from production, work solely out of the DR site, and then return back to normal production—a process that can be quite risky. However, the reality is that many disaster recovery solutions (including Eze Castle’s!) can be tested in a manner that avoids any disruption to the production environment. Most firms prefer the “throwaway test” method, in which any changes that are made during testing are overwritten once the services are stopped in DR and replication is resumed. This requires less coordination with user groups, and therefore has minimal impact on the firm’s daily operations.

disaster recovery guide for hedge funds

Editor's Note: This article has been updated and was originally published in March 2011 by Holly Plumley (Eze Castle Integration).

<![CDATA[How to Train Your Hedge Fund Employees on Information Security Awareness]]>, 15 Oct 2015 00:00:00 -0400 eci Today's investment firms are extremely focused on cyber security preparedness, as they should be. With regulators and investors demanding more transparency than ever, it's critical for hedge funds to spend time making their own employees aware of cybersecurity threats and how to mitigate risk. With that, let's discuss a topic that we’re passionate about – education and security awareness. Security Awareness Training

We’ve told you about the types of threats that can harm a business, the steps you should take in the event of a security incident, and the policies you should create to keep your organization safe. But now it’s time to talk about training your employees to understand each of these.

A firm’s security strategy will only work if employees are properly trained on it. Therefore, the importance of providing information security awareness training cannot be understated. The goal of an awareness program is not merely to educate employees on potential security threats and what they can do to prevent them. A larger goal should be to change the culture of your organization to focus on the importance of security and get buy-in from end users to serve as an added layer of defense against security threats.

Once you have buy-in from employees, your focus can turn to ensuring they get the necessary information they need to secure your business. An effective security awareness program should include education on specific threat types, including but not limited to:

  • Malware

  • Trojans

  • Viruses

  • Social engineering

  • Phishing/Spear-phishing

Another important area to address is the importance of password construction and security. Seem minor? It’s not. Believe it or not, password cracking is remarkably easy, particularly for advanced hackers. And this ‘minor’ step that users take every day could make a significant difference in protecting your firm’s sensitive information. Read more about creating safe and original passwords here.Hedge Fund Cybersecurity Whitepaper

Training materials should also review corporate policies and clearly detail consequences for any suspicious or malicious behavior amongst employees. For your convenience, we’ve compiled a variety of information on various security policies, including:

As far as logistics are concerned, the size and scope of your organization will be a key factor in deciding whether you want to design and implement your own security awareness training or leverage the expertise of a third-party company. Be sure to weigh the pros and cons of each.

PRO to using an outside training company? Your firm saves its time and resources by allowing an experienced firm to implement the training. Materials can also be pulled together and implemented much quicker.

CON? It will likely be a standard training program and won’t necessarily be tailored to meet the unique needs of your firm.

Security Awareness IT Dos and Don'ts!

Editor's Note: This article has been updated and was originally published in July 2013.

Photo Credit:

<![CDATA[Your Hedge Fund Disaster Recovery Infrastructure Checklist]]>, 14 Oct 2015 00:00:00 -0400 eci An effective disaster recovery strategy cannot be acheived by checking a box. As you evaluate DR service providers, it is critical to ensure they have taken a variety of possible disaster scenarios into account and are utilizing best-of-breed infrastructure to power DR operations. Below is a quick DR infrastructure checklist to help you along in your planning (or click here to read our complete Essential Tech Guide for Hedge Funds).


  • Ensure your DR provider has redundant network equipment

  • Consider using multiple network providers; Some colocation facilities have over 30 network providers for maximum redundancy


  • There should be multiple sources, ideally sourced from different power grids

  • Are there backup power generators?

  • Is there onsite fuel to run those generators? You’ll want onsite fuel that can last a few weeks.

Air Conditioning

  • Servers and other systems generate a significant amount of heat, making backup cooling systems a key component of a disaster recovery facility


  • For data and telecommunications, your disaster recovery partner should deploy an uncompromisingly high level of security through technologies such as:
    --Virtual private networks (VPNs)
    --Virtual local area networks (LANs)
    --Firewalls and more

  • Physical security is also important. Ensure the provider has 24-hour manned security at the DR facility as well as cameras and digital monitoring

Redundant Systems

  • Whether it uses servers, routers or T1 lines, your remote or hot site provider should have N+1 availability, a system configuration in which multiple components have at least one independent backup component to ensure system functionality continues in the event of a failure


  • The best deployments use Redundant Array of Independent Disks (RAID) methodologies to “stripe” data across systems for performance and data mirroring for improved protections and availability. Striping means that all available hard drives are combined into a single, large virtual file system, with the blocks of the file system arrayed so that they are spread evenly across all the drives

Application Software

  • Ideally, your remote-site provider can accommodate multiple strategies, including redundancy, clustering, load balancing and warm standby (in which the application is loaded, but not running)

We understand that a lot goes into implementing and maintaining an effective disaster recovery system, so we've created this handy IT Guide for Hedge Funds.

Essential Tech Guide for Hedge Funds

Editor's Note: This article has been updated and was originally published in May 2010.

<![CDATA[Tips to Establish Effective Crisis Communication Plans for Financial Firms]]>, 13 Oct 2015 00:00:00 -0400 eci Many building tenants have a daily interaction with their building’s management. The interaction may be a friendly “good morning” or “good night”. Perhaps you’re on a first name basis with some of the front desk employees. Typically, that is where the relationship ends, and if so, that can potentially lead to some issues in the future.

Being able to quickly communicate and respond in the case of a business continuity emergency or interruption can make a big difference to building management and tenants alike. Additionally, having each other’s contact information can be extremely helpful during regular business hours, as well as, off-hours or holidays and weekends.

Traditional Building Management Communication MethodsHedge Fund BCP, Emergency Communication Plan

During regular business hours, building management has several options to notify tenants. Depending on the type and severity of an emergency, facility management may choose to utilize passive notification, such as email, or they may use more aggressive notification like public announcement (PA) systems or alarms. While alarms and PAs might help grab the attention of tenants, they aren’t the most effective tools to communicate long or detailed messages. Even planned drills, such as fire drills during regular business hours, are not fool-proof. During this commotion, it may be difficult to locate members of building management and even harder to efficiently communicate.

During non-business hours, if there is an interruption or emergency occurring, facility management will most likely notify all tenants and provide updates until the event is over. If the building is closed, and the notification doesn’t reach the appropriate people, then employees may show up for work, wasting employee time and causing frustration.

The Role of Building Management in Your Business Continuity Plan

Meeting with building management to review emergency procedures and contact information should be done at least annually, even if there isn’t turnover in either organization. Although this review may not lead to any updates or changes to documentation, it’s important to ensure protocols are understood, notification plans are clear and information is accurate. Failing to evaluate these plans could lead to confusion, tarnished reputations and more serious damages following an incident.

The following are key points building management and firms should address and be aware of to help ensure effective communication during scenarios of emergencies and interruptions.

  • Understand building management’s emergency/evacuation plans, especially, how firms are expected to relay information to either building personnel or first responders.

  • Compile contact information of facility management and office employees within a binder.

  • Firms need to ensure that building management has their most updated contact information to guarantee that staff will be contacted in the case of a disruption or emergency.

  • Any turnover within the firm of employees which previously held emergency roles needs to be communicated to building management. For example, should someone takeover the role of a floor warden, firms need to communicate this to building management and provide updated contact information.

4 Disaster Recovery Tips for This Hurricane Season: Tech Tips Video

For more information, download our handy Hedge Fund Guide on Business Continuity Planning below.

Business Continuity Planning Guidebook
Photo Credit: Google]]>
<![CDATA[4 Disaster Recovery Tips for This Hurricane Season: Tech Tips Video]]>, 08 Oct 2015 00:00:00 -0400 eci We’re in Hurricane Season so let’s look at some best practices to ensure you and your employees are prepared for the unexpected. Remember, these four Eze Tech Tips are great for the next Snowmageddon too.

Want more Disaster Recovery Tech Tips?

Here are your options:

  1. Contact Eze Castle Integration (HERE)

  2. Puruse our Disaster Recovery Blog Category (HERE)

  3. Download our Disaster Recovery Guidebook (HERE)

DR Guidebook for Hedge Funds

<![CDATA[eSentire: Bringing Security to a Hedge Fund Near You]]>, 05 Oct 2015 00:00:00 -0400 eci The security threat landscape continues to evolve, and security through obscurity is no longer (and probably never was) an ideal approach to protecting the sensitive data of the hedge fund industry. A 2015 Cyber Security Intelligence Index study by IBM found that over 62 percent of cyber incidents targeted three industries -- Finance, Insurance, and Information and Communications -- highlighting the serious risk cyber intrusions present to financial firms.eSentire intrusion detection with Eze ATP

The report found that in 55 percent of all cyber attacks in 2014 were carried out by either malicious insiders or inadvertent actors and that unauthorized access triggered nearly twice as many incidents in 2014 compared with 2013. According to the report, “certain types of unauthorized access incidents rocketed to the top, accounting for 37 percent of the total—nearly doubling from 19 percent in 2013. ShellShock and Heartbleed were the game changers here.”

Another example cited was that malicious code and sustained probes together accounted for 40 percent of all the incidents observed. According to IBM, with an ever expanding array of malware from which attackers may choose— including viruses, worms, Trojans, bots, backdoors, spyware and adware—it seems fairly certain that malicious code incidents will continue to wreak havoc for the foreseeable future.”

These examples demonstrate that the risks facing large organizations and smaller firms (read: hedge funds) are just as real. To that end, we regularly team with eSentire to speak with hedge fund CTOs about the security landscape and their managed security technology. Additionally, Eze Castle Integration utilizes eSentire intrusion detection technology within our Eze Private Cloud and to power our Eze Active Threat Protection services.

Feedback on eSentire’s offering and approach is always received positively and the spark for this tech spotlight article.

The Spotlight

Eze Castle Integration and eSentire are working together to give hedge funds using the Eze Private Cloud or on-premise IT complete protection from security risks that could jeopardize operations and threaten proprietary information.

eSentire’s core solutions combine advanced security technology with highly trained security experts to proactively identify potential vulnerabilities, detect and prevent intrusion, and conduct forensic traffic analysis for predictive threat profiling. Core components of eSentire’s eSentinel managed security services are network interceptor and Security Operations Center (SOC). These deliver:

eSentire intrustion detection with Eze Castle incident responseNetwork Interceptor

  • Intrusion Detection / Intrusion Prevention

  • Bandwidth Tools

  • EXE Blocking / Quarantine / DPI

  • DNS Interception

  • SSL Interception/Proxying

  • Attachments and End-of-Day Reports

  • Forensic Traffic and Incident Analysis

Security Operations Center

  • Service Level Objectives

  • Change/Release Control

  • Operational Reporting/Relationship

  • SOC Escalation/Resolution Mechanisms

  • Root Cause Analysis Functions

  • Systems Group Maintenance

Watch How eSentire's Intrusion Detection Technology Protects the Eze Private Cloud

More Intrusion Detection Resources:

Want More on Hedge Fund Security?

Contact Eze Castle about Hedge Fund Security

<![CDATA[Launching a Hedge Fund in the EU: Key Technology Factors to Consider]]>, 01 Oct 2015 00:00:00 -0400 eci This article first appeared in HFMWeek's Special Report: How to Start a Hedge Fund in the EU 2015.

HFMWeek catches up with Eze Castle Integration’s executive director, Dean Hill, to discuss the importance of selecting the right business service providers and the key technology factors new funds must consider when starting out in the EU.

HFMWeek (HFM): Are you seeing a healthy market for new hedge fund launches in the EU?
Dean Hill, Executive Director, Eze Castle
Dean Hill (DH): Yes. I think going into 2016 we will see an increase in terms of the amount of new hedge fund launches across the UK and European markets. Not only are these launches coming more frequently, but their size, structure and launch AuM is greater than anything we have seen in the last two-to-three years. It is certainly on the uptake.

HFM: What do you see as the greatest regulatory challenges facing new hedge funds in the EU?

DH: Overall compliance and regulatory stipulations driven down from the SEC and ultimately picked up by the FCA are driving significant changes in the way that new, and indeed existing, hedge funds operate. Accountability across business functions have put an end to the days of ‘box ticking’ in areas such as due diligence. I think the biggest challenge that COOs are now facing is that they are now much more accountable for areas of their business and operations where they may not have significant insight. Technology, especially the growing focus on cyber security, is one such area. As a result, choosing reputable and established outsource partners is key.

HFM: There are a number of factors that play an important role in the success of a hedge fund. From the prime broker to fund administrator, auditor, legal counsel, and technology provider, how important is it to work with the right key service providers?

DH: Selecting the right service providers is probably the most important decision a new or established hedge fund will make. Competition in the market is at its highest at all levels. Funds are trying to attract institutional investment from other regions, and investors are looking to work with individuals with a solid pedigree and companies that have a solid background in providing proven solutions. We see a lot of service provider companies coming into the market with little or no experience and no concept of what it takes to service a client in such a demanding and fast-paced environment. Eze Castle Integration has been building up its reputation for over 20 years now. We will continue to do so through our dedication of servicing to the alternative investment industry. What we are seeing across the market, in terms of hedge fund launches, is the selection of the right partners and providers across all aspects of the business is absolutely critical.

HFM: How much of a consideration should cybersecurity be for early-stage funds?

DH: Cybersecurity has been the industry buzzword for 2015. It will continue to be so right through 2016 and possibly beyond. The most common cybersecurity threats that we are seeing mainly consist of ‘spearphishing’ and other phishing attacks on companies and individuals within those companies. We have had clients that have been attacked, and we have seen it happen to other companies in the marketplace. Cyber security should be taken as a serious consideration for any firm that could be perceived as an easy target for fraudulent or malicious attack. Criminals are becoming more and more sophisticated in their approach to corporate fraud and extracting money from victims. Security in any firm should be one of, if not the highest, priority. It is important in order to protect business, reputation and members of staff. Again this comes back to selecting the right vendors to outsource services to. It will have a direct impact on security risks and averting these risks. At Eze Castle Integration, for example, we have built layers of security into our Eze Private Cloud solutions to help ensure user data is protected from the data centre to the desktop.

HFM: What role are investors playing in shaping technology decision-making?

DH: Investors are ultimately driving the initial success and setting the precedent with new launches and established firms. All too often we advise funds not to cut corners in their technology operations, as this has a direct impact on the long-term success and reputability of their business. Investors expect firms to maintain institutional grade IT environments regardless of their size. The proliferation of private cloud services has had a marked impact in levelling the playing field. But, we always caution clients that there are differences between cloud offerings so they must conduct due diligence on the service providers to ensure all resiliency, security and service level requirements are met or exceeded. Many funds fail because of issues like downtime on services or compliance issues. But the main reason we see funds fail is because of a lack of target investment to launch. This is often driven by choices of funds over selection of service providers.

HFM: What is the single most important technology decision a new start-up will make?

DH: Today, there are many variations of technology solutions in the market. COOs are often overwhelmed with differences between private, public or hybrid owned cloud solutions. Ultimately a fund is putting its trust in an outsourced provider to deliver a service that ensures the business is up and running at optimum performance levels for the longest time possible. You are looking for 100% uptime. The most effective way to achieve 100% uptime is to select a service provider that has as much ownership and control of the service that you are buying into as possible. Typically risk is added when a service provider relies on other third parties to provide some or all of their solutions, as they effectively become an intermediator. This creates a situation where they have little or no control over the service being provided.

That is not the way Eze Castle Integration works. We manage the Eze Private Cloud, for example, from end to end so we can give clients confidence that the solution will perform as promised. Since selecting a technology partner is one of the most important decisions a firm can make, we encourage clients to conduct thorough due diligence, which includes inquiring about what services are outsourced. Once launched, a start-up should also commit to conducting annual risk assessments of their technology partners.

HFM: How can emerging managers leverage technology as a competitive differentiator against larger, more-established firms?

DH: Technology is a great talking point at any level. Everybody uses technology on a daily basis. As such, everybody has some kind of understanding of it. Established firms tend to rest on their laurels. They think: ‘Well, it has worked for so many years, why would we change it?’ Or ‘Why would we adopt anything different?’ Newer technology has enabled firms to be more dynamic in their approach and new businesses to be more flexible in the way that they operate. If start-up firms can demonstrate the same or better results through technology, they have the ability to shock older, more established, institutional firms to take note of what they are doing. Ultimately, it all comes down to profitability across the business. Technology enables newer firms to achieve this.

Emerging Manager Series

<![CDATA[Starting a Hedge Fund: What kind of Internet/Voice connectivity will I need?]]>, 24 Sep 2015 00:00:00 -0400 eci Among the many technology decisions your firm will face during the launch phase is selecting the appropriate telecommunications needs to power daily operations. High-speed Internet and voice connectivity are necessary to access market data feeds, communicate with investors and facilitate trade orders and other investment decisions. To help you make an informed decision about your voice and Internet needs, we’ve provided a few suggestions below.

Short on time? Click here to read our complete manager’s guide to establishing a hedge fund.

The Internet, of course, is an essential vehicle for collecting and distributing market data, as well as communicating with your clients, investors and partners via email. You’ll likely find four Internet access choices, depending on availability in your area. There are benefits and drawbacks to each, as described below.

Internet Access Option



Cable modem

High speed, relatively inexpensive

Low reliability


High speed, relatively inexpensive

Low reliability

T-1 line

High reliability, efficient speeds

More expensive than other two options


Cost-effective; flexible & scalable; offers redundancy and DR capabilities

Whichever Internet access method you select, seek out a plan that bundles proactive monitoring and security features to ensure the highest possible availability. You could also consider using multiple providers and a router in order to establish a safety net in the event one of your sources fails.

Traditionally, firms purchased a switch, known as a PBX, for phone and voicemail services. Your PBX will be installed in your data center and provides several options for routing calls and storing voicemails, as well as services such as caller ID, auto-attendant and integration with ring-down lines to various brokers. As you consider your options, it will be useful to know the approximate number of users and required functionality of the system. Keep in mind your requirements for redundancy, voicemail-to-email setup, branch offices, and call accounting and call recording systems.

In today’s cloud-powered environment, Voice over Internet Protocol (VoIP) systems have become a powerful option for hedge funds and investment firms to employ. VoIP services are relatively inexpensive and can therefore be attractive to firms initially short on capital. Added VoIP benefits include high levels of redundancy, seamless connectivity across multiple office locations and critical functionality for financial services firms. One reminder: make sure your VoIP provider has defined quality of service levels.

Many IT service providers have partnerships with telecommunications companies and can assist you in selecting the appropriate options for your business. Note that your costs will depend not only on the functions you need, but also how many users your fund will have. A fund with fewer than 40 users might pay anywhere from $20,000 to $40,000 for basic telecommunications services. However, it’s likely you will want additional services including advanced mobility, integration with trading systems and modular messaging. When you factor in these features, your costs can rise to a range between $30,000 and $80,000.

Market Data
Finally, you’ll need to select a market data vendor. Again, your selection criteria should include cost, speed, reliability and service. Fees vary and are determined by your offering mix, user base, remote access method and real-time pricing requirements. The leading providers of market data include Bloomberg and Thomson Reuters.

Launching a Hedge Fund: Emerging Manager Article Series

Editors’ Note: The information in this article has been updated and was originally published in May 2010.

<![CDATA[Trends in Hedge Fund Technology Outsourcing]]>, 22 Sep 2015 00:00:00 -0400 eci Following is an excerpt from our Guide to Hedge Fund Technology Outsourcing. Skip ahead and download the full paper HERE.

As technology continues to grow as an important competitive differentiator for hedge funds and investment firms, funds are continuing to leverage technology outsourcing as part of their operational strategies.

A variety of circumstances in the industry have driven this move to outsourcing including:Hedge fund technology solutions

  • The changing economic environment as a result of the financial crisis;

  • increased investor focus on transparency and operational risk; and

  • Rising overheard costs relative to owning, maintaining and monitoring one’s own technology infrastructure.

Hedge funds and investment firms can leverage outsourcing in a variety of ways – everything from help desks to document management, virtual Chief Technology Officers and other staff to disaster recovery plans, FIX connectivity and more. But regardless of the specific elements being outsourced, funds should look for a few baseline requirements as part of an outsourcing solution:

  • A secure physical infrastructure;

  • Efficient and reliable communications;

  • Data protection; and

  • Vendor strength and stability.

Hedge fund technology outsourcing options have evolved in recent years to support the growing needs of hedge funds and alternative investment firms.

Cloud Computing
Through the cloud, funds can leverage outsourcing options such as software-as-a-service, infrastructure-as-a-service, disaster recovery solutions and more. Funds can avoid making expensive hardware purchases and instead leverage the infrastructure of a proven, private cloud services provider.

Sometimes funds need personnel more than technology or infrastructure services. Outsourcing offers firms a variety of staffing options: for larger firms with in-house technology employees, they can leverage the expertise of a virtual Chief Technology Officer or supplemental support staff for special projects. Smaller firms that do not employ their own IT staffs may choose to outsource that department in its entirety so they can focus on doing what they do best – making investment decisions.

For investment funds not quite ready to outsource their technology solely to the cloud, colocation offers an alternative which allows for increased availability and redundancy without the need to maintain infrastructure on-site.

Outsourcing FIX connectivity helps funds reduce costs and time commitments for installing, testing and maintaining connections to brokers.

Hedge Fund Technology Outsourcing

Editor's Note: This article has been updated and was originally published in September 2011.

Photo Source: iStock

<![CDATA[Windows 2003 Server End-of-Life, Presenting Window of Opportunity for Hedge Funds]]>, 15 Sep 2015 00:00:00 -0400 eci The following article originally appeared on HFMTechnology.

Although we are faced with change on a daily basis, especially in the hedge fund technology industry, keeping pace with ongoing tech metamorphoses does not come easy for everyone. Fear, the biggest contributor of hesitancy toward change, masks the opportunities innovation presents. Fear is what leads to IT limbo, and in an ever-evolving technology landscape, this effect can be crippling. However, with the support of expert IT service providers, the pains and fears of migrations and upgrades are alleviated.

In this article, we’ll examine the recent end-of-life (EOL), of operating system (OS) Windows Server 2003, its resultant challenges and how to overcome them.

Doing Nothing and Risking Everything

Windows Server 2003 extended support ended on July 14, 2015; however, not all users have made the transition to Windows Server 2012 R2. Why are firm’s remaining on an out-of-support OS?

The primary influencers are fear and a lack of sense of urgency to replace a still functioning OS. In the case of users still utilizing the legacy application, the risks they face largely outweigh the benefits. By doing absolutely nothing, firms are risking everything. As patches and bug fixes are no longer being provided, hackers have an unguarded entrance to access a firm’s sensitive information, passwords and banking accounts. This not only increases the firm’s odds of being hacked, but also raises the gravity of ensuing damages should an incident occur.

Additionally, if a firm’s network does crash that’s still deployed on Windows Sever 2003, the odds of finding expert support become increasingly limited with each passing year. This is predominantly due to the industry’s forward marching nature. An outdated system will only continue to fall behind in the race of technology, trouble shooting will take longer, future applications will fail to run, or crash the server altogether, and the cost to migrate increases concurrently as the pool of experts shrinks.

The bottom line is change is inevitable, and eventually 2003 will reach a point where the surrounding ecosystem won’t work with 2003 servers. Ultimately, MS will make it so the OS becomes inoperative as the company continues to evolve. So what can we do?

Finding the Opportunity in OS 2012

To put the preconceived fears to rest, we can assure users there are benefits to the latest Windows update. If fact, there is a window of opportunity for a new OS to bring to the fold. Benefits of upgrading to Windows Server 2012 R2 include, but are not limited to, enhancements in management, storage, virtualization and security. Additionally, the updated OS offers a 64-bit architecture, which is faster and more efficient than a 32-bit computer. Windows 2003 offered both versions. The issue this latter factor presents is there is no method for directly upgrading operating systems from a 32 bit. Unless, you have an IT provider to manage a side by side migration technique for transferring applications and services to the new OS.

Out with the Old and in with the New

Fortunately, for Eze Castle Integration’s clients, we are offering assistance in planning and executing a migration strategy to protect firms’ infrastructures that are still running on Server 2003. With this support, migration is seamless for end users and downtime and data loss is limited with innovative backup solutions. Windows Server 2003 also presents the opportunity for financial firms to adopt alternative technology innovations that have risen over the past decade.

With that said, aside from upgrading the legacy operating system, hedge funds may want to assess their current and future IT needs. Throughout this OS transition, we’ve experienced numerous clients moving away from their traditional infrastructures and taking the opportunity to adopt a cloud-based solution. Transitioning to a private cloud offers firms advanced computing capabilities, practically zero downtown, unlimited resources, increased scalability and the safest, most robust cloud computing option available.

In summary, the EOL of MS 2003 presents an occasion for innovation and IT improvement. The transition is inevitable, and opportunity is up for grabs.

Please contact Eze Castle Integration to discuss your upgrade options.

About the Author

Scott Reardon is Director of Global Technology Services at Eze Castle Integration, the leading provider of technology and private cloud services to the hedge fund and alternative investment industry.

<![CDATA[What's New with Apple? The Latest on Apple Watch, iPad, TV and iPhone]]>, 10 Sep 2015 00:00:00 -0400 eci The world watched yesterday as Apple’s CEO Tim Cook unveiled the new iPhone 6S and iPhone 6S Plus along with a number of new products and applications. Apple also introduced the latest Apple TV featuring new capabilities for games and apps, a new iPad Pro that caters to professionals and enhancements to Siri that allow iPhones, iPads and Apple TV to be more tailored to the user’s interests. In case you missed yesterday’s announcement, here is a quick recap.

Apple WatchApple Watch

Apple announced the release of 10,000 new apps created for the Apple Watch over the last year. The company has added Facebook Messaging, iTranslate and Airstrip features to the new watch. Apple claims that Airstrip is going to revolutionize the health industry by having a health monitoring tool that allows doctors to check real-time feeds of heartrates and other measurements for their patients. Apple is also looking to give the watch a makeover by working with Hermès on new models. They have added leather bands and two new anodized aluminum colors: gold and rose gold. The devices will ship out today in 24 countries; however, customers will have to wait until September 16 to download the new Watch OS 2 software to their devices.

iPad Pro

The iPad Pro is larger and faster than the original iPad. With a 12.9-inch screen this iPad is nearly twice the size of the Apple Air and weighs 1.57 pounds, which is a bit heavier than the original iPad. Additionally, the iPad Pro is 6.9-mm thick compared to the Air’s 6.1-mm. The Pro features 5.6 million pixels, making the pictures more vivid than the retina displays on the Macbook Pro. Apple didn’t hold back on the hardware either, offering a third generation 64-bit chip. This provides twice the memory bandwidth and faster storage performance than the iPad 2. With the device’s four speakers, sound is clear and amplified for users. Apple also gave this monster of a device a 10-hour battery life to enable new classes of application that aren’t available via the original iPad.

The iPad Pro also features new accessories, such as a magnetic keyword and the newly designed Apple Pencil (must be purchased separately). Microsoft’s Kirk Koenigsbauer came on stage to announce the additions of Microsoft applications on the iPad Pro. With the combination of iOS 9 and MS Word and Excel, users have the ability to simultaneously work on the applications side by side. Living up to its new name, the iPad Pro’s target audience is business users.

Apple TV

The new Apple TV features Siri to enhance and customize the user experience. The company has also improved search capabilities through enabling universal voice searches between multiple apps including Netflix, Hulu, Showtime and HBO. Apple TV will also allow users to receive real-time updates on weather and sports, along with the ability to pause applications at any time. The television’s new remote appears sleek with a glass touch screen, includes a Siri button, functions up to ten feet away and has a charge that will last up to three months. The latest Apple TV will be available in late October for the price o $149 for 32 GB and $199 for 64 GB.

iPhone 6 and iPhone 6S

Apple iPhoneThe new iPhone 6S and 6S Plus feature several upgrades including 3D touch, additional color options and photography improvements. The phones feature a retina flash, making the display 3X brighter than the original flash utilized for the camera. Apple is also bringing photos to life with sound, extending the capture moment to record seconds after the photo has been taken. Apple also introduced a new app for Androids to convert to iPhone and an iPhone Upgrade Program for US customers that will give customers a new iPhone each year. Users can select their own carrier with the option of an unlocked phone and AppleCare+ all for $32 per month.

The iPhone 6S will sell for $199 for a 16 GB, $299 for 64 GBand $399 for 128 GB. The iPhone 6S Plus will sell for $299 for 16 GB, $399 for 64 GB and $499 for the 128 GB. The devices will be available for purchase on September 25, and the new iOS 9 will be available on September 16.

Photo Credit: Wikipedia Wikepedia

<![CDATA[Lessons Learned from the July New York Stock Exchange (NYSE) Suspension]]>, 08 Sep 2015 00:00:00 -0400 eci Back on July 8th of this year, the New York Stock Exchange (NYSE) experienced a temporary outage and proactively suspended trading. In many ways, the NYSE acted swiftly and responsibly when they noticed that there was a technical issue with its trading platform. The NYSE realized quickly that traders would not be able to reliably trade and ultimately decided to suspend trading across the market until full functionality could be restored. In total, NYSE trading was suspended for nearly four hours.

Although the overall impact of the downtime was minimal in the grand scheme, had this event impacted the public market data feed which traders and investors use to access critical information on public markets, the impact would have been more severe. Even still, there are some takeaways from this event. A positive: the success of the SEC Regulation NMS implementation. A negative: critique of the initial communications from the NYSE. Let’s examine these a little closer.

A Win for SEC Regulation NMS

The technical issues that caused the NYSE to suspend operations on July 8th occurred as the result of a new software rollout. All open orders at the time were canceled. Most investors were able to continue trading utilizing one or several of the 11 other Exchanges or 40+ dark pools to execute trades. A recent Wall Street Journal article1 indicated that as of 2005, 80% of the trades conducted across the U.S. stock market were via the NYSE. That figure currently stands at about 20%, in part because of a 2007 regulation commissioned by the SEC called Regulation NMS (national market system). This rule, enacted in 2007, allows for orders to be directed to the exchange that quotes the best price. It also reduces transaction fees for investors as a result of increased competition. Therefore, there is fortunately redundancy and flexibility for traders if a single or multiple markets are experiencing downtime. Had July’s technical glitch taken place a decade earlier when the majority of US stock trades were executed on the NYSE, the impact would have been more severe.

Communication Issues: Social Media Not Enough

Many described the initial communication by the NYSE on July 8th as poor. The NYSE primarily used Twitter as a means to release information about and during the trading suspension. While leveraging social media outlets is helpful and can allow businesses to reach a wide audience, it shouldn’t act as the sole source of information. While pertinent information may have reached the 1.7 million Twitter followers of the NYSE, it was still a limited release of information to a limited group - not ideal when communicating an interruption that could have a major impact.

NYSE Twitter Feed: July 8th Outage

There was also a negative reaction to the roughly 20-minute window between when the NYSE initially announced a “technical issue” and when they confirmed that the interruption was not a cyber-attack and simply the result of an internal problem. Coincidentally, both the Wall Street Journal website and United Airlines experienced glitches on the same day, prompting many to wonder if there was a larger cyber-attack at play.

Perhaps it simply took the NYSE time to confirm what the cause of the issue was, and that’s why the reason was not communicated with the initial message. But if not, that kind of information should have been communicated with the first alert. Doing so would have reduced confusion and any doubts among traders and investors in those initial minutes. Although 20 minutes is a short time period, with today’s social media and news coverage capabilities, it’s more than enough time to create a small panic.

In conclusion, technology glitches and issues will happen; we know this. And in today’s marketplace, communication, technology and policy updates need to walk in step to ensure that when interruptions happen, response and recovery are enacted quickly and efficiently with minimum confusion to stakeholders.


Photo Credit: Twitter

<![CDATA[What Is the Dark Web and Where Do I Find It?]]>, 03 Sep 2015 00:00:00 -0400 eci If you’ve seen or read the news lately, there’s been a lot of talk about the recent Ashley Madison hacking scandal, by which a group of hackers known as Impact Team attempted to blackmail the site into shutting down – or risk having the information of some 37 million members released. Member information, including account details and payment transactions, was ultimately released over the Dark Web. Sounds spooky, yes? But what exactly is the mysterious Dark Web? And how can you access it? Here’s what you need to know about the Internet’s black sheep.

The Dark Web: What exactly is it?

In essence, the Dark Web is a cloaked portion of the Internet only accessible to users with specific software or authorization. It is part of the Deep Web – a section of the World Wide Web not indexed by search engines, meaning your standard Google and Bing crawls won’t do the trick.
Hidden Services of the Dark Web
Much of the concern surrounding the Dark Web has to do with the types of activities generally perceived to take place there. As you can see in Figure 1, according to Dr. Owen Gareth’s presentation “Tor: Hidden Services and Deanonymisation,” the majority of so-called hidden services lurking in the Dark Web are worrisome. Drugs, fraud, counterfeit, hacking, porn, abuse, guns, gambling: the list goes on. And let’s not forget the identities of the alleged cheaters from Ashley Madison.

How Do I Access the Dark Web?

As we’ve established, the Dark Web is not accessible via your standard Internet browsers. Rather, networks like Freenet, I2P and Tor (originally known as The Onion Router) must be used to access hidden content and browse anonymously. Tor is the most notable of the anonymous browsers, and according to its website, “protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.”

Tor’s use of “onion routing” dates back to the mid-90s, before the software itself was even launched (that came in 2002). It is a common misconception that the use of Tor enables an Internet user to remain completely anonymous. Instead, Tor allows for data protection in transit, making it so that sites cannot easily track a user’s location. As explained above, much of Tor and the greater Dark Web is used for illegal and illicit activities, including gaining access to censored information, soliciting and hiring hackers and communicating with whistleblowers. Infamous whistleblower Edward Snowden used Tor back in 2013 to communicate with The Washington Post and The Guardian, for example.

Is It Safe to Browse the Dark Web?

If your curiosity is getting the better of you, and you’re inclined to check out what the Dark Web has to offer, proceed with caution. If your goal is to browse the Internet under the veil of pseudo-anonymity, you’re probably okay. But depending on what you’re searching for, you could still invite trouble to come your way. General assumptions are that Tor is more secure than most traditional Surface Web browsers (e.g. Chrome, Firefox, IE), but that doesn’t mean it lives without the potential to come under attack. Botnets and Dark Web-malware are still prevalent; as recently as 2014, the banking Trojan dubbed ChewBacca stole credit card information – and came at the hands of a server-controlled botnet hidden in the Tor network.

Users should exercise caution when trolling the Dark Web, as they should with searches and functions within the Surface Web. The Internet is still the Internet – and it’s better to assume someone is always watching.

Photo Source: Wikipedia

<![CDATA[Ride Through the Security Layers Encasing the Eze Managed Suite]]>, 01 Sep 2015 00:00:00 -0400 eci Eze Video Debut!

Ever wonder about the layers of security encasing our Eze Managed Suite solution? We thought you had. That's why we created this video, which outlines not only the security protections but also the extensive services available to investment firms and hedge funds that move to our premier cloud solution.

Watch, learn and then contact us for more details.

Here's a recap of some Eze Managed Suite features:

  • A professionally managed IT platform tailor-made for the investment industry
  • A highly resilient system with Active-Active DR, enabling RPOs of seconds and 24x7 Monitoring, with DR testing included
  • File services
  • Email via Microsoft Exchange
  • Microsoft Office applications
  • Mobile services
  • Data backup
  • And email security

The Eze Managed Suite also provides enterprise-grade IT capabilities including:

  • Unified communications via Microsoft Lync;
  • Secure File Sharing and collaboration across devices via Varonis DatAnywhere;
  • And data governance through complete audit data for file server and email activity.

Learn more about Eze Private Cloud
<![CDATA[Third Party Marketers: What They Are Not Telling You]]>, 25 Aug 2015 00:00:00 -0400 eci The following article is part of our Hedge Fund Insiders Article Series and was contributed by Meyler Capital. Read more articles from the Series HERE.

So, I'm talking to a friend from the UK the other day when we stumble onto the topic of sports. Every time the word, “football” crosses my lips, he visibly cringes. “Football? You mean that game that you play with your hands? Tell me, JD, how often during a football game does anyone but the kicker actually ever touch the ball with his foot?

Meyler CapitalYeah – this argument is not will always mean something different to Americans than everyone else in the world. But it made me wonder the same thing about our business.

Why is it that capital placement agents refer to themselves as "Third Party Marketers"? Does this mean something different to people in these roles than it should to everyone else?

Let's call a spade a spade – there is about as much marketing happening in this industry as “footballing” in the American sport. Sure – there is lots of relationship management happening and certainly plenty of overt selling. But marketing? Not really…

Why is that? Across every other industry, marketing involves brand building and creating engagement. It is not just what information is presented, but how it is packaged. In this industry, the term marketing typically refers to delivering unremarkable, text heavy PDFs to existing relationships. The kind of stuff that looks just like the other guy’s stuff. The trouble in this industry is that there is A WHOLE LOT of “other guys”.

Consider the auto business – at best, there are a dozen legitimate competitors globally. Despite that, GM spends BILLIONS on marketing and advertising each year to support name recognition and enhance its brand, most in our industry spend next to nothing but yet somehow expect to stand out among 10,000 competitors.

It does this by affiliating with people named Shaquille O’Neal and Peyton Manning. People that its target audience aspire to be like. Just saying their names in the same sentence as automobiles and most people immediately know the reference to Buick. I am not at all suggesting that your third party marketer go out and make commercials – what works for one industry is not necessarily appropriate for another. But the key is to find a way to be memorable (in a positive way, of course).

The next time you look to hire an agent to raise capital on your behalf, ask how they distinguish between selling and marketing. Anyone can pick-up the phone – the trick is ensuring the prospective investor remembers you the moment the phone is put back down.

Come back Thursday for our next article or subscribe to Hedge IT and have it delivered to your inbox.

JD David is COO at Meyler Capital. JD has more than 25 years of trading and marketing experience while managing businesses for top caliber firms on both the buy and sell-side. During that time, he has developed a passion for building and scaling businesses and has been recognized for his ability to drive strategy and accelerate growth.

Hedge Fund Insiders, Third Party Marketer

Image source: Anderson via Meyler Capital

<![CDATA[3 Real Estate Trends Facing New York City Hedge Funds]]>, 20 Aug 2015 00:00:00 -0400 eci The following article is part of our Hedge Fund Insiders Article Series and was contributed by CBRE Group, Inc. Read more articles from the Series HERE.

As a team focused exclusively on advising hedge funds on their strategic real estate planning, we have observed several trends continuing to proliferate in the market. Below are three real estate-related issues relevant to all hedge funds.

Increasing Construction Costs

Construction costs for office interiors throughout New York City are rapidly increasing and firms that built space 5–10 years ago will find that overall expenditures for the same quality installation have increased 30–40% based on benchmark construction cost data across NYC. Although benchmarking numbers are not available specifically for hedge fund construction, high-end design details like custom millwork and architectural metal and glass are often a significant part of the design and are seeing the most rapid appreciation in cost, driving even more significant increases specific to hedge funds. Additionally, these premium and other critical trades such as HVAC and electrical are in high demand and can cause scheduling delays, pushing associated costs higher than ever.

It is crucial for hedge funds to have an owner’s rep / project manager advisor involved to ensure projects are appropriately budgeted from the initial due diligence phase, assessed on a project-by-project basis throughout the site selection process, and effectively implemented during the design and construction of the selected space.

Strong Preference for New Construction

The average age of a Midtown building is 62 years old. Older buildings suffer from inefficiencies due to frequency of columns and column spacing, reduced light and air from smaller and less frequent windows, low ceiling heights, expensive overtime HVAC, and other infrastructure limitations. As a result of these challenges, demand for newer product is significant.

However, challenging Manhattan development economics make assembling development sites and demolishing existing buildings prohibitive. Of the 20.5 million rentable square feet of available space in Midtown, only 11% is in buildings constructed after 1990. Pricing for the newest buildings is significantly higher than comparable older buildings (anecdotally 20–40%) and in multiple cases, those locations are outside of the traditional areas of preference for hedge funds.

Decision-makers leading the space search will find, however, that a significant portion of the rental rate premium can often be offset by leasing less space through improved efficiency and employee willingness to sacrifice the size of individual work spaces in order to enjoy the new building environment. Some of the newer buildings with significant vacancy like 7 Bryant Park and Tower 46 warrant a second look and in many cases, a test fit—despite the possible presence of initial sticker shock.

Geographic Parameters Expanding

With a significant number of hedge fund principals now choosing to live in Tribeca, SoHo and other Downtown neighborhoods over more traditional locations on the Upper East or Upper West Side, geographic parameters for hedge fund offices have broadened. While historically many funds would consider alternatives to Midtown during the initial part of their searches, a lack of accessibility for investors and insufficient infrastructure almost always eliminated buildings south of the Grand Central submarket from consideration.

Now, with several new buildings completed, hedge funds have alternatives with Class A infrastructure in these vibrant 24/7 neighborhoods. For example, following IBM Watson’s commitment to anchor 51 Astor Place, a significant portion of the balance of the building has been leased to notable funds such as Tudor Investment Corporation, Claren Road Asset Management, Maple Lane and Spark Capital.

Noteworthy submarkets with new and redeveloped buildings in the pipeline include Soho and the Meatpacking District, which are already home to prominent funds such as Anchorage and Two Sigma. Additionally, the rapidly growing tech industry has favored neighborhoods with classic and loft-like architecture, such as Union, Square, Flatiron and NoMad. This has driven rising prices and landlords have invested to upgrade their infrastructure creating new buildings now suitable for hedge funds.

While investor accessibility continues to be a concern for newer funds, more established groups have the flexibility to broaden their search. As more high-profile firms take space in the neighborhoods between Canal Street and 34th Street, we anticipate hedge funds will continue to expand outside the traditional Midtown market.

Come back Tuesday for our next article or subscribe to Hedge IT and have it delivered to your inbox.

Ben Friedland is an Executive Vice President in the New York Office of CBRE. Throughout his 15+ years at CBRE, Ben has developed exclusive long-term relationships with many of the world’s leading hedge fund and private equity firms. Ben’s niche industry expertise and client base has earned him consistent recognition as one of CBRE’s top producers and frequent quotes in major news publications.

Michael Movshovich is a First Vice President in CBRE’s Midtown Manhattan office. Since joining CBRE in 2007, Michael has developed expertise and extensive track record advising hedge funds and private equity firms on their office space needs. Michael has distinguished himself as a trusted advisor and market expert within CBRE and the hedge fund/PE industries.

Taylor Scheinman is a Senior Associate in CBRE’s Midtown Manhattan office. After spending 5 years at Newmark Grubb Knight Frank, Taylor joined CBRE in 2015 and specializes in advising hedge funds and boutique investment firms on their long-term real estate decisions. Taylor is an expert in both the traditional Midtown sub-markets as well as emerging areas south of 34th street that has become an area of focus for established funds.

Hedge Fund Insiders, New York Real Estate

<![CDATA[Affordable Care Act (ACA) Changes Set to Have Significant Impact for New York Finance Firms]]>, 18 Aug 2015 00:00:00 -0400 eci The following article is part of our Hedge Fund Insiders Article Series and was contributed by TriNet. Read more articles from the Series HERE.

Steve EdneyBeginning January 1, 2016 every U.S. firm with 51-100 employees will be migrated to the “small group market” for healthcare benefits, as part of Affordable Care Act (ACA) mandated changes. Currently, in many states the small group market encompasses firms with 50 or fewer employees. But for policies that renew in 2016, this market will be expanded to include companies with up to 100 full-time employees.

Companies with 51-100 employees, who previously enjoyed the “economies of scale” benefits associated with being in the large group health care market, will become part of the small group market as of their first renewal on or after January 1, 2016. While this change will happen across the U.S., we believe its impact will be very significant in New York State.

What mid-size businesses can expect from ACA changes:

  • Healthcare premiums, on average, will increase – potentially significantly – and the access to a wide-array of rich benefit plans these companies previously enjoyed is likely to be reduced. This is because New York State’s small group healthcare market is “community-rated,” which means the demographics (for example, average age of employees) at a firm have no impact on small group market healthcare pricing. New York State currently prohibits insurance rate variations based on the demographic characteristics of the firm. This is in stark contrast to the rest of the country, where firms are priced based on their employee “census”- thus taking into account their demographic characteristics. We believe this will result, on average, in significantly higher healthcare premiums – especially if the firm has a relatively young average age composition, as so many New York financial firms do.

  • Affordable Care Act Impact on Hedge Funds

    “Small group” market plans will be “canned,” meaning you will now have to select your benefits from a group of plans that the carrier offers – and plans cannot be modified. This will likely cause firms with 51-100 employees to lose some of the previous benefits they were able to offer employees. As a result, this change is likely to affect deductibles, out-of-network coverage, advanced infertility treatments and lower limits on certain services.

  • Companies that have 51-100 employees and a relatively young demographic composition will likely be hit with significant healthcare premium increases, as the small group community rates will be much higher than what they currently pay. By my calculations, some groups could see premiums increase as high as 50 percent for plans similar to what they offer today.

A real example of how one mid-size business avoided the negative consequences of ACA changes:

A New York City business of 79 full-time employees recently came to TriNet concerned about how upcoming ACA changes would impact their mid-size business. They knew they would be subject to the community rated small group plans and that their new rates would become effective with their first renewal on or after January 1, 2016.

TriNet conducted an analysis of what they could expect, using the New York small group rates that are available today. This particular employer would have seen a 48 percent premium increase starting January 1, 2016 – coupled with a reduction in benefits – when forced into the New York small group market.

Because TriNet provides small and mid-sized businesses with access to rich Fortune 500-level benefits at prices they can afford, we were able to not only help this NYC business avoid a premium increase in 2016 – but we were actually able to provide them with a 10 percent savings on their current rates.

Come back Thursday for our next article or subscribe to Hedge IT and have it delivered to your inbox.

Maya Cohen Trinet

For more information on how ACA changes will impact your firm contact Maya Cohen, a Senior Vice President of Sales at TriNet Ambrose, at 646.356.8625. Maya joined Ambrose in 2005 as an HR Associate and has leveraged her growing expertise in client service, benefits, and strategic HR to improve the service offering to the Alternative Asset space. In her current capacity as a senior member of the business development team, Maya’s primary focus is expanding Ambrose’s Hedge Fund and Private Equity practice. Maya holds a BA from Brandeis University, where she majored in International Business and Near Eastern and Judaic Studies.

Hedge Fund Insiders, Cyber Claims Landscape

<![CDATA[Exploring the Cyber Insurance Claims Landscape]]>, 13 Aug 2015 00:00:00 -0400 eci The following article is part of our Hedge Fund Insiders Article Series and was contributed by Willis Group Holdings Ltd. Read more articles from the Series HERE.

The Cyber risk landscape is rapidly evolving. Governments are facing an unprecedented level of Cyber attacks and threats with the potential to undermine national security and critical infrastructure. Similarly, businesses across a wide range of industry sectors, particularly those in the health care, retail and financial services industries1, are exposed to potentially enormous liability and costs as a result of Cyber incidents and data breaches.

Given the risk landscape, it is no wonder companies of all sizes continue to be subject to increasing data breach liability, both in the form of single plaintiff or class action lawsuits and regulatory investigations and proceedings. Negligence, breach of fiduciary duty and breach of contract are just some of the allegations that a company may face as a result of a systems failure or lax security that compromises the security of customers’ personal information or data.Hedge Fund Insiders, Cyber Claims Landscape

Plaintiffs in data breach class actions typically allege that businesses failed to adequately safeguard consumer information and gave insufficient and untimely notice of the breach. Companies may also face class actions from banks and credit unions seeking damages for administrative expenses, lost interest, transaction fees and lost customers.

Settlements of data breach class actions can be exorbitant. For example, 25 class action lawsuits were settled in the wake of a retailer’s 2007 data breach involving the theft of data related to over 45 million credit and debit cards. The settlement included: up to $1 million to customers without receipts; up to $10 million to customers with receipts ($30 per claimant); $6.5 million in plaintiffs’ attorneys fees; and three free years of credit monitoring, with total costs reportedly up to $256 million. More recently, in 2014, two major retailers reported that the total costs of data breach and related class action lawsuits (less expected insurance recovery) was estimated at $63 million and $191 million, respectively. And, this year, two major health care companies are separately facing several lawsuits as a result of data breaches that reportedly exposed the personal records of 80 million and 11 million people, respectively. While these matters have yet to be resolved, the anticipated costs of litigation and settlement may set records.

Remedies Sought

Most data breaches result in first-party loss to the victim of the Cyber breach. For example, a business sustaining a Cyber breach or failure to protect confidential consumer information may incur the following expenses to remedy the issue (i.e., first-party costs):

  • Costs to restore its computer system, remove viruses, malicious code, Trojan horses

  • Costs related to loss of business (such as a denial-of-service computer attack on a company’s network that limits the ability to conduct business)

  • Costs to conduct a forensic investigation as to the cause of the unauthorized access

  • Legal consultation costs or “breach counsel” to consult the business regarding all statutory requirements

  • Costs to notify affected consumers, and costs to offer credit monitoring services to customers

  • Costs to retain public relations assistance or advertising to rebuild a company’s reputation after an incident

  • To the extent that there was a Cyber-attack on the business’ network in an attempt to extort money (“Cyber extortion”), costs to settle such extortion demands, as well as costs of hiring a security firm to negotiate with blackmailers may also be at issue

Companies affected by a Cyber breach may also face liability to third parties, which may result in defense costs, settlements, judgments and, sometimes punitive damages. Third parties bringing lawsuits against businesses for damages are increasingly seeking to expand the nature of injuries and remedies sought in light of early case law which determined that there was no injury in fact sustained by the Cyber breach and thus no standing to sue. The Federal Trade Commission (FTC)’s Bureau of Consumer Protection has increased its investigations of data breaches on behalf of consumers given the rise in the number of organizations that rely on “Big Data” in their advertising and marketing campaigns. In 2014, the agency issued a press release announcing its 50th Data Security Settlement on behalf of consumers. One of those settlements involved the much publicized 2006 settlement with a data aggregation company wherein the company agreed to pay $10 million in civil penalties and $5 million in consumer redress for time customers may have spent to monitor and repair their credit following a breach that exposed their personal information.

In addition, the Federal Identity Theft Enforcement and Restitution Act (“ITERA”) provides that perpetrators of identity theft must reimburse their victims for the value of the time the victims spent repairing their credit records. The enactment of ITERA and the growing recognition in the business community that time spent repairing credit may constitute an injury in fact, may create an increased willingness of courts to find consumer standing to bring such actions and thus an increased liability risk to businesses. Increased regulation at federal and state levels related to information security and breach notification is expanding the legal avenues that may be pursued. Forty-seven states plus Puerto Rico, Washington D.C., and the Virgin Islands, have enacted laws requiring companies to notify consumers of breaches of personal data. Federal laws, such as the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act, have requirements to safeguard the privacy of personal information, and some states require notification to the state attorney general. Given this ever-evolving and regulatory landscape, companies should expect an increase in third-party liability claims led by federal regulatory agencies as evidenced by a March 2015 federal court decision involving a large hotel chain wherein the court held that the FTC has regulatory authority to enforce data security practices.

1 NetDiligence Claims Study, 2014

Come back Thursday for our next article or subscribe to Hedge IT and have it delivered to your inbox.

Hedge Fund Insiders, Cyber Claims Landscape

<![CDATA[Cybersecurity Risks and Implications for Investment Advisers]]>, 11 Aug 2015 00:00:00 -0400 eci The following article is part of our Hedge Fund Insiders Article Series and was contributed by Haynes and Boone, LLP. Read more articles from the Series HERE.

Cybersecurity risks pose an increasingly significant threat to investment advisers. In early 2015, the Securities and Exchange Commission’s (the “SEC”) Office of Compliance Inspections and Examinations (“OCIE”) identified its annual adviser examination priorities which reflect certain practices perceived to present heightened risk to investors and/or the integrity of US capital markets, one of which was cybersecurity compliance and controls. In April 2015, the SEC’s division of investment management (the “Division”) issued guidance (the “Guidance”) [1] reinforcing cybersecurity as a priority for advisers and suggesting that advisers implement cybersecurity risk assessment plans, response strategies, and written policies and procedures. Included below are measures advisers should consider (some of which are directly from the Guidance) when addressing cybersecurity risks relating to their operations:Shelley Rosensweig, Haynes and Boone LLP

Risk Assessment. Advisers should conduct assessments of: (1) the nature, sensitivity and location of information that it collects, processes and/or stores and the technology systems it uses; (2) internal and external cybersecurity threats to and vulnerabilities of the adviser’s information and technology systems; (3) security controls and processes currently in place; (4) the impact should its information or technology systems become compromised; and (5) the effectiveness of the governance structure for the management of cybersecurity risk.

Response Strategy. Advisers should create and test a strategy that is designed to prevent, detect and respond to cybersecurity threats, including: (1) controlling access to various systems and data via management of user credentials, authentication and authorization methods, firewalls and/or perimeter defenses, tiered access to sensitive information and network resources, network segregation and system hardening; (2) data encryption; (3) protecting against the loss or exfiltration of sensitive data by restricting the use of removable storage media and deploying software that monitors technology systems for unauthorized intrusions, the loss or exfiltration of sensitive data, or other unusual events; (4) data backup and retrieval; and (5) the development of an incident response plan (as discussed below). In addition, advisers should also consider arranging periodic external “intrusion detection” or “penetration testing” to ensure their cybersecurity defenses are adequate.

Policies and Procedures; Training. Advisers should implement a cybersecurity strategy through written policies and procedures and training that provides guidance to the adviser’s officers and employees concerning applicable threats and measures to prevent, detect and respond to such threats and to monitor compliance with cybersecurity policies and procedures. The compliance program of an adviser could address cybersecurity risk as it relates to identity theft, data protection, fraud, business continuity, as well as other disruptions in service. It is important not only to have policies and procedures in place, but to periodically confirm that these policies and procedures are being implemented. Advisers should consider educating clients about how to reduce exposure to cybersecurity threats to their accounts.

Incident Response Plan. When implementing an incident response plan, advisers should consider:

  • Designating a coordinator and team that is available at all times for incident response (e.g., an adviser’s general counsel, CIO/IT head, or compliance consultant).

  • Determining the scope of the incident or breach (including determining what was lost, analyzing how confident the adviser’s team is of the existing system’s integrity, determining whether compromised data was encrypted, and interviewing employees and vendors about their responses and their system security, respectively).

  • Preparing a post-incident report and analysis detailing the event and the adviser’s response, and considering any applicable revisions to the adviser’s policies and procedures in light of the breach and response.

  • Taking immediate measures to prevent compromises and unauthorized access (including requiring periodic password changes and restricting use of the system by non-essential vendors and contractors).

  • Determining the adviser’s obligations under federal, state, local and/or international law (e.g., if there has been a breach, determining (in conjunction with counsel) if any governmental agency should be notified or if Form ADV needs to be updated).

  • Considering whether the adviser’s insurance company has to be notified.

Vendor Management. Advisers should consider performing due diligence on their third-party vendors to confirm whether they have sufficient cybersecurity protective measures in place. Advisers may also consider outsourcing certain cybersecurity risk and protection functions to third-party providers.

Insurance. Advisers should consider whether they should purchase cybersecurity-specific insurance to mitigate any potential losses and/or response costs in the event of a cybersecurity breach.

While it is critical to implement appropriate cybersecurity protocols in order to comply with applicable federal and state law, it is equally important from a franchise risk perspective as the costs associated with potential losses and responses to a breach can be devastating and significant. As it is not possible to anticipate and prevent every breach, advisers should implement the appropriate safeguards and response plans to lessen the impact of potential attacks on itself and its clients and/or investors.

[1] US Securities and Exchange Commission, Division of Investment Management, IM Guidance Update (April 2015), No. 2015-02.

About the Author
Shelley Rosensweig is a partner in the Investment Funds and Private Equity Practice Group in the New York office of Haynes and Boone, LLP. She structures and organizes domestic and offshore private investment funds. She advises clients regarding matters which include design, structure and operation of investment portfolios, distribution and marketing issues and commodities and futures issues. Shelley also assists clients with seed investments, the formation of managed account platforms and the organization of joint ventures. She advises investment advisory clients regarding investment products and services, SEC, FINRA and CFTC regulatory and compliance matters, as well as trading issues and employment matters.

Come back Thursday for our next article or subscribe to Hedge IT and have it delivered to your inbox.

Hedge Fund, Cyber security risks

<![CDATA[Building an Effective Hedge Fund-Prime Broker Relationship]]>, 06 Aug 2015 00:00:00 -0400 eci The following article is part of our Hedge Fund Insiders Article Series and was contributed by Wells Fargo Prime Services. Read more articles from the Series HERE.

Hedge Fund, Primer Broker RelationshipAll business relationships are driven by the belief that both sides will receive a mutual benefit that will allow for a long term sustainable partnership between the firms. For a prime brokerage /alternative asset manager relationship this principle is no different. An alternative asset manager (“AAM”) looks for certain services from its prime broker (“PB”): financing, access to balance sheet, securities lending, Capital Introduction, research, Corporate Access, technology and other services that are essential to the AAM as it deploys its strategy. PBs are looking to generate an attractive after cost return based on the revenue generated from the client vs. usage of financial resources such as balance sheet and capital.

Driven primarily by post financial crisis regulatory pressures, banks and prime brokers are being faced with significant new requirements, which has changed the client interaction dynamic and has led to changes in balance sheet strategy, business objectives, and capital markets activity. While the fundamental nature of the business relationship has not changed between hedge funds and prime brokers, AAMs need to understand the impact of regulation on prime brokers and how best to optimize their impact on the prime brokers balance sheet in order to optimize the overall relationship.

While Basel III is the primary driver of this change, perhaps the most significant shift in the PB model has been the introduction of the return on assets “(ROA”) metric on a pre-tax basis as opposed to the pure top line revenue that previously drove the business. In summary, a balance sheet denominator has been added to the revenue numerator creating an ROA equation that now determines the health of a prime brokerage relationship. To be most effective, funds should understand how to minimize the balance sheet denominator as well as their impact on other relevant metrics:

  • Liquidity Coverage Ratio (LCR)

  • Net stable funding ration (NSFR)

  • Tier 1 capital ratio

  • High-Quality Liquid Assets (HQLA)

Open Communication Is Essential

When selecting a prime broker, AAMs should establish an open line of communication with senior management at the PB. Preliminary discussions should aim towards being as transparent as possible so that both parties develop a deep understanding of each other’s methodologies and motivations, as well as pain points that may drive financing decisions. Maintaining this type of relationship and open line of communication will also foster a better understanding of trends and market color impacting the PB, and may serve as a resource for any impending changes that could impact the relationship. Further, transparent and open lines of communication will help the AAM reconcile the portfolio and leverage needs of the fund to the funding model of the PB, where feasible.

In short, selecting a PB should be based on comprehensive data and mutual understanding, not just financial considerations. Establishing connectivity with management within credit and risk, in particular, can also be an effective strategy, especially in times of market stress. Having this form of dialogue with a PB facilitates the AAM’s ability to utilize each PB relationship in a manner that maximizes the value of its portfolio to each PB, and make it a more efficient client. One example is how much leverage to use for a portfolio – if portfolio margin is the most balance sheet efficient method of financing with a particular PB and is adequate leverage the AAM should not push for a more balance sheet intensive form of leverage for that PB (i.e., enhanced leverage). This requires an open dialogue with the PB to be familiar with legal entity structure and other items which might impact the PB’s balance sheet efficiency.

Transparency Between Hedge Fund and Prime Broker is Key

Transparency and an open dialogue are key components to a successful AAM/PB relationship. In addition to leverage, AAMs often have several touch-points with a counterparty, and may therefore utilize PB resources apart from financing and securities lending, such as capital introduction and/or business consulting services. An AAM needs to appreciate its impact to the liquidity profile of its PB, as well as their overall value to the institution holistically. Ongoing conversations may also help manage expectations as to what being a more “efficient” client means to its PB(s), as it may vary from prime broker to prime broker. This requires a fund to identify its portfolio balance sheet utilization and the overall ROA its business represents to the PB. It is also crucial to understand how each prime broker defines ROA as each counterparty may view it differently.

Depending on the AAMs size and complexity of strategy, the AAM may need to allocate resources to a dedicated treasury function focused on maximizing efficiency and transparency across their funding counterparts. Treasury management starts with the fund having a thorough understanding of its balance sheet footprint, which includes transparency around prime broker’s funding models, liquidity of collateral, impact of margin lock-ups, increased cost of funding due to regulatory initiatives and its ability to rebalance portfolio positions among prime brokers while retaining internal capital efficiencies.

Another key component of treasury management that has surfaced over the past few years is the dialogue between funds and their PB’s around enhancing portfolio efficiency by sharing lists of position needs / excess with their prime brokers to increase the internalization of the client’s portfolio and enhance the return profile. Allocating shorts and longs in this manner increases portfolio optimization which leads to enhanced returns on balance sheet and capital– especially for market neutral strategies employing significant leverage. Another way to optimize an AAM’s balance sheet footprint is to work with PBs to make collateral allocation adjustments that create mutually beneficial optimization.

In summary, the key to building an effective PB relationship is for AAMs to have frequent dialogue with their counterparties and to understand key financing return metrics that are important to the Prime Broker. In addition, AAMs should consider their overall wallet share with PBs and move towards a more holistic client relationship that tracks overall resource consumption including secondary resources such as Capital Introduction, business consulting, corporate access versus trading, and financing revenues generated. The overall wallet of an AAM should be considered when allocating commission dollars to those counterparties providing balance sheet in order to increase the attractiveness of the client from an ROA and return on equity perspective.

The opinions expressed in this article are general in nature and not intended to provide specific advice or recommendations. Contact your investment representative, attorney, accountant or tax advisor with regard to your specific situation. The opinions of the author do not necessarily reflect those of Wells Fargo Prime Services LLC or any other Wells Fargo entity.

Hedge Fund Prime Broker Relationship

<![CDATA[Kicking Off the Hedge Fund Insiders Article Series]]>, 04 Aug 2015 00:00:00 -0400 eci Hedge Fund Insiders Article SeriesHedge funds operate in a dynamic, ever-changing environment, so to assist managers in staying abreast of hot topics, we are launching a new article series aptly titled, The Hedge Fund Insiders Series. Running right here on HedgeIT during the month of August, we’ll cover a range of topics aligned to investor and regulator expectations, due diligence trends and operational best practices.

Contributors to the Series include senior leaders at Eze Castle Integration, CBRE Group, Inc., Haynes and Boone LLP, TriNet, Wells Fargo Prime Services and Willis Group Holdings Ltd.

Here is a sneak peak of some of the articles we will publish each Tuesday and Thursday starting this week:

Keys to Building an Effective Alternative Asset Manager and Prime Broker Relationship
Wells Fargo Prime Services

Excerpt: All business relationships are driven by the belief that both sides will receive a mutual benefit that will allow for a long term sustainable partnership between the firms. For a prime brokerage /alternative asset manager relationship this principle is no different. An alternative asset manager (“AAM”) looks for certain services from its prime broker (“PB”): financing, access to balance sheet, securities lending, Capital Introduction, research, Corporate Access, technology and other services that are essential to the AAM as it deploys its strategy. PBs are looking to generate an attractive after cost return based on the revenue generated from the client vs. usage of financial resources such as balance sheet and capital. Read the full article.

Cybersecurity Risks and Implications for Investment Advisers
Haynes and Boone LLP

Excerpt: Cybersecurity risks pose an increasingly significant threat to investment advisers. In April 2015, the SEC’s division of investment management (the “Division”) issued guidance (the “Guidance”) reinforcing cybersecurity as a priority for advisers and suggesting that advisers implement cybersecurity risk assessment plans, response strategies, and written policies and procedures. This article provides measures advisers should consider (some of which are directly from the Guidance) when addressing cybersecurity risks relating to their operations. Read the full article.

Three Real Estate Trends Facing Today’s Hedge Funds
CBRE Group, Inc.

Excerpt: While there are several trends continuing to proliferate in the market, this article explores three real estate-related issues relevant to all hedge funds. First up is increasing construction costs. Construction costs for office interiors throughout New York City are rapidly increasing and firms that built space 5–10 years ago will find that overall expenditures for the same quality installation have increased 30–40% based on benchmark construction cost data across NYC.

Next is the strong preference for new construction. The average age of a Midtown building is 62 years old. Older buildings suffer from inefficiencies and challenges which have created a demand for newer product. A third trend explored in the article is the expanding of geographic parameters. With a significant number of hedge fund principals now choosing to live in Tribeca, SoHo and other Downtown neighborhoods over more traditional locations on the Upper East or Upper West Side, geographic parameters for hedge fund offices have broadened. Read the full article.

Other topics we’ll cover include:

Come back Thursday for our first full article.

Hedge Fund Insiders Article Series]]>
<![CDATA[Summer Weather Preparedness: More Than Sunscreen Needed for Protection]]>, 30 Jul 2015 00:00:00 -0400 eci As summer officially approaches its halfway point, we at Eze Castle Integration hope that everyone is enjoying the beautiful weather. We also want to take this opportunity to remind folks to be mindful that your firm can still be vulnerable, even when the weather is warm and sunny. With heat and humidity rising, power usage increased to keep offices cool, leaving firms susceptible to power outages. Additionally, with employee vacations prevalent during the summer and offices less crowded, there are fewer gatekeepers protecting your firm from social engineering threats and hackers. Let’s examine some of these factors a little more closely and offer some business continuity and security tips to keep your firm running at full speed in the summer heat.

Impact of the Heat: Power Outages

Boston Blackout 2012

You are sitting at your desk and recording sensitive information for one of your clients, when all of a sudden your screen goes black, and the office is completely dark. Your firm has experienced a power outage caused by increased usage during the summer months, and you are not sure if your information and technology is protected.

The months of July, August and September are considered the “blackout season” as major cities use the most power during these months, leaving them susceptible to power outages. According to the Energy Information Administration, electrical power outages, surges and spikes in usage bring about more than $150 billion in annual damages to the U.S. economy.1

You’ll want to know the answers to the questions below should your company suffer a power outage as a result of summer heat:

  • Does your building have an uninterruptible power supply or backup generator?

  • Does your firm have a disaster recovery plan? Will your data automatically failover if an outage affects your production environment?

  • Does your firm have someone in charge to handle incident response in the event of a power outage?

  • Do your employees have a secondary location to work from in the event the outage is long-lasting?

Employee Factors: Vacations and Remote Access

Summer tends to be a slower season for many firms, and more employees request time off and/or work from home or a remote location. Plus, the warm weather often prompts employees to get out the office earlier in the day, especially on Fridays or before long weekends. Sophisticated hackers know this and will often plan to target companies at the end of the day or week when employees are paying less attention and packing up to head home.

Phishing emails or phone calls are oftentimes put into action during these times. A situation like this was reported by Bloomberg recently when a hedge fund CFO in London fell prey to a phishing phone call on a Friday afternoon right before he left the office. The incident resulted in $1.2 million dollars stolen and the firm’s CFO ultimately losing his job; he is now facing legal action for failure to protect the firm’s assets.

Employees who are set up to work remotely can also be susceptible to social engineering attacks and hackers, thus it is important to train these employees to be aware of potential threats. Hackers often target remote access points because they believe the odds of gaining access to an employee’s personal laptop or mobile device are better than hacking into a company’s systems with presumably more secure firewalls and protections. Hackers will use social engineering and phishing techniques to gain access in these situations as well. For example, a hacker may see you working on your laptop at a coffee shop and when you get up to retrieve your vanilla soy latte, quickly insert a contaminated USB into your laptop. Within minutes, your personal and company sensitive information could be lost or stolen.

Final Takeaways

  • Employee training plays an important role in preventing situations such as these from occurring. Firms should employ information security training to ensure users understand the importance of using strong passwords and not leaving their laptops and mobile devices unattended in public settings.

  • Just because the weather is nice and employees are taking time off for vacation, does not mean that hackers are taking a vacation. Don’t let your guard down.

  • Finally, the benefits of investing in power backup plans far outweigh the costs related to damages and potential loss of revenue as a result of power outages, surges, and spikes. Make sure your firm is properly prepared to beat the heat this summer.

More Business Continuity Resources:


Photo credit: Tayloraldredge

<![CDATA[Cybersecurity for Financial Institutions: NYC Panel Highlights]]>, 28 Jul 2015 00:00:00 -0400 eci We take our thought leadership efforts seriously around here, and we’re always interested in educating our clients and partners about technology issues that can affect them. We’re also fortunate to be invited to speak frequently on a variety of hedge fund technology topics – most recently, cybersecurity. Our own Managing Director, Vinod Paul, participated in a panel session last month in New York dedicated to this topic.

Featuring speakers from Eze Castle Integration, Citrin Cooperman, Akin Gump, and CFO Consulting Partners, the panel spoke candidly about how the cybersecurity landscape is evolving for financial services firms and how they can begin to comply with recent recommendations from the SEC and FINRA. Following are some highlights from the event. If you’d like to listen to the podcast of the panel, click here.

  • Many firms question whether they need to do anything to comply with SEC cybersecurity recommendations. The answer is yes. And it’s more than technology firms need to employ.

    Hedge Fund Cyber Security Panel

  • Cybersecurity governance is a critical component. Who is in charge beyond the IT team? Someone at the firm needs to take accountability for this process and interface with various functions to ensure compliance. Ideally, a Chief Compliance Officer or Chief Information Security Officer should handle.

  • FINRA’s cybersecurity report published earlier this year review and detailed suggestions for broker-dealers, though the focus areas are applicable throughout financial services industry. The document examined eight areas: governance, risk assessment, technical controls, incident response planning, vendor management, staff training, cyber intelligence and information sharing, and cyber insurance.

  • Vendor management is arguably one of the most dangerous vectors for cyber problems at organizations. Service providers with access to your firm’s databases and systems inherently put your firm at greater risk, whether it be as a result of the vendor’s employees or the vendor’s systems getting hacked.

  • On the cybersecurity training front, your firm’s staff needs to know how to handle what’s coming in. Most security threats these days are disguised as malware or phishing schemes. Information security training should be completed at the board, management and staff levels and should be reinforced periodically.

  • A hedge fund cybersecurity program is only effective if it is instituted across the entirety of the business. Keeping information is silos and departmentalizing security practices won’t work.

  • The biggest cyber threat to any business is its employees, whether they be disgruntled (stealing data, executing malicious activity, etc.) or naïve (succumbing to phishing schemes, leaving mobile devices behind, using insecure passwords, etc.).

  • Know who you are partnering with. Low cost vendors and service providers could be cutting corners. Ensure your vendors have their own controls in place to protect your firm’s data.

Recent articles on hedge fund cybersecurity:

Hedge Fund Cyber security Information Center

Photo Credit: Citrin Cooperman
<![CDATA[Setting Up Secure File Sharing at Your Hedge Fund: Varonis on Eze Cloud]]>, 23 Jul 2015 00:00:00 -0400 eci So we all know hedge funds and investment firms don’t want their important information drifting around free file sharing services like Dropbox. Heck, even Dropbox’s Chief Operating Officer says they still have to convince businesses that “the enterprise features that [they’ve] built satisfy [business] security requirements and [business] needs.1

With security threats multiplying exponentially, satisfying security requirements isn't enough - vendors need to be one step ahead. That’s why for secure file sharing Eze Castle Integration added Varonis' DatAnywhere product as a standard feature within our Eze Managed Suite. Varonis' DatAnywhere offers users seamless and secure collaboration and file sharing across devices.

Beyond security, Varonis DatAnywhere is easy to use. Users receive the same drag-n-drop experience as shared network drives or a cloud sync folder, which means no need for training on complex user interfaces and collaboration workflows. Additionally, data is automatically backed up and version controlled.

We created a video training series for our Eze Managed Suite clients on using DatAdvantage. While I can’t share all the videos (unless you are an Eze client!), here’s the intro video to give you a taste of this great feature.

More Good Stuff to Read:

Contact Eze Castle Integration to learn more about our Eze Managed Suite package including secure file sharing capabilities via Varonis.

1Source: "Dropbox's biggest competitor? It's not Box,", November 4, 2014

<![CDATA[Five Steps to Effectively Managing Third-Party Service Provider Risk]]>, 21 Jul 2015 00:00:00 -0400 eci Hedge fund outsourcing is not a new trend, as buy-side firms have long dispersed the responsibility of many functions to third-party service providers more adept and accomplished at said functions. Technology, for example, is an area where many firms choose to leverage outsourced providers to manage complete or partial infrastructures, support projects or supplement on-site IT staffs. The benefits to outsourcing are numerous, but the true measure of a successful service provider relationship comes when an investment firm’s level of risk in using that provider is low.

Risks are everywhere, particularly in today’s cyber-focused environment. But the risk a hedge fund undertakes when outsourcing a function of its business to a third party is enormous. Not only is the firm relinquishing control to an outside company, it also takes on the added burden of managing that company, in addition to its own.

It’s one thing to put faith in your service providers to do their jobs effectively. It’s another to ignore your own firm’s responsibility to manage that third-party as a means of protecting your own firm. Successfully managing risk associated with third-party service provider relationships is a full-time job, especially for financial services firms working with dozens of various parties. Here are a few tips to help your firm properly manage third-party service provider risk:

Service Provider Risk1. Understand the breadth/depth of the relationships your firm has established. Smaller firms may only deal with a few outsourced parties, but larger, more established investment firms are likely involved with a host of service providers that are managing needs across the operations, finance, and technology departments. Before you can effectively manage these relationships, you need a comprehensive understanding of who your outsourced providers are, what services/functions they provide and what level of access they have to your firm’s data/systems. Here is a quick list of possible third parties your firm may be engaged with today:

  • Prime broker

  • IT infrastructure/cloud provider/managed security service

  • Outsourced administrator

  • Legal consultant(s)

  • Compliance consultant(s)

  • Auditing/tax firm

  • ​Application vendors: order management, portfolio accounting, etc.

  • Outside contractors

2. Calculate potential risks and vulnerabilities. We already know this is an important step on the cybersecurity front, but understanding your firm’s risks and exposures is critical regardless of the service provider benefits you’re leveraging. If the provider has access to your hedge fund’s data, systems, financials or other proprietary data, your risk is inherently high. Completing a service provider risk assessment for each third party engagement will provide insight into the level of access each provider has and hence, any potential vulnerabilities that may arise.

3. Conduct thorough due diligence before the relationship commences. The best time to conduct service provider assessments is during the initial evaluation period, but of course, for firms already operating, that time has come and gone for many of your providers. The initial vetting process is the first opportunity for your firm to ask pointed questions and understand the intricacies of the relationship you are undertaking. Firms should consider sending requests for proposals (RFPs) and assessment documentation to any third parties they are evaluating as a means of gathering as much information as possible.

4. Continue conducting proper due diligence throughout the course of the relationship. Service provider risk is not a one-time threat or possibility. As with any relationship, it should be continuously evaluated and monitored to ensure both parties are achieving their end goals and meeting expectations. General monitoring of service provider practices and performance is recommended, though frequency may vary. For example, services with higher risk levels (e.g. technology, security, etc.) may warrant more frequent evaluations or thorough risk assessments. Due diligence questionnaires are evolving dramatically to foster firms’ needs for greater transparency regarding service providers, and many investment firms are now engaging with compliance consultants and auditing firms to conduct independent service provider evaluations and assessments. As investors become savvier and inquire about firms’ technologies, operations and strategies, so too should firms as they evaluate the abilities of their third-party providers.

5. Employ contingency plans for terminating vendor contracts. One often overlooked contributor to service provider risk is contract termination. Investment firms should be careful to thoroughly read and review contracts with third-party providers and vendors and have a clear understanding of the termination process. Risks may vary depending on the level of access the service provider has to your firm’s data. Be sure to look for any contractual loopholes and operational practices that may affect migration plans or your firm’s security standing.

You may also find these articles interesting:

Technology Outsourcing for Hedge Funds
Photo Credit: Shutterstock

<![CDATA[How Secure is Your Password? First Steps to Safeguarding Your Data]]>, 09 Jul 2015 00:00:00 -0400 eci Security, security, security. It’s all anyone can talk about. From spear-phishing schemes to cyber extortion plots, hackers are reaching new levels of sophistication in their attempts to confiscate sensitive material and, in many cases, access monetary funds. But while we’ve trained ourselves to be more aware of these elaborate cybersecurity schemes, we often forget that the gateway to much of our information is only secured by one teeny, tiny little feature: a password.

Whether you’re safeguarding your work PC or personal mobile device, password security is the first and arguably most important step you can take to protect your sensitive information. And unfortunately, users often don’t put the necessary effort into creating strong, secure passwords, thereby leaving that sensitive information in peril and potentially easily accessed by intelligent hackers.Password Security

Password creation sounds like a simple task, but it is far from it, especially in today’s security-heightened marketplace. Following are five hallmarks of a strong password to help get you started:

  1. Diversity. You’ve probably heard this before, but are you actually practicing it? Don’t use the same password for multiple portals/access points. Every time you re-use a password, you give a hacker more opportunity to access your critical information. If the same password is used to protect your online banking information, airline reservation booking and retail accounts, for example, a hacker could easily leave your personal finances in shambles.

  2. Length. Most sites nowadays have requirements in place for password length. And the longer a password is, the more difficult it becomes to crack. Users should aim to create passwords of at least eight (8) characters to better secure confidential information.

  3. Strength. Those 8+ characters, however, should be more than a single word or meaningful string of dates. Weak passwords are simple for hackers to obtain, so it’s imperative that users craft long-tail, thoughtful passwords to securely protect their assets. Combinations of letters (upper and lowercase), numbers and special characters (think: $, !, #, &) are ideal to use when creating strong passwords.

  4. Storage. Let’s say you’ve employed the three principles above and crafted unique passwords of at least eight, diverse characters for each of the domains/sites/devices you utilize. How on earth do you expect to remember all of those different passwords' combinations? It’s not an easy feat, but writing them on a post-it note or in a file marked “Passwords” on your Desktop is not a viable or secure option. You may want to consider using a password management tool, but do your research first. A tool guarded by one master password with access to that much information is a pot of gold for a sophisticated hacker.

  5. Frequency. Bad news: by the time you get around to finally starting to remember all of your unique passwords, it’s probably time to change them. One of the keys to strong password management is frequency of change, and users should ideally change their passwords at least every 90 days.

Here are a few password faux pas to avoid:

  • Using personal references, such as your name, family members’ names, birthdates, etc. This information can be easily gleaned from social media sites and other avenues, so it’s best to skip within your passwords.

  • Creating equally easy-to-guess security questions. Your mother’s first name and the name of your high school are also details that can be easily investigated through a quick Google search.

  • Always starting your password with an uppercase letter or using numbers successively at the end. Apparently, these trends have become predictable, so users should consider user uppercase letters and numbers sporadically throughout the password.

Not sure if your password passes the strength test? Check out Microsoft’s Strong Password Tool and see how yours stacks up.

Hedge Fund Cybersecurity Whitepaper

Photo Credit: Pixabay]]>
<![CDATA[Understanding Social Engineering: How to Avoid Phishing Attacks]]>, 07 Jul 2015 00:00:00 -0400 eci In the context of information technology, social engineering refers to the act of tricking people into divulging confidential or sensitive business information, and breaking security policies. This form of attack infiltrates companies by targeting their weakest access point, which predominantly is a firm’s employees.Understanding Social Engineering; Spear Phishing, Cyber Security

The Art of the Phishing Con

Let’s examine a popular technique for social engineering known as phishing. In a phishing scheme, the hacker broadly disseminates a fraudulent email with aim to acquire sensitive data, such as, login credentials, IT resources or banking information. The message may request the recipient to submit personal information or to click on a link embedded with malware. Although this approach rarely dupes sophisticated users, a distracted employee could make one mistake and compromise a firm’s entire network.

Similar to the above-mentioned security threat, and on the rise in the industry, is spear phishing. This technique entails a much more targeted approach, and increasingly, is being used in the form of sophisticated bank wiring schemes. For example, in March 2015, the CFO of a hedge fund misguidedly wired $1.5 million to criminals after experiencing such an attack. In a spear phishing incident, criminals target specific companies or individuals and conduct background research to compile employee names, titles and contact information. Social networks are common resources crawled for this information. Obtaining such details and observing communications provides criminals with the tools to mirror email addresses, website URLs and dialect. The end result is the criminal’s identity masqueraded as a legitimate, trustworthy source.

How to Not Get Hooked

What can your firm do to defend its network against phishing attacks? From employing proper security measures, to cyber security training and to Written Information Security Plans (WISPs), it’s vital that financial firms form comprehensive security programs. Regarding email, eSentire suggests utilizing asymmetric encryption solutions, which offer digital signatures that can be validated by the recipient. eSentire also recommends that mandating sensitive actions to require two-factor authorization will help enhance internal security measures, for example: a phone call using a pre-shared number, which is external to the email, to confirm the message's legitimacy.

The reality is everyone is a target, and firms should train employees to recognize social engineering techniques. The differentiating factor between an authentic and fraudulent message could come down to one inversed letter. Prudence of employees in conjunction with a honed adeptness for security is one of the greatest defenses to help thwart attacks. Essentially the key to your firm’s network, it is crucial that employees scrutinize any email that inquires for information regarding login credentials and bank/wire transfers.

Register here for our upcoming SEC Cybersecurity Guidance Update webinar.

Additional relevant resources:

Hedge Fund Cybersecurity Info Center

Photo Credit: Google]]>
<![CDATA[Happy Fourth and Hello Instagram from Eze Castle Integration]]>, 02 Jul 2015 00:00:00 -0400 eci On behalf of the entire team here at Eze Castle Integration, we would like to wish all of our U.S. readers, clients, partners and friends a very happy and safe Independence Day holiday.

Also, we’re happy to announce our newly launched Instagram page so be sure to follow us: EzeCastle

We'll see you back here at Hedge IT on Tuesday, July 7th for a look at Social Engineering.

Eze Castle says Happy Fourth of July

<![CDATA[From NT to Cloud: A Look at Eze Castle's 20 Years of Achievements]]>, 30 Jun 2015 00:00:00 -0400 eci 20 years. 400 incredible employees. 650 clients. 3 continents. 10 offices. Countless services.

June 2015 marked the 20-year anniversary of Eze Castle Integration’s founding. We have reached many milestones over the years thanks to our dedicated employees and loyal client base.

From building the world’s first all NT trading floor (as Eze Castle Consulting) to building the hedge fund industry’s first private cloud platform (as Eze Castle Integration), the Eze Castle name represents innovation, quality and excellence.

We could go on and on but we’d rather show you some of our proudest accomplishments from the last decade.

First hedge fund cloud

20 years – Wow. So many milestones and so many more to come.

<![CDATA[Why is Cybersecurity Important?]]>, 25 Jun 2015 00:00:00 -0400 eci Did you know that the average cost of a data breach is $3.8 million? Or, that the consolidated average cost incurred for each record of lost or stolen sensitive and confidential information has increased six percent (6%) since 2013 from $145 to $154? A recent study of 350 companies spanning 11 countries reported the aforementioned statistics, representing a twenty-three percent (23%) increase in data breach consolidated costs.

The threat landscape is continuously progressing and expanding, and its path of destruction has echoed across news headlines. Examples of infamous attacks include Crytolocker, Heartbleed and Internet Explorer’s vulnerability, all of which occurred in April 2014. Hedge fund cybersecurity serves as the shield to a firm’s sensitive data and systems, helping to protect business critical information from potential breaches and attacks. In other words, stringent security measures are the antidotes to cyber threats. As cybercrime grows in sophistication and frequency, it is critical that hedge fund security measures and education concurrently advance and fortify.

Approaches to security will fluctuate firm to firm, but we recommend employing a multifaceted security plan that includes, but is not limited to, the following facets:

Hedge Fund IT, Hedge Fund Cybersecurity, cyber security
  • Written Information Security Plans (WISP) - Safeguards sensitive information and periodically assesses a firm’s mechanisms to thwart threats

  • Technical Safeguards and Policies- For example, Access Control – Utilizing the Principle of Least Privilege and Advanced Password Policies

  • Cybersecurity Training

  • Third-Party Risk Assessment

  • Cyber-Incident Response Team (CIRT)- Ensures immediate action is taken in the aftermath of a security event.

  • Business Continuity Planning (BCP)

What impact does cybersecurity have on data breaches?

The previously mentioned study found that effective BCP planning can help alleviate both the mean time to identify a breach by twenty-seven percent (27%) and to contain a breach by forty-one percent (41%). Additionally, BCP involvement reduces the per capita cost of a data breach by nine percent (9%). Aside from monetary impact, most companies experience negative opportunity costs subsequent to an attack, which derive from damaged reputations and weakened trust of current and prospective clients. Other factors found to significantly lower the ensuing costs of a successful attack are existing incident response teams, employee training and extensive utilization of encryption. Proactive firms with strong cybersecurity measures in place reduce the opportunity for an attack, as well as, the severity of impact should an incident occur. The reality is we must grapple with cybersecurity and focus on implementing an all-encompassing strategy to prevent, detect and respond to incidents.

Register here for our upcoming SEC Cybersecurity Guidance Update webinar.

Additional relevant resources:

Hedge Fund Cybersecurity Info Center

<![CDATA[Wexford Capital Moves to Eze Private Cloud Platform to Power Operations, Increase IT Agility]]>, 23 Jun 2015 00:00:00 -0400 eci We take great pride in helping solve our clients' IT needs and highlighting recent success stories. Our client Wexford Capital LP is one such example who selected the Eze Private Cloud platform for its fully managed, enterprise-grade environment. Wexford Capital gravitated away from its on-premise IT infrastructure and towards the Eze Private Cloud for its multifaceted suite of services and measurable benefits, such as, cost optimization and increased business agility.

Hedge Fund selects Eze Castle Integration; Hedge Fund Technology

Wexford Capital is a multi-billion dollar SEC registered investment adviser. The firm, which was formed in 1994, manages a series of hedge funds and private equity funds from its Greenwich, CT and West Palm Beach, FL offices. Absorbing all of Wexford’s IT needs, the Eze Private Cloud empowers the firm’s employees to focus on more tactical, revenue-generating work and create business value.

Dante Domenichelli, Chief Operating Officer at Wexford Capital, said, “Eze Castle Integration delivers the comprehensive services and expert, reliable support we had been searching for in an IT provider. Transitioning to the Eze Private Cloud has enabled seamless business expansion and improved our operational efficiencies while providing assurances of performance and security.”

Wexford Capital relies on the Eze Private Cloud platform to deliver premiere services such as Eze Managed Suite and Eze Managed Infrastructure. Eze Managed Suite is a fully managed IT solution that merges a highly secure infrastructure with key business applications and professional IT management. Eze Managed Infrastructure is ideal for hosting the custom or off-the-shelf applications used by the financial industry.

“Wexford Capital is a leading opportunistic investment firm that selected the Eze Private Cloud as a competitive advantage and disruptive solution to perform at a higher level while meeting increased regulatory and investor demands,” said Bob Guilbert, managing director at Eze Castle Integration. “Our partnership with Wexford is another significant milestone that speaks to our world-class technology solutions and unparalleled client service.”

Watch the video below to learn why London-based firm, INDOS Financial, also selected Eze Castle Integration to be their technology service provider.

Contact Eze Castle Integration

<![CDATA[3 Investor Winning Hedge Fund Marketing Strategies]]>, 18 Jun 2015 00:00:00 -0400 eci Written by Ledgex Systems, the following article originally appeared in the Canadian Hedgewatch under the title, "2015 Trends: Investor-centric Approaches for Hedge Fund Growth."

Winning Hedge Fund Strategies

In today's competitive market, winning investor assets is no easy feat. Hedge funds must be nimble and meet increasing investor and regulatory demands, while remaining cost efficient and advancing operations. To foster and sustain these relationships, it’s vital that managers and investors reach equilibrium in regards to their interests and expectations.

Achieving this balance is an ongoing challenge; however, it also offers firms opportunities for improvement. The following are suggested focus areas for hedge funds to differentiate themselves from the competition and attract and retain investors.

Bespoke Fund Productization

Managers that strive to enhance offerings consistently to attract principal growth must focus on investors’ needs during product ideation and development. Aside from exceptional client service, investors expect high performance, availability, transparency and seamless integration with client relationship management data. Hedge funds that invest in building bespoke solutions suitable for investor operations will meet expectancies better while increasing efficiencies and reducing the risk of underperformance.

Hedge Fund Investor Relations

Diving Deeper

To meet growing investor demands hedge funds must dig below the surface and provide visibility into both customer and investor relationship data. In other words, they need a bird’s eye view that can be magnified down to every layer, touch point and email.

This all-encompassing perspective, coupled with readily available, accurate information, will help managers identify areas for improvement and eliminate any guesstimates regarding past client activity. Information is king, and maximizing its value will empower a firm to become consistent in their efforts. Furthermore, funds will be able to nurture investor relations more effectively; rather, than acting on a whim when addressing investor questions and strategizing future business objectives.

Lack of Ease in Interpretation

Investors’ needs have evolved beyond historical data and records of interactions for performance evaluation and future planning. Although these reporting aspects are still valuable, suffice to say that paper trails of spreadsheets and multiple back-office systems are a way of the past. Some firms utilize multiple platforms and resources to manage customer relations, mailings, portfolios and the like, which can lead to increased headcount, cost and time.

Efficiently managing all of these areas requires one centralized platform that provides insight into sales and marketing initiatives, capital activity and communication tracking. Offering a one-stop-shop product not only simplifies customer and investor relationship management, but also enhances the fund’s services.

About the author:
Brian Macallister is managing director for Ledgex Systems. He has been designing and working with financial services applications for 20 years. Brian is the principal architect and product visionary of the Ledgex platform, and he is responsible for leading the company’s engineering, support and client service teams. Prior to Ledgex Systems, Brian was a director within the Eze Castle Integration Professional Services Group, where he led large-scale custom application development projects for some of the largest hedge funds and fund of funds in the country. Brian has also worked with top industry firms including Charles River Development, Thomson Reuters and Fidelity Investments.

<![CDATA[Create Information Security Plans, SEC Tells Advisers]]>, 11 Jun 2015 00:00:00 -0400 eci Welcome to the third installment of our SEC Cybersecurity Guidance Update video series. Our third (and last) video covers what the SEC is telling registered investment advisers about having written information policies and procedures. You can watch the first two videos below or HERE and HERE.

Contact Eze Castle Integration for help in creating a Written Information Security Plan.

Read the Highlights

First up, the SEC advises firms to have a Written Information Security Policy that includes:

  • A Business Operations Assessment,

  • Technical Policy Assessment,

  • Regulation Requirement Overview,

  • Cybersecurity Incident Response Guidelines,

  • Third Party Risk Assessment Guidance, and

  • Employee Guidelines

Next, ensuring clear ownership of the firm’s cybersecurity plans is critical. A CISO or Incident Response team should be appointed to facilitate rapid resolution following an incident. Key elements of a response plan should include:

  • Appropriate identification and escalation of incidents;

  • Communication to internal and external parties; and

  • Mitigation of risk and exposure.

Employees are oftentimes cited as a firm’s greatest weakness, but they can also act as your firm’s first line of defense against security threats. Conduct proper employee training on information security via online tools, tabletop exercises and scenario planning. Also be prepared to educate investors about the safeguards your firm has implemented to counteract security threats. You’ll also want to ensure any third party providers with access to your data are implementing equally stringent policies.

Watch Part 1: Recapping SEC Cyber Risk Guidance on Assessments


Watch Part 2: SEC Cyber security Guidance on Strategy

Contact Eze Castle Integration for help in creating a Written Information Security Plan.

Hedge Fund Cybersecurity Info Center
<![CDATA[SEC Cybersecurity Risk Update, Part 2: Prevent, Detect, Respond]]>, 09 Jun 2015 00:00:00 -0400 eci In Part 1 of the SEC's recent cybersecurity guidance update, the regulatory body highlighted the need for cyber risk assessments across multiple areas of a registered firm's organization. Continuing to address how firms should prepare for security incidents beforehand, Part 2 of the SEC's guidance update focuses on how hedge funds and registered investment advisers should prevent, detect and respond to security incidents.

Take a look at the latest installment of our video series or scroll down to read a brief recap.

Read the Highlights

Part 2 of the SEC's cybersecurity guidance is focused on preventing, detecting and responding to cybersecurity incidents, both from a technical and operational standpoint. Here are some highlights:

  • Employ a security strategy that features layers of security to protect all systems and data. This includes everything from anti-virus software and hardware and software firewalls to intrusion detection systems, encryption technology and application filters.

  • The next step is controlling access. At Eze Castle Integration, we recommend employing the principle of least privilege across all systems and data, thereby limiting access to only those who need it.

  • When classifying data, firms should identify what data needs to be encrypted. Confidential data should be encrypted in transit, and some firms may determine certain critical information must be encrypted at rest, as well.

  • The SEC also advises firms to restrict the use of removable storage media and to deploy software that monitors technology systems for unauthorized intrusions.

  • A backup and retrieval process is also critical to allowing firms to recover should a cybersecurity attack occur.

  • Finally, rapid incident response is essential to minimizing the impact of a security breach. With a comprehensive incident response plan in place and well-communicated, employees can act swiftly and businesses can resume normal operations in a timely manner.

For more information on cybersecurity risk preparedness, visit our Hedge Fund Cybersecurity Information Center.

Watch Part 1: Recapping SEC Cyber Risk Guidance on Assessments


Hedge Fund Cybersecurity Info Center ]]>
<![CDATA[SEC Cyber Risk Guidance Update: Risk Assessment Requirements]]>, 04 Jun 2015 00:00:00 -0400 eci We are excited to release the first in Eze Castle Integration's three part SEC Cybersecurity Guidance Update video series.

In case you missed it, in April 2015 the SEC issued a Guidance Update on Cybersecurity Risks and Expectations for registered investment companies and registered investment advisers. The three point guidance update addresses the need for Cybersecurity Assessments, Strategy and Written Policies plus Procedures.

So to get you up to speed quickly, we’ve created this video series. In this first (90 second) video we cover SEC cybersecurity guidance around conducting periodic risk assessments. Watch Part 2: Prevent, Detect & Respond HERE and Part 3.


Recapping SEC Cyber Risk Guidance on Assessments

In case you prefer to read, here are some key cyber risk assessment takeaways:

  • Define what confidential data is and determine how it's protected.

  • You must also understand where your data is located, how it is collected and who and what technology systems have access to it.

  • Registered investment advisers should have a clear understanding of the threat landscape, including potential internal and external risks as well as unique vulnerabilities specific to the firm. Evaluate a variety of potential scenarios as well as their likelihood to occur.

  • Once firms understand the risks facing their organization, they must conduct assessments of the existing controls and processes to ensure they account for the risk landscape and put the appropriate safeguards in place.

  • Be sure to understand the potential impacts of various cyber risk scenarios and outline specific protocols for incident response and quick resolution. The impact of cybersecurity incidents can range from financial to technological to reputational.

  • Finally, testing and assessing the governance structure, including administrative and technical safeguards, is key to ensuring effectiveness.

Contact Eze Castle Integration for help in creating a Written Information Security Plan.

Watch Part 2: SEC Cyber security Guidance on Strategy

Watch Part 3: SEC Cyber security Guidance on Written Information Security Plans

Cyber Security Experts from Eze Castle Integration

<![CDATA[The Green Case for the Cloud: Environmental Benefits of Cloud Computing]]>, 02 Jun 2015 00:00:00 -0400 eci When considering going cloud, numerous quantifiable benefits come to mind, predominantly: cost savings, simplified management, ease of access, increased efficiencies and improved computing capabilities. Beyond these commonly denoted advantages is an inherent benefit that tends to be unremarked in the case of cloud adoption.

The green, or eco-friendly, aspect of the cloud is one of the most overlooked, multifaceted advantages of cloud computing. Let’s examine the green proposition for the cloud, an untapped solution for hedge funds and investment firms.Green cloud computing, eco-friendly benefits of cloud computing, hedge fund technology

Reducing a Firm’s Carbon Footprint

Global warming has been a hot topic for years, but that’s no reason for us to get cold feet when considering going cloud. A study found that for larger, established firms cloud adoption can cut energy use and carbon emissions by 30 to 60 percent in comparison to on-premise IT infrastructures. In the circumstance of mid-sized firms, carbon emissions and energy consumption can be reduced by a staggering 60 to 90 percent, and for smaller and startup funds, typical e-waste reduction surpasses 90 percent. The greatest impact, however, is contributed by cloud service providers.

Data Center Efficiency

Today, more than ever, sustainability is transforming business operations and spearheading the collaborative effort to achieve an eco-friendly, low carbon society. Cloud providers are the leading drivers in emission savings, reducing technology’s impact on the environment through resource virtualization, continuous innovation and robust data centers. The scope of solutions spans security monitoring systems, computing technology and storage efficiencies, to name a few. Energy is typically lost in translation due to server underutilization, causing servers to sit stagnant and build e-waste. Data centers that utilize cloud technology require less equipment to monitor systems and manage workflows, freeing up energy typically vacuumed by machines and reducing the total physical server footprint. Furthermore, such environments provide the flexibility to expand your technology infrastructure as your fund grows.


Eco-friendly benefits of cloud computing; Green IT; Hedge Fund Technology

Dematerialization or the substitution of high carbon physical products with virtual equivalents and activities helps to improve energy efficiency. For example, an international company that flies employees periodically for face-to-face meetings could instead host a virtual meeting, saving money, time and energy. Virtual meetings are made available via applications, such as Microsoft Lync, which delivers unified communications and enables users to seamlessly conduct online meetings, send instant messages and collaborate with colleagues. Overall, the solution offers firms the opportunity to improve communications and stimulate collaboration and helps alleviate some of the hindrances faced by those firms experiencing expansion.

Saving Green

Migrating to the cloud means fewer machines and less hardware, which translates into lower cooling and space requirements. The end result: lower energy costs and freed up capital that firms may allocate to other projects. From a global economic standpoint, the Smart 2020 report estimates that within five years, information technology-enabled energy efficiency will translate into approximately $946.5 billion worth of cost savings. Firms are constantly being pressured to cut costs, the crux of paradigm shifts in how firms operate and unfortunate downsizing. Cloud computing not only allows firms to reduce capital and operational costs (CapEx and OpEx), but presents an opportunity to streamline management and focus on revenue generating projects, rather than daily IT tasks and issues. What does this mean moving forward? The green case for the cloud unveils a compelling opportunity to contribute to something much bigger than the tumultuous business climate. Cloud computing presents firms with the ability to help mitigate the consumption of energy, reduce their carbon footprint and move toward a greener, smarter future. Undoubtedly, cloud adoption and improved efficiencies will become increasingly ubiquitous with enduring advancements in cloud technology and growing green awareness.

Other resources relevant to this topic:

Hedge Fund Cloud Computing Survey Results

Photo Credit: Google, Eze Castle Integration

<![CDATA[Getting Stronger Together: How Hedge Funds and Service Providers Can Tackle Cyber Crime]]>, 28 May 2015 00:00:00 -0400 eci HFMWeek catches up with Eze Castle Integration’s managing director, Bob Guilbert, to discuss why so many funds are opting for cloud solutions and how the industry can work together to tackle cyber crime.

HFMWeek (HFM): What are the security implications of moving to a cloud sysBob Guilbert Eze Castle Integrationtem?

Bob Guilbert (BG): Firms looking to move to the cloud need to consider which provider is right for them and can service their operational and security needs. A firm needs to consider the security protocols in their office as well as in the cloud and work with someone that covers both sides, including the virtual and physical elements. It’s also vital that firms understand the ‘response and remedy’ services that cloud providers offer, the quality of which can vary hugely between public and private clouds.

HFM: Can the quality of security offered differ significantly between cloud providers?

BG: Absolutely, which is why IT due diligence is so important. At Eze Castle Integration, we’ve taken a defense-in-depth approach to cloud security starting right at the foundation. We have layers of security all the way through the infrastructure including access controls, continuous security monitoring, and intrusion detection and intrusion prevention systems. You are only as strong as your last defence. You must have all the right locks on all the right doors and multiple locks on those doors in order to thwart any hacker’s attempts to access your private information. You must also invest in employee training because even the best locks won’t help against many social engineering techniques. These can only be combatted with good due diligence and best practise regarding security awareness training for all staff and senior management. When evaluating a cloud provider it is also important to understand the security protocols followed within the provider’s corporate infrastructure. At Eze Castle Integration, for example, we’ve invested heavily in our own firm’s security to ensure there aren’t any backdoors to allow a hacker to access the cloud and data of our clients.

HFM: So outsourcing to a cloud platform gives more protection than an in-house product?

BG: I would say so, yes. We are offering enterprise level security, and we have a deep pool of specialists, which can be leveraged when needed for our clients. In-house deployments very often won’t have the same size of staff and also won’t have a budget that allows them to cover all areas of cybersecurity to the same degree. Small firms, especially, will never be able to enjoy the scope of security and technological power through their own means that they could by partnering with us.

HFM: Do you predict using cloud services will become the norm in the future?

BG: I think it’s actually reached that stage now. If you look at the number of start-up hedge funds that launch annually, I would say 95%+ of them consider launching on a cloud provider’s platform. One reason for this includes the capital expenditure difference between setting up the hardware and software in-house versus selecting an established private cloud provider. Firms get all the benefits of proper management and security to run the environment, and they have predictability in their monthly costs.

HFM: Are established funds, considering their historic investment in in-house IT infrastructure, slower to adopt a cloud solution than start-up funds?

BG: We find there are typically three inflection points where an established firm evaluates a move to the cloud. These are office relocation, technology refresh and adding a new application. A physical move of offices provides an opportunity as firms don’t want to invest in moving and setting up old-equipment at a new office. A technology refresh is another logical switching point as firms weigh the costs of a doing a whole system upgrade as opposed to moving to the cloud. In some cases very large funds are still inclined to invest in building their own infrastructure, however they will look to the private cloud for application hosting. This may be due to the CTO wanting to have the data within the premises of the office. However, Eze Castle Integration has several clients with multi-billion dollar AUMs on our cloud platform. At the highest AUM levels, it often comes down to personal preference and existing investments in internal IT staff and infrastructure.

HFM: What are ‘Written Information Security Plans’ (WISPs)?

BG: WISPs are plans that cover the administrative and technical safeguards a firm has in place to ensure data is protected. They include details on incident response, remediation and communication procedures should a firm be subject to a cyber breach. They answers questions such as: have you identified the chief information security officer in the organisation? In the event of a breach what action will you take and what communication paths will you follow? Having written information security plans is emerging as a requirement for firms. As part of its cybersecurity questionnaire, the Security and Exchange Commission (SEC) is asking about WISPs. And investors are increasingly asking to review WISPs as part of their due diligence. Overall the security questions being asked by investors and regulators are getting much broader and deeper. Both groups are asking for more details on whether there have been breaches in the past and the process that was taken. Investors are also beginning to ask these details from not only the remedial 3rd party but also all the providers they are using.

HFM: So investors have become much more sophisticated on cyber issues then?

BG: Yes, they have. With increasing numbers of successful breaches in the marketplace and more visibility around cybersecurity and cyber crimes, investors are becoming more savvy, aware and concerned

HFM: What do you expect from the SEC looking ahead?

BG: The SEC has already said cybersecurity is a top priority for them in 2015/16. They are planning to conduct much wider and deeper examinations of funds to ensure they have the best cybersecurity practises in place. They also want to see if a fund’s employees have been trained and tested on the firm’s WISP policy. I believe there is going to be a broader sweep in terms of who is looked at. A number of firms use outsourced functions, and the SEC will soon start to look at these third-party providers in a lot more detail. There is still a long way to go, but we all have a common enemy in keeping malicious activity outside of the hedge fund industry, and through effective dialogue between the public and private sectors, we can get stronger together.

To read more on this topic, check out these resources:

Cybersecurity Info Center for Hedge Funds; Hedge Fund Technology

<![CDATA[Starting a Hedge Fund: Your IT and Cybersecurity Checklist]]>, 26 May 2015 00:00:00 -0400 eci If you missed our 'Starting a Hedge Fund' webinar last week, you missed a lot. Luckily, our webinar replay is available here, and we're now onto Part Two of our recap. If you missed Part One - which focused on the structural and formation basics of starting a new hedge fund - click here. In Part Two, we're recapping what our very own Managing Director Vinod Paul covered, specifically around IT infrastructure decision-making, cybersecurity protections and common technology mistakes.

2015 Technology Priorities

Before looking at the specific technology infrastructure components emerging managers should consider before and during the launch phase, let's first cover some large-scale IT priorities for startups in 2015. We've identified three major priorities:Launch Button; Launching a hedge fund; How to launch a hedge fund

  1. Selecting the right service providers. Whether it's outsourcing IT, administration or another critical function, it's imperative for startups (and successful hedge funds in general) to conduct proper due diligence and forge partnerships with providers that offer flexibility and accountability.

  2. Understanding your firm's vulnerabilities and exposures. Security, security, security. It's the most critical area of focus for hedge funds in 2015. Firms should understand what risks could affect their businesses and the safeguards in place to mitigate those risks.

  3. Employing an infrastructure your firm can grow with. You're a startup, yes. But you can't afford to act like a startup, at least when it comes to your technology. Selecting an infrastructure platform and provider that can grow with your firm and support you 2, 5, 10 years down the road is critical to your success, and will save you money and headaches in the long run.

The Basic IT Checklist

Beyond legally forming your new hedge fund and settling on an investment strategy, you also have to make technology a priority for your new entity. While it is important to select the right provider, one who will grow as the fund grows, there are some things that could be used for comparison across firms.

  • PCs/laptops/mobile devices

  • Email, file services, storage

  • Telecommunications and networking equipment

  • Voice services and hardware

  • Disaster recovery and backup

  • Compliance & archiving systems

  • Applications (think order management system, portfolio accounting, etc.)

The Cloud Is a No-Brainer

Obviously, in order to support all of these systems and capabilities, you’ll need to first select the type of infrastructure platform you’re going to rely on. In our experience, nearly all new hedge fund and investment firm launches are selecting the cloud to support operations, primarily due to its flexibility, security and low upfront costs. But with any technology decision, do your due diligence here. Vet your service providers thoroughly, and consider the type of infrastructure needed to run operations: public, private or hybrid. Full disclosure: we recommend a private cloud solution to support the unique needs of the financial services industry. In another recent webinar we hosted on The Investor Perspective on the Cloud, the investor we interviewed clearly remarked she did not support the use of public cloud platforms and did not believe they were suitable for enterprise-caliber hedge funds. Just a little food for thought.

Cybersecurity Whitepaper; hedge fund cybersecurity

Cybersecurity: THE 2015 Priority

Cybersecurity is easily the most talked about topic in the financial services industry right now (and in most other industries as well). When we think about cybersecurity, we think of three key components to any firm's overall security strategy: Technology, Processes and People.

  • Technology is arguably the easiest to set up and implement, but to protect your firm, you need to employ layers of security across your systems and data, including firewalls, intrusion detection systems and encryption technology, as well as regular penetration tests and audit/logging systems to monitor unauthorized access.

  • Processes are just as important as the technology side of cybersecurity. Having policies in place to protect your firm before, during and after an incident are critical to reducing the overall impact on your firm in the event a breach does occur. Some vital policies include: written information security plans (WISPs), access control policies, personal information security policies and incident response plans.

  • People are the last part of the cybersecurity puzzle and can be the greatest weakness of the three. On the flip side, however, is recognizing your employees can also serve as your firm's first line of defense against security risks. Proper training on Internet safety, identity theft and phishing attacks can reduce the likelihood of a breach. Annual cybersecurity training courses and ongoing education may include drills and table top exercises.

Common IT Mistakes

Lastly, here are a few common technology mistakes we see firms make during the lauch process. You can read more about common IT mistakes here.

  • You want the perfect IT solution.

  • You are only focused on today and are forgetting about tomorrow.

  • You underestimate how large of a role technology plays in your day-to-day operations.

If you want more on technology priorities for starting a hedge fund in 2015, we have a few ideas:

Emerging Manager Article Series; Launching a hedge fund; hedge fund cybersecurity
Photo Credit: Flickr]]>
<![CDATA[A Checklist for Launching a Hedge Fund in 2015]]>, 21 May 2015 00:00:00 -0400 eci Yesterday, we hosted a hedge fund launch webinar called “A Checklist for Starting a Hedge Fund in 2015,” which focused on structure and strategy considerations for hedge fund startups as well as focus areas for your technology infrastructure and cybersecurity systems. Marni Pankin, partner at Marcum LLP, and Vinod Paul, managing director at Eze Castle Integration, shared their expert knowledge on what they consider to be the top priorities for hedge fund startups in 2015.

Marni-Pankin, MarcumPankin started with a checklist of her own, including what an emerging manager should look for when launching a new hedge fund. Below is a brief summary of her checklist and be sure to read our second article, "Starting a Hedge Fund: Your IT and Cybersecurity Checklist" here.

  1. Clarify your investment strategy: Having the ability to describe your niche or edge is extremely important.

    • What is your trading style?

      • Global Macro

      • Directional

      • Event-Driven

      • Relative Value

      • Other

  2. Develop a strategic business plan with a budget and cash flow projections.

    • Tallying the costs and determining who will pay is vital to survival of the new fund. Will you have seed investors to help with the initial costs or are they coming out of the investment manager’s pocket?

    • This is also under the focus of the SEC, who as of late, have been sanctioning managers for passing undisclosed expenses through the fund that should actually be paid by the manager. The fund offering documents should clearly define the nature of expenses that will be borne by the fund.

  3. Selecting the proper service providers is crucial for long term success as well as credibility with investors.

    • There are a couple of things to consider when selecting a service provider:

      Hedge Fund Launch Checklist; Launching a hedge fund

      • Expertise with hedge funds

      • Reputation in the industry

      • Ability to grow and adapt with the business

      • Costs of the provider

      • Level of service you expect and how important you are to them

    • Be Aware: Just because the firm you left used a certain service provider does not mean that you should. Emerging managers tend to need a bit more handholding and have limited funds, so employing the same provider as a large firm may be a risky business move for the future.

    • Common leveraged service providers:

      • Attorney

      • Information Technology Consultant

      • Independent Valuation Consultant

      • Regulatory Consultant

      • Fund Administrator

      • Independent Accountant

  4. Set up shop by purchasing office space and business equipment, create banking relationships and hire employees.

    • The fund will need to fill HR roles like payroll and identify practices for structuring compensation, profit sharing, retirement plans, and health insurance and benefits.

    • There will need to be some sort of IT support for the network and computer systems, disaster recovery plans, cybersecurity and knowledge of the cloud environment.

    • Trading and accounting systems are also important to the firm, whether you leverage a prime broker or fund administrator.

  5. Evaluate registration options and costs to assure compliance.

  6. Determine the provisions to be included in your offering documents.

    • Portfolio valuation is important as well as understanding the fair value methodology. The policy should be in accordance with GAAP and there should be a supporting document available on request for specific descriptions of your processes and policies.

  7. Set up your marketing budget and fundraising plan.

  • In 2013, the SEC removed the ban on general solicitation and advertising related to private offerings in Regulation D of the Securities Act of 1933, so as long as all the purchasers are accredited investors, you can solicit investors but still be mindful of the rules before making any decisions.

To watch the full replay of our complete Hedge Fund Launch Webinar, see below or click here. And don't forget to read Part 2 of our recap, focused on Your IT and Cybersecurity Checklist.

Related Articles:

Photo Credit: Pixabay]]>
<![CDATA[Cybersecurity, the SEC and You: Hedge Fund Symposium Highlights]]>, 19 May 2015 00:00:00 -0400 eci We were honored to be invited to participate in an exciting event in Boston recently hosted by KPMG. The event, Hedge Fund Symposium 2015, featured a lively panel on cybersecurity to kick off the afternoon. Featuring speakers from Eze Castle Integration, Morgan Lewis and The Baupost Group, the panel discussed the changing cybersecurity landscape for hedge funds and alternative investment firms and shared best practices on how to mitigate risk in this evolving climate. Following are some of our favorite highlights from the event.

  • Malware is seemingly the most common threat to financial firms and can infect a firm’s network as a result of improper use of removable storage media (USB devices), opening of suspicious hyperlinks and attachments or more advanced ransomware technology (think Cryptolocker virus).

    Hedge Fund Security

  • Spear-phishing and social engineering campaigns are also extremely prevalent and can cripple even the most technology-savvy firm. Ultimately, these campaigns are best prevented through proper user training and awareness around information security.

  • The SEC’s recent guidance updated by its Division of Investment Management included an interesting footnote. The note essentially concluded that firms have a fiduciary responsibility to provide investment advice/counsel to clients, and a cybersecurity attack or incident that affects the firm’s operations would, in effect, prevent the firm from completing their duties and ultimately may put them in breach of their contract.

  • Chasing compliance with regulations is not the right approach for hedge funds and investment management firms. Rather, firms should establish an overall comprehensive security program that is periodically reviewed to ensure it complies with changing requirements.

  • Vendor evaluations are critical when it comes to mitigating cybersecurity risk. The SEC specifically called out a lack of proper third party assessments as part of their exam sweep findings.

  • Conducting a cooperative study of your firm’s security environment will be more effective and productive than a one-time penetration test.

  • Firms should have a solid understanding of who at the firm is responsible for what areas of technology and security. Even if leveraging an outsourced provider, there must be an internal leader to learn the ropes, engage with vendors, and take responsibility for the firm’s security awareness.

  • New technologies and capabilities such as ethical hacking and phishing tests can help firms identify security risks both from a technical and user perspective.

  • Create a culture of compliance at your firm. If you’re still looking for management support, educate yourself and your team in order to raise executive consciousness around cybersecurity risks and best practices.

  • Trust but verify, particularly when it comes to working with outsourced IT and security vendors.

You might also find these hedge fund cybersecurity resources interesting:

Hedge Fund Cybersecurity Whitepaper
Photo Credit: Flickr

<![CDATA[3 Reasons Investors Drop Hedge Funds]]>, 07 May 2015 00:00:00 -0400 eci This article first appeared on FINalternatives and was contributed by Brian Macallister, managing director at Ledgex Systems.

Today’s hedge fund investors are more competitive – and more demanding –than ever. As a result, many hedge funds are walking a fine line. They need to track communications, client relationships and capital movements in order to raise and retain assets, while providing exceptional client service and exceeding reporting requirements – all without increasing headcount or operational overhead. That balancing act is essential to avoiding these three primary reasons investors walk away from their hedge funds:

1. They aren’t happy with performance.

Hedge Fund Investor

No amount of communication or reporting will save an underperforming hedge fund from losing investors. However, those efforts will help fund managers get ahead of investor concerns and proactively address likely questions during periodic performance dips. Information is power, especially in the hands of the firm. When information about how the investor’s balance today relates to past performance is readily available and integrated with customer relationship management data, financial firms can better manage expectations and investor reactions.

2. The relationship between the firm and the investor is weak.

Institutions and high net worth investors do business with people and companies they trust. Creating connections based on trust requires consistent nurturing and visibility into the entire investor relationship – not just a list of contacts and touches. Unlike in other industries where standard customer relationship management (CRM) solutions can deliver reports based mainly on historical interactions, hedge funds, fund of funds, family offices and other financial institutions need the capability to layer typical CRM data on top of investor relationship data.

It’s just as important, for example, to know the history of the investor’s portfolio, the reporting documents the investor has received and the related capital activity as it is to know when the firm last spoke with the client and what other investments that person has made in the past. Can the firm accelerate reporting? Enable and inform sales and marketing efforts? Provide compliance support? The answers to all of these questions influence the strength of investor relationships.

3. There is a lack of communication and transparency.

Often, firms rely on several different tools, loosely cobbled together, for producing investor statements, mailings, K1s, flash returns and other key communications. Those tools might include Excel, rudimentary CRM systems, mail merge programs and crude workarounds. The disparate nature of these tools can cause serious communication lapses when it becomes difficult for a fund manager to see, for example, that investor A wants hard copy documents delivered to his vacation home in Florida October through May, and investor B spends a month skiing in Colorado every winter, where he also expects to receive mailings without interruption. Tracking these kinds of preferences manually is no easy task. Firms have to solve this delivery mechanism problem if they are to avoid losing investors over a perceived lack of communication.

This challenge is amplified by the fact that the 2008 recession changed investor demands regarding transparency. Quarterly portfolio reporting is no longer acceptable to investors. In some cases, investors want 10 times the reporting they expected before 2008, and it has now become the norm for these clients to demand separately managed accounts rather than pooled vehicles. Failure to meet those expectations is one of the primary reasons why investors drop their funds.

Retaining investors over the long term

Alternative investment managers face a real challenge in retaining wary clients who are quick to jump funds when performance, relationships or communication become unsatisfactory. This is the reality across firms. Smaller firms have fewer variables to juggle but also fewer resources for improving manual or unsophisticated processes, and larger institutions have more complex needs and challenges, which are also more complicated to solve. At both ends of the spectrum and everywhere in between, hedge fund managers need to be able to report information to investors in a repeatable, automated and tailored manner.

Investor communication is integral to hedge fund viability. In order to appropriately target, retain and upsell investors, firms need insights into each investor’s history and expectations. That information has to be closely aligned with capital movements, as well. With all of that data streamlined in one resource, hedge funds can more efficiently address mandates for accountability, transparency and reporting, and avoid the top triggers for investor flight.

For more information on Ledgex, be sure to check out their website at!

Photo Credit: Google

<![CDATA[Making a Case for the Cloud to Your CXOs]]>, 30 Apr 2015 00:00:00 -0400 eci As your hedge fund’s IT Manager or Chief Technology Officer, you may be tasked with evaluating and directing the strategic technology initiatives at your firm. Unfortunately, this doesn’t always mean that you have the final say on how and when your firm makes technology-related decisions. That responsibility, in many cases, falls to the Chief Operating Officer or Chief Financial Officer, and in many cases, that individual does not have a technology background. It’s up to you, then, to ensure you provide your CXOs with the right information to make an informed decision about your firm’s technology foundation.

We asked our own CFO, Chris Holden, to talk through some of the primary considerations senior management (C-level execs) will weigh when evaluating a to the cloud. Read a recap of his thoughts here or scroll down to listen to the full replay of our conversation. Selling the Cloud to CXOs

Cloud Migration Drivers: Is Cost Always the Primary Factor?

According to Holden, the best way to justify a new technology to non-technical senior management is to provide a sound and logical cost comparison. And when it comes to the cloud, yes – cost is a big factor and a serious selling point.

It’s much easier to explain and forecast when your technology costs scale predictably based on metrics such as number of users, storage, servers, and bandwidth demands. This eliminates both the feared step function in capital expenditures when a firm hits a certain threshold, as well as limits the pain of hardware refreshes to manageable items like workstations, laptops, and monitors.” – Holden

Despite the significant cost benefits of the public cloud, Holden says, a CFO is not going to sign off on a cloud migration unless it’s the right fit for the firm. Low-cost services can be attractive, but they also come with disadvantages, such as:

  • Lower service levels

  • Less security, resiliency and monitoring

  • Less customizable; unlikely to support custom application needs

  • Not built for your firm or industry

Focusing on Cloud Security and Compliance

Security is a real concern, according to Holden, and all financial services firms should be aware of the threats within the industry and the potential effects of a security breach – both financially and in terms of reputation. Not only are regulators taking notice of security practices, but investors are also, making it more important than ever to ensure your firm selects a cloud provider you can trust. As a CFO, COO or senior management team member, you should look to understand the security practices in place on both a physical and virtual level as well as the policies and procedures in place to protect those assets. As a business, hedge funds should also look at factors such as cybersecurity insurance, written information security plans and incident response procedures.

Armed and Ready: How to Convince Your CFO

CFOs, by nature, are driven by numbers, therefore, when pitching them on a move to the cloud, it’s critical to come prepared with hard data. You should be able to show the cost differences between what the firm pays now for IT vs. what would be expected on the cloud. CFOs will also want visibility into other effects the infrastructure move may have on the company, including staffing (will headcount be reduced?), reporting (will we gain more insights into our business?) and more.

Your CFO or COO is also going to see that you’ve done your due diligence before proposing this transition. Come prepared with cost comparisons and pro/con lists. Cost isn’t everything, according to Holden, and you’ll need to “find a partner that you can both work with and one that fits your technical and business needs.”

Outsourcing Makes Sense for Many Firms

Holden’s advice to firms considering outsourcing: “focus on what you’re good at.” Technology is a critical component of daily operations, but it is not what most investment managers would consider a core competency. There may be cases where it makes sense to maintain an IT staff in-house or manage aspects of your technology, but there are also equally compelling cases for outsourcing to augment or supplement IT and to gain specialty expertise and support.

Watch below to hear our full conversation with Chris Holden about Convincing Management to Adopt Cloud Services.

You Might Also Find These Interesting:

Photo Credit: Flickr

<![CDATA[Planting Seeds: Springing Forward with Cybersecurity Education]]>, 28 Apr 2015 00:00:00 -0400 eci Despite the recent strides hedge funds have made to improve cybersecurity policies and safeguards, studies reveal that a less-heralded group is responsible for the majority of successful cyber-attacks. Flying under the radar and opening the malware floodgates with one click of a spoof email are employees ill-informed of cyber threats and potential risks.

Unbeknownst to the employee, upon release of their mouse they have guided hacktivists into his or her company’s network, exposing business critical information, financial records and passwords. And that’s just the beginning. The quantity and severity of subsequent damages are limitless, but so is the opportunity for improvement in the firm’s case.

Let’s rewind back to the beginning, prior to clicking, but post-receiving the malicious email. An employee who is educated on cybersecurity and internal policies due to company mandated training programs, would carefully analyze the message before opening. If the individual doesn’t sense any red flags within the email address, subject, or sender, then he or she may proceed to open the email. Upon doing so, the employee makes a point to address the legitimacy of logos, outlandish requests, spelling errors and hovers over URLs as many cybercriminals will alter just one or two letters from the authentic address. Upon performing their due diligence, the employee would then proceed to verify the email’s legitimacy with proper departments.

Hedge funds that plant seeds at the early stages of employee onboarding by implementing mandatory security trainings, not only foster education, but also help mitigate the opportunities for an internal breach. Additionally, firms that develop multiple layers of security, Written Information Security Policies (WISPs) and incident response plans are far more likely to recover quickly and experience marginal loss should an incident occur. Although evading cyber threats entirely is impossible, it is requisite for a firm’s continued success that they develop strong cybersecurity programs both internal and external to the firm.

Cybersecurity Info Center; Hedge Fund Cybersecurity

Additional Resources on Cybersecurity:

<![CDATA[What Do Hedge Fund Investors Think of the Cloud?]]>, 16 Apr 2015 00:00:00 -0400 eci It’s a question that many folks in the financial services industry have been asking for a few years now. Are potential investors comfortable with the idea of hedge funds leveraging cloud services? In Part 1 of our cloud webinar series, The Investor Perspective on Cloud and Security, we asked Ashley Gimbel, Senior Vice President at Dyal Capital Partners, to share her thoughts on evaluating the operational and infrastructure decisions of hedge funds and alternative investment firms and if investors are truly comfortable with the cloud. Click here or scroll down to watch the full replay of our conversation with Gimbel.

The simple answer is ‘yes.’ According to Gimbel, investors are and should be at ease with hedge fund clients using cloud infrastructures to support their daily operations. In fact, she says, hosted infrastructures often make more sense for firms with little to no IT resources computing

With a few caveats, of course. Firms should ensure outsourced cloud providers have proper Service Level Agreements (SLA) in place and are conducting appropriate oversight of their provider(s). A few other technology must-haves:

  • Well integrated data and systems

  • Established policies and procedures

  • Comprehensive disaster recovery

  • Cybersecurity protections

Gimbel also suggests that even firms without internal IT resources should have a dedicated individual to own service provider relationships and maintain at least a high-level understanding of the firm’s technology systems and components. Investors don’t want to hear just from your cloud provider; they want to hear from you.

What about public clouds? Is are investors less comfortable with firm’s using public solutions than vertical-focused private cloud providers? Yes, again. The public cloud has its place, according to Gimbel (testing and development, for example), but it simply is not suitable for enterprise IT environments. That goes for full-scale solutions (such as AWS and Azure) and public cloud storage tools like Dropbox and Hedge Fund Cloud Survey

Even though private cloud services are preferable, every solution is not created equal. It’s imperative for hedge funds and investment management firms to do their own due diligence on service providers to ensure they are building long-term, beneficial relationships. Gimbel suggests firms do the following when evaluating cloud providers:

  • Tour the company’s data center(s) to understand where and how your technology will be managed;

  • Check references as you would with any other contract/relationship you enter into;

  • Ensure cloud security best practices are followed. For example, use eSentire’s cloud security checklist to determine if/how providers conduct risk assessments, manage change controls, employ password policies and more.

A couple of red flags for investors when it comes to firms leveraging outsourced providers include those providers who are unknown in the industry as well as firms using patchwork solutions rather than comprehensive platforms.

Gimbel admits that she’s seeing forward progress from firms on the cybersecurity front as they look to shore up operations, something she believes is particularly fueled by the SEC’s recent involvement. Investors have always asked tough questions, she says, but they are taking it to a new level and following the footsteps of regulators. Specifically, investors want to understand what hedge funds have in place for intrusion detection and prevention, penetration testing and vulnerability assessments, and employee awareness training.

Watch below for a full replay of our conversation with Ashley Gimbel about investors’ comfort level with the cloud and security.

Additional Resources:

Photo Credit: Flickr

<![CDATA[Why the Public Cloud Isn't Suitable for Hedge Fund Trading Environments]]>, 07 Apr 2015 00:00:00 -0400 eci Whether you are a new hedge fund startup evaluating technology solutions or an established investment firm looking for an application upgrade or technology refresh, you’re likely to consider the cloud as one of your infrastructure options. If a cloud platform is ultimately your preference, however, your decision-making is far from over.public vs. private cloud considerations

Deciding between a low-budget public cloud environment (think: Amazon Web Services, Microsoft Azure) and a vertical-specific private cloud (hint, hint: The Eze Private Cloud) is not always an easy choice for financial services firms. Despite the clear advantages of the private cloud, many investment management firms are drawn to the low-cost and high flexibility of a public cloud. While this type of infrastructure may suit a variety of other verticals, financial services firms have high standards and require a level of service and infrastructure beyond what public cloud platforms can offer. Trading via the public cloud can pose a host of challenges and concerns - let's look at a few.

Preparing for Cyber-Attacks and Breaches

At the top of everyone’s priority list these days is cybersecurity preparedness. And rightfully so. Security breaches and attacks are seemingly occurring on a daily basis, and hackers have become savvier than ever. As a result, large public cloud enterprises – the Googles and Amazons of the world – are inherently more susceptible to attacks and, as a result, downtime. While these public cloud services are surely beefing up security and have billions of dollars’ worth of resources to dedicate to security planning, it remains to be seen if they can sustain a targeted attack or significant downtime.

Accessing Your Data: Where Does it Live?

One concern related to the public cloud is the fear of data being compromised. While this may be a general concern for all cloud platforms, the fear seems to be greater for public clouds that manage significantly more data. Additionally, even firms that leverage outsourced cloud solutions want control over their data, so understanding where data resides is a large concern. In the financial services world, microseconds can make all the difference. When trading, proximity plays an important role in determining how many microseconds it takes to complete a trade, and understanding where your firm’s data resides in the cloud is imperative. Ensure your cloud provider – public, private or otherwise – offers visibility into where your data is located. In some cases, they may also need to be compliant with regulations, such as the E.U. Data Protection Directive (95/46/EC).

Maximizing Data Availability

For most hedge funds and investment management firms, downtime is simply not an option. It can mean the difference between success and failure, between making millions of dollars and losing them. Ensure your cloud provider offers a competitive Service Level Agreement (SLA) and clearly identifies what is expected in terms of availability and downtime. Unfortunately, public clouds have made headlines in recent years for encountering downtime, so this factor is critical to firms looking to evaluate providers.

Hedge Fund Application Integration

One of the biggest benefits to a private cloud environment is leveraging a provider who understands your business. Amazon, Google and Microsoft – do they know enough about hedge funds and investment management to make you comfortable with their solution? You should also consider if vertical-specific applications can be easily integrated into a public cloud environment. Depending on your firm’s strategy, you may require advanced order management or portfolio management solutions, which may not integrate well onto public cloud platforms. Hedge fund private cloud providers, however, can easily integrate all your firm’s applications onto one platform and ensure seamless communication between them.

Learn more about public and private cloud considerations:

Cloud Survey: Find Out what your hedge fund peers are doing
Photo Source: Flickr

<![CDATA[Ethical Hacking: It's a Thing, Hedge Funds]]>, 02 Apr 2015 00:00:00 -0400 eci At Eze Castle Integration we see thousands of due diligence questions about hedge fund technology and operations each year. The questions around security are getting more specific with investors wanting details about each layer of a firm’s security stack.

A new question we’ve seen pop up one or twice centers around whether a firm’s online systems have undergone an ethical hack. So what is ethical hacking and how is it different from penetration testing?

hedge fund cybersecurity threatsWhat is Ethical Hacking?

Going back to our trusty security dictionary, SearchSecurity defines ethical hacker (aka white hat hacker) as a “computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker (aka black hat hacker) could potentially exploit.”

The increased focus on all things cybersecurity related – cyber-attacks, cyber warfare and cyber terror – has even led to the creation of a Certified Ethical Hacker (CEH) designation, which hacking pros can earn by completing online courses offered by the EC-Council.

What’s the difference between a Penetration Test and Ethical Hack?

In most cases, ethical hacks are comparable to penetration tests in that an individual or company is hired to simulate a malicious attack against online systems to identify vulnerabilities. With potential security holes identified, hedge fund firms can remediate to help ensure their environments are solid and data is protected.

It is worth noting that when engaging in an ethical hack, you should understand how the white hat hacker stays current on exploits. According to McAfee’s CSO, many white hat hackers “use personas when gathering the latest exploits so that their real identity is not readily apparent to the underground. [Even with white hat hackers, firms are] touching part of the shady underworld of hacking.”

Penetration testing methodologies are becoming clearer. Just last week the PCI Securities Standards Council released a new Penetration Testing Guide “to help organizations establish a strong methodology for regularly testing security controls and processes to protect the cardholder data environment.” While focused on the credit card industry, guides such as this move the overall financial services industry closer to standards.

What’s Next?

In investor due diligence questionnaires we’re seeing about hedge fund technology, the question of penetration testing is more common than ethical hacking at this point. However, at the heart of either question is how a hedge fund is securing its data and applications. Layers of security are essential – from the cloud to the user desktop.

What to know what else investors are asking about hedge fund technology and security? Read our 51 Common Due Diligence Questions.

<![CDATA[Interconnectivity: A Growing Cybersecurity Threat]]>, 31 Mar 2015 00:00:00 -0400 eci In an interconnected world, there is a trade-off between enjoying limitless information at our fingertips and threats that are just one click away. Most of us have become so accustomed to being plugged in, that we forget the world is simultaneously plugging in to us as well.

Global Cyber Threats, Hedge Fund Security

The global evolution of cybercrime continues to push boundaries and raise the bar for technology innovation and advanced security solutions. Indicating the evolving regulatory landscape, the US Securities and Exchange Commission (SEC)'s Office of Compliance Inspections and Examinations (OCIE) announced back in 2014 that it planned to inspect the cybersecurity preparedness of over 50 registered broker-dealers and investment advisers. In 2015, their examinations will continue across the financial services industry, and firms are locking down security practices in advance of these inquiries. Additionally, in Asia, the Singapore Personal Data Protection Act governs the collection, use, and disclosure of personal data.

This increase in regulation, threats and breaches is at a steady incline. Not only have hackers and their methods grown in sophistication, but they have also reached new corners of the globe, beyond Europe, North America, South America and Asia, to name a few. According to a recent report conducted this past December, there are 3.025 billion active Internet users around the globe and growing. Other milestone statistics reported:

  • Worldwide social media users exceeded two billion in August 2014;

  • Universal penetration of mobile phones surpassed 50% last September;

  • The quantity of active mobile connections passed the entire world’s population this past December.

With the internet of things growing every day, we foresee an increase in the number and severity of cybercrime tactics, mobile devices progressively being targeted and new capabilities as well as threats. From a global perspective, security is no longer just a surface list to check off and file away for archiving's sake. Building strong foundations upon robust security policies, processes and controls should be a focal point at the core of any firm’s operations, start-up or established. Despite the variance of currencies and languages from one country to the next, information remains king and is critical to protect. It is extremely valuable to have a global knowledge of information security policies as firms expand their business operations and client bases around the world.

Additional Resources:

Visit our Hedge Fund Cybersecurity Info Center

Photo Credit: Eze Castle Integration

<![CDATA[Encryption 101: Protecting Your Investment Firm's Sensitive Material]]>, 26 Mar 2015 00:00:00 -0400 eci The amount of data and information that passes through the Internet every day is – for lack of a better term - enormous. And truth be told, sometimes we are sharing information that we don’t want to get into the wrong hands, whether it be via email, instant message or other communications. Think: credit card information, personal information (name, address, social security number, etc.), bank account information or sensitive company or financial data.

A secure way to transmit this information is through encryption. According to TechTarget, encryption is “the conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties.”Security Padlock - Encryption

The history of encryption, believe it or not, began a long time before the Internet existed and we started sending electronic data. The ancient Greeks and Romans, in fact, sent secret messages by substituting letters that only a secret key code could decipher. In the time of Julius Caesar, he created a cipher by which he shifted letters to the left or right to hide his messages.

Modern encryption, thankfully, has developed into something much more sophisticated. The most widely accepted standard on encryption these days is the Advanced Encryption Standard (AES), which was established by the National Institute of Standards and Technology (NIST) in 2001. AES is considered asymmetric public key infrastructure (PKI) encryption – one of two typical encryption methods used today:

  • PKI encryption uses two linked cryptographic keys; “The public key is used to encrypt plaintext or to verify a digital signature; whereas the private key is used to decrypt ciphertext or to create a digital signature.”

  • Symmetric key encryption uses cryptographic keys that are the same, meaning both parties must have the same key to successfully share their encrypted message.

What should you encrypt?

Storing Data (Hard Drives/Files)
Depending on the type of information you’re storing, you may want to consider an encryption solution that stores data files. If your firm collects and stores investor or client financial or personal information, for example, encryption may be necessary. Internet Protocol Security (IPSec) or SSL-based encryption are two examples of encryption methods for protecting outbound-Internet and in-network communications.

Sending Data (Email)

Whether across an internal firm network or within a cloud solution, encryption is essentially a required function when emailing important information, particularly for firms in the financial services industry who handle sensitive material. When used in conjunction with other email security features (e.g. anti-virus, anti-spam, etc.), email encryption offers users comprehensive, multi-layered security protections when sending delicate information. Tip: be sure that your firm’s encryption solution is compliant with any required regulatory legislation such as SOX, GLBA, PIPEDA or the European Union Data Directive.

Traveling with Data (Laptops, Mobile Devices)
In some cases, firms may opt to encrypt laptops and/or mobile devices to ensure that when users are traveling, confidential company information doesn’t get into the wrong hands. While some devices feature inherent encryption technology (e.g. iOS 4.0+ and Android 4.0+), other devices will need to be protected via external software applications.

Eze Email SecurityEze Email Security solution

Eze Email Security is a comprehensive email security solution that allows firms to protect intellectual property, reduce downtime associated with email threats and enhance client trust. With Eze Email Security, every outbound email message is scanned by compliance and content filters before being sent to the recipient. Any message that matches defined compliance policies is encrypted. To learn more about Eze Email Security, please contact us.

Additional Resources:

Hedge Fund Cybersecurity Info Center
Photo Credit: Open Clipart

<![CDATA[Power Up, Power Down: The Hidden Risks of Public Charging Stations, Tools]]>, 19 Mar 2015 00:00:00 -0400 eci In a constantly connected world, the majority of us cannot help but feel reliant on our mobile devices, especially when it comes to battery life percentage.

Whether you’re in the airport, train or just on the go, keeping that effervescent green light out of the red zone becomes a priority, and most will plug into just about anything. With public smartphone chargers on the rise, this resource seems ideal for the battery conscious user. However, prior to plugging in to power up, we suggest proceeding with caution. After all, do you know whose hands that charger was in before? Smartphone charging station; BYOD

What most users don’t realize are the risks they are exposing their smartphones to by utilizing public charging stations and cords. Although these stations are “smart” they are also extremely dangerous. The moment your phone is plugged in, it will try to synchronize with whatever charging device it is connected to. Plugging into one of these USB ports could lead to cyber criminals collecting your personal information, including banking, browsing history and purchasing patterns. Additionally, your once-secure device is now at risk of being owned by malware. How criminals utilize this data ranges from targeting personalized advertisements to spying and identity theft.

On the business side of things, those who use a mobile device for work purposes must also consider the risks they are putting their business' critical data at by charging at a public kiosk. Confidential information, communications, logins, passwords and financial information could all be compromised. As businesses increasingly move away from the desktop, companies should consider educating employees on various risks and implementing BYOD security policies, for example, Mobile Device Management (MDM), Mobile Device Support, Data, Loss and Theft policies, in addition to, other safeguards regarding company-issued devices. Addressing these areas in your firm's BYOD strategy will help ensure your hedge fund is protected from potential security incidents.

How can you keep your phone secure and powered up while on the go? We suggest considering the following precautions:

  • Use only the charger provided to you by the product manufacturer

  • Buy a security adapter for your USB connection

  • Purchase your own portable charger

  • Avoid using public charging stations

  • Keep your phone locked while charging with a public device

When it comes to sensitive information and mobile security, you can never be too safe. For further information relative to this topic, check out the following articles:

Image Credits: Google

<![CDATA[Apple Watch: Security Concerns for the Enterprise and Beyond]]>, 12 Mar 2015 00:00:00 -0400 eci By now, you’ve no doubt heard about Apple’s latest tech craze: Apple Watch. Revealed during the company’s latest announcement earlier this week, the Apple Watch is expected to revolutionize the mobile world. Available starting April 24, the Apple Watch will appeal to a variety of end users – with prices ranging from $349 (for the aluminum version) to $10,000+ for gold-plated versions.

The Apple Watch will feature many of the same abilities of the iPhone – making/answering phone calls and texts, Internet surfing, and app integration as well as new advanced health monitoring features and Apple Pay. But with a user’s data now on his/her wrist in addition to in his/her pocket, should we be concerned about security?

Let’s start with the good news.Apple Watch

Apple Pay, in and of itself, has been thought out well in terms of security, it seems. Users can opt in to use a PIN number which will need to be entered every time the watch is put on a wrist. So if that watch was stolen, it would be impossible for the thief to make purchases via Apple Pay unless they had a user’s PIN number. According to Apple:

“Even if you lose Apple Watch, your accounts are protected. Because when you set up Apple Pay, you’re required to create a passcode. Each time you take Apple Watch off your wrist, the passcode must be entered to access it. And you can quickly remove your cards on”

Beyond Apple Pay, though, not much has been said about security with regards to the new device. And with enterprise firms transitioning more and more to BYOD strategies and evolving as part of the mobile world, isn’t it important that we talk about how secure the Apple Watch really is?

For instance, when on a user’s wrist, the watch works by syncing with the user’s iPhone over Wi-Fi and, in some cases, Bluetooth, networks. As Apple has said, the watch doesn’t do much without the phone. Hence, if data is constantly moving between the two devices, should we be concerned about the ability for hackers to intercept any of that traffic? Regular traffic that moves over Wi-Fi networks can be in danger and is a primary reason why many people are careful not to connect to public or other untrusted networks. And if an Apple Watch user needs to be connected to Wi-Fi in order for the watch to operate properly, it certainly seems there is a possibility for data to reside over potentially unsafe networks.

Additionally, I can’t help but wonder what the Apple Watch means for the enterprise community with regards to mobile device management and security. Firms who employ BYOD and allow employees to use their personal smartphones for corporate email are typically strict about what can and cannot be accessed. Many leverage MDM solutions such as Good Technology or Airwatch to protect corporate mail, for example. Will the same solutions be available to protect data that moves from the iPhone to the Apple Watch? Maybe a greater question is how will the Apple Watch affect enterprise mobility on a large scale? Only time will tell, it seems. Regardless, I expect there will still be quite a few crowds lined up outside Apple stores on April 24.

Read More:

Hedge Fund Cybersecurity Info Center
Photo Credit: Wikipedia

<![CDATA[Four Hedge Fund Technology Trends Not to Miss]]>, 03 Mar 2015 00:00:00 -0500 eci Two months into 2015 and already there have been changes within the financial service industry. From global security breaches, to the demands for increased investor transparency, to start-up funds launching and competing with their enterprise counterparts, the hedge fund landscape is as turbulent as ever. From a hedge fund technology perspective, there are a couple major trends that have started and will definitely continue to play out during the rest of 2015.

Hedge fund technology trends whitepaperZeroing in on these trends, today we released our new whitepaper aptly titled Four Trends Shaping Hedge Fund Technology. Read on for a sneak-peak of the topics covered in the paper and be sure to download the complete paper HERE.

Hedge Fund Technology Trend #1: Cybersecurity

One can’t look at a news source today without reading some sort of headline depicting another data breach or hack attack. The types of attacks facing the hedge fund industry are extensive and include:

  • Phishing/Spear-phishing: This type of attack is used to trick end users into giving up sensitive or personal information or making a financial transaction. While the attacks have the same intent, spear-phishing has a targeted approach and requires more research than a normal phishing attack.

  • Malware: Also known as malicious software, it is used to gain access or to disrupt system operations. Recently there has been an adware scandal, with Lenovo, a personal computer company. The organization sold computers that contained adware, which left the users vulnerable to hackers and viruses.

  • Distributed-Denial-of-Service (DDoS): DDoS attacks will make a website or system unusable and are common strategies of hackers.

SEC Cybersecurity Exam Involvement
Beyond proactively protecting against attacks, funds must also understand regulators' expectations around cybersecurity. In 2014, the Securities and Exchange Commission (SEC) released a 28-point questionnaire to investigate the security practices and protocols of firms in the investment sector. Then last month they released key cybersecurity exam findings based on the questionaire, which covers topics including:

  • Identification of Risks/Cybersecurity Governance

  • Protection of Firm Networks and Information

  • Risks Associated with Remote Computer Access and Funds Transfer Requests

  • Risks Associated with Vendors and Other Third Parties

  • Detection of Unauthorized Activity

A few best practices included firms having Written Information Security Policies (WISPS) and taking a layered approach to hedge fund security. Check out our top 10 takeaways from the SEC cybersecurity exam sweep HERE.

Hedge Fund Technology Trend #2: Due Diligence

Recently, IT and operational due diligence have seen an increased focus during the investor due diligence process. Investors are starting to devise lengthy and in-depth due diligence questionnaires for hedge funds – and by extension, their service providers – to gain more understanding of the processes and policies in place. The hedge fund technology questions typically fall into these categories:

  • Company/Organization Background

  • Annual Assessment/Audit

  • General Information Technology

  • Systems and Information Security

  • Access Control

  • Network Security

  • Physical Security

  • Disaster Recovery and Backup

Hedge Fund Technology Trend #3: Cloud Adoption

No technology trends article would be complete without exploring the impact of cloud technology. In the last decade, there has been a major transition within the financial service space to move from in-house technology and infrastructure to using an outsourced cloud solution to satisfy their needs. With 87% of investment firms using cloud solutions, the question now is how to reap maximum benefits.

Hedge Fund Technology Trend #4: The Changing Role of the Hedge Fund CTO

With the increase of cloud-powered infrastructures, the Chief Technology Officer’s (CTO) job is evolving from that of a day-to-day IT manager to that of a strategic business partner for the firm. Hedge fund CTOs are increasingly expected to focus on high-level projects like strategic discussions, compliance requirements and IT integration.

Download the "Four Trends Shaping Hedge Fund Technology" whitepaper and read in-depth about the topics brought up in this article.

hedge fund technology whitepaper trends

<![CDATA[10 Takeaways from the SEC Cybersecurity Exam Findings (Webinar Recap)]]>, 26 Feb 2015 00:00:00 -0500 eci In case you missed it, earlier this week we hosted a webinar during which our resident cybersecurity expert and SVP of Technology, Steve Schoener, answered questions regarding the results of the recent SEC cybersecurity exams and identified the top takeaways with meaning to hedge funds and investment management firms. Here’s a look at our Top 10 Takeaways from the recent exam findings. If video is more your style, you can watch the full webinar replay here or scroll down to the bottom of this article.

1. WISPs are well adopted.Visit our Hedge Fund Cybersecurity Info Center

A WISP, or Written Information Security Policy, was found to be employed by 93% of broker-dealers and 83% of registered investment advisers. What is typically included in a WISP document? Similar to business continuity plans, WISPs identify scenarios firms need to be aware of from a security perspective as well as preparedness measures to address those scenarios. Both administrative and technical safeguards are identified, giving firms a complete picture of what to protect and the processes in place to do so.

2. Broker-dealers are almost all conducting periodic risk assessments to identify cybersecurity issues.

When talking about periodic risk assessments, the question often asked, is how often they should occur. Schoener recommends that conducting risk or vulnerability assessments (VAs) at least annually makes the most sense for firms. If a hedge fund experiences a lot of change in their IT environment, they may consider conducting a VA bi-annually. *To provide our Eze Private Cloud clients with additional levels of documentation, Eze Castle Integration conducts vulnerability assessments twice per year.

Vulnerability assessments are designed to look at the specific technical details of a fund’s infrastructure and security environment. For example: is a system running differently than it normally does? Are there different certificates present? You can learn more about what occurs during and after a vulnerability assessment here.

3. Advisers are lacking in third party risk assessments.

The big takeaway here is that firms should be doing greater due diligence on their technology vendors, as well as other third parties that may have access to the firm’s networks. As cybersecurity threats continue to evolve, investor due diligence questionnaires are becoming more thorough, which may trigger firms to become more diligent in assessing and evaluating their service providers.

4. Just about everyone has suffered from some sort of cyber incident.

Most firms reported that they have experienced some sort of incident, usually related to malware or fraudulent emails. While the term “incident” is broadly used in the report, most cases refer to the aforementioned attacks.

5. Firms are suffering losses at the hands of hackers.

Through phishing and spear-phishing attacks, hackers are finding more and more success in getting firm employees to make financial transfers. For background, phishing is a more broad attack – such as an email asking a user to reset their password - while spear-phishing requires time and research before the attack. Spear-phishing often reveals itself through a heavily detailed email, perhaps from the alleged CEO to CFO, asking for a wire transfer. While it looks legit, the domain name or email address likely varies slightly from the original. Unfortunately, if not detected, it can trip up employees, as we saw from the SEC’s exam results.

Schoener mentions that most companies aren’t “aware of how much information is out there on the internet, not as a result of hacking or data leakage, but there is substantially more information on the internet than we all realize.” This readily-accessible information, of course, makes it easier for hackers to approach firms via spear-phishing attacks. To help best protect your company from this situation, employee training and awareness is crucial.

6. Employees are not always following firm procedures.

According to the exam results, most of the time firm employees are following procedures, however, skilled hackers can still convince even the most compliant employees to click a suspicious link or transfer a small amount of money. Employees can easily cut corners and put the firm at risk if the proper procedures are not in place to protect against cyber threats. The best solution is to have firm checks and balances in place and make sure that employees who handle any money and sensitive information are following procedures and not cutting corners.

7. Many firms are looking to their peers for information sharing.

As more and more organizations are being attacked, there is increased participation in information sharing among, typically, closed groups. According to Schoener, “a large number of, especially the very large broker-dealers, the big banks, all participate in something called FSISAC... that’s all about sharing intelligence around cybersecurity related to the financial sector.” This kind of information sharing can go a long way in keeping firms aware of industry happenings and hopefully better prepared for any future incidents.

8. Broker-dealers are significantly more likely to have a Chief Information Security Officer.

Many hedge funds and investment firms – particularly startups and smaller firms – do not employ dedicated CISOs, but rather COOs and CTOs handle those responsibilities. Duties include “understanding the policies that a firm has in place today and why they have them in place.” As the person or persons responsible for your firm’s security needs, it’s essential to stay up-to-date on the changes in technology and meet with service providers regularly to ensure your firm is in the best position to secure your data.

9. Very few advisers have cybersecurity insurance.

While the SEC exams found that few RIAs currently employ cybersecurity insurance, we’re seeing more and more start-ups taking this into account during the launch phase. We also expect more established firms will be looking to evaluate these types of policies in the near future.

10. Broker-dealers are considerably more prepared than registered advisers.

Not surprisingly, broker-dealers fared better overall according to the results of the SEC’s exams. Based on their sizes and clientele, broker-dealers are more likely to make the investments in technology and have large IT staffs dedicated to security. That said, RIAs are likely to continue to boost their security defenses to meet both the SEC’s guidance as well as increasing investor expectations.

More Resources on Hedge Fund Cybersecurity:

Visit our Hedge Fund Cybersecurity Info Center

<![CDATA[Opalesque TV Exclusive: Cybersecurity Threats Facing Hedge Funds in 2015]]>, 24 Feb 2015 00:00:00 -0500 eci In this Opalesque.TV video interview, Bob Guilbert and Vinod Paul from Eze Castle Integration discuss the hedge fund cybersecurity landscape, specifically the risks facing investment managers in 2015. Both spend the majority of their time educating their client base on internal and external risks, protecting them against the “Activist Hacktivists” looking for any means of entry into funds.

These hackers will spend weeks, months, and sometimes even years trying to get access, most often with the goal of triggering illicit wire transfers out of the fund.

Today, the usual efforts of employees to avoid clicking links or opening files and password protocoling aren't enough. Everyone should be aware of new techniques employed by hackers like “spearfishing” and “whaterhole” attacks which, with more institutional dollars flowing into hedge funds, will become more frequent. Unless funds have the right Written Information Security Policy (WISP) and processes in place, together with true intrusion detection that monitors what is coming into the firm and what data and information is going out of the firm, they can be at risk of a cybersecurity attack.

Learn more about:

  • “Spearfishing” attacks to wire transfers

  • “Waterhole” attacks: Why actions such as ordering from an online menu can put your firm at risk

  • SEC requirements and best practices

  • Defining a “WISP” – Written Information Security Policy

  • Multiple points of entry holding information across service provider platforms

  • Eze Castle and eSentire Partnership

  • Increasing cloud adoption rates in larger funds

  • Shift in perception of cloud safety

Additional Resources on Cybersecurity:

<![CDATA[Covering FINRA's Top 7 Key Cybersecurity Practices]]>, 19 Feb 2015 00:00:00 -0500 eci This month (February 2015) The Financial Industry Regulatory Authority (FINRA) issued a Report on Cybersecurity Practices to assist firms in responding to the growing threats of cyberattacks. The report centered on seven (7) “key points” as defined by FINRA.

Our team regularly counsels clients on how to address these cybersecurity practices. So in the interest of sharing, here is a high level snapshot of how Eze Castle Integration addresses the key points in the report.

Key Point 1: A sound governance framework with strong leadership is essential. Numerous firms made the point that board- and senior-level engagement on cybersecurity issues is critical to the success of firms’ cybersecurity programs.

Eze Castle Integration has an appointed Chief Information Security Officer and an established Computer Security Incident Response Team (CSIRT). CSIRT members have predefined roles and responsibilities, which can take priority over normal duties. The CSIRT team is overseen by the Chief Information Security Officer (CISO), and comprised of individuals from various groups such Network Operations, Client Services, Cloud Services, Project Management, and Human Resources.

Key Point 2: Risk assessments serve as foundational tools for firms to understand the cybersecurity risks they face across the range of the firm’s activities and assets—no matter the firm’s size or business model.

Risk Assessments are built into Eze Castle Integration’s Information Security Policy as well as our Business Continuity Plan.

From an information security/cybersecurity perspective, Eze Castle Integration retains third-party managed security provider eSentire to perform security audits on our corporate infrastructure as well as the Eze Private Cloud infrastructure.

For Business Continuity Planning, Eze Castle Integration has a Certified Business Continuity Planner on staff. The company conducts reviews of BC/DR procedures and policies. The business requirements are continually reviewed through training and testing. Technical solutions are generated to address any potential recovery gaps and exposures.

Key Point 3: Technical controls, a central component in a firm’s cybersecurity program, are highly contingent on firms’ individual situations. Because the number of potential control measures is large and situation dependent, FINRA discusses only a few representative controls here. Nonetheless, at a more general level, a defense-in-depth strategy can provide an effective approach to conceptualize control implementation.

As outlined in Eze Castle Integration’s Information Security Policy the company follows the Principle of Defense in Depth as well as Principle of Least Privilege. This includes employing multiple layers of security to protect all systems and data as appropriate, as well as limiting access to only those who need it.

Key Point 4: Firms should develop, implement and test incident response plans. Key elements of such plans include containment and mitigation, eradication and recovery, investigation, notification and making customers whole.

Eze Castle Integration has an Information Security Incident Management Policy in place. The policy outlines the requirements for dealing with computer security incidents. Security incidents include, but are not limited to: virus, worm, and Trojan horse detection, unauthorized use of computer accounts and computer systems, as well as complaints of improper use of Information Resources as outlined in the Acceptable Use Policy. Eze Castle Integration requires all employees to participate in information security training.

Key Point 5: Broker-dealers typically use vendors for services that provide the vendor with access to sensitive firm or client information or access to firm systems. Firms should manage cybersecurity risk exposures that arise from these relationships by exercising strong due diligence across the lifecycle of their vendor relationships.

Eze Castle Integration has extensive information security policies in place that are coupled with deep technical safeguards. We review all policies, employee adherence to these policies, the risk landscape and technical safeguards regularly and make adjustments as necessary.

Key Point 6: A well-trained staff is an important defense against cyberattacks. Even well-intentioned staff can become inadvertent vectors for successful cyberattacks through, for example, the unintentional downloading of malware. Effective training helps reduce the likelihood that such attacks will be successful.

All Eze Castle Integration employees are required to participate in annual educational and training sessions regarding Nonpublic Personal Information held by Eze Castle Integration. This includes all permanent and part-time employees, applicants, independent contractors/consultants, etc. The training sessions address the security precautions contained in the company’s Information Security Policy.

The training sessions also address security practices and procedures, including reporting procedures, material packaging or forwarding, preparation of media, e.g., CDs, DVDs, wireless devices, hard drives, security conditions during travel and other issues. All new hires entering Eze Castle Integration receive Nonpublic Personal Information training during the New Hire Orientation. New hires will receive a copy of this policy and implementing procedures for the department to which they are assigned.

As part of Eze Castle Integration’s Business Continuity Plan, quarterly a few employees are selected from each department at each office to participate in a remote test (i.e., work from their home). The goal is to validate connectivity and access to critical applications through the primary data center.

Key Point 7: Firms should take advantage of intelligence-sharing opportunities to protect themselves from cyber threats. FINRA believes there are significant opportunities for broker-dealers to engage in collaborative self-defense through such sharing.

Eze Castle Integration participates in industry groups to share information and stay current on the evolving technology and cybersecurity landscape.

Cyber Security Hedge Fund Guide

<![CDATA[A Look at OCIE's Cybersecurity Exam Sweep Findings: Hedge Funds Take Note]]>, 17 Feb 2015 00:00:00 -0500 eci In its 2015 priorities, the SEC’s Office of Compliance Inspections and Examinations (OCIE) listed cybersecurity as a key focus area in its risk-based assessments. Then on February 3, 2015, OCIE released summary findings from its Cybersecurity Examination Sweep.

OCIE’s sweep focused on written documentation for their assessment and conducted "limited testing" of the accuracy of the responses. They did not review the technical sufficiency of the firms’ programs either. OCIE’s reliance on documentation highlights the importance of complete Written Information Security Policies.

Following are noteworthy items Eze Castle Integration observed in reviewing the findings.

  • Cybersecurity hedge fund guideMost firms adopted written information security policies, but 43% of advisers did not conduct periodic audits to determine compliance with these information security policies and procedures.

  • 49% of advisers did not discuss mitigating the effects of a cybersecurity incident and/or outline the plan to recover from such an incident in their written business continuity plans.

  • The vast majority of examined firms conduct periodic risk assessments, on a firm-wide basis, to identify cybersecurity threats, vulnerabilities, and potential business consequences. However, only 32% of advisers require cybersecurity risk assessments of vendors with access to their firms’ networks.

In the Written Information Security Plans (WISP) Eze Castle Integration creates for clients, we include service provider risk assessments as a standard element.

  • 88% of broker-dealers and 74% of advisers stated that they have experienced cyber-attacks directly or through one or more of their vendors. The majority of the cyber-related incidents are related to malware and fraudulent emails.

  • 25% of broker-dealers reported losses related to fraudulent emails and employees not following the firms’ procedures. While this is a small percentage, firms need to ensure they are training employees in addition to documenting the security policies and implementing tighter security.

  • Only 13% of advisers have policies and procedures related to information security training for vendors and business partners authorized to access their networks.

From our perspective, the low number (13%) is not surprising as smaller firms (i.e. hedge funds) do not have the resources to train their vendors, brokers or business partners. Rather, they are requiring these partner firms to train their own employees.

  • Only 30% of advisers have designated a CISO; rather, the advisers look to their CTO to assume responsibility or have another other senior officer (i.e. CCO, CEO, COO) liaise with a third-party consultant who is responsible for cybersecurity oversight.

This finding highlights the expectation of CTOs to serve as CISOs and highlights the evolving role of technologists within firms.

The staff is still reviewing the information to discern correlations between the examined firms’ preparedness and controls and their size, complexity, or other characteristics. As noted in OCIE’s 2015 priorities, they will continue to focus on cybersecurity using risk-based examinations.

Webinar on OCIE's Cybersecurity Sweep & Hedge Funds

Watch our webcast as we review the SEC's cybersecurity exam findings and best practices for managing a secure investment firm. Click here to View.

Hedge Fund SEC Cybersecurity Event

<![CDATA[Like for Life Campaign: Empower Children Through Education]]>, 12 Feb 2015 00:00:00 -0500 eci Valentine’s Day is just around the corner, and Eze Castle is taking heed of this opportunity to spread the love.

For the fifth consecutive year, we are hosting a "Like for Life" Campaign with the intent to spread awareness and raise donations for a charitable cause. This year, we will be supporting School on Wheels, an organization that strives to educate and empower underprivileged children impacted by homelessness. The group’s mission is to augment the educational opportunities available to more than the 1.6 million homeless children in the United States.

To achieve this goal, School on Wheels provides academic support, school supplies and one-on-one mentoring to children so they can reach their full potential. Since 2004, School on Wheels of Massachusetts has:

  • Trained 1,627 volunteer tutors

  • Distributed 6,028 backpacks

  • Enrolled 35 students in college

Providing children with these educational resources stimulates collaboration and growth, ultimately connecting them to one another, new horizons and a brighter future.

To support this worthy organization, Eze Castle is hosting a social media fundraiser in which we pledge to donate $1 to School on Wheels (up to $1,000) for every new “like” we receive on our Facebook page and every new follower acquired on Twitter (@EzeCastleECI). The pledge campaign will run between February 12, 2015 and March 12, 2015.

Please take a minute and “like” us on Facebook and follow us on Twitter to help us support School on Wheels. Your efforts can help improve the lives of children and increase their opportunities to learn.

Like for Life Campaign]]>
<![CDATA[Winter Weather Preparedness: Considerations for Keeping Your Firm and Employees Operational This Winter]]>, 10 Feb 2015 00:00:00 -0500 eci Anyone who lives in a region that regularly receives snow knows (and expects) that every winter brings the potential for experiencing disruption, delays, cancellations and closures to roads, buses, trains, boats and subways that transport people to and from work. (If you’re in the Boston area, you’re experiencing this today with the MBTA shutting down all rail service to clean up from more than 70 inches of snow in the last three weeks.) Snow storms don’t just affect transportation though; weather events can cause power outages, force evacuations, impact deliveries, and as we saw recently with Winter Storm Juno, can cause entire states to ban travel.

Impacts of Heavy SnowSnowstorm

Let’s consider some of the issues firms can face even if a travel ban isn’t in place and employees must attempt to make their way to the office.

Most people who commute to work know that adverse weather can have a major impact on their travel to and from the office. Regardless of the manner of transportation (car, rail, subway, boat, bus, etc.), all will most likely experience delays and present challenges for commuters during a snow storm. Delays, breakdowns, cancellations, and longer commuting times are very common throughout a storm and can still impact travel days after a storm concludes, leaving employees largely unable to work effectively if at all.

For a firm where most employees drive to the office, employees and management should be aware of some statistics taken from the federal highway administration over a 10-year period of time involving driving incidents during poor weather conditions. Choosing to drive in adverse weather for commuters can be risky; for some employers it may be worth considering alternative work options for those employees.


1,311,970 crashes

23% of vehice crashes

430,338 persons injured

20% of crash injuries

6,253 persons killed

17% of crash fatalities

* "Weather-Related" crashes are those that occur in the presence of adverse weather and/or slick pavement conditions. (Source: US Dept of Transportation, Federal Highway Administration)

Working Remotely

It isn’t uncommon for firms to allow employees to work remotely during weather-related events. But before the decision to work from home is made, you want to ensure employees have the resources they need (i.e., computer or laptop, strong Internet connection, instructions for accessing data, Help Desk contact information, etc.), and test! We strongly encourage firms to validate employees’ home setups before logging in during a storm event. This will ensure employee can spend their time focusing on work tasks instead of troubleshooting technology problems.

Technical Factors: Licenses, Access and Power Outages

Even for firms that allow employees to work remotely, issues can arise if the number of licenses purchased is not enough to cover the entire firm. Even in established companies there can be issues with connectivity and access for employees. If your firm doesn’t have IT personnel on staff, make sure you have up-to-date contact information for your IT provider so you can quickly contact them if any issues are experienced.

In most heavy snow/blizzard conditions, power outages are also common. It’s important to preplan and, in some cases, purchase items that will allow employees to continue working - think wireless Internet accessories or battery backup sources/alternative power sources.

Personal Factors: Family Responsibilities and Distractions

During the recent Juno Storm, many Northeast states announced a travel ban for non-emergency service personnel, forcing employees and their families to remain at home. This can be troublesome for parents expected to work while home with children who require supervision. It’s important for managers to realize there may not be easy solutions for these parents during this type of scenario and to set realistic workload expectations for their employees.


Maintaining communications is vital to every business, especially during a weather-related event. Being able to seamlessly continue communications even while remote or out of the office is important. A little planning can go a long way in this effort. Having critical business contacts stored on a mobile device or an accessible shared drive can help firms keep clients, partners, and vendors in the loop during any type of disruption. A call forwarding service is also an option to consider implementing so that any calls that would go to an office phone are redirected to a home phone or cellphone.

Working at the Office

If you or employees in your office do manage to make into the office during a storm, you should consider assigning a point person to ensure everything stays operational and can report outages to the appropriate contacts (i.e., senior manager, building management, etc.).

In addition, you might want to reconsider outdoor evacuation sites during and after the storm. It is important to be aware of the impact of the snow piles left from plows or shoveling on the preplanned evacuation sites. If your firm’s building or offices are being evacuated, ensure employees have a safe location (preferably indoors) at which to gather and account for staff. Depending on your firm’s size you may consider having multiple alternate locations, such a department store or coffee shop for smaller firms or a hotel lobby or a nearby parking structure.

In conclusion, some of the impacts of snow storms are unavoidable. Most employees are subject to the same issues when trying to commute to work during these situations. However good planning and a little investment can make a difference for your employees and your firm’s business continuity.

DR/BCP Guidebook

To read more about winter weather preparedness, check out these articles:

Photo Credit: Wikimedia

<![CDATA[2015 Hedge Fund Trends & SEC Exam Priorities (Webinar Recap)]]>, 05 Feb 2015 00:00:00 -0500 eci With a new year comes new regulations for hedge funds and investment firms. Earlier this week, Eze Castle Integration hosted a webinar during which Ricardo Davidovich, partner at Haynes & Boone LLP, shared his insight into the Securities and Exchange Commission’s (SEC) new examination priorities as well as reoccurring themes firms should expect to see play out through the year.Ricardo Davidovich

What’s New in 2015

Retail Investors

One priority for examinations this year is the focus on retail investors. Davidovich says that “hedge funds, which in [the SEC’s] mind have historically been an exclusive and private club, are being sold to the retail and consumer client base.” Meaning they will be taking a closer look at the types of fees being sold, the sales practices and the suitability analysis. Firms should focus on making sure no information released is misleading and that there are provisions against fraud. There should be a real emphasis on policies to create guidelines that can be shown and proven to the SEC.

Market Wide Risks

With this priority, the SEC is focusing on keeping the markets fair and orderly. They want to protect investors, especially ones who invest in large firms with many affiliates. This is also where the focus on cybersecurity comes in. With many businesses suffering cybersecurity attacks in 2014, it makes sense that the SEC will focus on this aspect of the market. Having robust security and infrastructure policies and systems in place will help to strengthen the market and decrease risk across the board.

Annual SEC Focuses

Marketing/Performance Advertising

This is a strong point of contention with investment advisors and fund managers. As one of the most regulated areas by the SEC, funds partaking in advice marketing and advertising must employ strict policies and procedures to demonstrate to the SEC that they are in compliance. Proving that your firm has a “culture of compliance” is the most effective way to keep the SEC’s attention away from you.

Any time a fund is actively promoting itself to solicit investment, there are provisions to be wary of:

“There are some considerations out there that suggest targeted performance... there is little guidance but the commission has made it clear through other avenues that whenever you’ve got a fund manager or investment advisor that said ‘we seek to beat the index by “x” percent’… you need to have a good faith demonstrable basis for that targeted return.”


This focus is about a potential conflict of interest. When a manager tells investors one thing, but values their portfolio in a different way, thus leading to mistrust and confusion, the SEC is going to notice.


To have custody, you have to have access to the investor’s money. There are occasions when partners don’t realize that they have custody for various reasons, so awareness is very important. When you don’t have all the information, the decisions being made could be affected in a negative way.

Material Non-Public Information (MNPI)

Also known as insider trading, the SEC has struggled in the past with prosecuting claims as most cases tend to settle or lose traction. Davidovich points out that a lot of the time, people aren’t looking to share MNPI but do it accidentally. “It’s a lack of understanding of what happens or where the triggers are,” which means that investors are simply trying to gain knowledge or advice, but the use of expert networks can lead to issues with MNPI. When investment managers are doing research, they are constantly trying to talk to more senior personnel, who tend to be less trained in what they can and cannot say, which can lead to accidentally leaked MNPI. Adhering to a detailed and structured policy is the safest way to avoid succumbing to MNPI incidents.

To hear more from Ricardo Davidovich, Partner at Haynes & Boone LLP, including his thoughts on the 2015 seeding landscape for investment firms, watch our full webinar replay below.

To read more on hedge fund technology and operations trends, check out these articles:

<![CDATA[Outlook for iOS and Android Deliver Potential Security Concerns]]>, 03 Feb 2015 00:00:00 -0500 eci At a time when cyber-attacks are becoming more and more frequent, protecting your company’s information is of the utmost importance, which is why Eze Castle Integration is advising clients to hold-off on downloading Microsoft’s Outlook for IOS and Android.

Outlook for iOS and Android, Hedge Funds security concerns

The Background

In December 2014, Microsoft acquired tech company, Acompli, which was known for their mobile mail application. Now in 2015, Microsoft has rebranded the app as an Outlook application for IOS and Android phones. While the product has done well and has a following, many are wary of certain procedures and features that could compromise information moving forward.

How Does It Work?

The application uses ActiveSync (EAS), for the majority of users, and OWA, for advanced functionality. EAS grabs information from Exchange, which then is processed and pushed to the clients. However, each step of the process has potential complications. The platform includes email, calendar features, attachment integration with OneDrive, Dropbox, Google Drive, Box and iCloud, and customization.

To set up the application you must give your login information so the app can link to your account. It then stores this data, meaning your credentials are held somewhere in a cloud. The only exception being Gmail users, which requires OAuth authorization. Microsoft uses AWS IP to constantly monitor the account in order to notify you, the user.

However, they don’t ask your permission before storing your login information and don’t state where they are holding your credentials.

Trial users have reported that even after deleting the application, as soon as they uploaded the app again, information was being pushed to their mobile devices prior to re-entering login credentials. This presents a serious cybersecurity issue, as the location and magnitude of information being saved is unknown.

What Are They Storing and Where?

It appears they are storing login information as well as some personal data. For example, as stated in Acompli’s privacy and securities policy,

Some user data are retained in Acompli system during the lifetime of a user account, always encrypted at rest. A user can choose to completely purse his/her account from the mobile app, in which case all user data will be wiped clean throughout the Acompli system, from both the mobile device and the server farm.”

This isn’t the only time private information that is held on outside servers. Their policy also states that,

The service retrieves the calendar data and address book contacts associated with your email account and securely pushes those to the app on your device. Those messages, calendar events, and contacts, along with their associated media, may be temporarily stored and indexed securely both in our servers and locally on the app on your device.”

At this point, Microsoft has simply rebranded this product, meaning this is still the process that information goes through before it sits in your inbox. This again is a security issue for companies as they don’t know which information is being stored by Acompli.

In the exchange process, the data is stored on cloud servers in the United States before being pushed to your mailbox. For non-US users this has the potential to introduce data sovereignty and regulatory concerns.

Additional Reasons to Give Pause

A few other concerns:

  • Currently missing is the ability to enforce PIN locks at the device and application levels; wipe the device after maximum failed password attempts; and force activity time-out limits that require users to re-enter their PIN after a certain amount of time.

  • Built in connectors to OneDrive, Dropbox, and GoogleDrive potentially allow the easy sharing of confidential company files or access to malicious files. This is an added issue that could compromise information.

While some believe that the negative hype is just that, hype; it may be better security wise to wait and see what updates and changes Microsoft will make for the future before installing the application.

Related Articles


Sources: WindowsITPro, Winkelmeyer, Tom's Hardware, Acompli, Venture Beat, Exchange Server Pro

<![CDATA[Blizzard 2015: Business Continuity Tips and Reminders for Disaster Events]]>, 27 Jan 2015 00:00:00 -0500 eci If you live in the Northeast United States – anywhere from DC to Maine – you’re likely living through the Blizzard of 2015 right now. Snow and heavy winds are pounding the East Coast, with snow totals expected to exceed 2 to even 3 feet in many areas and wind gusts to reach hurricane strength.

During weather events such as this, it’s critical that firms take precautions to ensure that not only do their technologies work and their businesses remain operational, but that their employees are safe, connected and receiving constant communications. We’ve experienced many events such as this in recent years – Hurricane Sandy is probably the most memorable – but the Blizzard of 2015 is an important reminder to firms about employing comprehensive business continuity plans and disaster recovery systems.

Here are a few reminders to get your firm through this latest weather event:


Communicating effectively with your employees is especially critical before, during and after disasters and other weather events. Be sure to keep your employees in the loop on what’s happening and what’s expected of them. Should they work remotely in the event they can’t get to the office? Are non-essential personnel expected to use paid time off? When can they expect updated communications regarding next steps?

If your firm employs a comprehensive BCP, you’ve likely already shared regional Quick Reference Cards so your staff is aware of evacuation locations, remote access policies and instructions and other communication essentials.

Remote Workers

With “states of emergency” declared across several states, odds are, if possible, your employees are working from home today. Hopefully you’ve properly trained all employees to log in remotely. As a reminder, here are a few different options for remote access:

  • VPN: IPSec or SSL VPN technologies work by connecting your home computer to that which resides in your office. You are able to “remote desktop” and run all of the applications that live on your work computer’s server.

  • Citrix: With a Citrix server, you are able to log into a website via any computer and get access to the applications that live on the Citrix server in your office. When you click any application icon, it will appear as if it is running locally despite being housed on your office server.

  • OWA: For those companies who use Microsoft Outlook for email, you can log into OWA to access your email account from an external computer.

Regardless of which system or systems above your firm chooses to employ for remote access, it’s imperative to properly train employees so they have a clear understanding of how to use them (and hopefully have tested them effectively prior to the disaster striking).

Finally, here are some handy tips in one presentation we hope will help your firm make it through this and the next disaster situation. As always, Eze Castle Integration’s Business Continuity experts are adept at working with firms to create and augment BCP plans in order to ensure business operations are not affected by weather events. If you would like to speak with someone on our team about your firm’s BCP plan, please don’t hesitate to contact us.

Additional Resources on Business Continuity Planning:

BCP/DR Guidebook

<![CDATA[Tips for Healthy Flu Season Operations]]>, 22 Jan 2015 00:00:00 -0500 eci According to the Center for Disease Control (CDC), "All national key flu indicators are elevated and about half of the country is experiencing high flu activity." So here are some tips to keep your firm operating smartly during flu season. Watch, read and learn.

  1. Monitor the flu situation.

  2. Get a flu shot.

  3. Limit exposure to others if you have flu symptoms.

  4. Limit onsite meetings.

  5. Keep contact information current.

  6. Review BCP and DR activation procedures.

  7. Update employee DR materials.

  8. Communicate flu policy.

  9. Supply disinfecting wipes for all offices.

  10. Stay home if you have the flu.

Contact us to discuss in more detail the role flu preparedness should play in your BCP.

<![CDATA[Hedge Funds: It's Time to Get Bullish On Social Media, LinkedIn]]>, 20 Jan 2015 00:00:00 -0500 eci Trying to avoid social media is increasingly futile, even for hedge funds. We live in a ‘sharing’ culture, so it’s time to embrace it and control (or at least contribute to) your online profile.

In its 2015 predictions article, third-party marketing firm Agecroft Partners listed increased social media usage by hedge fund managers and investors as a key trend, and here’s why:

“…Social media is being used for research, to build stronger relationships and help promote a firms’ brands in the market place. Some managers are also using it to promote their investment ideas in order to create a catalyst for a security. The most commonly used social media is LinkedIn, which is broadly used throughout the industry. In 2014, Twitter was used by many people in the industry for the first time and this is expected to increase in 2015. Finally, we are beginning to see some use in YouTube where organizations are creating videos that can be posted on websites, distributed through social media or emailed to a distribution group…”(Source: Top Hedge Fund Industry Trends for 2015 by Don Steinbrugge)

Getting the Basics Right: LinkedIn

If a hedge fund manager has time for only one social media outlet, LinkedIn is the one. Over 332 million people use LinkedIn, and new members join at a rate of 2 per second. Additionally, 40% of users check LinkedIn daily (source: Digital Marketing Ramblings).

And from a search perspective, your LinkedIn profile is almost guaranteed to come up on the first page of results for a Google search of your name. So let’s look at how hedge fund managers can enhance their LinkedIn profiles.

LinkedIn Profile Basics

  • You need a picture. People won’t take you seriously or want to connect with you if they can’t see what you look like. Plus, your profile is 11 times more likely to be viewed if you have a picture.

  • Write a summary. This is an open space that allows you to hone in on the key qualities, attributes and skills you want to highlight.

  • Include all (relevant) job experience.When you add your company, be sure it is linking to the firm’s LinkedIn page as this is an easy way to direct your connections back to your firm’s page after viewing your profile.

  • Add skills. From a personal brand perspective, adding skills is an easy way for people to find you.

Customizations on LinkedIn

  • Customize your URL to reflect your firm name (and a personal one if you have a personal webpage).

  • Optimize your ranking for certain search terms by adding them to key sections of your profile including Headline, Summary, Work experience and Specialties.

LinkedIn Hedge Fund Groups

  • Join groups that are relevant to your experience and interests, such as the Hedge Fund Group or IvyExec.

  • Position yourself as an expert and become a thought leader by asking and answering questions. Groups are also a great way to foster conversation, generate new ideas from peers and connect with key people.

LinkedIn Profiles that Get it Right

Here are a few folks on LinkedIn who get it right. Check out their profiles for ideas:

JD David, COO at Meyler Capital

Thomas Plaut, Forex Trading Executive

Don A. Steinbrugge, Managing Partner at Agecroft Partners

Richard C. Wilson, Single Family Office Advisor

Last but not least, here's an Eze Castle Integration LinkedIn profile doing it right: Vinod Paul, Managing Director.

Want More Hedge Fund Marketing Tips?

Watch our video with Meyler Capital on 'Hedge Fund Marketing Tips to Impress Investors and Raise Capital'

<![CDATA[Happy New Year! Employee Resolutions for 2015]]>, 15 Jan 2015 00:00:00 -0500 eci Happy New Year, all!

As we embark on the New Year, there is no better time to reflect on 2014 and set new goals for the future, both personal and professional. We’ve asked a few of our employees at Eze Castle Integration what their aspirations are for 2015. Check out what some of their responses were below.2015

  • "Eat out less and cook at home more often." - Jim Bove, Systems Engineer

  • "To learn more about technology. You can never learn enough!" - Tim Macdonald, Product Manager

  • "To travel more." - Elizabeth Martin, Resource Coordinator

  • "To actually go to the dentist every six months and the doctor once per year." - Steve Montecalvo, Client Technology Manager

  • "To look at all situations from a more positive viewpoint." - Jess Teatom, Operations Coordinator

  • "To approach things more proactively." - Evelyn Villemaire, Associate Product Manager

  • "Do more arts and crafts, keep a cleaner kitchen, bring lunch to work everyday, watch Best Picture nominated movies, take the stairs more often, and eat more fruit and veggies." - Anna Wendt, Marketing Co-op

And don't forget to read our recent Hedge IT post, which featured five resolutions that all hedge funds should consider!

<![CDATA[A Proactive Approach to Cybersecurity for Hedge Funds, Investment Firms]]>, 08 Jan 2015 00:00:00 -0500 eci This article originally appeared on TABBforum and was contributed by Steve Schoener, senior vice president of client technology at Eze Castle Integration.

Cybersecurity certainly made its mark on the hedge fund and alternative investment industry in 2014. Threats consistently increased in frequency, sophistication and form. With the release of the SEC’s Cybersecurity Risk Alert this past April, firms were forced to react swiftly and leave their outdated security practices behind. 2014 was a reactive year for hedge funds, but we envision a shift in trends for 2015.

Prior to heightened regulations and detailed due diligence and IT security questionnaires, the majority of financial firms were drawing their curtains closed when it came to facing the reality of the threat landscape. But it was only a matter of time until businesses no longer could turn a blind eye to threats and investors knocking at their front doors.

Over the past year we have witnessed an unceasing number of cyber-attacks and potential threats, as well as heightened security regulations placed upon hedge funds. Consequently, we’ve all read the headlines and best practices guidelines when it comes to cybersecurity. While these resources are all helpful, there is an untapped core that lies beneath this hot topic’s surface layer. That is, the ever-evolving future and forthcoming trends for hedge fund information security. So what do we at Eze Castle Integration forecast for cybersecurity in 2015?Phishing

Went to Work, Caught a Phish

A common security threat on the rise among the industry is phishing. In traditional phishing, cyber criminals send mass messages to millions of users to increase the chances of infecting recipients (generally by enticing users to click a link and infect their environments or, in some cases, require financial action be taken). Spear phishing, on the other hand, utilizes a much more targeted approach and selects specific individuals and companies to attack. In this case, attackers do their homework and research social networking profiles as well as company employee names and titles. Tapping into personal and sensitive information provides attackers with the means to mirror familiar email addresses, dialect and URLs in their messages and ultimately better deceive users.

We anticipate this type of targeted attack on financial firms to continue to proliferate in 2015, primarily because cybercriminals utilize tools that are tested and true to hack intellectual property. To reduce the chances of getting hooked, users need to double check email addresses, websites and sender contact information. Variables that differ between authentic and fraudulent may come down to one special character, letter or number.

Think Global

Successful high-profile breaches have paved the way to global opportunity for attackers. Cybersecurity headlines crossed borders and continents in 2014, and this trend will continue to burgeon in 2015, but on a much larger scale. Contributing to this expansion is the drop in prices of malicious malware in underground markets. Additionally, syndicates are hired by international crime organizations to exploit computer software flaws and security gaps. This increasing movement toward remote attacks means firms need to expand their security reach to become as safeguarded as possible.

The Social Side of Cybercriminals

Our constant connectivity to social networks has opened the floodgates to impromptu soirees with cybercriminals. We predict social campaigns, along with new, diverse hacking tactics, will escalate in 2015. Through social networks, criminals are able to track our likes, contacts, places and searches. Familiarizing themselves with our personal information and Internet routines gives hackers an upper hand in curating deceptive origins and forms.

Staying Ahead of the Hacker’s Curve

Approaches to security in 2015 will vary firm to firm. However, awareness of threats is no longer enough and common information security mistakes need to be a way of the past. It is imperative that all businesses understand the risks, strengthen and implement security measures, and have Business Continuity Plans (BCP) in place to prepare for the possibility of a data breach. Every employee needs to be more conscious when opening emails, downloading programs and connecting to networks, both in firm offices and when working remotely. In order to have a proactive year for security in 2015, firms need to cover all of their bases, both internally and externally.

Additional Resources on this Topic:

Cybersecurity Whitepaper

Photo Credit: Flickr]]>
<![CDATA[New Year, New Resolutions for Hedge Funds]]>, 06 Jan 2015 00:00:00 -0500 eci It’s officially 2015! With the New Year upon us it is important to set new goals for the future. In today’s post, we will offer five resolutions hedge funds should consider to help pave the pathway for another prosperous year.

Resolution #1: Prepare for CybersecurityHedge Fund Resolutions

In 2014, hedge funds were revamping their IT policies and upgrading their methods of preventing, detecting and responding to cyber threats. However, this push to overhaul and enhance security was largely reactive to the several breaches we witnessed in 2014. Among those companies affected were Sony, Target, JP Morgan Chase and Home Depot. In 2015, we predict cybersecurity will remain at the forefront of headlines. That being said, hedge funds should prepare ahead of time and have detailed information security policies in place.

Resolution #2: Avoid Common Cloud Mistakes

When it comes to hedge fund operations and technology, there is no margin for error. Common mistakes range from not sizing bandwidth adequately to business needs to not planning proactively for applications and assuming deep security safeguards are in place. Hedge funds that take the proper precautions and do their research when cloud shopping save themselves from preventable stress and inflated issues down the road.

Resolution #3: Know Basic Cloud Terminology

Technology is ever-evolving. To help make these continuous developments less overwhelming, we suggest keeping up-to-date with cloud jargon. In 2015, ensure your hedge fund has brushed up on basic cloud terms to stay in the know, rather than behind the curve.

Resolution #4: Proactively Set Policies in Place

At Eze Castle, we recommend that all hedge funds employ several layers of security and have a Business Continuity Plan (BCP) in place to help mitigate risk and reduce the level of impact should a disaster occur. Firms should also make sure information, whether confidential or sensitive, is protected by internal and external policies. Having the following guidelines and procedures in place will help prevent sensitive and confidential business data from falling into the wrong hands:

Resolution #5: Test Your Disaster Recovery (DR) Systems Frequently

We cannot stress enough how imperative it is to test DR systems on a regular basis. Why should you test it? Because it helps ensure that the DR site meets your present business needs as well as your firm's needs during a disaster. As your organization evolves and changes, your DR system should adapt accordingly. Not testing this sytem could leave your fund vulnerable to a disaster and may hinder the continuation of efficient business operations.

Additional Resources:

BCP/DR Guidebook]]>
<![CDATA[The Best in Hedge Fund Technology: Hedge IT 2014 in Review]]>, 30 Dec 2014 00:00:00 -0500 eci It’s been quite a year, and as always, it’s hard to believe it’s over. In 2014, Hedge IT continued to thrive in its goal to provide advice and insight into hedge fund technology and operations. The financial services industry is evolving at a rapid pace, and we’re evolving our topics and conversations to keep up. Across 100 blog posts this year (not including this one), almost half of them – 49 to be exact – addressed the topic of security, which is undoubtedly one of the single most important focus areas for hedge funds and investment firms today. In addition to security, we covered everything from tips for starting a hedge fund to avoiding cloud mistakes to hiring for IT roles.

Looking ahead to 2015, we plan to keep the conversations tuned in to what really matters to hedge funds when it comes to technology, and we’ll share as much content as we can in as many formats as we can. But before we get too ahead of ourselves – it’s not quite 2015 yet – let’s take a look back at 10 of our most popular blog posts from 2014.

IT Security Dos & Don’ts2015 Happy New Year

As I mentioned above, we talked A LOT about hedge fund security this year. But one of the more popular security topics was actually the simplest. It was a list we compiled of simple dos and don’ts employees should be aware of. (For example, DO: Lock your computer when you leave your desk; DON’T: Open suspicious attachments). You can read the list here or watch a handy video we created on the topic.

Assessing Your Firm’s Attitude Toward Security: What’s Your Type?

Like I mentioned, security was big this year. Before identifying infrastructure components and implementing operational policies around security, a firm must first be clear on what its attitude is toward security. This attitude will filter through the company from the top down, and will therefore dictate how employees and the business as a whole operate on a daily basis. Take a look at the three security attitude profiles we created, and see where your firm falls.

A How-To Guide to Selling the Cloud to Your CFO

If you’re an IT Manager looking to move to the cloud, how do you go about pitching that move to your Chief Financial Officer? The CFO is tasked with understanding how a firm’s infrastructure decisions will impact the firm’s overall business and financial health, so it’s important to address his/her key concerns. We’ve outlined how to talk to your CFO about the cloud and what questions to answer to help secure his/her go-ahead.

51 Hedge Fund IT Due Diligence Questions Your Can Expect from Investors

2014 marked an important year for due diligence, as hedge fund investors became savvier than ever – especially when it comes to technology. We’ve narrowed down 51 critical DDQ questions your firm should expect to answer the next time your investors come calling.

Video: Why the Private Cloud Works for One Growing Investment Firm

We know most firms are using the cloud to support their operations, but sometimes it’s nice to hear a first-hand account. Bill Prew, CEO of INDOS Financial, an AIFMD depository fund based in London, spoke on camera about his firm’s decision to move the private cloud. Hear his story.

Hedge Fund Transformation Series

Back in May, we gathered a panel of hedge fund experts – in conjunction with our friends at KPMG – and talked about how the hedge fund industry is evolving with regards to technology and operations. Our two-part event recap focuses on how firms are using outsourced providers to support operations and the challenges to transformation.

A Hacker’s Tool Kit: Cyber Security Threats to Financial Firms

Even before the SEC revealed its cybersecurity exam questionnaire, we knew that security was going to be an important focus of 2014. Back in February, we attended a FBI Citizens Academy seminar during which the speaker examined how hackers are targeting financial firms today. Here’s a look inside a hacker’s took kit.

Hedge Fund Startup Tips from 9 Emerging Manager Experts

New hedge fund launches always have a lot of questions – and it’s understandable; they have so much to think about. That’s why we asked nine hedge fund startup experts across the industry to share their knowledge as part of our Emerging Managers Insight Article Series. Experts from prime brokerage, compliance, legal, technology and more share their expertise with new startups; choose from the individual articles or read the full compilation.

The Right Time to Move Applications to the Cloud?

We know firms are moving to the cloud, but when are they moving? We identified three primary inflection points at which hedge funds and investment firms typically make the decision to move operations to the cloud.

Why Are Hedge Funds Moving to Miami?

One of our most popular articles in 2014 focused on why hedge funds and other financial services firms are making Miami their new home. South Florida seems to be the new hotspot for finance, and we examined why. Take a look at why more than just sunshine is attracting new business.

We look forward to seeing you in 2015.

Happy New Year!

Photo Credit: Eze Castle Integration]]>
<![CDATA[Trend Watch: Technology Predictions for 2015]]>, 18 Dec 2014 00:00:00 -0500 eci As we say goodbye to 2014 and look ahead to 2015, we thought we'd pull together some of our top technology predictions for the new year. Take a look below and see if they match up with your expectations.


Cybersecurity was brought to the forefront during 2014, particularly when the SEC introduced its intention to focus on cybersecurity during this year’s round of examinations. Hedge funds have been overhauling their IT policies and upgrading their methods of preventing, detecting and responding to cyber threats. This was further reinforced by the many breaches we witnessed in 2014 including those that affected Target, Home Depot, JP Morgan Chase, and, most recently, Sony. By itself the Sony hack resulted in the release of personal data of both current and former employees, company wage data, communications from upper management and five movies being stolen and subsequently released to the public. As hacks and threats increase in complexity and frequency, we expect that cybersecurity will continue to be a big topic of discussion in 2015.


2014 has been one of the most turbulent years for firms with regards to safeguarding data. Firms have to be constantly vigilant, but even the most vigilant of firms have difficulty detecting hackers hiding under the guise of another user. Therefore, firms have been experimenting with the use of biometrics to analyze user behavioral patterns as a measure of determining whether or not a user is legitimate. This includes things such as click through rate, typing cadences and scrolling speed, but some financial institutions have also begun plans to implement voice recognition technology in call centers. These minute indicators would then factor into building a user profile, which firms can then match up against current behavior to conclude if a user has been compromised or not. Currently this technology is relatively new to the financial industry, but in the wake of recent cyber incidents, it may gain traction as a way of detecting cybercriminals.


Mobile technology has been mentioned on past trend lists, but deserves another mention here. BYOD policies have become a focus in 2014 along with the concept of “dark IT” which has developed as company employees have brought new apps and technologies that have not been sanctioned by the company into the workplace. IT personnel may not be equipped to handle troubleshooting these devices if they have not been provided with the correct procedures and training to handle it, and this may allow for holes hackers can take advantage of to gain access to company systems. It is important that firms have appropriate policies to determine what sorts of devices and apps are permitted for work, which should be detailed in the company’s stance on BYOD.

Digital Currency

Perhaps one of the most intriguing things to hit the financial industry, bitcoin is a universal digital currency or cryptocurrency used in the same way as credit cards and cash. Bitcoins are stored in a virtual “wallet” on a cloud or computer. There are various software systems which transact bitcoins and are currently gaining the interest of investors as a way to trade. Though currently there is very little regulation from the US or other international governments, there have been movements towards establishing a financial policy relating to bitcoin which may indicate an opportunity for investors and firms.

Photo Credit: Wikimedia Commons

<![CDATA[A How-To Guide to Selling the Cloud to Your CFO]]>, 16 Dec 2014 00:00:00 -0500 eci If you’re one of the seemingly few firms who has yet to make the move to the cloud, it could be for a variety of reasons. Perhaps you want to maintain total control of your IT environment. Or maybe you’re waiting for a tech refresh to motivate you. Alternatively, it could be that you just haven’t made the proper case to management for switching to the cloud – and many times the one who really needs convincing is the Chief Financial Officer (CFO).

If you’re the Chief Technology Officer (CTO) or IT Manager, your responsibility is determining the infrastructure choices that are going to best suit operations at your firm. But those priorities may not line up exactly with those of the firm’s CFO. IT doesn’t always have insight into the financial ramifications of an operations decision of this magnitude. Instead they are typically focused on the other benefits including personnel reallocation, workflow efficiencies, etc.handshake

The CFO, on the other hand, is ultimately tasked with ensuring the company’s financial decisions are appropriate, and therefore, it’s often advantageous to at least attempt to speak his/her language when pushing for an IT change.

So how exactly do you go about getting the buy-in from your firm’s CFO when it comes to moving to the cloud? Here’s a handy how-to guide to get you started.

  1. Understand your current IT costs. Before you can make the pitch to your CFO, you need to realize the costs your firm is currently incurring for technology infrastructure (and personnel if that will be affected by your infrastructure decision). Once you have even a rough figure, you’re better equipped to approach your CFO with a cloud proposal and can outline the various cost-savings the firm is likely to incur as a result of the move.

  2. Do your due diligence. You’ll want to be prepared for your meeting – no need to waste your CFO’s time otherwise. Make sure you’ve thoroughly evaluated all of the appropriate cloud solutions available to you and compiled the necessary research to present to your CFO. Be sure to include both tangible and intangible benefits, such as cost-savings, scalability/flexibility of the solution, details on the third-party provider, etc.

  3. Stress predictability. One of the greatest benefits to cloud solutions is the transition of Capital Expenditures (CapEx) to Operational Expenditures (OpEx). With the cloud, firms no longer need to drop tens of thousands of dollars on costly hardware to power operations. Rather, costs are broken down into predictable, monthly (generally per user) fees that are simple to calculate when adding or removing users. This situation is ideal to point out to your CFO, as he/she will appreciate consistent budgeting and can easily factor it into the firm’s overall budget.

  4. Skip the tech talk. Odds are, your CFO doesn’t have an IT background. So explaining hypervisors, MPLS and intrusion detection systems shouldn’t be your first priority. Instead, focus on operational benefits and challenges and how the infrastructure decision supports the business as whole, not just the IT department. Getting into the nitty-gritty of the cloud technology will only confuse him/her and may make him/her less receptive to your proposal.

In addition to the above suggestions, we recommend you try to answer the following questions when meeting with your CFO:

  • How will the transition to the cloud shift the company's costs from capital to operating expenses?

  • How will the monthly costs change?

  • How will the annual costs change, particularly at 1 year? 3 years? 5 years?

  • What additional expenses can we expect to incur by moving to the cloud?

  • What costs (and risks) go away seeing as we will have to invest less in our own equipment?

  • How does our current IT cost structure compare with a public cloud strategy and a private cloud strategy?

  • Will transitioning to the cloud ultimately lower our costs and allow us more flexibility in approaching new business opportunities?

  • How can we audit and manage the risks associated with moving to the cloud?

Here are a few other resources you might find valuable during this process:

Billion Dollar Club Goes Cloud
Photo Credit
<![CDATA[IT Security Etiquette: A Best Practice Guide (Video)]]>, 11 Dec 2014 00:00:00 -0500 eci If you’re a loyal Hedge IT reader, you may remember we highlighted a few simple dos and don’ts a few months ago that, when utilized, can go a long way in shoring up your firm’s security. To make it easy, we’ve put these tips together into a video. Take a look below and discover a vast range of security tips and tricks from email encryption to proper security measures for protecting computers and mobile devices.

<![CDATA[Betting Against the Odds and Neglecting Risk:The True Cost of a Data Breach]]>, 09 Dec 2014 00:00:00 -0500 eci When it comes to the cost of a successful data breach, the ensuing ramifications are not limited to monetary loss. A firm’s confidential information, customer trust and overall operations are all at risk of being compromised. To protect their data and systems from cyber-attacks and breaches, it is critical that firms become as secure as possible.Hacker

Raising the Bar

Over the past year, we have witnessed more firms strengthening their security measures in an effort to comply with industry regulations as well as the SEC cybersecurity expectations. Additionally, we’ve seen an increase in frequency and sophistication of both data theft and cybercrime. A study by Risk Based Security revealed that within the first nine months of 2014 there were 1,922 data breaches reported and 904 million records exposed. Four of those incidents have made the Top Ten All time Breach List and three hacking incidents combined were accountable for nearly sixty percent of exposed records. Today, most hedge funds are aware of the severe negative effects a security breach can cause; however, gaining this knowledge may have been a tough lesson to learn.

Going All-In

Remember the old saying “no risk, no reward”? While this phrase may work favorably in some cases, there is no margin for gambling when it comes to a firm’s information security. Target groups do vary and victims range from big merchants and high-end retailers to public figures and common folk, but hedge funds remain a high profile target. A survey by the Ponemon Institute reported that in 2014 the annual average cost of successful cyber-attacks per company in financial services is $20.8 million. Although nothing is foolproof, hedge funds that prepare for the “what if” scenarios have a greater chance of thwarting an attack and minimizing financial loss.

Proactive Planning

At Eze Castle, we recommend that all hedge funds employ multiple layers of security and have a Business Continuity Plan (BCP) in place to help mitigate risk and reduce the level of impact should a disaster strike. Firms should also ensure information, whether personal or confidential, is protected by internal and external policies. Having the following guidelines and procedures in place will help prevent sensitive and confidential business data from falling into the wrong hands:

Cybersecurity Whitepaper

Photo Credit: Istock]]>
<![CDATA[Throwback Thursday: History of the Eze Private Cloud]]>, 04 Dec 2014 00:00:00 -0500 eci Less than ten short years ago, Eze Castle Integration saw a shift in the market and gap in the cloud space. Eze Private Cloud PlatformFirms had to hire multiple third-party vendors to fully outsource their IT needs, public cloud environments fell short of hedge fund security demands and service level contracts varied drastically. Fast-forward to today, and that very same spark of ideation has progressed to completely revolutionize hedge fund IT. In the spirit of Throwback Thursday, today we're reflecting on the journey and growth of our very own Eze Private Cloud.

In 2005, Eze Castle built and deployed the first hosted cloud platform for a large hedge fund based in New York City in 2005. By 2007, 18 funds spun out from the initial firm, each selecting Eze Castle as their trusted cloud platform provider. The following year, the company began building the foundation for the Eze Private Cloud. The same year marked the opening of Eze Castle’s hedge fund hotel in New York City. The environment, which supported more than 200 users, united the company’s cloud computing platform and fully managed office suites for startup funds.

In 2009, Eze Castle officially launched its Eze Private Cloud, making it a landmark year for the company. This new solution provided a fully hosted IT platform for hedge funds and investment firms across the U.S. Combining a high performance, fully redundant infrastructure with the industry's best IT experts enabled the company to manage over 30 applications within the Eze Private Cloud by 2010. Today, that figure has increased by 285%.

In 2011, the Eze Private Cloud expanded its presence overseas to support end users in the UK and further expanded in 2012 to Asia. The following year, the Eze Private Cloud grew more than 300% in number of both clients and users, and today it supports thousands of hedge fund users worldwide. This year, Eze Castle released the next generation of its cloud-based voice solution, Eze Voice. Additionally, we expanded our cloud offering to include Microsoft and Varonis applications. These new offerings provide collaboration, unified communications, file-sharing and security applications.

Since its official launch in 2009, the Eze Private Cloud has evolved into the highest performing cloud platform available and industry standard for hedge fund cloud computing. Over the past two years, the company has received 24 industry accolades for technology provided to financial services firms, including the following awards:

  • Best Managed Technology Platform: Hedgeweek USA Awards

  • Best Cloud-Based Services Provider: WatersTechnology Rankings

  • Leading IT Infrastructure Provider: Hedge Fund Journal

  • Best Cloud Computing Solution: HFMWeek US Hedge Fund Services Awards

Today, the platform is powered by state-of-the-art technology from VMware, Cisco, Dell, and NetApp. Eze Castle’s strong partnerships with these trusted vendors allow us to provide the highest quality, secure cloud computing experience to all clients. We continuously invest in and enhance our global financial cloud platform to ensure we are providing firms with secure, resilient, available and robust IT infrastructures.

Cloud Survey Results

Additional resources you might find valuable:

Photo Credit: Istock

<![CDATA[Common Information Security Mistakes (Video)]]>, 20 Nov 2014 00:00:00 -0500 eci As hedge funds and investment management firms shore up security practices in an effort to comply with the SEC cybersecurity expectations and other industry and investor standards, it can become overwhelming to sort out what's required and how firms should go about achieving compliance. It can also be easy to make mistakes. We asked Eze Castle's Business Continuity and Data Privacy Manager, Lisa Smith, to tell us about some of the common information security mistakes she witnesses firms make and how to avoid them in the future. Here are some of the key questions Lisa answers:

  • Where are you seeing the most deficiencies in cybersecurity preparedness?

  • What goes into an effective Written Information Security Plan?

  • What common mistakes do you find firms are making when it comes to information security safeguards?

Take a look at Lisa's answers!

Additional resources on Information Security Best Practices:

Cybersecurity Whitepaper]]>
<![CDATA[Crisis Communications Tips for Business Continuity]]>, 18 Nov 2014 00:00:00 -0500 eci How important is day to day communications within your company/firm? If an incident or disaster occurred today, how would your organization respond? Do you have a team or group designated to develop messages for both internal (employees, vendors, third parties, building management) and external (public, employee families, media) contacts? Have they practiced? When the pressure is on, is your organization prepared if a disaster or event suddenly puts your firm under the microscope with an onslaught of internal/external calls, questions, requests, emails, social media messages or media requests?

Crises and disasters continue to happen across borders and industries. Let’s not forget some of the more recent large scale disasters such as Hurricane Katrina, Typhoon Haiyan, Deepwater Horizon, Fukushima, Hurricane Sandy, and, of course, the ongoing major data breaches, just to name a few. That list doesn’t include more common events that may not make the major news networks such as utility failures, office fires, and systems outages. Smaller events like previously mentioned can cause minimal to significant disruption to business operations. This is why developing and practicing a variety of communications is vital in an organization’s response to an incident.

Some of these events can be predicted in advance, giving an organization time to make decisions, analyze other organization’s responses, consider impacts, and communicate a message or action. Sometimes events are sudden, such as an earthquake or active shooter. These events require immediate actions, decisions, and communications to be made. In either case - an immediate or delayed event - communication is critical to demonstrating proper leadership and providing employees with proper direction, especially if the event is centered specifically on your organization.

A recent example of effective communication and leadership occurred during the Boston Marathon Bombing press conference in April 2013. The briefing featured representatives from all the involved parties – sign of unified and organized communication strategy. Regardless of the amount of information disseminated, the listeners likely felt comfort knowing everyone was on the same page. In this case, the chief of the Boston Police Department, the Mayor, the Governor, State Police, MBTA Police, FBI, and Watertown Police prepared statements and answered questions to effectively communicate the ongoing situation to the public.

How important is your company’s reputation? Would poor communication to employees, clients, investors, the public, and the media impact your reputation - especially if your organization is at the forefront of a major event? Signs of poor communication typically include disorganization, conflicting reports, inaccurate predictions, information vacuums, insincerity, and confusing information. Communication is vital in almost every aspect of one’s personal and professional life and the same can be said for companies and firms. In general it’s people and companies that can effectively communicate to their audience that are perceived to be more organized and appealing.

Here are some tips to help with your firm’s communication:

  • Have an executive appointed group: 3 or 4 individuals prepared to speak, email, message, etc. on behalf of the firm in the event of an incident.

  • Keep it simple. Don’t over complicate the message. Make it to-the-point and easy to understand.

  • Create a schedule for information briefings if the event is ongoing. If you are not giving information, people will search out less credible sources or make it up.

  • Know your audience. Who will be receiving this message? Does it have the right tone for the situation?

  • Don’t be afraid to seek help. Don’t be afraid to ask for help or assistance from local agencies or even rival companies, depending on the situation. Incidents can happen to any organization. You may be surprised who will come to your aid.

DR/BCP Guidebook

<![CDATA[2014 Benchmark Study Results: Top Hedge Fund Applications Revealed]]>, 13 Nov 2014 00:00:00 -0500 eci The results from our Global Hedge Fund Technology Benchmark Study are in, and here is a snapshot of the 2014 findings. You can find the complete report here. We surveyed 279 buy-side firms across the United States, United Kingdom and Asia in order to discover their front, middle, and back office technology and application preferences.

Respondent Profile

Hedge Funds by Type

All survey respondents fell into the following categories within the financial industry: hedge fund (58%), asset/investment manager (13%), private equity firm (3%), fund of fund (3%), and family office (3%). Additionally, 13 percent fell into an ‘other’ category, which included financial firm types such as venture capital, advisory, fund management, quant and wealth management.

Firms surveyed fell into three asset groups: thirty-three percent (33%) reported their assets under management (AUM) as less than $100 million; twenty-eight percent (28%) fell between $101 and $500 million; and the majority (39%) reported over $500 million AUM.

In regards to investment strategy, long/short equity continues to dominate as the most favorable with 50 percent (50%) of respondents reporting this to be their primary investment strategy. Additional preferred strategies include credit (8%), fixed income (6%), emerging markets (5%), event driven (4%), and distressed debt (3%). Twenty-four percent (24%) of firms fell into an “Other” category that included a wide variety of investment strategies such as commodities, derivatives, merger arbitrage, relative value, securities, global macro, and long only. In 2014, the top primes employed by firms are Goldman Sachs, Morgan Stanley, JP Morgan, Credit Suisse and UBS (same as 2013 results).

Front Office

Order Management System

OMS: Firms use order and execution management systems in order to support trading, operations, compliance and portfolio management. Once firms have evolved from their initial launch phase and begin seeing investment growth, they need robust, efficient solutions in order to continue growing and progressing. Our survey found that the majority of firms rely on Eze Software Group’s Eze OMS, followed by Bloomberg’s Asset and Investment Manager (AIM), RediPlus EMS and Advent’s Moxy.

Market Data & Analytics: Bloomberg continues to lead the pack as far as market data services and analytics in the financial industry. Respondents reported that ninety-six percent (96%) are using Bloomberg either exclusively or alongside a second solution.

Research & Document Management: The majority of respondents reported that they outsource the responsibility of managing research materials and documentation. Forty-three percent (43%) of firms are using in-house or proprietary solutions. For those firms using a specific tool, Microsoft’s SharePoint, Advent’s Tamale, or Code Red RMS are the most common. Another research management solution gaining popularity is Ledgex Systems.

Middle & Back Office

Portfolio Accounting

Portfolio Accounting: Advent Software continues to be the primary leader in regards to portfolio accounting with its Geneva and APX solutions remaining the top two choices among investment firms surveyed. Almost half of those surveyed are using one of the two Advent products.

Risk Management: Risk Management is inclusive of a wide variety of thoughts: everything from cybersecurity and infrastructure risk to portfolio and systemic risk. According to our survey results, adoption of risk management solutions is still slow as a reported fifty-six percent (56%) are not using solutions to mitigate portfolio risk. For those firms that do have a formal solution in place, popular vendors utilized include Advent, Bloomberg, FT Options, Indus Valley, iVolitility, Orchestrade and The Insight.

Outsourced Administration: While not all firms choose to utilize an outsourced fund administrator for more comprehensive services, those that do tend to work with a variety of different vendors. Citco is the top administrator choice among our survey respondents, followed by SS&C GlobeOp, Northern Trust, State Street and JP Morgan.

Customer Relationship Management: In regards to CRM tools, our survey results found that Backstop is the most popular solution, followed by and Petrac.

Message Archiving: A large majority of survey respondents (57%) are relying on Global Relay for their email and IM message archiving services, followed by Eze Castle’s Eze Archive service, which is powered by Global Relay. Smarsh and Frontbrige round out the top four services.

Mobile Technology: We continue to see firms using BlackBerry (83%) as their primary mobile solution. However, iPhone use has made great leaps and increased from forty-three percent (43%) in 2013 to sixty-four percent (64%) in 2014.

What’s Next?

We foresee the adoption rate of the cloud not letting up as not only startup firms are leveraging cloud solutions, but also large, established firms. This migration to private cloud environments has completely revolutionized the way firms do business. Visible benefits to hosting applications in the cloud—cost-savings, flexibility and scalability—will fuel firms to continue moving in that direction and may change the results we see in a year’s time if any of these applications and vendors do not offer positive experiences in the cloud.

We hope our 2014 Hedge Fund Technology Benchmark Study will serve as a guide and assist firms in making these critical decisions.

For more survey results, listen to the full webinar replay below.

<![CDATA[Sneak Peek: 2014 Hedge Fund Benchmark Study Results]]>, 11 Nov 2014 00:00:00 -0500 eci In it's fourth year running, our Global Hedge Fund Technology Benchmark Study reveals the top technology systems and applications used by investment management firms around the world. And while we aren't due to officially release the results until tomorrow - register for our webinar to hear them live - we thought we'd share a little sneak peek in the form of an infographic.

Take a look below and discover how your hedge fund and investment management firm peers are using technology to power their firm operations.

2014 Hedge Fund Technology Benchmark Infographic

Be sure to come back to Hedge IT on Thursday for a replay of our Benchmark Study Webinar and a link to the final report!

<![CDATA[Tech Tips for Starting a Hedge Fund]]>, 04 Nov 2014 00:00:00 -0500 eci Last week, we co-hosted another exciting Hedge Fund Startup event with KPMG in New York and had a great turnout of fund managers looking to learn more about everything from legal and tax implications to technology must-haves and capital raising strategies.

Since technology is clearly our forte, we wanted to share some of the key takeaways from our “Achieving Institutional-Grade IT” panel, featuring speakers from Evercore Partners, Bank of America Merrill Lynch and, of course, Eze Castle Integration. Here are the highlights:

State of Emerging Manager MarketOutsourced Responsibility

  • The hedge fund startup market is healthy, and investors’ appetite for emerging managers is strong

  • Investors are attracted to the nimbler, hungrier nature of emerging managers.

Key Priorities for Startups in 2014/2015

  • Select the right service providers to support your business.

  • Understand your firm’s vulnerabilities and exposures.

  • The operational due diligence process is changing, therefore firms need to understand the protections they have in place to secure investor assets.

Selecting the Right Infrastructure (i.e. Cloud vs. On-Prem)

  • The pendulum has definitely swung to the cloud for firms of all shapes and sizes.

  • Hedge funds, especially new launches, want the easiest, quickest and most cost-effective solution to support their business. The answer is generally cloud.

  • If the cloud is your preferred infrastructure method, be sure to consider vendor oversight and, if using multiple clouds for multiple solutions, how they talk to each other and comingle.

Service Provider Selection/Oversight

  • You can outsource the accountability of your data, but not the responsibility.

  • When SEC/FINRA calls, you as the fund manager need to be able to provide the right answers.

  • When it comes to service provider relationships: trust, but verify. Ensure you get supporting documentation to authenticate the practices/protocols they say they have in place to support your firm’s data and assets.

Cybersecurity is Focus #1

  • Determine what your firm’s attitude toward security is.

  • Management sets the tone, but security should start at the employee level.

Advice for New Managers

  • Plan for the future. Build an infrastructure that can scale along with your firm’s growth. Changing the way your firm does business (as it relates to your technology) will be much harder down the road.

  • Expect IT security audits to increase in depth and frequency.

  • Regulators are coming and will hold you to the same standards as the large, established investment firms.

  • As investors deepen their operational due diligence on you, you should deepen your due diligence on your vendors and service providers.

Emerging Manager eBook

To read more on this topic, check out these resources:

Photo Credit: Eze Castle Integration

<![CDATA[Happy Halloween! A Look at the Scariest IT Moments of 2014]]>, 30 Oct 2014 00:00:00 -0400 eci Over the years, cybercrime has evolved, matured and increased in frequency. Target groups vary from case to case and victims range from big merchants and high-end retailers to celebrities and common folk. On the eve of Halloween, we’ve dug up some of the scariest cyber-attacks in 2014.Scary IT Hack Ghost


One of the more innovative hacks in recent years started making headway in Great Britain in September 2013. CryptoLocker utilizes malware to encrypt and freeze victims’ sentimental and valuable files on infected computers. After successfully locking the computer, a ransom note appears on the victim’s screen demanding money in return for their files. If the victim fails to make payment, the computer remains locked and files are unsalvageable.

More than $100 million in losses were attributed to the cybercriminals’ schemes as well as hundreds of thousands of infected computers. Computer security companies estimate that CryptoLocker infected over 234,000 computers worldwide, including more than 100,000 in the United States.


Target’s recent data breach affected 40 million credit and debit cards, tapping into payment card information and other sensitive data. Both Target and Home Depot‘s attacks were traced to a software that slipped into the companies’ networks and scanned payment-card information. The aftermath of Target’s breach spilled over from 2013 into 2014, costing the company $148 million in expenses, offset by a $38 million insurance receivable. Additionally, financial institutions spent over $200 million replacing millions of compromised cards, raising the breach’s total to $350 million.

Home Depot

The cyber-attack on Home Depot’s payment systems compromised 56 million cards over a five-month period, surpassing Target’s affected 40 million credit and debit cards. Home Depot was in the midst of encrypting its payment terminal data when the hackers beat them to the project’s fruition. The company’s new encryption system, which launched September 13, scrambles card information, making it unreadable and unusable by persons lacking the proper tools to unlock data.

Home Depot estimates the investigation, increased staffing and card monitoring will cost $62 million, offset by $27 million it expects insurance to reimburse.

Scary IT Hack Ghost 2J.P. Morgan Chase & Co.

J.P. Morgan, the nation’s largest bank by assets, said about 76 million households and seven million small businesses were affected by a cybersecurity attack on the bank this summer. Sensitive data stolen included customers’ names, email addresses, addresses and phone numbers. The unknown hackers were unable to acquire account information, such as passwords, Social Security numbers or account numbers. It appears that the hackers commenced the network breach via an employee’s personal computer, which had administrative privileges, and increasingly attained data from that point on.

In response to the data breach, J.P. Morgan’s CEO James Dimon stated that J.P. Morgan will be doubling their cybersecurity spending from $250 million annually in 2014. Investigators believe 12 other financial-services companies were targeted by the same cyber criminals.


Apple’s iCloud service has dealt with multiple cybersecurity issues as of late. Users based in China fell victim to a cyber-attack, exposing usernames, passwords, pictures, files and other personal information. Users reported seeing warnings from their browsers stating that was not a trusted site, indicating that Apple’s iCloud communications had been breached. Additionally, racy celebrity photos were leaked from the iCloud system last month. In response to the attacks and raising concerns regarding the company’s privacy settings, Apple stated that moving forward, it will utilize encryption on its mobile devices.

To learn more about security, we recommend you read the following resources:

<![CDATA[Preparing for Ebola: A Review of the Outbreak, its Economic Impact, and Business Continuity Considerations]]>, 23 Oct 2014 00:00:00 -0400 eci This year’s outbreak of Ebola in West Africa is the worst that has ever been recorded. The disease typically occurs in outbreaks in tropical regions of Sub-Saharan Africa. In the short span of a year, the virus, which is affecting Guinea, Sierra Leone, and Liberia, has resulted in nearly 3,500 deaths.

In this article, we will look at where this outbreak started and the economic impact it has had both in Africa and internationally. We will also highlight the issues that businesses need to consider as this epidemic continues to expand.

Where Did Ebola Come From?

A report published in the New England Journal of Medicine suggests that Ebola’s Patient Zero (the initial patient of an epidemic) was most likely a 2 year-old boy living in southern Guinea. Unfortunately, the boy became very ill and died on December 6th 2013. Several close relatives died shortly thereafter. After the funerals, some of the attendants became ill. Following established patterns of close contact with the sick, the disease began spreading to other villages, then across the borders into Liberia and Sierra Leone. It wasn’t until March 2014 that the international aid agency MSF (Doctors Without Borders) became aware of the new Ebola outbreak and immediately got involved. In early August, the World Health Organization (WHO) declared “an international public health emergency”. On September 30th, the first case of Ebola was diagnosed within the United States.

At this time, the CDC is making both “best-case scenario” and “worst-case scenario” predictions of the total number of cases expected through January 1st 2015. Unfortunately, the predictions range from 11,000 to well over 1 million cases.Impact of Ebola on African Economies

Ebola’s Impact on Local Economies

Before the recent Ebola outbreak, all three of the impacted West African countries had been in the midst of an economic revival of sorts. Two were returning to economic levels not seen since before pre-civil war times. Since the Ebola outbreak occurred, downward financial trends have developed in all three of the affected nations.

At this time, many of the affected nations have closed borders and quarantined communities with outbreaks. Closed borders not only stop travel but also make the trade and transport of goods difficult, if not impossible. Essential goods are becoming both scarce and expensive.

International businesses are also pulling out personnel and are hesitant to make investments. Major airlines have also implemented bans on the nations rampant with Ebola, affecting tourism and business-related travel as well as the supply chain and some needed resources.

An interesting analysis of the economic impact of Ebola conducted by the World Bank suggests that the “largest economic effects of the crisis are not as a result of the direct costs (mortality, morbidity, caregiving, and the associated losses to working days) but rather those resulting from aversion behavior driven by fear of contagion.” The World Bank goes on to predict that if the epidemic spreads to neighboring countries the economic impact could be as much as $32 billion.

Is There a Chance of Ebola Spreading to the U.S. and Other International Destinations?

The short answer is yes. There is always a small chance that someone not showing any symptoms could board an international flight or travel internationally; however, when the individual begins going through the tell-tale signs and symptoms including fever, vomiting, etc., they will seek out or be sent for medical help. When this happens, healthcare professionals should be able to identify and treat them with elevated precautions and isolations.

Unfortunately, precautions are not always 100% effective, as evidenced by a Liberian man flying into Dallas, TX recently and later testing positive for (and succumbing to) Ebola.

In wake of this story, many international airports, healthcare facilities, and hospitals throughout the world are on high alert and stepping up precautions to ensure proper screening and safety. Just this week, the Department of Homeland Security announced travelers flying to the U.S. from the affected countries are required to fly into one of five U.S. airports equipped with CDC screenings.

How should businesses prepare for a potential Ebola outbreak?

During large scale outbreaks, much like the current wave of Ebola, businesses can take steps to ensure their business operations continue, while also making employee safety a priority. There are some precautionary steps an organization can take to prepare itself, its employees, and its continuity practices in case this outbreak travels to a major financial market area.

  • Review pandemic plans and identify vulnerabilities. Take some time and review and discuss the plan or plans to see if any anything needs to be updated, discussed, or corrected in the unlikely scenario that an outbreak happens within your business region. Identify any employees who may be traveling or living near an area affected by the outbreak. Make sure the employee is aware of situation and what steps he/she can take to avoid exposures. If not already identified, consider relocation/teleworking options that can be provided to enhance the continuity process.

  • Communicate to employees. Let’s face it. At this point every office, jobsite, and business has had some kind of break room discussion about the current Ebola outbreak. Whether it was a serious discussion or just topical water cooler catch up, it is on the minds of your employees. It is never a bad idea to open the lines of communication and listen to questions or concerns they might have and take the opportunity to disseminate continuity information or factsheets.

  • Ensure employees are educated on proper hygiene practices. This may seem unnecessary, but most people are unaware of how susceptible they are every moment of every day to all kinds of germs and illnesses. Reviewing proper hygiene practices will help break bad habits that can increase risks.

In Conclusion

Take some time to review and reflect about the current situation and determine what steps your firm can take to prepare your organization and employees for the potential threats that are growing and spreading around the world.

DR/BCP Guide for Managers

<![CDATA[Four Signs It's Time to Break up with Your IT Provider]]>, 16 Oct 2014 00:00:00 -0400 eci In any relationship, when things are good, they’re usually pretty good. And when things are bad, sometimes they are really bad. There may come a point when you need to evaluate whether you’re still a good fit together.

Just like with a romantic relationship, your firm’s connection to a service provider (especially an infrastructure/cloud provider you rely on daily) should be strong enough to withstand a few hiccups and healthy enough to warrant open communication at all times. In some cases, it might be clear that you’re in a good place and moving forward together, but sometimes there are sure signs it’s time to call it quits.Broken Heart

Here are a few of those signs:

1. Your provider’s service levels are not up to snuff.

Maybe you recently experienced a major service outage or find that you not-so-conveniently have to work around confusing and interrupting maintenance schedules during work hours. You’re constantly frustrated and don’t feel like you are receiving the level of support that was agreed to – both verbally and as part of your Service Level Agreement (SLA).

Your SLA should clearly indicate the uptime standard (e.g. 99.995% availability) as well as repercussions to any breaches in the contract (for example, service credits) and associated RPOs if disaster recovery is involved.

2. Communication is lacking – and sometimes nonexistent.

The key to any successful relationship is communication. Without it, there’s no chance for success. Like with any romantic partner, an investment firm must be able to communicate effectively with its service provider – and receive the proper amount of communication in return.

You may be unhappy with your IT service provider if you find that you don’t hear from your Client Relationship Manager often or only ever reach their voicemail. If you call into the provider’s Help Desk with an urgent issue and notice the call gets routed to a cell phone (or doesn’t get picked up at all), it’s time to take a step back and think about your relationship. A successful IT provider will be attentive to your needs – both urgent and ongoing – and keep in constant communication with you to ensure you feel the level of support you require on a daily basis.

3. Your provider seems cool with the status quo.

Beyond troubleshooting technology issues and performing routine upgrades and maintenance, your technology provider should also be on the cutting-edge. It’s not enough to be okay with the status quo these days – your provider should be leading the charge in new technologies (think cybersecurity and cloud technology) and practices to make your job easier. Without innovation, you’re simply stuck. If your provider isn’t open to new ideas or seems hesitant to change and evolve, it may be a sign that this isn’t the right relationship for you. To succeed and grow in your business, you need and should expect your IT firm to do the same.

4. Plain and simple – you’ve outgrown them.

Speaking of growing in your business, if you’re smart you’re already thinking ahead to the future. You have a 3 or 5-year plan in motion and expect positive growth in the coming years. But can your IT provider handle that? Can it handle dozens (or even hundreds) of new user accounts and corresponding data increases? Can it handle evolving technology and adding and supporting new application sets? As your business grows, can your provider connect you to counterparties around the world and make your workflow more efficient? If the answer to these questions is “no,” then it’s time to say goodbye and identify a true partner that can complement your business and grow with you.

A true IT business partner is someone who understands your strengths, balances your weaknesses and puts your needs above all others. Can you say that about your current IT provider? If not, it’s probably time to have the talk. And maybe start dating again soon with some of these tips in mind.

Guide to Tech Outsourcing

You might also be interested in these recent articles:

Photo Credit: Pixabay

<![CDATA[Back to Basics: What is an Order Management System (OMS)?]]>, 14 Oct 2014 00:00:00 -0400 eci We are excited to be sponsoring the 2014 EzeSoft Client Conference later this week in Boston. For those of you who aren’t familiar, Eze Software Group is the owner of the order management system, Eze OMS, which is frequently used by hedge funds and asset managers across the globe.

As a preview to this week’s conference, we thought we’d dial it back to basics a little and explain exactly what an order management system is and why it’s a critical piece of software for many investment management firms today.

What is an OMS?2013 Benchmark Study

An order management system is a “software-based platform that facilitates and manages the order execution of securities.” Used on both the buy-side and sell-side, an OMS allows firms to manage the lifecycle of their trades and automate and streamline investments across their portfolios. OMS platforms typically run on FIX Protocol, linking hedge funds and investment firms to hundreds of counterparties around the globe.

In November 2013, Eze Castle Integration revealed the results of its annual Global Benchmark Study, which highlights the top vendors and applications used by investment firms worldwide. Results showed that Eze OMS was the preferred order management system for most firms, with 42% of respondents indicating it was their current OMS platform. Download the full 2013 Global Hedge Fund Benchmark Study here.

According to Eze Software Group, some of the benefits firms can achieve from an order management system include:

  • Managing orders, allocations and executions across asset classes from a single platform

  • Automating pre-, intra- and post-trade compliance checks

  • Monitoring real-time P&L and exposure

  • Track and report on the full lifecycle of a firm’s orders

Eze Castle Integration regularly consults with clients about their software and application needs and provides guidance on the appropriate infrastructure necessary to host those systems. If you would like to speak with a technology representative about your firm's unique needs, please contact us.

Contact an Eze representative

Sources: Wikipedia, Eze Software Group
<![CDATA[51 Hedge Fund IT Due Diligence Questions You Can Expect From Investors]]>, 09 Oct 2014 00:00:00 -0400 eci On our recent Hedge Fund Marketing and Due Diligence webinar we looked at how the hedge fund investor due diligence process is evolving especially in terms of scrutiny on technology processes and security safeguards.

The reality is that investors have a greater understanding of technology, are asking more probing due diligence questions and care about the responses they receive. We’ve even heard hedge fund investors say that deficiencies in IT infrastructure and security contributed to the decisions to redeem from or not invest in a fund.

So at Eze Castle Integration we regularly assist our hedge fund clients in completing the IT portions of investor due diligence questionnaires. The wording of questions varies but here is a handy list of 51 common IT due diligence questions we see.


  1. Provide an organization chart for the Company, its affiliates and key personnel.

  2. Provide the physical address and general contact information for each of the Company’s office locations.

  3. Provide the name and contact information of the Company employee(s) assigned to the client’s account(s).

  4. Provide a list of compliance personnel, their roles and qualifications, the date of his/her appointment and position within the Company’s organizational structure.

Annual Assessment/Audit

  1. When was the last date on which the Company tested its internal policies and procedures? Please provide a summary of the results.

  2. Describe the internal controls that ensure conformity with the Company’s policies and procedures concerning confidentiality of client information.

  3. Describe any material violations of the Company’s policies and procedures that relate to the services provided to the client in the last twelve (12) months. If any occurred, please describe the violations and the corrective action that was taken.

  4. Describe the Company’s process for (i) reporting violations that directly affect the services provided to the client and (ii) reviewing and assessing the adequacy and effectiveness of its policies and procedures. Please include an explanation of how the Company determines the materiality of violations as well as the process for identifying and reporting violations of policies and procedures internally.

  5. Do you conduct annual external or internal technology audits? If so, please detail auditor, frequency, areas covered, date of last audit and key findings.

General Hedge Fund IT Due Diligence Questions

  1. Who handles your IT strategy and oversees the day-to-day IT function? What is your IT strategy (i.e. outsource, in-house, hybrid model)?

  2. What types of challenges has your firm faced with its IT operations in the last 12 months?

  3. What IT upgrades occurred in the last 12 months? What upgrades are planned for the next 12 months? How do you stay current with technology?

  4. Provide details on relationships with third party IT integrators and support providers, including an overview of their credentials and length of the relationship.

Hedge Fund's Systems and Information Security

  1. Describe the software system(s) used to provide services to the client, including any relevant security features (e.g., firewalls).

  2. Describe any material changes within the past twelve (12) months relating to software systems used to provide services to the client.

  3. Where is/are the Company’s data center(s) located?

  4. Describe the Company’s security measures with respect to systems access, including who has access (and at what level).

  5. Describe in detail (i) what records the Company retains on behalf of the client (in both electronic and physical format), and (ii) for how long the records are kept.

  6. Describe the security procedures (e.g., locked filing cabinets) for the protection of physical documents.

  7. Describe the Company’s policies and procedures for destroying physical documents.

  8. Are ongoing vulnerability assessments performed against the Company’s systems? If so, are the assessments performed by internal personnel or third party service providers?

  9. Have you had any security breaches or security related issues in the past 3 years?

Hedge Fund's Access Control Policy

  1. Does the organization have a formal and well-documented access control policy in place?

  2. Is the policy regularly reviewed to determine whether the controls are operating as intended? Are changes and enhancements to the policy implemented when necessary?

  3. Does the firm’s IT staff (or technology partner) ensure appropriate access control to applications and sensitive company data? Are there robust procedures in place to grant or deny access to applications?

  4. How does the firm manage employee remote access? Are procedures in place to ensure remote access is delivered securely?

  5. Has a password policy been implemented throughout the organization? Have all employees been trained on best practices for password security?

  6. Are procedures in place to create and disable user accounts? Are active accounts reviewed on a periodic basis? What is the process for disabling accounts of terminated employees?

  7. Are policies in place to force password changes periodically?

  8. How do you screen employees prior to employment? What background checks are undertaken?

Hedge Fund's Network Security Policy

  1. Has the organization developed a formal and well-documented network security policy?

  2. Is the policy regularly reviewed to determine whether the controls are operating as intended? Are changes and enhancements to the policy implemented when necessary?

  3. Does the firm have a robust firewall in place at the network level? Are policies configured to defend against external security threats? Are the firewall logs monitored regularly?

  4. Does the firm employ an intrusion detection system (IDS) to prevent unauthorized access?

  5. Is a solution in place to protect email systems against spam?

  6. Is a solution in place to ensure mobile devices and laptops are secure in the event of loss or theft?

  7. Are email messages encrypted and archived? For how long are messages archived?

Hedge Fund's Physical Security Policy

  1. Has the organization developed a formal and well-documented physical security policy?

  2. Is the policy regularly reviewed to determine whether the controls are operating as intended? Are changes and enhancements to the policy implemented when necessary?

  3. Are access controls in place for the Server Room? How does the firm ensure only authorized personnel gain access critical systems?

  4. Are procedures in place to manage visitors in the office? Are steps being taken to ensure visitors do not have the ability to observe or access sensitive employee systems and documents?

Hedge Fund's Disaster Recovery & Backup Policy

  1. Describe the Company’s physical security, disaster recovery and backup plans and procedures.

  2. Please describe the communication chain related to the firm’s business continuity/disaster recovery plan.

  3. Is the policy regularly reviewed to determine whether the controls are operating as intended? Are changes and enhancements to the policy implemented when necessary?

  4. Has the firm tested the BCP from both a technical and operational perspective? How often are these tests performed?

  5. Has the firm established a dedicated location to retain backup copies of all critical data? Is offsite data encrypted and stored securely?

  6. Has a secondary working location been established to which employees should report in the event of a disruption or outage?

  7. Do all employees clearly understand the BCP procedures? Have appropriate training and documentation been established and shared with all personnel?

  8. Has the firm determined its crucial recovery point objectives (RPOs) and recovery time objectives (RTOs)? Does the DR solution meet these guidelines?

  9. Please provide a copy of the Company’s disaster recovery plan.

  10. How often is the Company’s disaster recovery plan tested?

Given the focus on Cyber Security during the Operational Due Diligence process, you might also find these hedge fund cybersecurity resources interesting:

Hedge Fund Cybersecurity Whitepaper
Photo Credit: Flickr

<![CDATA[Cybersecurity Remains at the Forefront for Hedge Funds, Investment Firms]]>, 02 Oct 2014 00:00:00 -0400 eci This article first appeared in Hedgeweek's September 2014 Special Report on Risk Management.

Cyber security has quickly become a headline risk for hedge fund managers. On 15 April 2014, the SEC issued its Cyber-Security Risk Alert, a detailed 26-point questionnaire that aims to address various elements of a hedge fund’s technical and operational infrastructure to determine how vulnerable it is to cyber attacks and data theft.Hedgeweek Risk Report Cover

This initiative is being driven by the SEC’s Office of Compliance Inspections and Examinations. It will assess 50 individual firms and based on its findings will draft a set of final guidelines for hedge funds to adhere to. This is essentially a way to address ‘technology risk’ and implement best practices through documentation in the form of a Written Information Security Policy (WISP).

According to Assured SKCG Inc, an insurance advisory firm, 37 per cent of security breaches between 2012 and 2013 affected financial organisations. Hedge funds are a high profile target. Establishing a WISP and becoming as data secure as possible is critical.

At Eze Castle Integration, the phones haven’t stopped ringing as clients look to address any gaps in their IT infrastructure and operational policies.

“It wasn’t at the forefront of managers’ minds previously. It is now though,” says Lisa Smith (pictured), BCP/Data Privacy Manager at Eze Castle Integration. “Previously they put a lot of trust in their CTO, their service providers, to implement best practices around how to protect the firm. Now, rather than thinking someone else is taking care of it, there’s more emphasis on documenting everything and making sure that everybody is singing from the same hymn sheet.

“Everybody within a hedge fund should have a better understanding of what’s in place with respect to data privacy and infrastructure security. There needs to be firm-wide knowledge.”

A WISP acts as a blueprint. Just like the compliance manual, it sets all the firm’s internal policies and procedures covering everything from service provider outages to how often system passwords should be updated and so on.

“We start off by gauging where the client is. Do they have an IT policy? What type of infrastructure do they have in place? Fortunately for us, a lot of firms who have been calling us are existing clients so we have a good understanding of what they have in place. We as a firm follow industry best practices and implement those across our clients’ infrastructures,” explains Smith.

What Eze Castle is able to do in producing the WISP is apply their expertise (having already written dozens of WISPs for financial institutions) and paint a picture of how well a firm is protected against cybersecurity threats. This immediately overcomes the very real issue of ‘Key Man risk’. Say the CTO were to up sticks and join a competitor. If nothing has been written down and documented, nobody in the firm would have a clue as to how their IT infrastructure operates.

“Until it has been documented, everyone works off of assumptions,” comments Smith, who continues:

“We help put the controls in place to address data privacy. Some firms have documented this in their compliance manual, which we would make reference to in the WISP. It sets out a firm’s IT functions and applications and prioritises them.

“If a cyber attack takes place and impacts one system, having it documented means the manager will see where the impact is and what effect it will have on the rest of the firm.”

To read more about the SEC's Cybersecurity Initiative and how firms can prepare, check out these articles:

Cybersecurity Whitepaper
Photo Credit: Hedgeweek

<![CDATA[NASAA Cybersecurity Report Recap: Our Favorite Graphics and Findings]]>, 30 Sep 2014 00:00:00 -0400 eci The North American Securities Administrators Association (NASAA) recently released survey results of cybersecurity practices of 440 registered investment adviser firms across nine states. The purpose of NASAA’s pilot project was to better understand cybersecurity practices of state-registered investment advisers, how they communicate with clients and what types of policies and procedures they currently maintain. Of those surveyed, 47% have assets under management of less than $25 million, 37% manage more than $25 million and 16% do not manage assets. In today’s post, we will share our favorite graphics and findings from the organization’s survey.

Client Contact via E-mail and Use of Secure E-mail

NASAA's survey reported 92% of investment firms contact clients through e-mail and/or other electronic messaging and only 54% of that group utilizes secure email. While 14% were unsure, a staggering 30% responded that they did not utilize secure messaging whatsoever.

Hedge fund secure e-mail

Risk Assessments Related to Cybersecurity and Frequency of Risk Assessment

Risk assessment is the first step firms should take when creating a Business Continuity Plan (BCP). The below diagrams report that 62% of firms conduct risk assessments, 40% of which do so on an annual basis. The 37% of firms that do not run tests heighten their risks of a data breach and leaking confidential information.

Risk assessments for cybersecurityFrequency of risk assessments

Policies, Procedures and Training Programs

As cybersecurity threats are intensifying, it is imperative for hedge funds to have administrative and technical safeguards in place to ensure confidential data is protected. Furthermore, firms should require employees to complete cybersecurity training as well as limit what data employees have access to. Although firms are headed in the right direction, the below chart reveals that 23.1% of those surveyed for NASAA’s report have no policies and procedures in place regarding data security.

Cybersecurity Policies, Proecedures and Training Programs

Related Articles:

<![CDATA[Educate Employees About Cybersecurity: A Hedge Fund's Security Depends On It]]>, 25 Sep 2014 00:00:00 -0400 eci The following article originally appeared last month on the Tabb Forum.

Cybersecurity is a hot topic -- and rightfully so -- as headlines tout new vulnerabilities or incidents with increasing frequency. In the fight to prevent attacks, technology safeguards are typically the focus. A firm must have layers of security that include, but are not limited to, anti-virus, firewalls, intrusion detection systems and Internet monitoring and reporting, as well as procedures that restrict and monitor access.

However beyond technology, the role employees play cannot be underestimated. The reality is that employees can be one of a firm’s best lines of defense or weakest link. The deciding factor in which way it swings often comes down to access control policies and cybersecurity training.

Getting the Access Right

Employees require access to the data necessary to complete their job functions. But beyond that, firms should be limiting what data employees have access to. It’s not about not trusting your employees, but more so about not trusting the technology behind those employees. The less data employees can get to, the less damage can be done via an internal breach or external hack.

The SEC Cybersecurity Risk Alert issued in April 2014 highlights the importance of access control by asking about the controls a firm maintains to “prevent unauthorized escalation of user privileges” and how firms “restrict users to those network resources necessary for their business functions.”

Part of a firm’s cybersecurity planning must be defining how company data is protected, where it is located and who has and needs access. Once access levels are defined, they must be reviewed at least annually to ensure adherence firm wide.

A Little Education Goes a Long Way

With access controls set, a firm must train employees on handling confidential data and define their responsibilities around cybersecurity. One compromised computer can infect an entire organization, so at least annually, employees should complete security awareness training on a range of topics including:

  • Importance of Security Policies: Outline employee responsibilities concerning information security, the incident escalation process and how to protect data from malicious intrusion;

  • Cybersecurity Threat Landscape: Define the techniques a hacker may use to access confidential data or systems and how employees can avoid being victims. Common social engineering threats targeted at employees include pre-texting, phishing via email or phone, baiting and quid pro quo;

  • Practicing Internet Safety: Help employees recognize the signs of malicious activity, how it can spread and prevention strategies. Threats employees may encounter on the Internet include network spoofing, viruses, worms, password crackers and Trojan horses. Employees need to know the signs, such as missing files, that may indicate a computer is infected;

  • Email Safety: Identify what makes an email message suspicious, such as a strange subject line or unexpected sender, and how employees should handle the message – best practice is to delete;

  • Access Control Responsibilities: Train employees on how access controls and passwords are maintained and expectations for employee behavior in both areas. For example, employees should never share their login information and must maintain complex passwords;

  • Preventing Identify Theft: Educate employees on how identify theft occurs, including shoulder surfing/eavesdropping and dumpster diving, how to prevent and what to do if they are a victim; and

  • Physical Security Threats: Focus gravitates towards cyber threats, but firms and their employees must still take physical security precautions including locking workstations and offices, storing sensitive documentation and locking computers to reduce risks.

Security awareness training empowers employees and provides firms an added barrier against internal and external threats.

Related Articles

Cybersecurity Whitepaper

<![CDATA[Apple to iPhone Users: Here's How to Protect Your Devices]]>, 23 Sep 2014 00:00:00 -0400 eci Security has been THE topic of 2014 thus far and was amped up last week when many A-list celebrities’ phones were hacked and racy photos released. The hack was allegedly the result of an iCloud infiltration, prompting many Apple users to question the company’s privacy settings. In response, Apple CEO Tim Cook released a letter to consumers, and the company’s website will now feature a privacy section:

Apple CEO Tim Cook

Apple’s privacy site includes details on both the built-in security features within Apple devices as well as how users can manage their own privacy settings and tailor them to individual needs. Here is a brief snapshot of some security functions highlighted:

Built In Privacy

  • iMessages and FaceTime calls are protected with end-to-end encryption

  • iMessages and SMS messages are backed up to iCloud, but can be turned off by the user

  • All iCloud content is encrypted in transit and when stored (in most cases)

  • iCloud Keychain allows users to create strong passwords and stores them securely without giving Apple access

  • Safari blocks third-party cookies on all devices and offers private browsing Apple Two-Phase Verification Code

Manage Your Privacy

  • Users have the option to set a 4-digit passcode or a stronger one if they prefer

  • With certain models (iPhone 5s or later), users can program their fingerprints for increased security and control

  • “Find My iPhone” allows users to locate their device if lost or stolen

  • Two-step verification is now available and offers a second layer of protection if users want to change their Apple ID, sign into iCloud or make a purchase in the App Store

  • Users can configure their iCloud settings and control which apps (music, photos, documents, etc.) are backed up

In addition to outlining the features above, Apple has also provided a list of phishing schemes to be aware of as users navigate their mobile devices. Keep an eye out for these:

  • The sender’s address doesn’t match the name of the company it’s supposedly from.

  • The message was sent to a different address from the one you gave that company.

  • A link takes you to a website whose URL doesn’t match the company’s site.

  • The message starts with a generic greeting like “Dear valued customer” — most legitimate companies will include your name in their messages to you.

  • The message looks significantly different from other messages you’ve gotten from the company.

  • The message requests personal information like a credit card number or account password. Don’t reply or click any links. Instead, go to the company’s website, find their contact information, and contact them directly about the issue.

  • An unsolicited commercial message contains an attachment. If you receive one of these, do not open the attachment without first contacting the company to verify its contents.

We also recommend you read the following resources to learn more about security:

Whitepaper: Critical Cybersecurity Threats
Photo Credit: Apple]]>
<![CDATA[Hedge Fund Startup Tips from 9 Emerging Manager Experts]]>, 18 Sep 2014 00:00:00 -0400 eci We’ve tapped the expertise of nine experts in the hedge fund startup space to share their thoughts on a range of topics specific to emerging hedge fund managers. Below are some highlights, and you can read the entire Emerging Managers Insight Series eBook here.

Hedge Fund Startup Tips#1: The Prime Broker Perspective (Glen Dailey, Jefferies & Company)

  • Set a realistic schedule to launch and don’t rush to get the hedge fund up and running too quickly. Take the time to partner with the right service providers that will support your business from the start and as you grow.

  • Budget for a marketer in your first two years of operation. If you look at the largest funds in the industry, they all have substantial investor relations teams that keep current investors informed while prospecting for future investors.

  • Capital introduction is a much sought after service from prime brokers which can be very helpful in providing a new hedge fund exposure to potential investors. Take advantage of introductions and begin to build relationships with potential investors.

#2: Flowing Into Liquid Alts (Frank Attalla and Marc J. Wolf, Rothstein Kass)

  • Managers have to make smart, informed decisions about whether a registered product is right for them, and how they can best implement the strategy if they decide to make the move.

  • Questions to consider include: Will a registered product cannibalize my existing private fund business? Will my strategy fit inside a mutual fund? Do I understand the distribution landscape? Is a registered fund too expensive? Do I understand the track record implications?

  • The liquid alternative space has grown at a breakneck pace in recent years, and there doesn’t seem to be any slowdown in sight. Before making any move, managers need to take a hard look in the mirror and consider all the business implications — and consult with their service providers — before getting caught up in all the liquid alts excitement.

#3: Assessing Never-Examined SEC-Registered Investment Advisers (Shelley Rosensweig and Beth Smigel, Tannenbaum Helpern Syracuse & Hirschtritt)

  • Published in the SEC’s National Exam Program priorities is the NEP’s initiative to conduct focused, risk-based examinations of investment advisers who have been registered with the SEC for at least three (3) years (including non-U.S. advisers) but have not yet been examined by the NEP and are not subject to the “Presence Exam” initiative discussed herein (“Covered Advisers”).

  • Examinations conducted by the NEP in accordance with the Initiative focus on two approaches. The first approach consists of risk-assessment reviews which allow the NEP to obtain a better understanding of each Covered Adviser and include a high-level review of the Covered Adviser’s overall business activities, with a particular focus on the compliance program and other essential documents needed to assess the representations made on the Covered Adviser’s disclosure documents.

  • The second approach utilizes focused reviews which emphasize certain high risk areas of the Covered Adviser’s business and operations, including the following: Compliance Program, Filings/Disclosure, Marketing, Portfolio Management and Safety of Client Assets.

#4: Guiding Technology Decisions: From Cloud to DR (Mary Beth Hamilton, Eze Castle Integration)

  • 9 out of 10 hedge fund startups are selecting a cloud-based solution versus a traditional on-premise solution for reasons including simplicity, cost containment, improved flexibility and simplified IT management.

  • Regardless of whether a hedge fund selects on-premise IT or cloud, security is fundamental as all investment firms are at risk. A multi-layer security approach is essential to protecting the critical information that passes through the organization’s system every day.

  • Disaster recovery and business continuity plans are crucial for sustaining operations during outages or disasters. A disaster recovery plan addresses how the business will resume normal operations in the event of a catastrophe. A business continuity plan is somewhat broader in nature and deals with sustaining normal business operations during periods of disruption.

#5: Alternative Strategy Investor and Valuation Risk (Daniel Johnson of Wells Fargo Global Fund Services and Eric Lazear of FQS Capital Partners)

  • Operational risk can take many forms, but valuation is a good place for investors’ initial focus: are the holdings of the fund accurately valued, and is there a process in place to ensure that they are accurately valued at each dealing period?

  • Unlike reviews of performance, it is essential that any review of valuation risk include all parties involved in valuing the assets of the fund. This will often include speaking to the administrator about their role in the process and what the involvement of the investment manager has in determining the final prices.

  • There are also some common questions that should be asked of all funds and questions for fund administrators covering key areas (read the full list HERE).

#6: Hedge Fund Trading Desks, Furniture Matters (Jeff Brechman, CFS Group)

  • For someone starting a fund, and relying on your own capital, creating an office space within a budget is essential. Also important is identifying what technology a hedge fund will use to ensure that the furniture selected supports the end users appropriately.

  • Hedge funds should look for a furniture partner that has the ability to identify each client’s specific needs and provide them with the right product for their furniture application.

Emerging Manager Series eBook

<![CDATA[7 Common Cloud Mistakes and How to Avoid Them]]>, 11 Sep 2014 00:00:00 -0400 eci We all make mistakes, but when it comes to technology and hedge fund operations mistakes aren’t an option. So let’s look at seven common cloud mistakes we see hedge fund firms making and talk about how to avoid them.

Mistake #1: Not Sizing Bandwidth to Business Needs

Common Hedge Fund Cloud Mistakes

Determining the right amount of bandwidth comes down to the types of services being delivered and user expectations. Nothing ruins a cloud or really any computing experience like sluggish application and Internet performance.

Beyond bandwidth, firms must also consider latency. While latency issues don’t impact all applications (i.e. email is relatively insensitive) for others it is a killer. Latency has little place in trading applications or voice over IP services. When moving to the cloud, have a realistic conversation with the hedge fund cloud provider about the amount of bandwidth your firm really needs.

Mistake #2: Not Planning for Applications

Not all cloud platforms are equal especially when it comes to supporting hedge fund specific applications such as Order Management Systems or Portfolio Accounting Systems. While a hedge fund may not launch day one with one of these applications, there is a good chance they will require one in the future. To help mitigate future growing pains a hedge fund should plan for the future when evaluating cloud providers. Being shortsighted can result in future disruptions and integration pains.

Mistake #3: Not Having Cloud Service Level Agreements (SLAs) in Place

The Cloud Standards Customer Council defines cloud SLAs as written expectations for service between cloud consumers and providers. The Council advises companies to evaluate cloud SLAs using a number of steps including:

  • Understand roles and responsibilities

  • Understand service and deployment model differences

  • Evaluate security and privacy requirements

  • Evaluate disaster recovery plans

  • Understand the exit process

Mistake #4: Not Understanding Cloud Vendor Lock-in Costs

Following on understanding a cloud provider’s SLAs, firms must also fully review and understand vendor lock-in costs that may be included in a contract.

Techopedia explains “vendor lock-in as a service delivery technique that ensures customer dependence on the vendor services. This is achieved by developing IT solutions that are platform-dependent with proprietary software/application/hardware/equipment and that run exclusively or collaboratively with limited and third-party vendor partners. Moreover, these types of services dent high switching costs between competing vendors, making customers reluctant or even incapable of transitioning to different vendors.”

Be sure to discuss potential cloud lock-in costs with your selected cloud provider.

Mistake #5: Not Having Local File Servers/Domain Controllers

In the move to go completely cloud, some firms underestimate the value of having local file servers and domain controllers as part of the architected cloud solution. Talk to your cloud provider about the pros and cons of this model.

Mistake #6: Assuming Deep Security Safeguards Are in Place

Concerns around cybersecurity are top of mind across the hedge fund and investment industry and rightfully so. Beyond the SEC shining a spotlight on the topic with its Sample Cybersecurity Exam Questionnaire, the risks of security breaches and incidents are real.

When evaluating a cloud provider, firms should inquire about the layers of security in place and ensure the cloud undergoes regular risk assessments. As we’ve said before, not all clouds are created equal, and security is one key area where differentiation occurs.

Mistake #7: Not Matching Backup/Archiving Requirements with Cloud Services

Don’t assume that the backup processes included with your cloud service will match industry regulatory requirements, especially when it comes to message archiving. In most cases hedge funds and registered investment firms will need to add a long-term archiving solution to their cloud package.

That wraps up our list of the seven most common cloud mistakes and how to avoid them. Happy cloud shopping! (P.S. we're fans of the Eze Private Cloud.)

Hedge fund cloud guidebook

Photo Credit: Shutterstock

<![CDATA[iPhone 6: A Brief Summary of Apple's Newest Technology]]>, 09 Sep 2014 00:00:00 -0400 eci Following the steadily growing hype for th
e new iPhone 6, CEO Tim Cook put all rumors to rest at their Cupertino event today. Apple revealed not one, but two iPhones, boasting significantly larger screens to compete with Android smartphones. The iPhone 6 and the iPhone 6 Plus are expected to hit stores on September 19th, and response has already been overwhelming.

Both iPhones will come in Apple’s standard gold, space gray and silver, and instead of the straight edged look of the iPhone generations 4 and 5, have curved sides and the thinnest body of iPhones to date. The iPhone 6 has a 4.7 inch screen, while the iPhone 6 Plus appeals to all the “phablet” users with its 5.5 inch screen. Pricing for the iPhone 6 16 GB starts at $199 with a two-year contract and $299 for the iPhone 6 Plus 16 GB.

With the new iPhones also comes the unveiling of the awaited iOS 8, which also includes some features that will be useful with the iPhone 6 and 6 Plus’ large screen. First up, "reachability”allows the user to reach the top of the screen without having to reach across the screen by double touching the Touch ID. Next, there will be more content available in Messages, including face images of the recipient. Another new feature, the iSight camera, focuses automatically and continuously when taking photos and videos. And now for the first time, the user has the ability to view the home screen horizontally. The iOS 8 will be available for free to download on September 17th.

However, the most interesting capability coming with the new iPhone is called Apple Pay. Though NFC technology has been around for some time, many retailers have not used it due to consumer wariness and lack of education. Now, Apple has used this technology to create Apple Pay, a payment method that condenses the payment process to your iPhone and a single thumbprint. It comes standard on all models of the iPhone 6 and 6 Plus, and removes the need for a physical credit card.

The user need only take a picture of their credit card, verify it, and then all purchases can be made using the iPhone and completed using the thumbprint reader in lieu of a signature. No data on purchases is stored, and the retailer where the purchase is made does not even receive a credit card number, only the one-time payment number for that transaction. Purchases can be viewed in Passbook, and it works with credit cards from American Express, Visa and MasterCard. Apple already has clearance with several large retailers such as Macy’s, Walgreens, Sephora and Target and expects that Apple Pay will become a universal payment method.

The iPhone 6 will be available for preorder on September 12th. To commemorate this, Apple in connection with U2 have allowed their new album to be downloaded for free from iTunes until mid-October. A full list of the iPhone 6 and 6 Plus’ specs can be viewed here.

Photo Credit: Wikipedia

<![CDATA[Say Hello to Eze Voice, Our Next Generation Cloud Voice Solution]]>, 04 Sep 2014 00:00:00 -0400 eci Last month we covered the five myths about Voice over IP (VoIP) in preparation for the general availability of our next generation Eze Voice service. In case you don’t recall, the myths we debunked were:

  • MYTH 1: Poor Call Quality – Everyone Will Know I’m on VoIP

  • MYTH 2: VoIP is Unreliable – I’ll Experience Downtime

  • MYTH 3: I’ll Lose Critical Functionality Required by My Investment Firm

  • MYTH 4: I Can’t Keep My Phone Number

  • MYTH 5: Someone May Hack My Phone System

Now that Eze Voice is officially here and already being used by many clients, we wanted to give it a little shout-out, so here goes. Eze Voice is an innovative hosted voice solution that combines high levels of redundancy and quality of service with the communication features financial firms require.

The newest version of the Eze Voice service leverages Eze Castle Integration’s premier global cloud platform, Eze Private Cloud, and is ideal for firms that want to benefit from the flexibility, scalability and cost-effectiveness offered with a cloud-based voice service. Featured benefits of Eze Voice include:

  • Premier Quality of Service: Eze Castle Integration manages the state-of-the-art network powering Eze Voice and is able to ensure it is optimized to deliver crystal clear sound quality;

  • Critical Functionality for Financial Services: Eze Voice includes functionality financial firms require such as true ‘bridged appearances’ that allow flexible push-button collaboration between colleagues;

  • Seamless Communication Across Multiple Offices: Eze Voice seamlessly connects a firm’s offices and employees, eliminating the need for expensive and complex networks, hardware and software; and

  • Easily Connecting Office Extensions to Mobile Devices: With Eze Voice, mobile devices can easily become an extension of a user’s corporate phone system.

Here’s how Eze Voice Works

VoIP for Financial Firms

Learn more about Eze Voice HERE.

Contact VoIP Provider
<![CDATA[Video: How Did Technology Make Your Summer Better?]]>, 02 Sep 2014 00:00:00 -0400 eci Here at Eze Castle Integration, we’re not ready for summer to end! This year, we decided to ask our employees how technology enhanced their sun-soaked season.

​Check out the slideshow below to read their responses!

How did technology enhance your summer?

Photo Credit: Eze Castle Integration

<![CDATA[Assessing Your Firm's Attitude Toward Security: What's Your Type?]]>, 21 Aug 2014 00:00:00 -0400 eci If there’s one thing we’ve learned over the years when it comes to security, it’s that there’s a whole lot more to creating a secure hedge fund (or any business for that matter) than robust technology. Before identifying infrastructure components and implementing operational policies, a firm must first be clear on what its attitude is toward security. This attitude will filter through the company from the top down, and will therefore dictate how employees and the business as a whole operate on a daily basis.

To give you a clearer understanding of what we mean, we’ve created three security profiles that cover a wide spectrum in terms of security attitudes and practices.

Under the Radar: Low Security

If your attitude toward security is low, odds are you’re barely scraping the surface in terms of what practices and policies you should be employing to maintain proper security firm-wide. You likely rely on quick fixes to solve problems instead of looking at the bigger picture and thinking strategically about how security can both benefit and protect your business. You’ve employed minimal preparedness efforts and could be in for a difficult task if faced with a serious security incident. You probably take a “it won’t happen to me” attitude and don’t take security seriously enough – a stance that could endanger your firm in the long term.

Play it Safe: Moderate Security

In a typical moderate fashion, if this is your security attitude you probably fall somewhere in the middle. You’re employing practices and protocols just enough to get by and feel secure – but there’s still plenty more you could do. In many cases, you rely solely on the IT department to manage security and don’t involve other areas of the business. You send a once-off communication to employees to change their passwords – but don’t follow up on it or enforce it on a regular basis. You may be protected against moderate security threats but could suffer if a serious breach occurs.

Lock it Down: High Security

If your attitude toward security is at the highest level, congratulations! While one could argue there is always more than can be done in regards to security, you at the front of the pack and taking it seriously (as you should). You employ best practices across the firm and document policies and procedures to outline technology and operational priorities and safeguards. More so, you take the time to educate and train your employees on security awareness on a regular basis. You take a proactive stance against security, ensuring it becomes a company-wide effort and engaging all users in preventing and responding to security incidents. Your demonstrated awareness of the importance of security will serve you well in the event a breach or incident occurs.

Did you determine your security type yet? The chart below further identifies characteristics and trademarks of these security profiles.

What's your Attitude Toward Security?

For more guidance on security best practices, check out these resources:

Cybersecurity Whitepaper

<![CDATA[Philanthropy Plunge: Eze Castle Takes the ALS Ice Bucket Challenge (Video)]]>, 19 Aug 2014 00:00:00 -0400 eci Unless you've been living under a rock for the last few weeks, you've probably seen a slew of videos on your Facebook or Instagram news feeds featuring your friends and family members dumping buckets of ice over their heads. To what end?

The Ice Bucket Challenge is sweeping the nation and simultaneously raising awareness and money for amyotrophic lateral sclerosis (ALS) – also known as Lou Gehrig’s disease. Pete Frates, a 29-year-old Boston-area man and former baseball captain at Boston College, is credited with leading the charge and challenging his friends to pour ice over their heads. The challenge took off in the Boston area and quickly went viral across the country and even globally. Celebrities are now accepting the challenge as well – and everyone from Justin Timberlake to Taylor Swift to Mark Zuckerberg have participated.

But beyond filling your news feeds with entertaining videos, the ALS Ice Bucket Challenge is also succeeding at spurring significant donations. As of this week, the ALS Association said it has received $15.6 million in donations since July 29 – compared with just $1.8 million during the same time period last year. We noticed many of our employees here at Eze Castle Integration were brave enough to accept the challenge, and we applaud them for raising awareness for such a worthy cause. We’ve created a short compilation below to highlight some of our amazing employees as they take the ALS Ice Bucket Challenge.

If you would like to join the cause, you can support ALS research and make a donation at or You can also read more below about how Eze Castle Integration and its employees make philanthropy a priority:

<![CDATA[Putting the Smart in Smartphone Security: Six Consumer Tips]]>, 14 Aug 2014 00:00:00 -0400 eci Mobile devices have transformed the way we manage our everyday lives: from how we track our bank accounts, to interacting with friends and family to booking travel, and so on. Everything you need is at your fingertips, but are you taking the proper security measurements to protect your device? Below are a few tips to help keep your smartphone’s data safe.

  1. Set a Password: When you do not set a password to lock your phone, anyone who obtains possession of the device has instant access to all of your apps that automatically log-in upon launching. This is a simple security measure to take and yet, according to Consumer Reports' annual State of the Net Survey, only 36 percent of smartphone owners have a passcode. From a business use perspective, any device that accesses corporate email or networks should have a complex password and be managed by mobile device management tools such as AirWatch or Good Technology.

  2. Mobile Security Apps: Looking to the future, we expect the adoption of mobile device security apps that provide anti-virus, privacy and anti-malware protection to increase. And for good reason. According to the June 2014 McAfee Labs Threat Report, mobile malware has increased by 167 percent in the past year alone. Companies such as AirWatch aim to ensure your enterprise mobility deployment is secure and corporate information is protected with end-to-end security.

  3. Physical Security: Consumer Reports projected that approximately 3.1 million American consumers were victims of smartphone theft. Keeping your device in a zipped pocket, secure bag or within close proximity to your body helps reduce the risk of losing or having your phone stolen. Leaving your phone in plain view (e.g. beach blanket, park bench, etc.) increases these risks and may cost you an expensive afternoon. Also, business devices should have the capability to be remotely wiped to ensure confidential data or network access does not fall into the wrong hands.

  4. Backup and Secure Your Data: You should backup all of your smartphone’s data - for example, your contacts, photos and documents. This data can be stored on your computer, on a storage card, or in the cloud.

  5. Only Download Apps from Trusted Sources: Research apps before installing them to confirm legitimacy. Users can do so by checking the app publisher, seller and reviews, as well as comparing the app sponsor’s website with the app store link to confirm consistency.

  6. “Find my Phone” App: In the event that your device goes missing, having set up this iPhone app in advance can help you locate the device from your browser. When signing into the app, a map will appear which pinpoints your device’s location and also gives you the options to call, lock and even erase your phone.

In conclusion, the use of common sense and security measures can help mitigate the risk to your mobile device’s data. At Eze Castle Integration we regularly work with hedge funds and investment firms to create mobile security policies that make end-users happy by giving them device-freedom while keeping corporate data safe and secure.

Additional Articles:

<![CDATA[FCA to Financial Services Firms: Social Media Promotions Require #Ad Compliance]]>, 07 Aug 2014 00:00:00 -0400 eci Hedge fund marketing and advertising has greatly evolved in the past few years, both with regulatory changes taking effect (in the US, the JOBS Act now allows public advertising) and new forms of media emerging, particularly social platforms such as Twitter, Facebook, LinkedIn and YouTube.

In the UK this week, the Financial Conduct Authority (FCA) took steps to further regulate how financial services firms market to consumers by launching guidance consultation on social media usage. As evidenced by FCA Director of Supervision Clive Adamson, the consultation is intended to ensure financial promotions on social media platforms protect consumers and are disseminated in a way that fairly balances both benefits and risks:Social Media Apps

“The FCA sees positive benefits from using social media but there has to be an element of compliance. Primarily, what firms do on social media must ensure customers are at the heart of their business. Our overall approach is that financial promotions, whether on social media or traditional media, should be fair, clear and not misleading. We have had extensive industry engagement on this issue and we believe our guidance is a sensible approach that doesn’t affect industry’s ability to innovate using new forms of media. We recognise social media are constantly evolving. We, therefore, welcome feedback to [the] consultation and look forward to continuing the discussion with industry.”

The FCA is currently soliciting opinions and advice from financial services in regards to social media promotions. At this time, however, they are encouraging firms to practice the following:

  • Identifying promotions: Firms should clearly identify product/service promotions as such; one accepted method, especially for character-limited media, is the use of #ad within the post

  • Stand-alone compliance: Each communication (i.e. a tweet, Facebook post, etc.) needs to be considered individually and comply with all relevant rules.

  • Risk warnings: Certain product/service promotion may require the use of risk warnings or other required statements under law.

  • Image vs. text: Consider using image advertising in place of limited character opportunities, but remember risk warnings and other pertinent information cannot appear solely in the image.

This week’s guidance could develop into official policy changes to the FCA’s initial guidance on the use of social media, first published back in 2010. At the time, the FCA (it was then known as the Financial Services Authority) released guidance regarding the use of “new media” channels for promotions. The regulator had conducted a review of social media pages operated by a variety of financial companies and determined many firms were not taking proper compliance rules into consideration and should evaluate whether social platforms were appropriate for promotions.

The big question seems to be whether a firm can adequately disseminate the risks and conditions associated with a promotion or sale of services via a social media outlet, particularly one with character/time restrictions. Twitter’s unique platform, for example, only allows 140 characters. Vine, the video sharing service, limits uploads to six-second clips. The FCA has an overarching strategic objective of ensuring the relevant markets function well. To support this it has three operational objectives: "to secure an appropriate degree of protection for consumers; to protect and enhance the integrity of the UK financial system; and to promote effective competition in the interests of consumers."

For more information on the FCA’s social media guidance consultation for financial services firms, click here.

More Resources on Financial Firms and Social Media Usage:

UK Social Media Guidance Webcast
Photo Credit: Flickr

<![CDATA[Cloud Computing: The Growing Competitive Advantage for Hedge Funds]]>, 31 Jul 2014 00:00:00 -0400 eci The competition amongst firms in the financial services industry is ever burgeoning, and in order to achieve differentiation, it is imperative for firms to create and maintain robust, manageable, scalable and reliable technology infrastructures. Increasingly, we’re seeing more than just emerging managers opting for a cloud solution and established hedge funds and alternative investment firms shifting gears from traditional on-premise IT infrastructures to cloud services.

If you missed our webinar yesterday on Why the Billion Dollar Club is Going Cloud, read our recap below or scroll down to watch the full webinar replay, featuring Eze Castle’s Managing Directors Bob Guilbert and Vinod Paul.

The Business Case for the Cloud: Why Established Firms are Making the Move

Why the Billion Dollar Club is going CloudAcross the industry, established firms that have been in business for several years are moving away from physical infrastructures and adopting the cloud. Traditionally, investment firms would allocate substantial capital budgets to build on-premise Communication (Comm.) Rooms. These cost-intensive infrastructures can take months to build out, and specific expenses can vary depending on a firm’s unique needs. For example, at minimum, investment firms require file services, email capabilities, mobility services and remote connectivity, as well as disaster recovery and compliance. Beyond those, many firms also require systems and applications such as order management systems (OMS), customer relationship management tools (CRM), and portfolio management or accounting packages.

To run all of these systems and build out an on-site Comm. Room (with proper power, cooling and connectivity requirements), firms will spend upwards of $200,000 to $300,000. With the cloud, those upfront capital costs are no longer a concern.

Beyond moving firms from a CapEx to OpEx model, the cloud also allows firms to reduce their spend on additional technology expenses such as software licensing, hardware upgrades and technology infrastructure refreshes, and rudimentary patch management.

The Right Time: When Established Firms are Making the Move

Although no two firms are identical, we believe the following three scenarios are key triggers for firms to go to the cloud:

  1. Office Relocations

  2. New Applications

  3. Technology Refresh

Read more about when firms typically opt to make the move to the cloud here.

The Cloud Advantage: Architecture, Access, Operations

For most financial services firms, IT services and resources are managed at an offsite data center, typically situated in a more cost-effective location rather than a high-rent office building (think New Jersey, not Midtown Manhattan). Cloud service providers use a similar architecture for the cloud, but offer the following additional advantages:

  • Rapid Provisioning: Adding resources to the cloud (storage capacity, computing resources, etc.) is much quicker than with on-premise environments.

  • Consistent, Guaranteed Performance: Providers enforce strong service level agreements and employ robust monitoring tools to ensure the operating environment remains optimal for users.

  • Professional Management and Operations: The cloud helps to solidify IT processes (e.g. adding/removing users) and moves the burden of management and monitoring to a third party, allowing internal users to focus on higher-level projects.

  • Application Support & Integration: Professionally-managed private clouds can generally support a wide variety of applications and integrate them seamlessly onto one environment (something not easily achieved with public cloud platforms).

The Cloud Advantage: Stronger Security, Lower Risk

One of the most important considerations for firms is risk mitigation, specifically when it comes to cybersecurity. Due to the increased emphasis that the U.S. Securities and Exchange Commission (SEC) is placing on security mechanisms, hedge funds and investment firms operating in today’s environment are often turning to cloud providers to leverage their robust networks and infrastructures.

A first-rate cloud provider can create a level of security that only the largest financial firms in the world can afford to implement, manage, and maintain. From the careful implementation of best practice principles and procedures to comprehensive auditing to enforcing robust authentication methods, rapid deprovisioning, 24x7 monitoring, vulnerability testing, and strong physical security methods with biometric access, and more – the cloud provider bolsters and fortifies a hedge fund’s security and offers a level of comfort that investors are desperately seeking.

Watch the full replay from our webinar, Why the Billion Dollar Club is Going Cloud, below.

Additional resources you might find valuable:

<![CDATA[FATCA: What You Need to Know About Tax Compliance]]>, 29 Jul 2014 00:00:00 -0400 eci We’ve seen the face of the financial services industry change dramatically over the last few years, with emerging technologies, investor transparency demands and growing competition fueling firms to assess their operations and focus on the health and success of the overall business. But perhaps beyond any of these trends, the focus on industry regulations and compliance efforts may be the most significant in changing the way financial services firms do business.

FACTA and YouThis year alone, we’ve seen regulatory initiatives dominate headlines and leave firms scrambling to comply, notably the SEC’s cybersecurity guidelines released this spring and the official implementation of the Alternative Investment Managers Fund Directive (AIFMD), which went into effect last week. Also becoming official this month is the Foreign Account Tax Compliance Act, or FATCA, which requires U.S. persons to report financial accounts held outside of the United States and financial institutions (notably banks) to report foreign financial accounts and clients who hold foreign assets.

To identify non-compliance, the Internal Revenue Service is requiring financial institutions with foreign entities and foreign financial institutions (FFIs) to disclose information about U.S. clients with balances over $50,000. The law threatens a steep 30 percent withholding tax on payments for non-compliant FFIs.

There is also a significant cost for firms to implement compliance procedures and reporting standards to meet the legislative requirements of FATCA. It is reported that implementation costs average between $100,000 and $500,000 depending on firm size and are expected to amount to roughly $8 billion USD a year for financial institutions alone (not including costs to the private sector, IRS and foreign entities).

The FATCA law was written more than four years ago – back in 2010 – but went into effect on July 1, 2014. The good news for institutions making an effort to comply with FATCA is the IRS recently issued Notice 2014-33 that this year and 2015 will be a transition period for reporting and due diligence. The IRS will not enforce FATCA requirements on firms striving to meet regulations (account opening practices and procedures) but will not provide relief to entities making no effort.

Preparing for FATCA involves the entire organization’s (operations, technology, risk, legal, and tax) involvement for successful compliance. After registering FFIs or foreign entities, the steps to consider include:

  • Investigating and determining if current clients are a “US person” (this includes US citizens who live abroad) and implement new rules and procedures for new accounts

  • Developing a team (legal, tax, IT, project management) to integrate the new legislative requirements

  • Completing a gap analysis to recognize what systems and procedures need to be updated

  • Creating and implementing a plan to put new systems and procedures into place

  • Considering a third-party service provider for their expertise of FATCA’s rules and regulations

FATCA compliance will require client information to be up to date and be available electronically for reporting; new policies, procedures, and system technologies may be vital to maintaining compliance. Despite the “transition period” currently in place, firms should be taking active steps to implement the necessary requirements to meet FATCA compliance standards and ensure business operations are not negatively impacted from a cost or regulatory perspective.

Hedge Fund Outsourcing Guidebook
Photo Credit: Shutterstock

<![CDATA[Data Destruction Basics: Why Deleting Your Hedge Fund Data Isn't Enough]]>, 24 Jul 2014 00:00:00 -0400 eci Your hedge fund's information security plan likely includes details on where information is stored, how it is accessed and who it is accessible to. But a critical component of this security plan often overlooked is how and why data is destroyed when it is no longer needed. Including data destruction procedures in your hedge fund's Written Information Security Policy (WISP) or as a separate document is vital to ensuring your firm’s sensitive data and intellectual property does not fall into the hands of the wrong people. Unfortunately, in today’s technology-driven, cyber-aware environment, simply hitting the delete key is not enough.Destroyed Hard Drive

There are a few different scenarios that may warrant secure data destruction maneuvers:

Your methods and policies for secure data destruction may vary according to the above scenarios, or they may be standard across the firm. Your hedge fund should also consider if there are any regulatory implications. Do you need to maintain/archive data for a prescribed period of time in order to comply with state, federal or other compliance or auditing standards?

In any case, you’ll want to consider a variety of methods in the beginning to ensure your firm’s confidential data (e.g. investment portfolio, investor contact information, etc.) is securely destroyed, preventing unwanted breaches or thefts. Consider the following as you evaluate what makes sense for your firm:

Physical Destruction: Disk shredding, crushing or melting are common techniques. This method can be effective for a hedge fund's on-premise equipment, however, does not necessarily apply when using the cloud – as in most cases, firms are leveraging physical equipment owned by the cloud services provider. Paper shredding is the most common method of destruction for hardcopy documentation.

Encryption: If you choose not to destroy data through any particular means, you can take steps to ensure, if it is obtained by any unauthorized parties, it cannot be accessed or at least easily understood without the proper encryption key.

Degaussing: This is “the process of decreasing or eliminating a remnant magnetic field.” Degaussing is often the preferred method for firms looking to purge highly sensitive data, as it does not leave open even the remote possibility of recovery. The equipment storing the data, however, becomes collateral damage with this method, as it will be destroyed right along with the information.

Overwriting: In many cases, firms choose to overwrite old data with new information, making it difficult, at best, to locate or recover.

With the emergence of cloud services, concern has grown over data destruction methods and the level of destruction firms employ to eliminate data. Whether you are ending a relationship with a cloud services provider altogether or migrating your information to another platform, ensure there are written contracts in place to protect your data throughout the process. The vendor you are severing your relationship with should also provide a certificate of destruction to validate that any company data or information is no longer accessible to them.

Also, don’t forget about mobile devices. Many firms now employ BYOD programs, which give employees the option of using their personal smartphones and devices to run corporate software and email. As a firm, be sure you’re including mobile devices in your data destruction policies and are clear with employees on what happens to their data and devices in the event they leave the company. Many employers require users to sign contracts giving the firm permission to remotely wipe devices if employees are terminated or sensitive company data needs to be moved or transferred elsewhere.

As a final thought, we encourage firms to think through the risks of undestroyed data as they are developing and modifying their information security and data destruction policies. With cyber hackers seemingly everywhere and disgruntled employees bound to emerge, it is critical hedge funds take all measures to ensure sensitive company and employee data is protected while needed and eliminated when not.

Read on to learn more about best practices for information security:

Cybersecurity Whitepaper 2014
Photo Credit: Wikimedia

<![CDATA[Does the Network Powering a Cloud Matter? Watch and Learn]]>, 17 Jul 2014 00:00:00 -0400 eci We are excited to debut our newest video that explains why the network powering a cloud service matters and should be evaluated closely.

As background for why we created this video, in today’s interconnected financial world, investment firms have global interests and a global presence, making fully on-premise IT infrastructure a way of the past. Cloud service providers have a variety of capabilities, each designed to serve a specific set of needs, which makes it crucial for businesses to critically evaluate the network behind a cloud and what it can deliver. Not all clouds are created equal.

Our ECI Link Financial Network is a global private cloud network built for the financial industry. With data centers in the US, UK and Asia, it enables organizations to efficiently leverage a single provider for all their global infrastructure needs.

Now on to the video -- let us show you why ECI Link is THE single converged network built to power today’s buy-side firms' trading operations.

<![CDATA[IT Security Dos and Don'ts to Live By]]>, 15 Jul 2014 00:00:00 -0400 eci IT Security Dos and Dont'sWe spend a lot of time educating our clients about security best practices and encouraging them to implement comprehensive security policies and procedures to mitigate risk and protect both the firm and its employees. And for good reason. Just today, New York Attorney General Eric Schneiderman released a report stating data breaches across the state more than tripled from 2006 to 2013 and cost businesses more than $1.37 billion last year alone.

While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. In addition to providing employees with security best practices they should follow, don’t forget to also include a list of actions they should not. Here are just a few pieces of advice we regularly offer our investment firm clients:

DO:Check Mark

  • Lock your computer and mobile phone(s) when you leave your desk and/or office

  • Use care when entering passwords in front of others

  • Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)

  • Change your password immediately if you suspect that it has been compromised

  • Report suspicious activity to the IT team/CSIRT to help minimize cyber risks

  • Protect personal computers and devices with anti-virus software when working remotely


  • Allow others to use your login ID or password

  • Use the same password for every applicationX Mark

  • Store passwords on a piece of paper or other easily accessible document

  • Open email or attachments if the sender is unknown or suspicious

  • Provide information such as login IDs, passwords, social security numbers, account numbers, etc. via unencrypted email

  • Leave your laptop or mobile device unattended while in a public place. Lost or stolen equipment, including mobile devices connected to corporate network, should be reported immediately

  • Keep open files containing personal or confidential information on your desks or in an unlocked file cabinet when away from your office/desk

  • Install unauthorized programs on your work computer

  • Plug in personal devices without permission from IT

For more security best practices and tips, check out these other articles:

Cybersecurity Whitepaper

Photo Credits: Wikimedia Commons

<![CDATA[Persistent Automation for Fund Management: The New Reality, Part 2]]>, 10 Jul 2014 00:00:00 -0400 eci Following is the second part in a two-part guest post from Branden Jones, Global Head of Marketing at Liquid Holdings Group, Inc. based in New York, NY. To read Part One, click here.

In this age of data management—this new state of cross-office functionality—operational models must be able to house, curate, and level-off information sets as they happen. Funds must not only actively manage a growing universe of market data but also tackle performance reporting, risk projections, disaster planning, and partitioned client data.

To successfully, and simultaneously, manage these activities, funds must have a data operational model that supports automation, where it makes sense:

  • Continuous processing, as an underlying system
  • Consistent normalization, across the board
  • Historical, since inception view
  • Defensive measures, to protect the operation


Advice for hedge fund managersReal-time, continuous actions are the new normal in today’s hedge fund reality. Funds are expected to understand, identify, and take advantage of opportunities as they occur. However, from a data standpoint “real-time” is only a point on a larger continuum of activity that occurs when a participant observes or captures a single event in time. Continuous processing is the underlying current that accepts and captures, or rejects data inflows and outflows. As pressures increase from both investors and regulators, managers should rely on continuous, automated services, processes, and technology to support their business, not only as a viewable segment, but constantly, throughout the lifespan of the fund.


While the amount of data increased, the types of data and their origin/ sources have multiplied as well. That means that systems that previously could only recognize one or two sources, are now challenged with a more complex ferrying of information sets from counterparties, exchanges, fund admins, and primes. Normalization is the process that guarantees safe passage of these data packets, regardless of origin, as the data becomes available to converge with its intended destination(s) within the fund infrastructure. Consistent data, through consistent ongoing normalization, translates into accurate pricing and valuations for use in real-time and forward-looking portfolio management, as well as precision analysis and reporting for investors.


The need to investigate and utilize historical, security-level data unique to the fund is a key to the success of the business. Arming a fund with since-inception-data allows the manager to transform the most unique and granular drivers of past performance into the underpinnings of actionable, forward-looking initiatives across alpha generation, risk management, investor insights, and compliance.


While data trafficking, shaping, and viewing are relatively benign activities, when it comes to true data management, a fourth component is critical: the ability to uncover and recover from adverse events, and the greater protection of investor interests. A solid wall to prevent co-mingling of client data within an underlying architecture keeps critical, and proprietary, data safe. When it comes to planning for the unplanned, like adverse events both in the digital and physical worlds, automated services can provide the second life for a fund—without interruption. Cloud technology provides the best option for funds to house data infrastructures—not only providing secure and convenient access, but also virtual warehouses that are automated, back-up systems, shielding the business from any physical hardware environmental risks like earthquakes, floods, or outages. Thus, it’s not only important how data is managed but where it is managed.

To continue reading the white paper, please visit

<![CDATA[The New Reality: Persistent Automation for Fund Management]]>, 08 Jul 2014 00:00:00 -0400 eci Following is the first part in a two-part guest post from Branden Jones, Global Head of Marketing at Liquid Holdings Group, Inc. based in New York, NY.

This is the year for big data. Across industries, firms have unprecedented amounts of both public and private information sets – from user profiles and consumer habits to business outputs and proprietary algorithms. But access to data, or information at large, does not guarantee a valuable yield. Jonathan Shaw, managing editor of Harvard Magazine notes, “The [data] revolution lies in improved statistical and computational methods, not in the exponential growth of storage or even computational capacity.” Data is ubiquitous but not intrinsically valuable – it needs to be smartly processed, not just farmed.

For hedge funds, data processing is the quiet, invisible process that moves through the trade lifecycle—accessed from external entities like exchanges and brokers, modified and adjusted in execution, and at times, frozen in snapshots for an increasingly complex group of investors and regulators. More operational credibility and regulatory compliance is required than ever before, with increased scrutiny of the secret buy-side manna that goes along with it.

Smarter data management can be expensive and time-consuming as funds seek to keep up with regulatory, compliance, and transparency requirements while navigating through a sea of market opportunities. Good fund management starts and ends with precise, accurate data management. Truly taking advantage of data, and smarter computational methods, requires not only shedding the skin of outdated models, but categorically understanding a whole new data ecosystem, with new methods of processing, through selective automation and augmented observation. Once that new data ecosystem has been embraced, fund managers can spend their time mastering alpha generation and capital building initiatives.

Liquid Holdings - New Hedge Fund Reality

Lifecycle Convergence

While data management has historically been the purview of three separate functions (front-, middle-, and back-office), funds are now considering data inflows and outflows as simultaneous and holistic activities that not only govern market data and transparency capabilities, but also the capacity to be position-aware. This new viewpoint not only extends to in-house modifications, but will play an increasingly larger role amongst fund/service provider relationships. According to an Aite report from earlier this year, “…regardless of whether firms currently outsource or plan to outsource, the most common impressions of the benefits of using a single front- to back-office vendor for fund operations revolve around the attractiveness of holistic functionality, the expected contribution of a specialized vendor’s experience gained from other firms, and the vendor’s potential to better service clients.”

Essentially, funds are approaching operations as an ecosystem – instead of a train-like pipeline where only one train moves in one direction. The ecosystem houses converging cross-office data functionalities that are near-simultaneous activities, beyond the linear progression of the traditional lifecycle. Risk is moving to the front office. Portfolio management is constant. And compliance is everywhere. No longer do funds hand off a piece of paper from their trader(s), to the risk officer, over to compliance for the stamp of approval, call down to the floor to reconcile all activity, and then spend countless hours updating disparate systems and colleagues, and later investors, of the impacts on performance and risk. That is the pre-data model from the ‘80’s and 90’s – non-computational and hindered by actual human movement, where data moves in a single line, waiting in turn to be moved in and out of an outdated fund architecture by personnel who may or may not exist in today’s hedge fund reality.

The data map has changed – it’s time for a new hedge fund model.

Part 2: Be sure to come back to Hedge IT on Thursday, July 10 for the second part to this article, which examines the new data model firms should look to leverage: one that supports processing, normalization, historical and defensive measures. If you can't wait until Thursday, you can download Liquid Holdings' complete whitepaper, The New Reality, here.

Emerging managers series

Photo Credit: Liquid Holdings

<![CDATA[What is a Security Vulnerability Assessment and How Does it Work?]]>, 01 Jul 2014 00:00:00 -0400 eci One of the first questions on the SEC’s cybersecurity questionnaire for financial firms asks firms to "indicate whether they conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities and potential business consequences", and if so, who conducts them and how often. Clearly the goal behind this question is to ensure that firms are taking a proactive approach to security. But what exactly does this risk assessment entail?

Here’s a quick overview.

The type of risk assessment typically associated with information technology and cybersecurity is an external vulnerability assessment. Essentially, this is the process of identifying and categorizing vulnerabilities related to a system or infrastructure. Typical steps associated with a vulnerability scan or assessment include:Cybersecurity Whitepaper for Download

  • Identifying all appropriate systems, networks and infrastructures;

  • Scanning networks to assess susceptibility to external hacks and threats;

  • Classifying vulnerabilities based on severity; and

  • Making tactical recommendations around how to eliminate or remediate threats at all levels.

As a best practice, Eze Castle Integration recommends that hedge funds and investment firms conduct external vulnerability assessments at least once per year. Many firms may opt for semi-annual scans, particularly if the firm’s technology environment is continually changing.

The true goal of the vulnerability assessment is to gauge the level of security a firm has in place to protect against external threats and cyber-attacks. Depending on the third party conducting the test, a firm may be ‘graded’ with a number or letter score or simply provided with a list of vulnerabilities and security recommendations. Here’s one example of a grading system associated with a vulnerability/risk assessment:

Excellent: The firm’s security exceeds industry standards and best practices, and overall the firm’s security was found to be in excellent condition with only minor, low-level security vulnerabilities discovered.

Good: The firm’s security meets accepted standards within the industry, and overall the firm’s security was found to be strong with only a few low and medium-level security risks identified.

Fair: The firm’s security is somewhat below current industry standards and moderate changes would need to be implemented to increase security and meet industry levels.

Poor: The firm’s security has significant deficiencies and is well below industry standard level. Major changes would need to be implemented to alleviate critical and high-level vulnerabilities and elevate the firm’s overall security program.

For any vulnerabilities identified as part of the assessment, a description of the risk would be included as well as any specific systems or networks affected and recommendations for how the firm can either remediate or alleviate the risk. Ultimately, these assessments and their corresponding documentation will serve to demonstrate a number of significant points:

A) that the investment firm is taking the SEC’s cybersecurity inquiry seriously and preparing for upcoming exams;
B) that investors can feel confident the firm is implementing policies and procedures to protect investor information and assets; and
C) that the firm is taking an overall proactive approach to security and business continuity.

Check out these other relevant resources:

Download Free Cybersecurity Whitepaper

<![CDATA[Tips for Tackling Your Financial Firm's Cybersecurity To-Do List]]>, 26 Jun 2014 00:00:00 -0400 eci We continue to discuss cybersecurity with financial firms on a regular basis, and with the expectation that the SEC will start cybersecurity exams sometime around September, it’s evident that registered investment advisers are working diligently to answer the questionnaire and shore up internal practices.

To continue fostering education around this topic, we hosted two events last week dedicated to cybersecurity for hedge funds and other registered investment advisers. In case you missed them, you can read a brief recap of some of the key topics discussed or scroll down to watch our full webinar replay.

Cybersecurity a Hot Topic on State & Federal Level

By now, we all know the SEC has taken steps to assure that hedge funds and registered investment advisers put security mechanisms and practices in place to protect against cyber threats. SEC Commissioner Luis Aguilar said there is “substantial risk that a cyber-attack could cause significant and wide-ranging market disruptions and investor harm.” Even beyond the federal level, some states are chiming in on the cybersecurity front. Earlier this month, Massachusetts and Illinois acknowledged that they were polling investment advisers about their security practices, and that based on responses, state regulations could be impacted.

SEC Fundamental Concerns

eSentire: Must Have Security Considerations

According to Eldon Sprickerhoff, Chief Security Strategist at eSentire, the SEC’s cybersecurity initiative is designed to shed light on the following four fundamental concerns:

  • Day-to-day operations in a rapidly changing landscape

  • Detection and reporting of a cyber incident

  • Impact on cybersecurity of fundamental decision making

  • Expectations of executive oversight of this new risk category

Beyond Technology: Written Information Security Plans (WISP)

Question 2 in the SEC’s cybersecurity questionnaire states: “Please provide a copy of the Firm’s written information security policy.” In plain, bold letters, the SEC has announced that it expects hedge funds and other registered investment advisers to not only be implementing cybersecurity policies, but also to be documenting them. Administrative and operational steps are just as critical to a successful security program as robust, technology solutions.

As part of your financial firm’s cybersecurity WISP, we at Eze Castle Integration advise that firms investigate and answer the following questions (Note: this is not a comprehensive list):Cybersecurity Whitepaper

What is data and where is data located? Not all data is created equal. Is it encrypted? Is it on shared drives or stored locally?

How is data protected? Is it encrypted? If you’re sending investor information and it’s not encrypted, you put investors’ data at risk. Do you need to access a portal or some other website to access certain confidential information?

Who has access to information? Employees need access to the data necessary to complete their tasks. But beyond that - firms should be limiting what data employees have access to. It’s not about not trusting your employees, but more so about not trusting the technology behind those employees. The less data employees can get to, the less damage can be done via an internal breach or external hack.

What incident response procedures are in place? Odds are your firm has already suffered some sort of security incident – even if it’s as small as a malware attack. Firms need to identify what the business response will be to a variety of incident types. In what situations will investors, authorities, etc. need to be notified? Documenting these scenarios in advance will cut down on response times in real-life situations.

What are employees’ responsibilities? User training becomes key here. Employees should be responsible for security awareness, but businesses should also make it a priority to provide proper training and educational resources to everyone across the firm.

Technical Safeguards

On the cybersecurity technology front, financial firms should undertake employing the following technical practices to mitigate security risks:

  • Penetration testing

  • Vulnerability assessments

  • Firewalls

  • Audit & logging

For even more information on the technical and operation safeguards investment firms should implement to protect against cyber threats, watch our full webinar replay below featuring speakers from Eze Castle Integration, eSentire and Maloy Risk Services.

Other Cybersecurity Resources You Might Find Helpful:

Photo Credit: eSentire

<![CDATA[When Billion Dollar Hedge Funds Make the Cloud Move]]>, 24 Jun 2014 00:00:00 -0400 eci Timing is everything. Last week we released a new whitepaper, Why the Billion Dollar Club is Headed to the Cloud, and shared an excerpt here on Hedge IT about why hedge funds are making this move. Today, to entice you to download the full paper, we'll share WHEN firms are making the cloud move.

WhitepaperFor newly emerging investment firms, the choice to adopt a cloud-based architecture is an easy one. Few firms have a business model where an in-house Comm. Room makes strategic or economic sense. But what about established firms that have been in business for several years and have invested millions of dollars in infrastructure? When is the right time to make a move?

Opportunities and timing will vary, but generally speaking, the following three scenarios represent ideal inflection points for moving to the cloud:

Office Relocations

This is an ideal time to switch to the cloud. Many companies are understandably reluctant to take on the expense of moving a massive, expensive, and often outdated infrastructure to a new location – particularly if the company expects to phase out certain portions or components in the following 24-36 months. In such cases, migrating to the cloud before relocating offices can be a smart move.

New Applications

Larger firms with larger application portfolios often find that a transitional strategy is best. Abrupt migrations to the cloud can be disruptive. In those instances, financial firms find that new applications can start in the cloud – no subsequent migration needed. And those deployments are faster. While few IT portfolios will see 100 percent turnover in the short term, this strategy can simplify any migration of on-premise apps to the cloud by minimizing the work required when the company finally makes its move.

Technology Refresh

Similarly, many firms find that when the time comes to update infrastructure or upgrade applications, that inflection point represents an excellent opportunity to perform a cost-benefit analysis. In most cases, firms find that initiating a cloud migration for that particular component of the IT portfolio is the best choice. And since either choice introduces change, there’s no added burden to making that transition. What’s important to note is that, for an established firm, migrating to the cloud is not an “all or nothing” decision. The pace and scope of the transition to the cloud can be custom-fit to the firm’s business/strategic needs.

Download the full whitepaper, Why the Billion Dollar Club is Going to the Cloud, HERE.

right time to go cloud image

<![CDATA[Why Billion Dollar Hedge Funds Are Going Cloud]]>, 19 Jun 2014 00:00:00 -0400 eci Today we released a new whitepaper that looks at a growing trend we are seeing -- billion dollar hedge funds and investment firms moving to the cloud. Here is a sneak peak at the paper's content as well as a video interview with Bob Guilbert on why firms should read, Why the Billion Dollar Club is Headed to the Cloud.

It’s More Than Managing Money

Billion Dollar Club Goes CloudThere’s more competition in financial services than ever before. Every week, new and agile boutique firms sprout up, armed with proprietary models and the right technology foundation to compete – intensely – with the major players for billions of investment dollars. Firms of every size are competing to deliver broader ranges of increasingly exotic instruments, specialized funds, and high-performance investments that deliver competitive returns to investors whose demands and expectations continue to climb.

But when it comes to performance and success in financial services, there’s more to evaluate than just the hard numbers. Returns alone aren’t enough. Today, savvy firms know they need to deliver more. In a post-Madoff, post-2008 world, the SEC and FINRA – and investors as well – are scrutinizing all corners of the operation. There’s an increased focus on how operational risk is managed and how firms respond to greater demands for transparency. That means it’s more important than ever for firms to deploy and maintain robust, scalable, and secure technology infrastructures.

The Business Case for The Cloud: Why Established Firms Are Making The Move

Hedge Funds and CloudTraditionally, investment firms have allocated significant capital budgets – millions of dollars – to build out their own sophisticated Communication (Comm.) Rooms, which can take months to provision and bring online. There are servers to buy and install, software to license and configure, and voice/networks to deploy. And these infrastructures also require firms to recruit and hire expensive IT talent to manage and operate.

Increasingly, however, that model no longer makes good business sense for some firms. Today, cloud architectures are emerging as the dominant choice for computing infrastructures at investment firms of all sizes. With cloud computing, firms procure from a third party a scalable supply of computing, storage, and networking resources on a near-immediate basis without the upfront capital investments, delays, staffing requirements, or maintenance headaches. Funds can provision new servers in a few hours, scale up to meet short-term needs, and scale down when needs dictate. Best of all, that infrastructure is managed and protected 24x7 by dedicated professionals who focus solely on operating these services on a firm’s behalf.

Not surprisingly, many firms – including those with well-established in-house infrastructures – are making the move to the cloud for a variety of compelling reasons:

  • Predictable and Favorable Economics

  • Investor Transparency

  • World-Class Capabilities

Download the full whitepaper, Why the Billion Dollar Club is Going to the Cloud, HERE.

Need more convincing? Watch our video.

<![CDATA[What Happens to Your Firm's IT Team When You Go Cloud?]]>, 10 Jun 2014 00:00:00 -0400 eci As your firm evaluates moving to the cloud – as most firms today will inevitably do – your list of priorities will likely include:

  1. Regulatory and investor impacthedge fund staffing

  2. Migration plans and operational effects

  3. Hardware disposal and infrastructure changes

But another critical business area your firm should put some thought into is the effect of the cloud movement on your internal IT department (assuming you have one). What exactly happens to a firm’s IT team once it moves operations into a cloud environment? Is there still value in maintaining an in-house staff?

The simple answer is ‘yes,’ but the day-to-day responsibilities for those staffers may not look quite the same post-cloud. With a fully managed service provider, everyday management is typically taken care of – leaving internal resources with a lot more time on their hands. But that doesn’t mean there’s no longer a need for an IT department. And it certainly doesn’t mean IT managers should be left to twiddling their thumbs. Here are a few long-term projects ideally suited for a full-time technology staff no longer bogged down by mundane software patches and licensing upgrades:

Cybersecurity programs. You’ve heard us say it before, but cybersecurity is the hottest topic in the investment industry right now. With the SEC providing an extensive questionnaire for registered firms to follow, it’s critical that firms take the time to assess their security practices and employ robust programs to not only meet SEC demands but also satisfy investors. Even if a firm chooses to leverage an outsourced cloud solution for their daily infrastructure (which may come with some inherent security features), any physical infrastructure that still resides on-premise at the firm would need to be protected. Beyond management of on-premise technology, hedge fund IT staffs should also be forward-thinking and address large-scale security initiatives and ensure the entire organization is involved in regulating and mitigating security issues.

Regulatory compliance. Outside of the SEC’s recent focus on cybersecurity, there are other regulatory issues firms should be sure to comply with. As part of a fund’s overall technology program, IT staffs should work with internal or external compliance experts to address any gaps the firm may have and ensure operations are in sync with existing regulatory requirements on state, federal and international (if applicable) levels. For example, on the international front, recent initiatives such as the Financial Conduct Authority’s Dear CEO letter and AIFMD should be on the radar for any affected parties.

Due diligence. Investor expectations are higher than ever, and technology has become one of the most critical components of the due diligence process. As technology service providers, we assist our hedge fund clients with DDQs on a regular basis and have seen an immense uptick in both the quantity of requests as well as their complexity. Investors are no longer satisfied with ‘checking the box’ responses. Internal CTOs and IT staffs can assist this process enormously and often work directly with investors in providing the necessary information to secure allocations.

Application integration. Hedge funds and investment firms who employ custom or in-house applications may look to keep IT staff on-site to manage not only integration but development of the application set being used.

Organizational support. To some, technology may seem like just another department within a business, but the fact is, IT is inherently linked to every aspect of an organization. As such, many firms continue to leverage internal staff to support operations and provide peace of mind to other employees within the office setting.

Despite the shift we are seeing firms make to the cloud, many funds today still look to leverage in-house technology experts and rely on them to assist with the aforementioned efforts and more. Moving infrastructure to the cloud is not a death sentence for an IT staff – merely an opportunity for firms to reevaluate priorities and reallocate resources to areas of the business most critical to the firm.

Additional Resources You Might Be Interested In:

Guide to Cloud Computing for Hedge Funds
Photo Credit: Shutterstock

<![CDATA[Hedge Fund Transformation, Part 2: Cloud, Communication & Control]]>, 05 Jun 2014 00:00:00 -0400 eci In Part 1 of our Transformation of IT seminar recap, we shared what our expert panel discussed relative to evaluating outsourced solutions and leveraging technology solutions. Our panel included Vinod Paul, Managing Director, and Steve Schoener, Vice President, at Eze Castle Integration, John Budzyna, Managing Director, and Dave Messier, Director, at KPMG, Timothy Ng, Managing Principal at Clearbrook Global Services, Jon Anderson, Global Head of OTC Derivatives at SS&C GlobeOp and Sheldon Rubin, COO/CFO/CCO at S Squared Technology LLC.

Read on to see what our speakers had to say about the considerations for outsourcing, typical transformation challenges and more. You can also read Part 1 of the event recap or listen to the complete audio replay.

Q: Whether it's technology, compliance or another area of the business, firms ultimately need to decide if they are going to manage these areas internally or outsource to an expert vendor. How does a hedge fund determine what is the right solution for them and whether to outsource or maintain their own systems and operations?Hedge Fund Outsourcing

  • When considering internal operations vs. outsourcing, a firm must determine which option gives it the most control over the given process. The firm is not only considering outsourcing technology but also outsourcing control.

Q: Would you consider outsourcing a cure for uncertainty? Or does it add flexibility in a market swimming in infrastructural, regulatory and technological changes?

  • There is no true cure for uncertainty, but a firm can find economical ways of dealing with uncertainty as it comes. Regulations, for example, can play a part.

Q: Beyond technology, a firm also needs to rely on either in-house or outsourced personnel to take a firm through any of these so-called transformations. Obviously, in order to move from an on-premise technology infrastructure to the cloud, a firm would need to employ an experienced IT staff or leverage a cloud provider to make that migration. What skills and experience are needed for effective hedge fund operations and IT transformation?

  • The short answer is many skills and experiences. Team effort is important. Business skills are also critical: someone who is an expert in underlying business from the top down. That includes the larger perspective as well as intricate levels of detail. Communication is another critical skill.

Q: What are the typical challenges a firm faces while undergoing a transformation? Are there any recommendations you can make about how a firm can effectively navigate the transformation process?

  • Transformation, implementation or change of any kind can be overwhelming. It can be intimidating. One piece of advice is to take a large project and break it down into smaller, more manageable pieces. Firms should also put together a strategic roadmap of where they are and where they want to be. But don’t be married to that roadmap. Understand that things will change and adjustments will need to be made.

  • Another challenge can be overanalyzing problems. Sometimes getting a solution in place and fine tuning later can be more effective than waiting to find the optimal solution while in search of perfection.

Q: What are your final thoughts or forward-thinking predictions in terms of where we see firms going and what other transformations we can expect to see in the future?

  • The changing regulatory requirements have not increased the entry barriers for firms.

  • We have come a tremendous way in a short period of time. Old tried and true technologies are not going away with the emergence of new technology though. There are now just more (and better) solutions for firms to choose from – not a complete change in the industry, but ways to make firms more efficient and increase quality.

  • Firms should use technology to understand what the inherent costs are to running a portfolio.

  • There is widespread industry acceptance of outsourcing, and with the emergence of the cloud, there are certain front, middle and back office processes moving away from the core of the fund.

Here are some other resources on Hedge Fund Transformation you might enjoy:

Hedge Fund Outsourcing Guidebook
Photo Credit: iStock Photo

<![CDATA[WWDC 2014: The Latest and Greatest from Apple's Worldwide Developers Conference]]>, 03 Jun 2014 00:00:00 -0400 eci

The annual gathering of Apple’s developers took place earlier this week in San Francisco, and top Apple execs Tim Cook, Phil Schiller and Craig Federighi took center stage to reveal what new products and features users can expect to see from Apple in the near future.

Before we get into the specific announcements from the Worldwide Developers Conference (WWDC), let’s talk numbers and take a look at what Apple has been up to as well as their growth as a company:

  • 9 million registered Apple developers (47 percent increase from 2013)

  • 800 million iOS-powered devices sold to date

  • 80 million Macs installed to date

  • 130 million new customers in the past year

  • 1.2 million apps currently available in the App store

  • 75 billion apps downloaded to date

  • 12% growth in the Mac market share (whereas PC has declined)

Now back to the WWDC. The event’s keynote speech delved deep into what Apple has been working on tirelessly for the last year and what users can expect to see at its annual fall release. Here is a breakdown of new features and key additions for Apple’s newest release: iOS 8.Apple Healthkit

Healthkit – There is a clear health and fitness focus in the latest software upgrade. Healthkit provides a composite profile of your favorite fitness apps and health information, similar to how Passbook organizes boarding passes, movie tickets and loyalty cards. Healthkit syncs your health-related apps into one convenient space. ‘Health’ is the primary app within the profile; it has the ability to track a wealth of information such as activity (steps), nutrition, heart rate, sleep, weight and blood pressure. It also integrates with third party applications, such as Nike.

QuickType – Apple has finally revealed that they are providing predictive typing, a feature already commonly used with Android products. QuickType will be able to guess your next words as well as adapt your language depending on who you are talking to.

Group Messaging – Group messaging is getting a serious facelift. The updated feature will allow users to: name friends, add and remove members, and permanently leave a thread. And, for the real winner, you can apply “do not disturb” settings at any time!

Homekit – This new platform allows users to control locks, doors, lights, cameras, thermostats, etc. with one central device. Apple has partnered with a variety of third-party vendors to make this possible.

Interactive Notifications – This feature will allow users to respond to notifications such as texts or Facebook messages while still remaining in the application currently in use. How? Simply pull down the notification window and easily respond to the pressing message at hand. Users will have the option to respond with text, picture, video or voice recording without interruption.iOS 8

Family Sharing – Six members of a family are now able to share iTunes purchases, including applications, music and movies, with one central credit card. This feature also gives access to linked members’ calendars, reminders and photos. Parents also have the ability to control children’s purchases because permission to purchase must be verified by the main cardholder.

Synced Photo Editing – iOS 8 will automatically sync your photos with iCloud to ensure that images are available across all applications. There are also new affordable iCloud plans:

  • 20 GB for $.99 per month

  • 200 GB for $3.99 per month

The iCloud Photo Library will also include new smart editing features that allow users to manually adjust multiple effects such as contrast, color, light exposure and more.

Overall, the results from WWDC 2014 are consistent in terms of the types of information Apple usually presents. Nonetheless, the features and additions they presented should continue to please their user base and help the company stay amongst the leaders in the smartphone market.

To stay up-to-date on other technologies, take a look at some other Hedge IT articles, including:

Contact an Eze representative

Photo Credits: 9 to 5 Mac, Apple
<![CDATA[Hedge Fund Transformation, Part 1: Evaluating Outsourced Solutions & Leveraging Technology]]>, 29 May 2014 00:00:00 -0400 eci Earlier this month alongside KPMG, we hosted a seminar in New York on “The Transformation of IT and Hedge Fund Operations.” We asked experts to examine the changes impacting hedge funds today and the future of this industry transformation. Our distinguished panel included Vinod Paul, Managing Director, and Steve Schoener, Vice President, at Eze Castle Integration, John Budzyna, Managing Director, and Dave Messier, Director, at KPMG, Timothy Ng, Managing Principal at Clearbrook Global Services, Jon Anderson, Global Head of OTC Derivatives at SS&C GlobeOp and Sheldon Rubin, COO/CFO/CCO at S Squared Technology LLC.

Below is a brief recap of the topics discussed during the lively event. To listen to the full audio podcast of the event, click here.

What do you see as the greatest transformation the hedge fund industry has undergone or is currently in the midst of?

  • There is more acceptance of outsourcing. Many firms are leveraging outsourced service providers for front office support, for example, and leaving their in-house departments to focus on the core business. Outsourcing

  • Many firms starting today don’t even consider building out a middle and back office – they immediately look to outsourcing. The quality and opportunities provided by outsourced service providers, including administrators, are much better than they have ever been before.

  • Third-party software and service providers continue to improve and many firms are attempting to fully integrate the back office as a result. With systems designed effectively, firms can yield benefits including reduced costs and increased efficiencies.

  • Allocators are being more frequently asked to take on the role of consultants and analyze underlying risks within fund portfolios – something many investors today don’t understand fully.

How do you see fund managers utilizing technology to address the call for greater portfolio transparency by institutional investors and consultants?

  • Investment firms are using technology to get a better view of the inner workings of the portfolio. Funds who utilize portfolio or risk software are often asked to provide risk metrics to investors. A fund should focus on getting the transparency, understanding it and translating it for the investor so that they are comfortable with any current or future allocations.

What are some opportunities for fund managers – particularly those with modest budgets – to leverage technology for strategic and/or operational benefit?

  • Firms should conduct a cost-benefit analysis to evaluate the importance of any implementation. If you can justify the effort needed to ensure a successful project based on the benefits outlined, it is a project worth moving forward.

How can emerging managers, in particular, cope with limited resources and personnel and still compete on an institutional level as well as meet the increasing amount of regulatory oversight and pressure?

  • One approach for emerging managers looking to compete is to avoid hiring internally for a variety of functions. Firms can outsource technology, back office, administration, etc. as long as the service providers are reputable and institutional-grade. If allocators can see that firms are set with due diligence, compliance and other services and are utilizing the high standards of a service provider, they will be more likely to invest with emerging managers.

What are some of the best ways to apply transformation or operational improvement efforts to such a rapidly-changing area, like compliance, for example?

  • The idea of operational improvement is a continuum: from incremental, tactical opportunities to transformational opportunities. Compliance tends to lean more towards the incremental side. There are many well-integrated, efficient solutions in the marketplace to satisfy needs relative to personal trading, securities, brokerage and execution, legal compliance, etc. Firms need to look closely at individual compliance needs and find a solution that will satisfy both the firm itself and investors.

Is there some particular pattern to when a firm undergoes the transformation process and goes from analyzing the problem to fixing the problem?

  • When struggling with a problem, you often reach a critical point where the complexity or volume of the problem has outstripped your capacity as a business. This is a critical situation. The problem might start to cause mistakes or money if not resolved. This is often a significant driver for change.

Read Part 2 of our Hedge Fund Transformation Recap here! In the meantime, you might find these resources valuable:

Guide to Technology Outsourcing
Photo Credit: Istock]]>
<![CDATA[Video: Hedge Fund Startup 101 Roundtable with the Hedge Fund Association]]>, 13 May 2014 00:00:00 -0400 eci The following article is part of our Emerging Managers Insight Article Series. Read more articles from the Series HERE.

What are the keys to starting a hedge fund? How does an emerging manager ensure success in a constantly-changing world of legal and regulatory guidelines, increasing investor expectations and evolving technology platforms?

In order to answer these questions, Asset TV and the Hedge Fund Association recently gathered an expert panel for a video roundtable focused on hedge fund startups. Our own Managing Director, Vinod Paul, was featured on the panel, along with experts from The Kingdom Trust Company, Eisner Amper LLP, and Thompson Hine LLP. Watch the video below to learn more about a variety of topics important to new fund launches, including:

  • Custodial Needs

  • Technology Infrastructure Priorities

  • Compliance Concerns

  • Data Management

  • Dodd-Frank & Regulatory Requirements

  • Cybersecurity Concerns

  • Investor Expectations

To learn more about launching a hedge fund, check out some of our other relevant resources:

Articles for Emerging HF Managers

<![CDATA[Preparing for SEC Cybersecurity Exams: Webinar Recap & Replay]]>, 08 May 2014 00:00:00 -0400 eci Cybersecurity is one of the hottest buzzwords in the industry right now – but it’s also a serious concern for hedge funds and investment firms. So much so that the Securities and Exchange Commission has taken formidable steps in 2014 to assess the cybersecurity landscape and provide guidance to registered broker dealers and investment advisers around what policies and technical safeguards should be in place to protect them.Preparing for SEC Cybersecurity Questionnaire and Exam

With so much information being shared and so many industry changes around this topic, we asked our cybersecurity experts – Steve Schoener and Lisa Smith – to talk us through what’s happening in the world of hedge fund cybersecurity and provide direction for firms looking to comply with the SEC’s cybersecurity guidelines. Following is a brief recap of a webinar we held earlier this week doing just that. To watch the full replay of the event, click here or watch below.

Industry Update: How did we get here?

Before we dive into what expectations the SEC has for registered firms in regards to their cybersecurity practices, let’s first take a look at how we got to this point. Among the host of high-profile security incidents we’ve seen dominate the news of late, these few resonate the most:

  • Dec 2013: Target data breach results in customers’ personal data stolen

  • April 2014: Crytolocker ransomware holds data hostage

  • April 2014: Heartbleed vulnerability poses potential data exposure threat

  • April 2014: Internet Explorer vulnerability puts technology at risk, leaves PCs open to being hacked

As a result of these and other security concerns, the SEC has taken steps to ensure hedge funds and investment firms are prepared for the next incident. In a Risk Alert issued last month, the SEC announced it will perform examinations of at least 50 registered firms and also provided a lengthy sample cybersecurity questionnaire for firms to use as a guide in their preparations. The seven-page questionnaire addresses various aspects of a hedge fund’s technical infrastructure and corporate policies and sets expectations that firms should meet a set of standard criteria in order to comply with the new SEC guidelines.

A Sample Look at the SEC’s Cybersecurity Questionnaire

To help firms gain a better understanding of what information the SEC is looking for within its request for information document, following are a few questions from the SEC cybersecurity questionnaire and some helpful information for firms starting to draft responses.

Category: Identification of Risks/Cybersecurity Governance
Question: Please indicate whether the Firm conducts periodic risk assessments to identify cybersecurity threats, vulnerabilities, and potential business consequences. If such assessments are conducted: a) who conducts them and in what month/year was the most recent assessment completed? and b) please describe any findings from the most recent risk assessment that were deemed to be potentially moderate or high risk and have not yet been fully remediated.

If you’re not familiar with what exactly a risk assessment is, let’s start there. A risk assessment looks at a firm’s systems and data and evaluates the potential level of risk and impact to that firm if a security incident were to occur. We recommend risk assessments be conducted on an annual basis as well as in the event of major business changes (e.g. expansion, adding new applications, etc.). Third-party vendors, such as our partners at eSentire, are well-versed in conducting vulnerability assessments for financial services firms.

Category: Protection of Firm Networks and Information
Question: Please indicate if the Firm maintains a written data destruction policy.

Keep in mind that a data destruction policy does not only apply to electronic information. Your firm should employ a policy that addresses the destruction and/or removal of all data and records including, but not limited to, portfolios, subscription information, employee personnel files, hard drives, servers, and tape backup.

Another consideration to think through is what third parties your firm is engaged with and which of them have access to your company’s data or infrastructure. For example, if you are working with a cloud provider, there should be a contractual obligation on the part of that vendor to remove any client data and either destroy it or return it to the client in the event the relationship is terminated. With the cloud, obviously physical infrastructure is not destroyed, but firms should ensure their data is removed from the cloud environment if and when the client migrates off the platform.

Category: Detection of Unauthorized Activity
Question: Identify and explain how and by whom the following practice is carried out – identifying and assigning specific responsibilities, by job function, for detecting and reporting suspected unauthorized activity.

With this line of questioning, the SEC is looking to see that firms are putting thought into their cybersecurity preparations and assigning specific ownership to firm personnel. Firms should identify a person or team of persons to oversee policies and procedures around the firm’s security practices as well as to lead the charge in responding to any types of security incidents that occur. In many cases, this role is taken on by a Chief Technology Officer or Director of IT.

The Importance of Written Information Security Plans (WISP)

The most effective way for a hedge fund or investment firm to respond to the SEC’s examinations is with a written information security plan (WISP). A WISP is a carefully crafted document firms should create as a means to identify and implement both administrative and technical safeguards to protect a firm’s sensitive data and infrastructure. Key elements of a WISP include:

Administrative Safeguards

  • Define confidential data

  • How is it protected?

  • Where is it located? (Shared drives, emails, CRM systems, etc.)

  • Who has access? Do they have a business need?

  • Roles and responsibilities (Is there a person or team in place to manage this?)

  • Communication procedures (Who needs to be notified? e.g. investors/regulators)

Technical Safeguards

  • Assessment of technical safeguards (e.g. penetration testing, encryption software, etc.)

  • Evaluation

  • Implementation of additional safeguards, as necessary

As a final thought, firms should work with their internal IT staffs and/or outsourced technology providers to review the SEC’s questions and customize responses according to their specific infrastructure configurations and data requirements. In cases like these, unfortunately, one size does not fit all, and firms will find that their written information security plans will need to include detailed specifics relative to the firm.

Eze Written Information Security Plan ServiceEze Castle Integration’s WISP team is actively working with clients to respond to the SEC inquiry and develop comprehensive written plans to satisfy regulatory and investor demands. If you would like to learn more about Eze Castle’s WISP service or speak with a sales representative, please don’t hesitate to contact us.

Additional Cybersecurity Resources You Might Find Helpful:

<![CDATA[The Transformation of IT and Hedge Fund Operations]]>, 01 May 2014 00:00:00 -0400 eci Regulatory oversight, competition for assets and investor due diligence concerns have left investment management firms with more pressure than ever to succeed. And technology innovations like the cloud have turned the traditional hedge fund operations model on its head. The questions remain: how do fund managers evolve in 2014 and meet the increasing demands of the financial services industry? And how do firms compete with the incoming crop of new launches that continue to emerge and vie for investor allocations?

The following presentation takes a closer look at these key transformations within the hedge fund industry and examines the shift firms are making from traditional, on-premise IT infrastructures to cloud-based platforms. It also highlights managed disaster recovery services and offers best practices for security in the cloud.

Take a look, and if you can, join us in New York on Tuesday, May 6 as a panel of experts discusses these topics and more at our Transformation seminar.

<![CDATA[SEC Outlines Cybersecurity Questions, Sets Magic Number at 50 Firms]]>, 22 Apr 2014 00:00:00 -0400 eci SEC Cybersecurity and logoThe SEC last week provided even more clarity into its growing focus on cybersecurity at broker dealers and registered investment advisers. A key takeaway in a Risk Alert issued on April 15, 2014, is that the Office of Compliance Inspections and Examinations (OCIE) will be conducting examinations of more than 50 registered broker-dealers and registered investment advisers, focusing on areas related to cybersecurity.

In order to help compliance professionals prepare and assess their firms’ responsive cybersecurity preparedness, OCIE has created a sample cybersecurity request document that outlines the types of questions firms can expect. OCIE is good to point out that these questions should not be considered all inclusive of the information that OCIE may request. OCIE will alter its request for information as it considers the specific circumstances presented by each firm’s particular systems or information technology environment.

You can find the Risk Alert and questions HERE.

Now What? Preparing for the SEC Cybersecurity Exam

The SEC was kind enough to provide a proverbial map of the directions it may take during a cybersecurity exam; now firms need to assess their internal processes and procedures as well as supporting technology. It is important to note that the SEC is just as interested in your Written Information Security Policy (WISP) as they are in your technology safeguards.

The areas the SEC outlined include:

  • Identification of Risks/Cybersecurity Governance

  • Protection of Firm Networks and Information

  • Risks Associated with Remote Customer Access and Funds Transfer Requests

  • Risks Associated with Vendors and Other Third Parties

  • Detection of Unauthorized Activity

  • Other: Identity theft red flags; Security breach incidents; Reported incident history.

Here at Eze Castle Integration, we are going through the questionnaire and beginning to work with clients to answer the various sections. Our WISP team is also on-call to begin the process of developing more comprehensive internal and external policies and procedures around security.

Your IT provider should be able to provide assistance, but policies and procedures are key too.

Cybersecurity Hedge Fund Report

<![CDATA[A Public Reminder on the Private Cloud Debate]]>, 25 Mar 2014 00:00:00 -0400 eci Earlier this week, it was reported that Nasdaq was reconsidering its Amazon-based cloud product, FinQloud. According to the Financial Times, FinQloud has failed to gain significant traction in the marketplace amongst financial services firms including broker-dealers and exchanges. If Nasdaq pulls out of the deal with Amazon Web Services (AWS), it would be a major disappointment to Amazon, who is actively pitching AWS to large financial institutions and enterprises.

Whether the limited adoption of FinQloud is a sign of a product flaw or a larger industry trend, we feel it important to draw attention to a longstanding debate within the financial services industry – a debate that we’ve shared our thoughts on here on Hedge IT many times: public vs. private clouds.

It’s certainly possible that the slow adoption of FinQloud is a result of concerns over mass public cloud usage – a stern reality for many financial services firms who expect and demand that their critical applications and data be stored in a highly secure and available environment. Hedge funds and investment firms, in particular, cannot afford unexpected downtime, and unfortunately, we’ve seen several public cloud providers experience major outages in recent years. Just last week, Dropbox users logged in to find the service was unavailable, and Amazon and Google have both found their services in the headlines in recent years due to very large and public disruptions.

Security in the public cloud remains a bit of a question mark, as public cloud providers are still lacking in transparency and are less likely to disclose the specific security and compliance protocols that support their infrastructures. Particularly as regulatory bodies stress the importance of security measures in the world of heightened cybercrime (the SEC is holding a cybersecurity roundtable this week), it is imperative that investment firms leverage secure systems to power and protect their operations.

Service and support are also critical factors to consider when selecting a cloud provider. Hedge fund service providers have the experience and expertise to handle any IT issues that arise and are often available on a round-the-clock basis to meet the needs of their clients. Public cloud providers may have general support lines or customer service representatives available, but the odds that their expertise lies in financial services technology are slim. Any application or investment technology-related questions or problems would be easier answered by a provider whose business is designed to meet the industry’s unique demands.

To read more about the differences between public and private cloud environments and the considerations for each, take a look at some of our other resources:

Cloud Usage Survey Report: Download Now

<![CDATA[Finding Agility & Focus by Hosting Your Hedge Fund Applications]]>, 20 Mar 2014 00:00:00 -0400 eci Earlier this week, we hosted a webinar on the topic of application hosting in the cloud and featured our newest partner, Black Mountain Systems. Our speakers looked at the benefits firms can realize from hosting their hedge fund applications in the cloud as well as the future of cloud adoption. Let’s take a closer look at what was covered. If you’d like to watch the full event replay, click here.

Here at Eze Castle Integration, we see the adoption of cloud computing continuing to grow in a significant way, particularly among new startup firms. Realizing the operational and financial benefits of a cloud infrastructure, nearly 95 percent of new startup funds are opting to utilize the cloud. Existing firms are also shifting in this direction (though at a much slower pace), and we’re seeing on-premise infrastructure deployments starting to decline.

Firms can reap significant operational benefits from hosting applications in the cloud. For one, the cloud provider (and not the hedge fund) is responsible for management and maintenance of the infrastructure as well as managing upgrades and software procurement. There is a quicker turnaround time when firms need to add users or resources, and adding an application to an existing cloud platform becomes a much simpler process than dedicating servers and on-premise equipment. Another operational benefit is that firms who have existing technology staff can reallocate those internal resources and refocus their attention on higher priority areas of the business.

Application Hosting Webinar

From a financial perspective, there are no costs for the firm to incur relative to upgrades or maintenance, and in some cases with smaller firms, overall costs can be lowered as a result of application hosting or cloud adoption.

How Do I Choose a Cloud Service Provider?

Choosing who to work with to manage your firm’s cloud environment can be a daunting task. Here are a few key considerations to keep in mind as you go through the evaluation process.

Type of Cloud (Public vs. Private/Managed)

A public service provider provides the CPU, memory, and storage resources you need and gives you the control to build your application. But beyond that, you might not receive a whole lot from that relationship. A managed service provider (such as Eze Castle) delivers these essential building blocks but also provides staff and industry expertise to truly manage your firm’s infrastructure and resources.


Consider where your firm’s offices are located and where you’d like to be in relation to “the cloud.” Firms engaged in high-frequency trading, for example, will benefit from low latency and therefore short distances to financial markets and stock exchanges. You should also consider the distance between your office(s) and cloud infrastructure and how the end user experience may be affected by said distance.

Quality of Data Center Facilities

Keep these factors in mind as you evaluate cloud providers:

  • Level of Operations/Support (Who manages the facility?)

  • Redundancy (Is it a N+1 configuration?)

  • Power/Cooling Resources (Are multiple power grids utilized to protect uptime?)

  • Certifications and Standards (Is it SSAE-16 certified?)

  • Security (Are there physical and digital security standards in place?)

Data Transit Options

Some clouds charge firms every time data is sent in and out of the cloud. This charge is based on the size of the data. Other providers offer a subscription service which allows for an unlimited amount of data to be sent in and out at a fixed monthly price. Depending on your transmission levels, one of these options may make more sense for your firm than the other.

Backup & Disaster Recovery

When it comes to protecting your firm’s critical data and infrastructure, you can never be too careful. Be sure to ask if backup and DR are included and where your data is stored. Are there limitations on restored data if a disaster occurs? What is the time frame to restore data to a secondary location?

Documentation and Transparency

Ensure your cloud provider is open and honest with you about both the cloud infrastructure and the processes that support it. Are Service Level Agreements in place and do they align with your business requirements? Can SLAs be revised if and when your business changes?

Trending to the Cloud

A recent report by CEB TowerGroup, expects the majority of applications will be delivered via the cloud in 2015 and “cloud adoption is potentially highest for post-trade activities, such as accounting, reporting and performance measurement.”

Here at Eze Castle, we see the movement to the cloud continuing, whether it be for hosting applications or full technology outsourcing. Either way, firms are shifting away from deploying costly infrastructure on-premise and leaning towards the operational and financial benefits the cloud offers.

To watch the full replay of our Application Hosting webinar, click here.

Guide to Cloud Computing

<![CDATA[Why are Hedge Funds Moving to Miami?]]>, 13 Mar 2014 00:00:00 -0400 eci What comes to mind when you think of Miami, Florida?

Beaches and sun, exciting nightlife, a popular Will Smith song. These are typical associations with Miami. How about finance? This might not be the first thought that comes to mind, but the city of Miami is hoping that will change. Miami is a major financial hub and growing, and according to the president of the Miami Finance Forum, it’s the second most concentrated financial hub behind New York City.

Currently home to over 60 international banks and 100 alternative investment companies, Miami and its busy Brickell Avenue has emerged as “Wall Street South,” and according to Forbes is luring many financial firms away from more traditional hubs such as New York and Greenwich, CT.

In 2013, the Miami Downtown Development Authority began an initiative to attract Hedge Fund Miami Skylinemore hedge funds, investment firms, and family offices. In an effort to attract financial firms and encourage them to relocate or expand into the city, they have included one-on-one meetings and recruitment trips to the Northeast. The initiative is sparking interest, and inquiries into real estate are piling up. So why is the financial flock heading to Miami? Here are some of the key drivers we’re seeing:

  • Weather: The warm Florida weather is a natural attraction, and many fund managers often vacation and spend time in Florida during the winter months.

  • Location: The short distance between Miami and Latin America offers the perfect opportunity to expand into this emerging market. Latin America has a thriving investment community, and with direct flights to many Latin cities, Miami makes it easy to network and expand business opportunities.

  • Financial Incentives: Miami offers hedge funds and investment firms a variety of tax breaks including no individual income or estate taxes and only federal capital gains taxes.

  • Reduced Travel Costs: Many fund managers spend their winters traveling to investment conferences in the South. With permanent offices in Miami, managers can reap the benefits of reduced travel expenses.

At this point, all signs point to growth in Miami continuing for the financial industry.

And Here's Why the Billion Dollar Club is Going Cloud

Whether your firm is relocating to Miami or moving to a new office down the street, don’t forget there are a host of project management-related considerations. Here are some additional resources to review before your project commences:

Photo Credit: Flickr

<![CDATA[Microsoft XP Extends Antimalware Support, Cybersecurity Concerns]]>, 11 Mar 2014 00:00:00 -0400 eci Back in October of last year, we learned that Microsoft was ending support for its XP operating system – a move that would force users to upgrade to its more current software. Fast forward to today, and more than 29% of PC users are still using XP (according to NetMarketShare). In an interesting move, Microsoft announced recently that it will continue to provide updates to its antimalware signatures and engine for Windows XP users through July 14, 2015. Microsoft did caution that its research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited.

But why?Windows XP End of Life

We can assume this is a move at least partly fueled by slow adoption of software upgrades, based on the figure NetMarketShare has provided. Beyond private PC users, however, there may lie an even greater reason for extending security support. Reports suggest that more than 90% of ATMs across the United States are operating with Windows XP – a potentially crippling situation if hackers were able to breach the operating system. Last year, “a high-profile criminal group in Europe took advantage of a security vulnerability in XP that allowed them to use flash drives to infect ATMs with malicious software, emptying the machines of cash one-by-one. Researchers estimate that they may have gotten away with millions of Euros.”

Even beyond ATMs, the cybersecurity threat to Windows XP is still very real. Avoiding or delaying the software upgrade can pose critical risks to firms as their PCs continue to deteriorate and become more susceptible to breaches and attacks. Financial services firms, in particular, should take note, as a recent study published by PricewaterhouseCoopers (PwC) revealed the financial industry is the most targeted group in the cybersecurity world. The PwC study found that 39 percent of financial services respondents had been affected by cybercrime, compared to the next highest industry at 17 percent.

Here are Eze Castle, we strongly advise you to investigate your firm’s current operating system (or if you’re an Eze client, talk to your client relationship manager) in order to ensure measures are taken to avoid any downfall as a result of Windows XP’s end of life. Despite the malware protection extension, XP’s demise still poses a significant threat to users and businesses who have not successfully upgraded.

In the event you aren’t overly tech-savvy and can’t be sure which operating system you’re currently using, Microsoft has made it simple to find the answer by visiting their website.

To continue reading about security, here are a few handy resources we’d recommend:

Photo Credit: Microsoft

<![CDATA[Dropbox Alternatives Coming to a Hedge Fund Private Cloud Near You]]>, 04 Mar 2014 00:00:00 -0500 eci Dropbox Alternative for Hedge FundsIs Dropbox becoming a noun? For the sake of this article, let’s say it is.

With over 200 million users, Dropbox (and similar services) is gaining popularity based on its ability to allow users to share files and sync data between devices. These capabilities are very appealing but rely on a public cloud platform that can introduce security and compliance concerns for hedge funds.

Dropbox made headlines last year when it was discovered by security researchers that the service opens some files once they are uploaded. While Dropbox provided an explanation, this can be a serious issue for businesses where employees are using Dropbox to share sensitive company and investment data.

So are your employees using Dropbox? Probably. A study conducted by Gigaom of 1,300 business professionals found that one out of five use public file sharing services, such as Dropbox, with work documents. And, half of those users know their companies have rules against it. This raises the question, how do you give employees access to a valuable tool in a way that meets compliance and security protection obligations?

Hello, Dropbox Alternatives

In the hedge fund space, private cloud providers (like us!) are adding enterprise-class file sync and sharing capabilities into their offerings using technology such as Varonis DatAnywhere. Eze Castle Integration recently rolled out DatAnywhere to our Eze Private Cloud clients.

DatAnywhere aims to strike a balance between security and convenience, which it does well. Employees are able to easily share files and access them across multiple devices while the company is able to set sharing and access control permissions for data. Additional benefits of this Dropbox alternative include:

  • Users have the same drag-and-drop experience as shared network drive or cloud sync folders

  • Data is automatically backed up and version controlled

  • Data is transmitted securely over SSL

  • All access is monitored and abuse is alerted

  • No user gets access to data unless they already have permission to access the data

  • Ability to create and easily share collaboration templates for teams, departments and individuals.

The power of file sharing tools is significant, and users will continue to be drawn towards them even when preventative corporate policies are in place. As a result, hedge funds should consider alternatives to empower their employees while staying compliant.

Contact Eze Castle Integration

<![CDATA[A Hacker's Tool Kit: Cyber Security Threats to Financial Firms]]>, 27 Feb 2014 00:00:00 -0500 eci It has been said that cyber weapons can be as dangerous as weapons of mass destruction. To emphasize this, at last night’s FBI Citizens Academy seminar on cyber security in financial markets, the speaker noted that if you take out an industry (think financial, teleco) you can cripple an entire country.

But just how would this happen? What’s in a hacker’s tool kit? Quinn Shamblin, executive director of information security at Boston University, provided a glimpse into the cyber security underworld.

Targeting Your Favorite Device

Let’s start with Mobile Device Security. Hackers are shifting their focus and resources to mobile devices. They recognize that a user’s life is virtually encapsulated on his/her mobile device. From contacts and email to documents, passwords and banking apps, mobile devices now hold as much as or more personal information than PCs or laptops. And most devices do not have anti-virus/malware software installed.

Just last Friday, Apple released a critical update to its iOS 7 operating system after a flaw was identified that could give an attacker with a privileged network position the ability to capture or modify data in sessions protected by SSL/TLS (aka public key encryption). Following that announcement, researchers at a cyber security firm (FireEye) published a proof of concept for a surveillance app that, if created and distributed by hackers, could capture every tap on an iPhone’s screen. The information captured, including passwords and credit card numbers, would be accessible to the attacker. These are just two examples of the cyber security threats facing mobile devices. Users need to be aware that these threats exist and practice smart computing on all devices.

DDoS: A Hacker's Version of Leverage

Next let’s talk DDoS (distributed denial-of-service) attacks, a common strategy used by hackers. We are nearing the one-year anniversary of the largest DDoS attack that was dubbed the “DDoS that almost broke the Internet.” As the story goes, Spamhaus (non-profit, anti-spam organization) came under attack by two individuals who were able to harness open DNS resolvers to send incredible amounts of traffic at the Spamhaus website. It is reported that, at one point, 300GB of traffic per second were being pushed.

In a statement on its website, Spamhaus explains that “preventing attacks like these depends on two key technical measures. First, all networks should ensure that they do not allow traffic to leave their network that has 'spoofed' (forged) sending addresses. Without the ability to spoof traffic there would be no reflection attacks possible. Secondly, open DNS resolvers should be locked down and secured. These attacks should be a call-to-action for the Internet community as a whole to address and fix those problems.”

No Update Here

Another vulnerability hackers love to exploit is out of date software. April 9, 2014 will be a big day for the hacker community, because on April 8th, Microsoft officially ends support of Windows XP. This means no more security patches or updates. We can assume that for the last year or so, hackers have been holding Windows XP-related malware just waiting for Microsoft to end support. (Read more on end of life here.)

For the most part, professionals at hedge funds and investment firms have upgraded from Windows XP, but it is not uncommon for a few of these systems to still be on a corporate network and it only takes one highly connected Windows XP device to let hackers into an entire corporate network. So if you haven’t already, now is the time to start planning to have your systems upgraded. At Eze Castle Integration, we are working with clients to set an upgrade timetable for their systems.

As a final thought, the most commonly infected file types are PDF, Flash and Java so make sure you install updates when they are rolled out by the vendors. Also, never open an attachment from a sender you don’t know.

For more cyber security guidance, check out these articles:

Hedge Fund Cyber Security Guide]]>
<![CDATA[Three Reasons the Private Cloud is Just like Olympic Curling]]>, 20 Feb 2014 00:00:00 -0500 eci Have you been enamored by the coverage of the Winter Olympics the last two weeks? We sure have. And watching all of these great sports we don’t normally get the chance to witness got us thinking – there are a lot of similarities between technology and Olympic sports. They’re both complex in many ways and require experts (engineers and athletes) who are the best of the best at what they do.

One of our favorite sports to watch is curling. And we couldn’t help but notice that Olympic curling and the private cloud are a lot alike. Don’t believe us? Take a look.

Both are safe and secure.

Secure Private Cloud

Let’s be honest: curling clearly presents the least amount of danger and lowest risk for injury at the Winter Olympics. Skiing and snowboarding? We’ve seen our fair share of wipeouts this year. Bobsled, luge and skeleton? Those are terrifying enough just as a spectator. Even figure skating poses a risk when skaters are leaping and twizzling left and right.

But curling? Extremely safe. Athletes can be fairly certain – whether they are curling or sweeping – that they will come out of the event unscathed.

Similarly, users in a professionally managed private cloud environment can rest assured their data and infrastructure are safe and secure. As an investment manager, you should not have to worry about the integrity of your firm’s assets and applications. In a private cloud environment, your infrastructure is protected and monitored by technical experts 24x7x365. To have complete confidence in your firm’s cloud environment, inquire about specific security measures your cloud provider takes to ensure your firm is protected at all times.

Both have a global presence.

Global Cloud

Okay, technically this applies to all Olympic sports, but the countries competing for medals in curling this year cover a wide geography. Male and female athletes from Great Britain, Canada, Sweden, China and Switzerland are vying for Olympic medals this week, and we think it’s great to see so many regions showing off their premier athletes on a global platform.

A cloud platform can only properly support your firm on a global level if it also has a global presence. When looking for a cloud provider, look for a company that can support your operations with data center facilities and employees on the ground in multiple locations. We’re proud to say our Eze Private Cloud supports investment firm users across the world – in the United States, United Kingdom and Asia.

Both require specific technique.

Olympic Curling

At first glance, curling might seem like a simple sport. But in fact, it requires an incredible amount of concentration and skill. The curler (or thrower) is responsible for the delivery of the stone, lunging forward and releasing the stone along the ice. The sweepers are then instructed to sweep the ice in front of the stone in an attempt to reduce friction and control the stone’s trajectory. Strategy and technique are critical to navigating the stone to a place within the house (that series of circle targets you see marked on the ice).

Think you could excel at curling? We’re willing to bet it’s harder than it looks.

Much like curling, the operation and management of a private cloud is not for the average person. Not everyone can design and manage a robust and secure private cloud platform. That’s why relying on an expert cloud provider can make a lot of sense, especially for busy hedge funds and investment management firms. When looking for a cloud services provider to support your firm, seek a company with expertise deploying cloud environments across the globe (see above) and supporting the unique needs of financial services firms. To make it easy, here is a list of questions to ask a potential cloud services provider during the evaluation process.

Visit our Facebook page and tell us which sport in the Winter Olympics is your favorite to watch!

Photo Credits: Wikipedia and Flickr

<![CDATA[Ledgex Tackles Liquidity Management Challenge for Fund of Funds]]>, 18 Feb 2014 00:00:00 -0500 eci Asset Allocator Liquidity Management Software Effectively managi­­ng liquidity and reporting within investment portfolios has been a struggle for fund of funds, institutional investors, pensions and endowments. No manager wants to in a position where their investor liquidity does not match portfolio liquidity but at the same time firms are trying to offer investors more frequent liquidity options as a competitive edge. In some case, investors are even asking for no liquidity limits.

To adapt to the changing liquidity risk landscape, firms are selecting portfolio management systems from companies like Ledgex Systems. Recently, Ledgex released the next generation of its portfolio management platform that delivers new liquidity management and manager research modules. These new tools give firms real-time visibility into their existing and proposed portfolio liquidity options while providing the research and analytics that support the manager selection process.

The Ledgex Liquidity module provides an advanced liquidity modeling utility and reporting engine, which can generate all available options for accessing assets given certain conditions by processing each tranche and their respective trade characteristics with a manager’s liquidity terms. Ledgex can model 90% of the manager liquidity terms used in the industry.

The Ledgex Research module combines CRM, document management and research management capabilities within a single system that removes silos and puts manager research in context with the entire investment portfolio management strategy. Ledgex Research allows investment professionals to efficiently manage, navigate and report on mass amounts of research data, while only acting on the right information. The module adapts to existing processes, from manager selection to manager monitoring, while providing a comprehensive tool to track firm defined manager attributes, including exposures, allocation weighting, attribution, AUM and investor concentration.

Ledgex Liquidity and Ledgex Research further enhance the existing Ledgex platform, which includes:

  • Ledgex Portfolio Manager, a comprehensive portfolio management system that allows managers to easy manage complex portfolio structures and look through these portfolios for exposure, performance and allocation weights.

  • Ledgex Workbench, a front office decision support tool for managing projected capital activity and fund activity and evaluating the impact that these decisions have on your portfolio.

  • Ledgex Investor Relations, a highly configurable tool designed specifically for managing communications, capital movements, meetings, and client interactions in a centralized system that brings organization to the investor relationship management (IRM) process.

Learn more about Ledgex at

Ledgex Liquidity Management for Asset Allocators, Family Offices

<![CDATA[Give Back this Valentine’s Day: Like for Life Campaign]]>, 13 Feb 2014 00:00:00 -0500 eci For the past few years, Eze Castle has held a "Like for Life" Campaign in the hopes of bringing attention to and raising donations for charitable endeavors. Continuing this important tradition in 2014, this year we will be supporting One Laptop Per Child, an organization that focuses on empowering the world’s less fortunate children through education. OLPC’s goal is to provide every child it can with low-cost, low-power, connected laptops. The organization has designed its own hardware, content and software to support this self-empowered learning and to give children the potential for growth and a love of learning.

Because of our love for and obvious interest in technology and hardware, this charity seems like a natural fit. But we cannot support this great cause without your help. To support this worthy organization, Eze Castle is hosting a social media fundraiser in which we pledge to donate $1 to One Laptop Per Child (up to $1,000) for every new “like” we receive on our Facebook page and every new follower received on Twitter (@EzeCastleECI). The pledge campaign will run between February 13, 2014 and March 13, 2014 and we hope you'll make this small move in the hopes of making a big change.

Please take a minute and “like” us on Facebook and follow us on Twitter to help us support One Laptop Per Child and help change the lives of children across the world who deserve the chance to learn.

One Laptop Per Child

If you'd like to learn more about One Laptop Per Child, watch the video below.

<![CDATA[How Is Your Firm Mitigating Technology Risk?]]>, 06 Feb 2014 00:00:00 -0500 eci Investment risk plays an important role in the life of a hedge fund manager, but technology risk should not. When it comes to your firm’s technology systems and operations, you want things to run efficiently, not add more stress to your already crowded plate.

Mitigating technology risk is a critical step to ensuring your hedge fund operates smoothly and successfully. Following are a few areas to keep in mind as you evaluate your firm’s technology risk:

Layers of Redundancy

One way to reduce your firm’s technology risk is to add layers of redundancy throughout your infrastructure. Whether you’re utilizing a cloud infrastructure or an on-premise environment, your servers, networking and telecomm lines should feature N+1 availability, a configuration in which multiple components have at least one independent backup component to ensure system functionality continues in the event of a failure. Mitigating Technology Risk

Disaster Recovery & Business Continuity Planning

Beyond redundant systems, it’s critical your firm employs DR and BCP strategies to protect systems and the overall business from succumbing to an outage or disruption. A complete disaster recovery solution will leverage replication technology to mirror your production environment to an offsite location. If and when a disaster strikes, employees can access data and applications virtually without missing a beat. Outside of technology systems, you can mitigate risk by relying on a business continuity plan to protect employees and processes. Ensure your BCP plan is communicated throughout the firm and all individuals have a thorough understanding of what to do and where to go if business is interrupted.


One area investment firms need to be especially aware of in today’s age is security, as cyber-attacks and other security-related incidents can pose a real threat to a business’ welfare. In order to mitigate these risks, firms need to take the necessary steps to protect their technology environments from internal and external breaches. Security best practices should be implemented at both the physical and infrastructure levels – meaning wherever your servers are located (cloud facility, colocation, Comm. Room), cages should be locked and monitored 24x7x365. To support these practices, strict and enforceable policies should be adhered to regarding access control and information security management. Read more about security best practices here.

Outsourced Technology Solutions

In order to better mitigate all of the above risks we’ve mentioned, your firm can leverage the expertise of a third-party technology provider. By placing the burden of risk on an outsourced provider, you free up your firm’s resources for other projects – whether they be IT or investment focused. Whether its project-by-project or on a part- or full-time basis, your outsourced IT provider can offer a vast array of services and solutions designed to meet your firms unique needs – and, of course, to reduce your firm's inherent risk.

Looking for more on outsourced technology? Read our Guide to Technology Outsourcing for Hedge Funds.

Guide to Technology Outsourcing

Photo Credit: Flickr
<![CDATA[Video: Security Incident Response Priorities for Your Hedge Fund]]>, 23 Jan 2014 00:00:00 -0500 eci At the end of last year, we predicted security would continue to be a hot topic in 2014 - and our experts agree. It's still such an important topic for hedge funds and investment firms to be educated on that we even dedicated our first webinar of the year to it.

Expert speakers from Eze Castle Integration and eSentire spoke earlier today about security incident response priorities and offered best practices for investment firms looking to plan before a security breach occurs.

Watch the video below and learn more about the three critical phases of security incident management:

  • Planning

  • Response

  • Resolution

Be sure to come back to Hedge IT on Tuesday for a more detailed recap of the event! And don't forget to check out some of our other security articles:

<![CDATA[Android Apps Coming to a BlackBerry Near You]]>, 14 Jan 2014 00:00:00 -0500 eci It’s true, the Canadian smartphone maker BlackBerry is preparing to launch a new firmware upgrade to its BB10 OS smartphone, including the Q5, Q10, Z10 and Z30 phones, that will allow Android apps to become available to its users via the BlackBerry World portal.

There is no question the BlackBerry handsets have been struggling because of a significant “app gap.” Consumers have come to expect unimaginable numbers of apps at their fingertips, which can easily be found on iOS and Android.Android Apps

In the past, BlackBerry only accepted apps created using their own proprietary format. The 10.2.1 upgrade to its BlackBerry operating system will support Android apps.

The company has been approaching big games and apps firm developers to upload their Android apps to a new section on its online app store, BlackBerry World. Developers will only need to submit screenshots and descriptions to have their software listed in the BlackBerry World, which means almost no effort from them. Users, on the other hand, will be able to download and install the apps just as they would any content built for their smartphones.

What are the new improvements to the BlackBerry 0S 10.21 upgrade?

The upcoming BB OS 10.2.1 update is set to bring in new features. The new update is expected to add a new section to BlackBerry World where all Android applications will be listed. The Android runtime is also expected to be upgraded, meaning that users will be able to run newer apps.

The new improvements will now include:

  • Android Native Support: Android apps that use shared libraries written in native-code, such as C and C++, will now be supported on BlackBerry 10. Support is limited to the recommended system headers and APIs as documented by Google. Headers and APIs outside this scope may not function correctly.

  • Bluetooth: Android applications using Android Bluetooth APIs will now work on BlackBerry 10. Bluetooth Low Energy for Android is planned to be supported in a future OS release. As a reminder, Bluetooth LE is supported in the BlackBerry 10 Native/Cascades SDK.

  • MapView v1: Applications that use MapView from Google Maps v1 API are now supported using OpenStreetMaps. Support for MapView v2 API is being planned for a future release.

  • Share Framework: Android applications that register with the share framework in Android will now also appear as share targets on the BlackBerry 10 share menu.

  • Spellcheck: Applications that use text input can now leverage support for spell checking and correction, and the ability to add words to the BlackBerry 10 dictionary.

No date has been confirmed for when BlackBerry is expected to release the OS 10.2.1 update.

<![CDATA[Five Ways the SEC Will Impact You in 2014]]>, 07 Jan 2014 00:00:00 -0500 eci This week we have a contributed post from Deborah Prutzman, CEO of The Regulatory Fundamentals Group.

Since the summer of 2012 the SEC has embarked on a drive to change the culture within financial services firms, including those in the alternatives space. At first the SEC focused on education—both of its staff and of industry participants. Now the SEC is actively using enforcement as a hammer to drive deeper change. Enforcement cases in 2013 included a focus on boards that failed to properly steer the valuation process and on individuals who misled compliance, as well as the highly-publicized cases involving insider trading.

What does this mean for you in 2014?

Five Ways SEC Will Impact You in 20141. The SEC will continue to focus on governance and on gatekeepers. This means you. Whatever your role-- as an adviser, on a board, or as a service provider-- you must have a grasp of key regulatory requirements. The SEC has announced an initiative to bring enforcement actions for inadvertent (or in technical terms “non-scienter”) violations. Do not let your firm be on that list. Take the time to learn what is required of you. Doing otherwise is like crossing the street with your eyes closed. Some may make it across, but do you want to be the one hit by a truck?

2. The SEC will continue to follow the money. This means continued focus on conflicts, valuation, expenses and compensation. Exam questions will change accordingly, as will enforcement proceedings and investor scrutiny. Recent enforcement proceedings illustrate that staff can be reluctant to raise issues with senior management that have the potential to hit the bottom line. Reflecting point #1, senior managers must encourage staff to raise these issues and demonstrate their importance by undertaking their own meaningful inquiries. Guidance may come from the UK regulators which have instructed management to undertake an internal conflicts assessment. (In fact, again reflecting point #1, UK regulators required some CEOs to attest that an assessment of conflicts has been presented to their firm's governing body and that the firm’s process for handling conflicts is adequate.)

3. Your protection will be a strong governance process. Senior management will need to be able to clearly articulate how it satisfies its “duty to supervise”— to drive both business results and to comply with legal requirements. There can always be a bad actor in an organization. Should enforcement personnel determine this to be the case, senior management will protect their firm and its staff during the enforcement process by showing that the individual acted alone. In short, strong governance provides coverage and credit if a bad actor is discovered. On a related note, the SEC relies heavily on cooperation and strong supervision can lead to meaningful cooperation in the regulator's eyes.

4. A strong governance process will include a full-fledged compliance program. This is compliance as an organic part of the organization and incorporates risk assessments and enhanced testing, not just the existence of a compliance manual. It will also include self-reporting and other behaviors underscored in the U.S. Federal Sentencing Guidelines.

5. Investors will focus on these issues even more in 2014 than in 2013. They will add a third leg to their due diligence efforts—legal and regulatory due diligence, which complements market and operational issues that were the focus of due diligence in the past.

The upshot of all this is that understanding the issues, and staying ahead of any changes, will help you run a tighter ship, understand your business better and protect you, your staff and your firm should something go awry. Doing so will not only keep regulators at bay, but will also instill greater confidence in your investors. In a tough market where investors are increasingly concerned with legal and regulatory exposure, managers who master regulatory requirements will enjoy a competitive advantage over firms that do not provide their investors with the same level of protection.

<![CDATA[Best of the Year Blog Posts: 2013 Edition]]>, 31 Dec 2013 00:00:00 -0500 eci I know, I know, we say it every year. But can you believe another year has come to an end? Even more amazing? We’ve now been bringing you fresh content on Hedge IT for nearly four years – including close to 400 articles! As we look ahead to 2014, we want to extend a huge THANK YOU to our loyal Hedge IT readers and hope you’ll stick around to see what we have up our sleeves in the New Year. Here’s a hint: it may even include a fresh new look...

With that said, as we do every year, let’s take a look back at some of our most popular Hedge IT articles from 2013. Here are some of your favorites (and ours, too).

Most Investment Firms Are In the Cloud: Are You?

Back in September, we revealed the results of our 2013 Survey: Examining Cloud Usage within the Investment Management Industry. In conjunction with IDG Research, we surveyed more than 100 financial services firms and found that nearly all of them (87%) are using the cloud in some way. Other key findings included the dominance of the private cloud (74%) and the growing belief that the private cloud is just as secure as an on-premise infrastructure. Read the complete survey report here.Happy new Year 2014

A Look at Liquidity Risk Management

Investment firms face a host of liquidity risk and data management challenges in today’s changing environment. But new and robust tools are designed to assist firms with these challenges and help them achieve the highest levels of liquidity management efficiency. Our partners at Ledgex Systems have built one such tool.

AIFMD’s Impact on US Hedge Funds: An Expert’s View

The Alternative Investment Fund Managers Directive (AIFMD) went into effect in 2013, but before its inception, we hosted a webinar with Bill Prew, founder of INDOS Financial, and he took us through the legislation’s goals and objectives and how both UK and US fund managers might be affected. Read his key highlights and watch a full replay of the webinar.

10 Signs it’s Time to Rethink Your Approach to DR & BCP

Another one of your favorite webinars of 2013 was our session on rethinking disaster recovery and business continuity. Our resident DR & BCP experts, Steve Banda and Lisa Smith, took us through their 10 signs to look for, which included everything from hardware refreshes and due diligence reviews to organizational changes and incident response practices.

The Business Case for Moving to the Cloud: A Hedge Fund Manager’s View

While the technology benefits of moving to the cloud are well-known, the business case is just as important – and often misunderstood. Some of the key business benefits realized as a result of cloud services include transferring from CapEx to OpEx, enhancing operational efficiencies and hosting applications with increased ease.

The Hedge Fund CFO’s IT Checklist: Questions to ask about the cloud

Speaking of the business case for the cloud, it oftentimes falls to a hedge fund’s CFO to manage technology – but what if that person doesn’t have a technology background? We provided a handy checklist for hedge fund CFOs to reference when asking about the cloud. Important information to gather should include upfront costs, budgeting & forecasting, security concerns and compliance considerations.

Training Your Employees on Information Security Awareness

Security was one of the hottest topics of 2013 – and we predict it will remain so in 2014. One often overlooked component of hedge fund security is remembering to train and educate employees on security vulnerabilities and what they can do to protect themselves and their firm. Coordinating a formal training session is a good strategy for ensuring everyone is on the same page.

Is Bigger Always Better? Advice for Hedge Funds Named David

This year in San Francisco we gathered an exciting panel of experts to talk about technology and hedge fund outsourcing. Their conversation focused mostly around how smaller and mid-sized firms can leverage outsourcing to compete with their larger counterparts. (We’re talking David vs. Goliath here!). Read the full article for some insight into advantages your firm may have if you’re on the smaller side, too.

That’s it for us in 2013! We wish all of our clients, partners, colleagues and friends a safe and happy New Year and hope to see you in 2014!

Photo Credit: Google]]>
<![CDATA[New Year, New Trends: What to Look for in Technology in 2014]]>, 26 Dec 2013 00:00:00 -0500 eci It’s hard to believe, but it’s already the time of year we look into our crystal ball and predict the top technology trends for the coming year. 2014 is right around the corner, so here’s a look at what we think will be some of the dominant topics in the tech world.

Hedge Fund Outsourcing Grows in Popularity
One dominant topic that came up during our Boston hedge fund event earlier this month was outsourcing. According to several experts, hedge funds and investment firms can and should continue to outsource areas of their business to service providers as a strategic initiative. Outsourcing leave the nuts and bolts of any area (be it technology, fund administration, etc.) to the service provider, and it allows the fund to focus on higher value areas including, naturally, investment management.

Cloud Solutions Become the Standard
There is no denying the steady adoption of cloud services among hedge funds and investment firms over the years. In fact, our 2013 Cloud Usage Survey shows adoption has risen to nearly nine out of ten firms across the U.S. In 2014, we believe the cloud will become the de facto solution for 2014 Fireworksbusinesses as firms gravitate towards the simplicity, flexibility and ease of management the cloud has to offer.

Security Remains Top Concern
For the last few years, security has been a prominent area of focus for businesses of all kinds, especially investment firms. We’ve spent countless hours talking about hedge fund security and offering our best practices and tips for firms to rely on to stay protected. Unfortunately, cyber-attacks and security threats still pose serious risks, and all firms must work diligently in 2014 to stay educated on the topic and implement sound practices to mitigate any internal breaches or external vulnerabilities. We believe security is such a serious topic, in fact, we’re even kicking off our 2014 webinar series with an installment on Incident Response. To pre-register for this event, email us.

BlackBerry’s Decline Continues
BlackBerry made headlines again this week, as its co-founder abandoned plans to buy the company outright and reduced his stake in the company to under five percent. The announcement comes on the heels of news that BlackBerry lost $4.4 billion last quarter and is discontinuing hardware development to focus more on the software side of the business. In 2014, we expect Apple and other smartphone devices and operating systems to continue their dominance as BlackBerry, sadly, becomes a name of the past.

The War Goes On: PC vs. Tablet
Speaking of changes, one could argue there will be no greater transition on the technology front than the current shift away from PCs and toward tablets and smartphones (BlackBerry excluded, apparently).

According to some, tablets are the new PCs and will account for about half of the “PC” global market share in 2014. Others predict traditional PC purchases to increase in the future as refresh cycles hit and more traditional consumers opt to stay true to the devices they have previously owned. Earlier this year, Intel sponsored an InfoBrief which found that U.S. adults are still using traditional PCs as their primary computing devices. Productivity will play a significant role is how both consumers and businesses select which devices to use and recommend.

Be sure to come back next week as we take a look back at our top Hedge IT blog posts of 2013!

Photo Source: Google]]>
<![CDATA[Happy Holidays From Eze Castle!]]>, 24 Dec 2013 00:00:00 -0500 eci In honor of the holiday season we would like to wish our clients, partners, colleagues and friends a happy and healthy new year. May it be filled with success and good fortune!

Happy Holidays

<![CDATA[2013 Benchmark Study Reveals Top Hedge Fund Applications]]>, 19 Dec 2013 00:00:00 -0500 eci The results from our Global Hedge Fund Technology and Operations Benchmark Study are in and here is a snapshot of the 2013 findings. You can find the complete report here. We surveyed 538 buy-side firms across the United States, UK and Asia in order to discover their front, middle, and back office technology and application preferences.

Respondent Profile

All survey respondents fell into the following categories within the financial industry: hedge fund (60%), asset/investment manager (13%), private equity firm (8%), fund of hedge fund (5%), non-financial firm (5%), advisory firm (1%), broker dealer (1%), venture capital firm (1%), quant fund (1%), or ‘other’ (3%).

The firms resided in three different asset classes: 30 percent reported their AUM as $100 million and under; 32 percent fell between $101 and $500 million; and 38 percent reported over $500 million in assets under management.

In regards to investment strategy, long/short equity continues to dominate as the most favorable with 45 percent of respondents reporting this to be their primary investment strategy. Other preferred strategies include fixed income (8%), credit (7%), global macro (6%), emerging markets (6%), distressed debt (5%), and event driven (4%). The top prime brokers employed by firms in 2013 are Goldman Sachs, Morgan Stanley, Credit Suisse, JP Morgan and UBS (same as last year).

Front Office

OMS: Firms use order and execution management systems in order to support trading, operations, compliance and portfolio management. Once firms have passed their initial launch phase and start seeing investment growth, a robust and efficient solution becomes critical to their continued progress and development. Our survey found that most firms rely on Eze Software Group’s Eze OMS, followed by Bloomberg’s Asset and Investment Manager (AIM), Advent’s Moxy and RediPlus EMS.

Market Data & Analytics: Bloomberg continues to be at the head of the pack as far as market data services and analytics in the financial industry. Respondents reported that 92 percent are using Bloomberg for market data and 82 percent for market analytics.

Research & Document Management: Even with the growing need for research and document management tools, more than half (55%) of firms responded that they are not using a formal RMS tool. Most firms (34%) are still using an in-house or proprietary system for research and document management. For those firms using a specific tool, Advent’s Tamale, Microsoft’s SharePoint, or Code Red RMS are the most common.

Middle & Back Office

Portfolio Accounting: Advent Software continues to be the primary market leader in regards to portfolio accounting with its APX and Geneva products remaining the top two choices among investment firms surveyed. Both APX and Geneva users represent 27 percent of the market share, accounting for more than half of the total responses from firms surveyed.

Risk Management: We are still seeing slow growth towards the adoption of risk management solutions despite the high demand for firms to manage risk in all areas of business- including portfolio, compliance and operational risk. This may be due to firms outsourcing risk management capabilities to a fund administrator instead of using a formal RMS system. For those firms that do have a formal solution in place, the most popular vendors used outside of proprietary systems include Advent, Calypso, Risk Metrics and SunGard.

Outsourced Administration: While not all firms choose to utilize an outsourced fund administrator for more comprehensive services, those that do tend to work with a variety of different vendors. Citco was the top choice among our survey respondents, followed by SS&C GlobeOp, and Goldman Sachs. Northern Trust, State Street and US Bancorp also made the list of top administrators.

Customer Relationship Management: The top three CRM tool providers remain consistent from last year's survey. However, has moved forward as the most popular solution with Backstop in second and Pertrac slipping to third place.

Message Archiving: A vast majority of survey respondents (82%) are relying on Global Relay for their email and IM message archiving services. This figure also includes Eze Castle’s Eze Archive service, which is powered by Global Relay. The remaining firms are primarily using Smarsh, Frontbrige, Postini, Symantec or Microsoft Exchange.

Mobile Technology: We continue to see firms using BlackBerry (92%) as their primary mobile solution. However, iPhone use has increased because of the recent trend in BYOD and the deployment of mobile device management solutions.

What’s Next?

Like past years, we expect to see the rise in adoption of cloud services will remain a major game changer in how hedge funds and investment firms choose the technology that supports their operations. According to the results of our survey: Examining Cloud Usage within the Investment Management Industry, which came out earlier this year, nearly 9 out of 10 firms are using cloud services currently or plan to do so in the near future. Additionally, we expect to see firms select their technology based upon the influence of investors. Investors have become more knowledgeable about the technology landscape and are placing greater demands on the quality of technology used by investment firms. Firms should expect to see greater expectations, and in return be optimistic for greater rewards!

We hope our 2013 Hedge Fund Technology Benchmark Study will serve as a guide and assist firms in making these critical decisions.

2013 Hedge Fund Technology Report

<![CDATA[Painting a Picture of Hedge Fund Technology (Infographic)]]>, 17 Dec 2013 00:00:00 -0500 eci They say a picture is worth a thousand words so here is an infographic of our 2013 Global Hedge Fund Technology Benchmark Study that explores the most common front, middle and back office applications and technology used at today's hedge funds.

You can download the full report HERE or come back Thursday for more interesting findings from the study.

<![CDATA[Five Years Later: How Bernie Madoff Has Transformed the Investment Industry]]>, 12 Dec 2013 00:00:00 -0500 eci Yesterday marked exactly five years since the infamous Bernie Madoff was arrested for executing the largest Ponzi scheme in U.S. history. As a result, Wall Street and the investment community has undergone a plethora of changes designed to avoid such scandals in the future. Let’s take a look at the lasting impact of Madoff and what changes we can still expect to see in the future.

The History

Unless you’ve been living under a cave for the last several years, you’ve heard the name Bernie Madoff and understand its association with all things negative: scandal, fraud and disgrace. The former NASDAQ chairman and founder of Bernard L. Madoff Investment Securities LLC (BLMIS) swindled billions of dollars and affected more than 12,000 investors, faking investment returns over the course of multiple years.

Amidst the nation’s most serious financial crisis since the Great Depression, we all learned of Madoff’s devastating scheme. He eventually turned himself in at the urging of his sons and is currently serving 150 years in federal prison for his crimes.

The Impact Bernie Madoff - Cover of Portfolio Magazine

The effects of Madoff’s investment scheme can still be felt throughout the investment community and across Wall Street. Shortly after Madoff’s confession (and the US financial crisis), the Securities and Exchange Commission (SEC) began taking steps to combat similar scandals and protect future investors. One of the first initiatives put into place post-Madoff was the Dodd-Frank Act, also known as the Wall Street Reform and Consumer Protection Act In addition to registration requirements and new rules for exemptions, Dodd-Frank also prompted hedge funds and investment firms to adhere to new reporting requirements and gave the SEC authority to monitor financial firms with the potential to pose systemic risk.

Around the time Congress began working on Dodd-Frank, the investment industry also began making general calls for greater transparency to investors. The rise in comprehensive due diligence inquiries from investors over the past years has been significant, as investors want more clarity and insight into the funds they are allocating their investments to. We continue to assist our hedge fund clients in completing due diligence questionnaires relative to their technology and security practices to satisfy investor requests and give them greater piece of mind.

More recently, the SEC has adopted additional reporting requirements to prevent future Madoffs from arising. In July 2013, the SEC voted to approve a rule requiring brokers to file quarterly reports detailing how they maintain customer securities and cash.

Lastly, according to Forbes, the SEC has continued to file record numbers of investigations and enforcement actions against advisors and other investment firms, making good on their promise to pay closer attention to the actions of those in the investment world.

The Future Due Diligence Prep Tools

Though Bernie Madoff may reside in a North Carolina prison, the fallout of his incredible Ponzi scheme is very much part of our world today. Five former Madoff employees are currently standing trial for their alleged participation in the scandal. Beyond their individual fates, Wall Street and the greater investment community will continue to feel the effects of Madoff’s fateful decisions. Investors have come a long way in demanding greater transparency and reporting standards from firms, and we expect that will only continue in the years to come. On the technology side, investors are careful to inquire about the specific systems and infrastructure used to secure and protect their assets – another critical component to ensuring a similar financial crisis does not take place. Only time will tell how else the industry will continue to adapt following the Madoff scheme and other financial crises.

To read more about hedge fund due diligence, check out these articles:

Photo Credit: Flickr]]>
<![CDATA[The Who, What, When and Where of the Bad, Bad Cryptolocker Ransomware]]>, 10 Dec 2013 00:00:00 -0500 eci At last week’s Hedge Fund Launch 2.0 seminar, the topic of the malicious Cryptolocker malware that is circulating was highlighted as a wakeup call for why backup and security are nonnegotiable IT components. Questions abounded about this new evolution in malware so today’s post aims to address the who, what, when and where of Cryptolocker as well as a few other common Qs.

What is Cryptolocker?

Cryptolocker is a new variant of ransomware that restricts access to infected computers by encrypting them and demanding that the victim pay the attackers a ransom in order to decrypt and recover their files. Some versions of Cryptolocker can encrypt local files as well as external hard drives, network file shares and even cloud storage services that allow local folders to sync with online storage. The malware is severe and a real threat. If a company becomes infected and does not have their files backed up the files may be lost.

At Eze Castle Integation we have had clients become infected. Thankfully in these cases the clients had the appropriate backup systems in place and were able to restore the files to the pre-infection state. As of this time, the US-CERT says the primary means of infection appears to be phishing emails containing malicious attachments. The attachments may look like legitimate emails, so it is important to remind users not to click on any email links if they do not know the sender.

Fake Email

Who is behind Cryptolocker?

This is a difficult question to answer as it appear there may be a few different cyber-attack groups using CryptoLocker at the moment. What is known is that attackers demand a ransom payment in a number of different payment methods, including Bitcoin, that allows them to stay anonymous. Bitcon is an open source peer-to-peer payment network.

Where and who is Cryptolocker targeting?

According to Kaspersky’s Costin Raiu, this malware primarily targets users from US and UK, with India, Canada, Australia and France being second-tier targets.

What’s the difference between Ransomware and Cryptolocker? (This Q&A comes direct from Symantec)

The difference between Ransomlock and Cryptolocker Trojans is that Ransomlock Trojans generally lock computer screens while Cryptolocker Trojans encrypt and lock individual files. Both threats are motivated by monetary gains that cybercriminals can make from extorting money from victims.

What happens if my computer is infected?

According to Kaspersky, once infected, the ransomware-interface displays a countdown clock of three days, warning users that if time elapses, the private decryption key will be deleted forever, and there will be no way to recover the encrypted files.

At this point, users have two choices: 1) pay the ransom and hope the attackers make good on their “promise”or 2) recover their data from backups. Any hedge fund or investment management firm should be able to confidently select option number 2. Regular backups are a nonnegotiable part of a hedge fund’s data protection strategy and the cryptolocker virus highlights just why.

CryptolockerUS-CERT also suggests the following possible mitigation steps that users and administrators can implement if they believe a computer has been infected with Cryptolocker:

  • Immediately disconnect the infected system from wireless or wired networks. This may prevent the malware from further encrypting any more files on the network.
  • Users who are infected with the malware should consult with a reputable security expert to assist in removing the malware.
  • If possible, change all online account passwords and network passwords after removing the system from the network. Change all system passwords once the malware is removed from the system.

What can we do to avoid getting infected?

Here are a few things you can do to prevent your PC from being infected:

  • Most viruses are introduced by opening infected attachments or clicking on links to malware usually contained in spam email. Have users avoid opening emails and attachment from unknown sources, especially zip or rar archive files.
  • Don’t open attachments from an unknown sender.
  • Maintain up-to-date anti-virus software.
  • Use a drive that is backed up to save important files – do not save them to a local machine/PC that is not backed up regularly.
  • If you must save files locally, make sure they are backed up somewhere and regularly.
  • Keep your PC and software up-to-date.

Some handy articles on security best practices:

Hedge Fund security guidebook]]>
<![CDATA[Expert Tips for Launching a Hedge Fund in a New Environment]]>, 05 Dec 2013 00:00:00 -0500 eci As we look forward to 2014, we can expect that the hedge fund and investment management industry will continue to evolve and experience change as in years past. As more and more new funds launch, the competition for investors will increase and firms will be hard-pressed to live up to the successes of the top performing funds in the industry.

Earlier this week, we gathered several panels of experts in Boston to share their insights into the hedge fund landscape for startups in 2014 and the tips and advice for firms looking to compete in the changing marketplace. Following is a brief recap of the event.

Building a Hedge Fund is Like Building Any Successful Business

When starting a new firm, it’s critical to think about all aspects or forming a new business. Yes, your investment strategy is important, but if the foundation of your business is not critically thought out, it will wreak havoc for your firm. Following are a few areas you shouldn’t overlook as you go through the launch process:Open for Business

  • Talent identification: As you build your business, choose employees who complement you and your vision for the firm. Be sure to spend time with people on your team from the start to avoid clashes down the road.

  • Planning for growth: It’s critical to think beyond your initial startup. Investors want to see growth plans, and you should expect to develop one that details your goals for the next 3 to 5 years.

  • Story-telling. Speaking of investors, you only get so many opportunities to impress them. Be sure to tell your story (and make it interesting!). Keep the lines of communication open as you secure an investor base.

  • Maintaining privacy: In Massachusetts, there are strict regulations about keeping client and investor personal information confidential and private, in other words, encrypted. MA 201 CMR 17 should be taken seriously and not overlooked as Boston-area firms look to launch. Keep in mind, the regulation applies to firms who have clients/investors in MA – so even if your firm isn’t based there, you may be subject to compliance.

Achieving Institutional-Grade Technology

One way to set yourself apart from your competition is by ensuring your technology is up-to-snuff. As you look to implement a technology solution (either in-house or with an outsourced provider), remember that investors are more tech-savvy than ever and expect to see robust systems and practices in place to protect their investments.

One of the biggest technology priorities for 2014 is security. With threats and ‘hactivism’ at an all-time-high, it’s more important than ever that firms implement sound security best practices to thwart attacks and protect critical infrastructure. Adding various layers of security will help ensure your firm doesn’t succumb to an attack or breach. At a baseline, firms should implement secure firewalls, anti-virus protection and spam and web filtering solutions, plus ensuring strong passwords are maintained and changed often. If you want to add additional layers of redundancy, you should consider real-time monitoring and intrusion detection. Malicious virus attacks such as the Cryptolocker virus have circulated recently and are important reminders to employ security best practices throughout your firm.

Other technology priorities for 2014 include maintaining comprehensive DR and BCP plans. Investors expect to see that your firm is prepared for an outage or disaster – whether it be an office power outage or a regional disaster. Educating and training employees on proper procedures is also essential to ensuring your business remains operational regardless of the situation.

Capital-Raising in a New Era

As the investment industry continues to evolve, capital raising becomes more of a strategic effort for hedge fund firms. And with the recent implementation of the JOBS Act – allowing firms to openly market and advertise to investors – firms need to get serious about their fundraising strategies.

It’s important to understand what investors are looking for. Here are a few qualities:

  • High positive returns

  • An experienced portfolio manager with the ability to raise assets

  • Proven track record

  • Insight into the non-investment side of the business (e.g. operations, technology, etc.)

  • Follow up and communication

  • Better terms and less complexity

Once you have a firm understanding of what your potential investors are looking for, it’s time to pull yourself together and begin preparing. Follow these simple tips outlined by our speakers:

  1. Define your story. Formulate your vision and tell investors who you are. Seize the opportunity and make sure you get it right.

  2. Identify your audience. Does your target have an appetite for your product? Highlight the importance of having a targeted marketing plan.

  3. Do your research. Know who you are meeting with.

  4. Make yourself available. Maintain regular communication with investors and give them access to other members of your firm to speak with.

That’s it, folks! Our speakers had a lot to say. If you have any questions about tips and best practices for starting a hedge fund, please reach out to speak to one of our experts.

Contact an Eze Castle representative

Photo Credit: Flickr]]>
<![CDATA[Reflecting on What We're Thankful For This Thanksgiving]]>, 25 Nov 2013 00:00:00 -0500 eci It’s almost Thanksgiving, and like always, we are reflecting on what we are truly greatful for. This year, we thought we’d ask some of our Boston employees what they’re thankful for this holiday season.

View our slideshow below to see their answers!

Click to play this Smilebox slideshow
Create your own slideshow - Powered by Smilebox
A digital slideshow by Smilebox
<![CDATA[Cybersecurity Insurance Evolving to Protect Businesses From Increasing Threats]]>, 07 Nov 2013 00:00:00 -0500 eci Last month, former Secretary of Homeland Security Michael Chertoff said the most significant threat we face as a nation is cybersecurity. That’s a pretty jarring statement given the threats our country faces in terms of terrorism and war, for instance. But the reality is, cyber networks have become the gateway for risks both on the global terrorism front as well as within our internal circles at our places of business.

With watchful eyes geared towards security threats, interest in cybersecurity insurance continues to rise. The Department of Homeland Security and the Department of Commerce have identified cybersecurity insurance as a viable opportunity to thwart the effects of security breaches and attacks by:

  • Promoting widespread adoption of preventative measures;

  • Encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection; andSecurity Headlines

  • Limiting the losses that companies face following a cyber-attack.

Cybersecurity insurance can cover risks including data breach or loss, network damage, and cyber extortion, though less tangible damages such as client losses or reputational damages may be more difficult to find coverage for.

The cybersecurity industry, particularly the insurance companies themselves, are working diligently to address increasing concerns and identify potential risks so as to properly protect businesses in the future. Insurance companies, for example, have a naturally vested interest in promoting greater security to minimize risks, as they will, in the end, be required to pay out cyber losses to any affected parties. Therefore, according to Bloomberg Law, “an insurer can require a policyholder to establish that it has adopted certain precautions and practices before the insurer will issue coverage. The [Internet Security Alliance] asserts such requirements may eventually become de facto standards that are tailored to fit the needs of diverse businesses.” Insurance companies may also exercise the benefit of offering lower premiums to firms already employing cybersecurity best practices.

What is the future of cybersecurity insurance?

It’s hard to say at this point, as the industry continues to evolve at a rapid pace. With security risks of a diverse nature, it will take time for the proper authorities, including Homeland Security and the Internet Security Alliance – as well as the insurance providers – to work together in identifying a list of comprehensive cyber risks and encouraging effective precautions and best practices. We’ll be keeping our eyes and ears open to any developments on this in the near future.

For more information on cybersecurity, check out these interesting reads:

Contact an Eze Castle representative

Bloomberg Law, Cybersecurity: Moving Toward a Standard of Care for the Board,”

Department of Homeland Security,
Photo Credit: Eze Castle Integration

<![CDATA[While Your Traders Watch Twitter, Is Your Fund Still Compliant?]]>, 31 Oct 2013 00:00:00 -0400 eci Happy HalloweenFirst and foremost, Happy Halloween!

In honor of Halloween, I’m going to share a trick and a treat about the world of social media and investment firms.

First the trick.

Did you hear the story about how shares of bankrupt Tweeter soared when Twitter announced its IPO? If not, here goes According to WallStreetInsanity, on October 4, 2013, “shares in bankrupt TWTR Inc. (OTC: TWTRQ) were up over 1500 percent as the company’s stock soared from $0.0 to $0.15 on extremely heavy volume. Seems some people thought the consumer electronics retailer was Twitter.”

This story demonstrates that traders are monitoring social media outlets for investment ideas even if they are not personally participating. It also shows that many of those folks buying TWTRQ didn’t quite understand how an IPO works or what Twitter will be valued at (certainly not pennies), but we’ll ignore that fact for the sake of this article.

Now for the treat.

Social media can be a powerful tool for business development as well as investment idea generation. If a hedge fund is participating in social media they absolutely need an archiving solution in place, because like other forms of electronic communications, social media is also subject to regulatory requirements. According to Global Relay, FINRA Notice 10-06 and 11-39 advise that firms must ensure they have an archive in place to retain all records of social networking communications as per SEC Rules 17a-3, 17a-4 and FINRA Rule 4511 — much the same as with business email and instant messaging.

However, what if the fund isn’t participating, but traders are monitoring Twitter for investment ideas?

Good question. Increasingly, traders are using social media for a real-time barometer of what is going on in the markets. Analyzing data can help firms spot new trends and gauge whether traders are optimistic or pessimistic. This information can be useful in ascertaining if a stock or asset is gaining attention and ready to move. At the same time, at the Reuters Investment Outlook 2013 Summit, an FBI agent said the FBI is using social media tools to investigate insider trading.

The growing use of social media for trade ideas combined with increasing regulations is making it even more important for hedge funds and investment firms to be aware of how and where employees are using these tools. If traders are actively monitoring Twitter, we recommend firms put a policy in place and consider supporting technology such as Global Relay Archive for Twitter.

Beyond just capturing all messages (i.e. tweets, mentions, direct messages, etc), Global Relay Archive for Twitter captures a user’s actual Twitter feed along with its contextual metadata. According to Global Relay, the end result is a rich representation of the messaging data within the Archive for review and supervision.

Here are a few other articles on social media you may find interesting:

Contact Eze Castle Integration

Photo Credit: Teacher Worksheets

<![CDATA[Opalesque Radio: Answering Fund Operational Challenges]]>, 29 Oct 2013 00:00:00 -0400 eci Eze Castle on the RadioThis week Opalesque Radio featured an interview with Bob Guilbert, managing director here at Eze Castle Integration, on addressing operational challenges facing hedge funds with cloud solutions.

The 9:30-minute podcast covers a range of topics. You can listen to the full podcast HERE, just jump to the sub-features that interest you most below.

Hedge Fund Differentiation & the Cloud

Can you tell us something about the hedge fund clients you service and the kinds of challenges they are confronted with today? How can such hedge funds differentiate themselves? What are the business needs that make such hedge funds consider or switch to cloud-based solutions?

Duration: 02:39

Play now

Cloud Adoption Rates

So how has Eze Castle seen the rate of cloud adoption increase over the last few years? What are the different ways in which cloud-based solutions can be used?

Duration: 01:18

Play now

Public, Private or Hybrid

Are hedge funds primarily using public, private or hybrid clouds?

Duration: 00:32

Play now

Hot Topics: DR, BCP and Security

How can hedge funds achieve improved disaster recovery and business continuity? What level of security does it, and can it, offer in the context of cybercrime?

Duration: 02:33

Play now

Cloud Security?

Based on your survey findings, security is identifiable as a primary reason for hedge funds to embrace the private cloud. What sort of security practices should firms be looking to put in place, or expect from their service providers?

Duration: 01:23

Play now

The Future of Hedge Fund IT?

How are you expecting hedge fund service related technology to evolve? Will cloud-based services still be the technology-of-choice for investment firms?

Duration: 01:03

Play now

Hedge Fund Cloud Adoption Survey Report 2013

<![CDATA[Goodbye Windows XP and Office 2003: Are you ready for End of Support?]]>, 24 Oct 2013 00:00:00 -0400 eci On April 8, 2014 two Microsoft products – Windows XP and Office 2003 – will reach "end of support". End of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance for these products.

What Does This Mean?

Microsoft XP End of Life

End of support is significant for a number of reasons. First, this means that Microsoft will no longer be a support option should complex issues arise surrounding the software.

Secondly, Microsoft will no longer provide security hotfixes or any patches for these systems. This means that any security vulnerabilities left in these systems will no longer be addressed by Microsoft and calls to their support will not be worked.

The longer workstations keep Windows XP and Office 2003 versions the more vulnerable they become to virus/malware/rootkit infestations and risk potential data compromise.

What Should I Do?

If you haven’t already, now is the time to start planning to have your systems upgraded. At Eze Castle Integration, we are working with clients to set an upgrade timetable for their systems.

It is important to note that, as of now, Bloomberg software is not supporting Office 2013. Therefore, Bloomberg users may select to have any new PCs downgraded to Outlook 2010. Bloomberg’s September 2013 release notes for their software state a TBA answer for support of Office 2013.

If you are an Eze Castle Integration client, please contact your client manager with any questions.

Related Articles:

Image Credit: Microsoft
<![CDATA[A Best Practices Guide to Business Continuty Planning]]>, 17 Oct 2013 00:00:00 -0400 eci There has been a lot of discussion about “best practices” lately when it comes to business continuity and disaster recovery planning, especially as we approach the first anniversary of Hurricane Sandy. In fact, I had the pleasure of speaking about some specific DR and BCP best practices earlier this week during a webinar, 10 Signs It’s Time to Rethink Your Approach to DR/BCP.

If you do a Google search for “business continuity and disaster recovery best practices,” you’ll get several options to choose from. However, if you are in working in the financial industry, the first resource you should consider taking a look at is the best practices guide published by the SEC, FINRA and CFTC in August 2013.

Sandy was a remarkable storm that affected many businesses along the East Coast, including hedge funds and investment firms based in the tri-state area. Post-Sandy, regulatory bodies including the SEC, FINRA and CFTC met with several registered advisors to ensure they were prepared for future disasters. Based on the findings, these organizations developed a four-page best practice guide for investment firms.

As a Certified Business Continuity Planner, I’ve had the pleasure of working with some of Eze Castle’s clients to compare these best practices with their own BCP and DR planning strategies. Below I’ve outlined some of the primary best practices offered by the SEC/FINRA/CFTC and how they can be applied to your firm. I encourage you to take these to heart as you are developing new BCP/DR plans and modifying existing strategies.SEC Best Practices for Business Continuity Planning

1. Communication Plans

  • Outline procedures for communicating with external business partners (regulators, exchanges, emergency officials, etc.)

  • Ensure your website is kept current and can post a recovery status.

  • Consider multiple broker-dealer relationships to allow for multiple market entry points

2. Remote Access/Telecommunication

  • Validate that employees have the ability to work remotely, especially essential personnel.

  • Assess the resources being utilized by employees to work remotely to identify areas for improvement to increase efficiency.

  • Validate your firm’s infrastructure can accommodate telecommuting of all employees.

3. Review and Testing

  • Conduct full BCP tests at least annually.

  • Validate critical functions can operate regardless of location.

  • Ensure employees complete annual BCP Training.

4. Telecommunications Services and Technology Considerations

  • Implement telecommunication redundancy.

  • Evaluate contingency plans for telecommunication vendors.

  • Review multiple alternative staffing scenarios.

5. Vendor Relationships

  • Ensure adequate BCPs for clearance and settlement, banking and finance, trading support, fuel, telecommunications, electricity, etc.

6. Regulatory and Compliance Considerations

  • Define time-sensitive regulatory requirements.

  • Keep BCP current to meet changing industry demands.

7. Telecommunications/Transportation/Utility

  • Plan for widespread outages that could impact:

    • Telecommunications
    • Office
    • Public transportation
    • Utilities

These were just some of the highlights from the best practices guide. You can download the complete guide from the SEC/FINRA/CFTC here.

Every company is organized differently, and therefore, each organization’s BCP and DR plans will vary. These best practices, however, will serve as a guide for firms reevaluating or updating their plans. Be thoughtful in choosing strategies that will ensure your business can stay operational in the event of any type of disaster.

Download: Guide to BCP and DR Planning

<![CDATA[If I Were a Cloud, I'd Be...]]>, 10 Oct 2013 00:00:00 -0400 eci After reading (and enjoying) one too many “you know you’re [insert age/town/job] if you’re [insert something funny]” articles, we decided to have a little fun with our favorite technology topic – the cloud (surprise!).

So, here is how I envision life as a cloud.

I wouldn’t care what I consumed because scalability would be one of my greatest traits. You might even catch me yelling, “More, more, more…”

Scalable Cloud Image

I’d never have to waste time on sleep, not even in Brooklyn. I would be available 24x7x365.

No Sleep Til Brooklyn

Thunderstorms and lightning strikes wouldn’t bother me a bit. I’d say bring it on, I’m 100% resilient and built for high availability. No scaredy cats here!

Resilent private cloud

I’d be international, supporting people around the world, and there is a good chance I might even be internationally known.

Global Cloud

My standards would be high, my practices the best and my secrets would be locked up tight. There would be no getting past my security team.

And in case you are curious what flavor of cloud I would be, I’d be an Eze Private Cloud (of course)!

<![CDATA[What is Hypervisor-based Replication? (We know!)]]>, 08 Oct 2013 00:00:00 -0400 eci Are you like one of the millions of people pondering the answer to ‘what is hypervisor-based replication and how will it change my disaster recovery approach’? I know I was.

So, let me help you with that!

Our technology experts here at Eze Castle Integration spent some time in the lab testing and evaluating hypervisor-based replication and recently incorporated it into our Eze Disaster Recovery 2.0 offering. We think it delivers excellent benefits, but let’s start with the basics.

What is hypervisor-based replication?

TechTarget defines hypervisor-based replication as “a technology that automatically creates and maintains replicas of virtual hard disks or entire virtual machines (depending on the platform that is being used).” Analyst firm IDC goes on to say that this replication approach “protects virtual machines (VMs) at the virtual machine disk format file level rather than at the LUN or storage volume level, thus replication can be done without the management and TCO challenges associated with array-based replication.”

Here is a diagram of how it works in our Eze DR solution, which uses Zerto hypervisor-based replication technology.

Eze Disaster Recovery with Hypervisor Replication

How does it compare with other software-based replication?

Before answering that question let’s quickly review the other replication category segments. Following are IDC’s definitions:

  • Host replication software typically resides at the file system or logical volume level within the operating system and makes a point-in-time copy or snapshot of a data set to disk used for disaster recovery (DR), testing, application development, or reporting.

  • Fabric and appliance-based replication software makes use of intelligent switches and heterogeneous array products to provide block-level replication within the SAN. The intelligent switches have technologies that perform the volume management and replication process and eliminate the overhead on the host while providing any-to-any replication.

  • Array-based replication software makes a block-based point-in-time block copy or snapshot of storage to disk used for disaster recovery, testing, application development, reporting, and other uses.

Okay, but what’s the difference?

According to Zerto, “before virtualization, replication was managed at the storage layer, which made perfect sense because that’s where the information was…but in a virtual environment, the boxes aren’t (or aren’t all) physical, so putting a physical sensor on a virtual box isn’t going to help you protect its contents.”

Hypervisor-based replication moves replication up into the virtualization/hypervisor layer – above the resources abstraction layer. The benefits of this approach, according to Analyst George Crump, can include:

  • Being VM aware, which can simplify storage setup and minimize storage requirements at a DR site

  • Gaining a hardware-neutral solution

  • Reducing DR-related costs

  • Delivering flexiblity

Who are the players?

Well you’ve heard me mention one already – Zerto. Analyst firm IDC identifies Zerto as “the first to launch a hypervisor-based replication approach in June 2011. VMware followed suit in August 2011, with its vSphere SRM 5.0 data replication feature.” Given the potential of this technology we expect to see more firms targeting this space.

Disaster recovery planning for hedge funds


<![CDATA[Software Spotlight: Five Questions with Ledgex Director Brian Macallister]]>, 03 Oct 2013 00:00:00 -0400 eci We are happy to announce that our friends over at Ledgex have just launched their new website. In light of their recent achievement, I sat down with their Managing Director Brian Macallister to pick his brain on who Ledgex is and where he sees the company going in the future. Brian is the chief architect and product visionary of the Ledgex platform and is responsible for leading the company’s engineering, support and client service teams.Brian Macallister, Managing Director at Ledgex

Q: It has been a while since we covered Ledgex on Hedge IT. Four readers not familiar with Ledgex, can you give us your elevator pitch?

A: Ledgex provides a portfolio management system for managers who invest with multi-firms. It delivers key functionality that supports portfolio management, investor relations and manager research for firms that invest with other managers. Through a series of intensive processes we make our clients’ data repeatable to improve integrity, increase efficiency, and reduce error. We have produced a unique enterprise reporting platform and process management system tailor-made for the financial industry.

Q: Who are the primary users of Ledgex?

A: Our primary users are within the portfolio management teams of firms such as fund of funds, endowments and pensions. Ledgex has capabilities that are ideal for a variety of end users: liquidity management and portfolio modeling for portfolio managers, manager research, due diligence and document management for analysts, client communication and reporting for client service teams, and trade workflow for operations and back-office teams.

Q: What pain points does Ledgex solve? Historically, what have firms done to address these pain points?

A: Ledgex addresses numerous pain points across a firm’s portfolio management team. Firms historically were forced to work off of old data, but Ledgex has created a system that supports real-time information, greatly improving data integrity. Ledgex removes the need for data shadow systems and retains data accuracy by gaining increased transparency reporting on the investments fund of funds have exposure to.

With Ledgex, analysts can create a centralized repository for data management, enabling ease of access and sharing of information. Users can quickly generate reports and respond to client requests, as well as manage communications for all investor-facing activities. Ledgex also streamlines trade acitivty and balances by automating a previously manual workflow.

Historically all of these pain points were addressed individually, reducing efficiencies and accuracy and requiring a significant time commitment.

Q: What do the results and return on investment look like for a company that implements Ledgex?Ledgex

A: Companies will see accurate and transparent investment management with Ledgex. They will also see repeatable reports that match each investor’s specific preferences and allow firms to reallocate client service resources to be more productive and efficient, while improving the integrity of data. With Ledgex, you know what you own and where you want to invest – this is paramount in the fund of fund industry. Ledgex allows firms to replace existing systems that are proprietarily built, supported and maintained, which can translate into cost-savings.

Investors will see improved processes and highly efficient and accurate reports that reflect the quality of the fund of fund. Investors now want to see firms that are invested in new technology, ensuring their information is up-to date. The Ledgex system solves this. It easily removes duplicate entry and manual processes. Too often the same information is entered in multiple times in different systems by different groups. Ledgex solves this by delivering a centralized system that shares information across key portfolio management functional areas.

Q: What can our readers expect to see from Ledgex in the coming months?

A: We are continuing to add some exciting features and expand across the firm, from manager research and analytics to cash projects and estimated investor balances. We are also expanding our sales team as well as opening an office presence in New York City.

We are also very excited about launching our new website. It was an extensive process, and we are enthused to see it up and running.

Be sure to head over to to check out their brand new website!

<![CDATA[Diary of a Happy Cloud User: Cloud Survey Results Part 2]]>, 01 Oct 2013 00:00:00 -0400 eci Welcome back to Hedge IT! Now that you’ve read Part I of our Cloud Survey Findings recap, let’s take a look at some of the other results we found.

Cloud Users = Satisfied

One of the most interesting findings our 2013 survey revealed was the level of satisfaction investment firms have with their current cloud deployments. Over 90 percent of respondents indicated their clouds (whether public, private or hybrid) were meeting or exceeding expectations in each of the following areas:Satisfaction Levels of Current Cloud Users

  • Reducing IT costs

  • Improving users’ IT experience

  • Simplifying management of IT

  • Allowing firms to reallocate resources to more valuable activities

  • IT performance, scalability and resiliency

  • Providing a high return on investment

Private cloud users appear to be the most satisfied with their cloud services. When asked how their cloud services reduced their IT costs, nearly all (98%) private cloud users said their cloud model was effective in this regard. In contrast, only 83 percent of firms using the public cloud felt the same.

One benefit many firms see from the use of cloud services is the ability to reallocate internal resources to more valuable activities. For example, if outsourcing cloud services to a third-party provider, a firm’s internal IT department no longer needs to focus on the day-to-day management and maintenance of the cloud – thereby allowing those employees to focus on higher-value areas of the business such as meeting regulatory and compliance requirements and improving security practices across the firm. Eighty-nine percent (89%) of overall cloud users believe the cloud is currently meeting or exceeding their expectations in this area, but once again, there are some discrepancies between cloud types. While 39 percent of hybrid cloud users say their cloud type exceeds expectations in this area, only 22 percent of private cloud users feel the same.

Cloud Forecasting Looks PositiveReport: Cloud Usage in the Investment Industry

Given their overall happiness in the cloud, it shouldn’t come as a surprise that many hedge funds and investment firms we surveyed are planning to maintain the same cloud usage levels or increase them in the near future. For example, within the next year, 41 percent of firms expect their use of private cloud services to increase. Thirty-nine percent of firms expect to use the hybrid cloud more; only 28 percent will increase their use of public cloud services.

Many firms (37%) also reported their budgets for cloud projects had increased in 2013 compared to 2012. The majority (52%) indicated their budgets had remained the same year over year.

Benefits Gained from Cloud Usage

The cloud continues to entice hedge funds and investment firms of all types and asset classes, and based on our survey findings, most users are happy with their current technology deployments. The benefits firms gain from cloud services continue to impress. Our survey found that firms expect to realize the following outcomes from the cloud:

  • Improved data management ability (60%)

  • Improved ability to manage applications (55%)

  • Improved resource utilization (54%)

  • Improved disaster recovery/business continuity (52%)

  • Simplification of the infrastructure (51%)

  • Cost savings/lower total cost of ownership (48%)

  • Improved application service levels or IT responsiveness (47%)

  • Lower support costs (46%)

  • Improved scalability/flexibility (46%)

  • Increased agility in bringing in new business applications (45%)

To hear more about our 2013 Cloud Usage Survey Results, watch our 30-minute webcast. You can also download the full report of survey findings here.

Photo Credits: Eze Castle Integration

<![CDATA[Most Investment Firms Are In the Private Cloud. Is Your Firm?]]>, 26 Sep 2013 00:00:00 -0400 eci Earlier this week, we announced the findings of our 2013 market survey: Examining Cloud Usage within the Investment Management Industry. If you haven’t already, check out our infographic here.

If you’re not up for reading the full report yet, here’s Part I of our Cloud Survey Recap. Be sure to come back next Tuesday for Part II!2013 Cloud Deployment Models

As a follow up to our 2012 Cloud Adoption Trends Survey, we wanted to take a closer look at how and why hedge funds and investment firms are leveraging cloud services in today’s marketplace. Working again with IDG Research, we surveyed 101 investment firms across the U.S. about their current and planned cloud usage.

Firms covered a wide range of asset bases: 38 percent reported less than $100M; 20 percent fell between $100 and $499.99M; 19 percent between $500M and $999.99M; and 20 percent said they had more than $1B.

You might recall that last year, our survey found that 8 out of 10 investment firms were using or planning to use the cloud. In 2013, that number has increased, and we found that 87% of firms are currently leveraging cloud services for some or all of their business needs. More than 6 in 10 firms are using the cloud for basic business/office functionality including email, file services, and storage solutions. Other key uses of the cloud include financial application hosting and complete IT outsourcing. About a quarter of firms (24%) also said they were using the cloud in other ways, which may indicate increased usage of SaaS applications or cloud-based disaster recovery solutions.

The move to the private cloud continues to be the dominant journey for hedge funds and investment firms, as 74 percent of firms said they are currently using a private cloud solution either exclusively or as part of a hybrid deployment. When asked why they selected their particular deployment method (public, private or hybrid), those who went with the private cloud cited security as the primary factor. One firm said:Security: Cloud vs. On-Premise

“Security is the number one driving factor above everything else.”

Speaking of security, it appears firms have come a long way in feeling comfortable about their data and applications in a cloud environment. According to our survey results, investment firms overwhelmingly believe that private cloud deployments are more secure (60%) or just as secure (33%) as an on-premise technology infrastructure. Firms are less confident in the public cloud, however; 61 percent said it was less secure than an on-premise environment.
We also asked respondents to indicate the top business requirements driving their move to the cloud. Top results included:

  • Easy access to applications and simplified application management

  • Greater control and predictability of IT costs and budgeting

  • Reduced complexity and management of IT

  • Improved disaster recovery and business continuity

Interested in reading more about what your peers had to say? Download our full survey report here. And don’t forget to come back to Hedge IT on Tuesday for Part II of our findings recap!

Cloud Survey 2013

Photo Credits: Eze Castle Integration

<![CDATA[Cloud Survey Sneak Peek: 2013 Results (Infographic)]]>, 24 Sep 2013 00:00:00 -0400 eci Psssst.

Do you want the inside scoop on how and why your investment firm peers are using the cloud? We're in the know.

Check out our infographic below for a sneak peek at the results of our 2013 survey: Examining Cloud Usage within the Investment Management Industry. Next week, we'll share a more detailed recap of the findings. If, of course, you can't bear to wait until next week, you can download our full survey report here.

Enjoy peeking!

Survey: Cloud Usage in the Investment Industry

<![CDATA[Hedge Fund Case Studies: Why The Cloud Made Sense for Two Firms]]>, 17 Sep 2013 00:00:00 -0400 eci Last week, Mary Beth Hamilton and Steve Schoener hosted a webinar to discuss hedge funds moving to the cloud and the experience and benefits that they receive as a result. During this discussion, they highlighted two client case studies to provide examples of various scenarios that drive firms to use cloud services.

Case Study #1: OMS Says Hello to the Cloud

The first client we discussed was a growing hedge fund based out of Chicago with about 15 employees and $300 million in assets under management. The firms’ goal was to identify what areas of their technology systems needed improvement. After thorough evaluation, the firm decided they didn’t want to deal with the burden of controlling their own infrastructure and servers and needed the flexibility and resiliency to allow many employees to work remotely.

This fund ultimately decided to leverage the Eze Private Cloud because of its resilient and robust infrastructure, application hosting services, scalability and 24x7x365 support.

Here’s a brief synopsis of the conversation Mary Beth and Steve had about this case study:

MH: What is the migration process like when moving an order management system to the cloud? Will the user experience be the same?

SS: The migration to the cloud is not bad – very similar to updating or upgrading your system. There will always be a bit of a change for end users, but hopefully by putting in something new or upgrading, you’re adding more functionality. As for moving to the cloud, we are actually able to make it less risky than doing an upgrade to the office. For example, we are able to set up a new system, import the data, provide the application over Citrix, and confirm that everyone is on the same page. We can then pick a cut-over date for a data refresh.

MH: How is application performance effective when running out of the cloud as opposed to on-premise?

SS: It’s very much the same technology we are running in firm’s offices – a storage area network (SAN), Dell servers, VMware virtualization. A firms’ technology performs as well as the performance we give it, both in someone’s office and in the cloud. In the cloud, if requirements change, we have infinite capacity to add more performance behind the scenes, and it’s an OpEx cost, not a huge hardware refresh.

Case Study #2: Goodbye On-Prem, Hello Cloud

The second case study we featured is an established New York City investment firm with around $3 billion in assets and 30 employees. There were two primary reasons they opted to move to the cloud. First, it was time to refresh their network technology. Secondly, they were unhappy with their existing IT provider. The firm recognized the benefits that a move to the cloud could deliver, and Eze worked closely with them to design a cloud-based solution that would address all their infrastructure and application requirements.

MH: How did moving to the cloud impact this firm’s disaster recovery?

SS: Firms have been running DR in the cloud for a long time. What’s interesting is replicating an environment from a primary office to the cloud. When you look at running both production and DR out of cloud data centers, it oftentimes is only a minimal cost increase to solely running DR in the cloud. In our case, we control the hardware infrastructure 100 percent and the data center management, and firms are often surprised when it is only a 30 percent increase to add production services to the cloud on top of disaster recovery.

These two particular case studies demonstrate how moving to the cloud can provide a better and more flexible technology solution for hedge funds. With the cloud, firms can say goodbye to comm. rooms, physical hardware, extraneous costs and a higher chance of failover to DR. Click here for a full audio version of Mary Beth and Steve’s conversation.

To speak to an Eze Castle Integration cloud expert, contact us today.

Contact an Eze Castle representative today
Photo Credit: Istock

<![CDATA[Is Bigger Always Better? Advice for Hedge Funds Named David]]>, 12 Sep 2013 00:00:00 -0400 eci Like David bravely dueling with the larger Goliath, small and mid-sized investment firms are often faced with insurmountable odds when competing against larger (and better endowed) funds. With more experience and more assets, larger firms have the advantage when it comes to soliciting investor allocations. But do these inherent shortcomings equal certain failure? If David can emerge victorious, can’t smaller hedge funds?

Earlier this week, we gathered a panel of experts in San Francisco to discuss this topic at length. Following is a brief synopsis of the topics they covered.

In 2012, more than 90 percent of hedge fund allocations went to fund managers with over $1bn in assets. Interestingly enough, certain studies have shown that smaller funds actually provide better returns, despite their limited assets. An ICL study, for example, examined returns over a 16-year period (1994 to 2010) and found that excess return decreased as firm size grew (9.89% for firms with $10mm AUM or less; 5.45% for firms with greater than $1bn).David vs. Goliath

Despite performing well, smaller funds continue to require creative solutions to compete in the investment marketplace. Operational infrastructure is a critical component of any successful investment firm, and in many cases, can provide added value to small firms and help put them on par with larger funds. There are a variety of areas where small-to-mid-sized funds can look to leverage service providers and other creative outsourcing solutions to boost operations and appeal to investors.

Real Estate: Leasing commercial real estate space may not make the most sense for a firm with limited staff and budget. Firms should consider a hedge fund hotel or incubator space, whereby they may be able to leverage other services (e.g. administrative, technology, etc.). Avoiding real estate hotspots, so to speak, may also be worthwhile. For New Yorkers, a Chelsea or Tribeca office may reap greater benefits than a Midtown or Downtown location.

Technology: The reality is, smaller investment firms cannot afford to skimp on technology. Luckily, cloud services and other solutions can dramatically alter a fund’s budgeting, particularly when it comes to upfront capital expenditures. Investors are also keen to see firms leveraging third-party cloud solutions, rather than hosting their own IT equipment in-house and putting the firm’s critical data at risk for a disaster.

Accounting/Middle & Back Office Administration: Firms should carefully determine what types of middle and back office services they require and where they might be able to get creative. Can an outsourced administrator assist with accounting? These are often areas where outsourcing makes the most sense and firms can save on personnel costs while leveraging the expertise of third-party vendors. Compliance and human resources can also fall into this category.

Even with solid performance and operational infrastructure, it is still challenging for smaller investment firms to compete with their larger counterparts. A few possible advantages to remember for the Davids out there:

Smaller funds tend to deliver more alpha.

A smaller fund can access thinner markets than larger firms.

Many investors value a higher-touch service and more personal communications afforded by smaller firms.

Special thanks to our esteemed panelists for sharing their expertise this week in San Francisco!

  • Jason Gerlach, Managing Partner, Sunrise Capital Partners

  • Ted Bruenner, Portfolio Manager, Cypress Point Solutions

  • Joseph Doncheski, Chief Operating Officer, Kayak Investment Partners

  • Ed Tedeschi, Principal, Rothstein Kass

  • Mike Hartig, Director, Eze Castle Integration

Guide to cloud computing in hedge fund industry

Photo Credit: Deviant Art

<![CDATA[The Latest from Apple: 5C, 5S and iOS 7]]>, 10 Sep 2013 00:00:00 -0400 eci In traditional fashion, Apple conducted their latest smartphone release event today at their headquarters in California. This year’s hot topics were the company’s two new product models: iPhone 5C and iPhone 5S, as well as the new iOs7 software update. If you missed the announcement, here’s a quick recap:

Software Updates

  • iOs7 will be officially released on September 18. The new software has a beautiful, feature-rich design. One of the key feature changes is the restructuring of the camera roll. iOS7 now groups all of your photos into different moments (legible thumbnails), based on time period, similar to iPhoto. There are also additional photo effects that can be applied during or after shooting.

  • Siri has also vastly improved. Her new voice command capabilities allow for the search and pull of information directly from both Wikipedia and Twitter.

  • iOs7 will also feature iTunes radio (a competing service to those like Pandora and Spotify) a revamped notifications center and a variety of new sound effects. The new software update supposedly gives a totally new feel to the iPhone.

iPhone 5S

Set to be released on September 20, the 5S is an incremental update to the iPhone 5, similar to previous ‘S’ updates. It comes in three new colors: champagne, silver and graphite. It’s most impressive feature is a fingerprint sensor for increased security and convenience. The sensor is made from laser-cut sapphire crystal and is built into the home button, providing 360 degrees of readability. In addition to unlocking the home screen, the sensor can also authenticate App Store purchases, negating the annoyance of having to enter long and complicated passcodes on multiple occasions.

The 5S is powered by a new A7 chip. Phil Schiller, Apple’s Senior VP of Marketing, calls it the first 64-bit smartphone chip on the market. It is supposedly twice as fast as other processors withgraphics dramatically faster than those of its competitors. They also installed a M7 chip which acts as a motion co-processor, enabling a new line of health and fitness apps – a move that signifies the potential for an iWatch in the near future.

There is also an upgrade to the camera; megapixels were not clearly defined, but there is a new image censoring system and a dual-LED flash. This new high-end model will sell for $199 for the 16GB, $299 for 32GB, and $399 for 64GB (with a wireless contract).

iPhone 5C

The iPhone 5C is Apple’s new “beautifully plastic” phone. It is significantly cheaper in price -$99 (with a contract) for a 16GB model. Apple is trying to break into new economic brackets with this model, as well as appeal to emerging markets such as Brazil, Russia, India and China. The 5C comes in five different shades, including white, pink, blue, green, red and yellow. The iPhone 5C is very similar to the current iPhone 5, including dual-core CPU, 4-inch retina display and a 8-megapixel camera. An exciting upgrade: the battery life is projected to be better than the iPhone 5.

Today’s information release proved to be fairly standard and in tune with Apple’s steady progression. With Samsung making leaps and bounds in the past calendar year, Apple needs to deliver with these recent updates in order to stay in control of the market. The iPhone was revolutionary when it initially came out, but rival products continue to come out at better prices and with newer features. Apple needs to keep up with their creative regimen in order to stay on top of the innovation pile.

The pressure is on.

Photo Credit: Flickr & Wikipedia

<![CDATA[From the Comm. Room to the Cloud: Webinar Recap & Replay]]>, 05 Sep 2013 00:00:00 -0400 eci While it’s not the sexiest aspect of a hedge fund’s operations, a firm’s technology infrastructure is critical to its success. But a major consideration lies in choosing what type of infrastructure to use, and accordingly, where to host it.

Earlier today, we picked the brain of our Vice President of Client Technology, Steve Schoener, and asked him to share his expertise on the key drivers for firms migrating to the cloud. He also shared two examples of clients who’ve successfully transitioned to the cloud for various reasons. Below is a short recap of Steve’s presentation.

Would you rather watch the full replay? Scroll down or click here.

The Right Time to Think About the Cloud

We find that there are typically three points in time when it makes sense for an investment firm to think about moving to the cloud.

Office Relocation
If you’ve outgrown your office space or need to relocate for any reason, it may be a good time to evaluate your infrastructure. Firms can save money by eliminating the need to build out a new Comm. Room in a new office, as the price of real estate, power, cooling and other resources can be quite expensive to incur. Plus, think about how easy the moving process will be without having to worry about moving your complete infrastructure. There is inherently less work and less risk involved in moving to the cloud during this time of relocating offices.

Hardware Refresh
There comes a time when your firm’s hardware will reach the end of its lifecycle, and it will be time to make a significant investment in new technology. Similar to relocating offices, the idea of transitioning from in-house hardware to the cloud offers promising results and less upfront expenses. The migration process is mostly painless and similar to upgrading to new hardware on an on-premise solution.Inquiring Minds Want to Know

Adding a New Application
Your firm may also decide to reevaluate its infrastructure options when the time comes to add a new application to its suite. For example, adding an order management system, with the cloud, can take merely hours, and firms are no longer tasked with unpredictable costs as a result. In most cases, adding a new application to the cloud is non-disruptive and does not affect the user experience.

Inquiring Minds Want to Know

Here are Steve’s answers (paraphrased, of course) to some commonly asked questions we see from our clients about the cloud:

  • What are my peers doing? Nearly everyone is moving to the cloud; we’re seeing almost all new business clients choose a cloud solution, and many existing firms are migrating over as a result of many of the circumstances mentioned above.

  • What will investors think? While investors were previously skeptical of the cloud and asked endless questions during due diligence requests, nowadays investors are extremely comfortable with cloud solutions and are oftentimes asking firms why they AREN’T in the cloud. Not to mention, in a post-Sandy world, investors do not want to see firms with infrastructures located on-site.

  • What are the cost differences between the cloud and on-premise solutions? In many cases, the long term costs between the two solutions will not vary dramatically. The real savings from the cloud are realized upfront, as firms do not have to commit to capital expenditures of day one and, instead, utilize predictable, ongoing cost models.

  • What about security in the cloud? In my opinion, the cloud is more secure than many technology infrastructures managed in-house by investment firms. Eze Castle invests significantly in our cloud in an effort to make it the most secure environment for our clients.

Client Case Studies

We examined two client scenarios whereby firms made the move to the cloud for different reasons. Watch the replay below and listen to what Steve had to say about each of these circumstances and why it made sense for these clients to choose the cloud over an on-premise solution. (Jump to 17:32 for our first case study).

Contact an Eze Castle representative

Photo Credit: iStock

<![CDATA[National Preparedness Month: The Why, How & What]]>, 03 Sep 2013 00:00:00 -0400 eci Would you be ready if there were an emergency today? Would your employees know what to do? September is National Preparedness Month (NPM) which is sponsored by the Department of Homeland Security and FEMA’s The Ready Campaign in an effort to increase awareness for individuals, businesses, families and communities. NPM aims to encourage the public to make preparedness a part of their daily lives and stresses the importance of being ready for the unknown.

Why should you focus on being prepared?

By teaching your employees why to prepare, your firm will not only demonstrate its importance, but employees will also maintain this knowledge and expertise that will help keep the business operational. Preparation can mean the difference between a successful and failed recovery, both personally and professionally. Educating your employees on what they’ll need at home, where to go, who to contact, etc. will equip them with the right information they’ll require at the time of an incident. With the proper information readily available, employees can focus on helping resume business operations more quickly. Preparedness Month - September 2013

How do you prepare your employees?

Preparing your employees begins with training geared towards how to respond to an incident. Training is typically more helpful if conducted multiple times, various ways and with additional variables involved in the program. There are a number of ways you can begin preparing your employees. Following are some of the techniques we recommend:

  • Employee training exercises – A great starting point for any awareness program. This employee training should focus on where to go, who to contact and what to do at the time of an incident.

  • Tabletop exercises – Typically includes key members of the firm who are responsible for ensuring their employees are accounted for, safe and able to continue business operations. Tabletop exercises take these members through an imitation real-life scenario and focus on how to recover.

  • Posters – Typically high-level information posted throughout the firm’s high-traffic areas to increase awareness.

  • Checklists – These can be lists on crucial items to have on-hand, key contacts, local hotels, etc. These checklists are typically provided for employees to fill out and keep with them for a time of need.

  • Guides on Personal Preparation – This includes key information assisting employees on how to prepare, respond and recover on a personal level.

What should be included in your awareness program?

It’s important for your firm’s awareness program to first define who in the company will be the leaders of the incident response. These leaders will be the main points of contact Preparedness Month - September 2013for employees throughout the response process. Other key information to include in the firm’s awareness program is where employees will go and how they will access the firm’s network. Not only should employees have this information readily available to them, but the awareness program ought to also include high-level material such as the items below:

  • An assembled emergency kit – For the office and suggestions for employees’ homes

  • An emergency plan – For the firm, your employees’ families and/or homes

  • Staying informed – Identifying what information is available to the firm and the employees

  • Getting involved – Having employees test remotely, knowing what resources are available at the time of an incident, etc.

Through various training exercises over time, your employees will begin to understand the importance of being prepared for the unknown. Equipping your employees with the right information both personally and professionally will give them peace of mind that they’re ready and can handle anything that comes their way. Once they know what to do, where to go, and have the vital resources to assist in recovering, your employees will be able to return their focus to business operations easily and quickly.

Eze DR/BCP Guidebook for Hedge Funds

<![CDATA[What to Look for at the Hedge Funds World Asia Conference]]>, 29 Aug 2013 00:00:00 -0400 eci Next week, from Wednesday 4th – Thursday 5th September, Eze Castle Integration will be participating at Asia’s most established & strategic hedge fund gathering - the 2013 Hedge Funds World Asia Conference at the Harbour Grand Hotel in Hong Kong. Eze Castle’s representatives will be in attendance for both days to tech talk and answer any questions, so stop by our booth and say hello!

Hedge Funds World Asia is now running in its 16th year, bringing together Asia’s leading family offices, pension funds, sovereign wealth funds and private banks with the world’s leading hedge funds, fund of funds and asset managers for two days of discussion and debate designed to formulate solutions to the key challenges affecting the Asian alternative investment industry.

In preparation for the conference, I have reviewed the agenda and selected a few topics that will interest our readers.

Due diligence

The 2008/2009 financial crisis prompted stricter regulations on the financial services industry and significant changes in the way investors evaluate investment managers in an effort to increase transparency.

Operational due diligence has become a hot topic amongst the alternative investment industry. Investor’s due diligence requirements now focus heavily on increased transparency, robustness of infrastructure and quality of service providers. Most common questions you can expect to see in a due diligence questionnaire are around a service provider’s organisation, annual assessments and audits, and access control. Network and physical security policies, disaster recovery, and backup procedures are also critical areas of focus.


Hedge funds are more welcoming to the idea of outsourcing their technology needs to expand their offerings and enhance productivity in today’s climate.

There are many important factors for hedge fund managers to consider when evaluating a service provider. These range from the breath of solutions, depth & quality of staff, experience in development, project management experience, hosted/private cloud infrastructure options, disaster recovery policies & procedures, and vendor relationships.

Download our guide to technology outsourcing, which outlines:Eze Outsourcing Guidebook for Hedge Funds

  • Laying the foundation of an outsourcing plan

  • Cloud computing

  • Hosted IT environments and managed services

  • Colocation

  • Outsourcing FIX connectivity

  • Outsourced staffing options

  • Pricing models

Implications of recent global regulatory developments for the Asian fund manager

The rapidly evolving world of global regulations continues to present many challenges for the financial services industry, and Asia is not immune to global regulatory developments. Further regulatory changes to enhance investor protection may be inevitable, albeit with different priorities.

Check out some of our recent articles on global regulation:

And don't forget to stop by our booth at Hedge Funds World Asia for some tech talk and a chance to win an iPad mini!

To learn more about the conference, visit:

<![CDATA[The Good, Bad and Ugly of the Nasdaq Outage]]>, 27 Aug 2013 00:00:00 -0400 eci The three-hour outage on the Nasdaq last Thursday has us channeling Clint Eastwood as we look at the Good, the Bad and the Ugly of the outage. As a refresher, the Nasdaq exchange halted trading shortly past noon ET after it became aware of a problem disseminating price quotes.

With a few days to hone our 20/20 hindsight glasses, here is my take.

Nasdaq outageThe Good (We use the term “good” pretty loosely.)

  • The Nasdaq shutdown appeared to occur in an orderly manner and didn’t disrupt other parts of the stock market.
  • Timing was “good” as it happened during the summer on a relatively quiet day and certainly didn’t have the same impact as the Flash Crash of 2010, which also happened on a Thursday.
  • Technical issues were resolved in the first 30 minutes of the shutdown according to Nasdaq and the remaining time was used to coordinate with other key stakeholders (i.e. exchanges, regulators, etc) for an orderly re-opening 35 minutes before the market close.

The Bad (This category is pretty self-explanatory. Nobody likes downtime!)

  • Trading came to a halt for three hours and as a result about 3,200 Nasdaq-listed stocks were paralyzed.

  • The shutdown was sudden, unexpected and certainly made investors nervous.

  • Some Nasdaq officials are sourced as saying “their technicians should have been able to manage the problems and avoid the halt,” which isn’t exactly a vote of confidence that this won’t happen again. That said, exchanges as well as regulators are taking this very seriously.

The Ugly (What are the aftershocks from the outage?)

  • The heat is on. The Nasdaq outage places more pressure on the exchange and others to ensure something of this nature doesn’t happen again.

  • Some say if glitches continue it could “undermine confidence at a time when U.S. stock indexes are near records but many investors are anxious about asset prices.”

  • Finger-pointing between Nasdaq and NYSE has begun as the SEC asks both sides for a recount of events leading up to the shutdown. The role in the outage of NYSE's electronic stock market, Arca, is at the heart of the disagreement as the halt was proceded by connectivity problems between Arca and Nasdaq’s Securities Information Processor (SIP).

  • On September 12, SEC Chair Mary Jo White will meet with the heads of Nasdaq and NYSE to discuss the outage. Sources say part of the meeting will cover the resiliency of Nasdaq’s SIP, which is used to consolidate and distribute stock prices.

We'll certainly be tuning into the September 12 meeting. Will you?

Source: WSJ, Nasdaq in Fresh Market Failure

<![CDATA[Giving Back: Eze Castle Philanthropy Goes 'Back to School']]>, 22 Aug 2013 00:00:00 -0400 eci Every once in a while, it’s important for us to talk about issues bigger than technology. At Eze Castle Integration, we make a conscious effort to stay philanthropic and keep the larger community in our minds and hearts.

As you know, we are global sponsors of Help for Children (formerly Hedge Funds Care) and regularly participate in their fundraising efforts both in the United States and abroad. Our Managing Director of Service, Vinod Paul, even sits on HFC’s Global Board of Directors and is involved in planning and organizing efforts to raise money for children affected by child abuse.

Each February, we hold a ‘Like for Life’ campaign through our Facebook page, and for every new like we receive, we donate $1 to a charitable organization. In 2012, we supported The Alliance for a Healthier Generation, a foundation recognized by the 100 Women in Hedge Funds annual philanthropy conference in Boston.Back to School Backpack Drive

This summer, we are proud to say we’ve organized our 4th Annual Back to School Backpack Drive in our Boston office and are collecting school supplies to support School on Wheels of Massachusetts, a nonprofit dedicated to improving the lives of children living in homeless shelters.

This year, we’ve even extended our Backpack Drive efforts to other US offices and will be supporting the following organizations:

  • Stamford, CT: Southern New England Salvation Army

  • Chicago, IL: SOS Children’s Village IL

  • New York, NY: Volunteers of America

  • San Francisco, CA: United Way of the Bay Area

Beyond efforts organized directly by Eze Castle, we also encourage our employees to support their communities individually, and we are committed to matching gifts our employees make to charitable organizations. Whether it’s a backpack full of school supplies or a fundraising event sponsorship, here at Eze Castle we recognize the importance of community involvement and hope to spread that awareness and significance to other organizations and individuals.

A BIG thank you to our employees who participated in this year's Back to School Drive!

Photo Credit: Eze Castle Integration

<![CDATA[Living the PC Life: Intel Study Shows Consumer 'Digital Dependence' on PCs]]>, 15 Aug 2013 00:00:00 -0400 eci In contrast to frequent news articles declaring that the end is near for the PC market, a new study by IDC reports that consumers still rely on PCs most of the time.

The Intel-sponsored InfoBrief surveyed nearly 4,000 U.S. adults about their computing trends and purchases and found that 97 percent of them use a PC as their primary computing device. Yet conflicting reports show that PC sales are declining at rapid rates, and tablets, in particular, are eating up the market share. Lenovo reported this week that their tablet and smartphone sales outnumbered PC sales in the first fiscal quarter – a quarter in which all of the top five PC vendors saw a decline in shipments.

But Intel’s report maintains that PCs are necessary, particularly for consumers, and especially when it comes to maximizing productivity. Tablets and smartphones, it suggests, are not designed to enable users to be productive, which may explain why respondents indicated they spend 50 percent of their digital device time on a PC (compared to 31% on a smartphone and 20% on a tablet).

Intel Digital Dependence on PCs

From a business and enterprise perspective, the jury is still out on whether tablets or traditional PCs and notebooks are more effective. With the ‘bring your own device’ trend gaining steam, many expect tablets to maintain an edge. But don’t forget to carefully analyze your business’ needs when determining whether PCs or tablets are the right fit. Be sure to evaluate the following factors when comparing devices:

  • Short and long-term costs

  • Integration with applications and multiple operating systems

  • Storage capacity

  • Screen size and interface (keyboard vs. touch)

Where do you stand? Are you a PC believer or a tablet convert?

Photo Credit: Intel

<![CDATA[Welcome MixBit (and Eze Boston!): The newest video sharing app]]>, 08 Aug 2013 00:00:00 -0400 eci Every once and a while we like to deviate from our business technology and operations articles to look at a new technology that has applicability to consumers as well as businesses. Today we look at the newly released MixBit, which in all honesty, is more applicable to consumers at this point.

MixBit was created by the founders of YouTube and just released today for iOS. MixBit fills the void (if you can call it that) between Vine and Instagram Video. With Vine videos can only be 6-seconds and with Instagram they can be 15-seconds.

MixBit not only takes the bold step of increasing the size to 16-seconds but also makes blending multiple clips together easy so videos can be longer.

Aside from the 1 second advantage, MixBit is unique in its ability to let users remix video clips with others they find on the site.

To see what MixBit can do, I created this 16 second “tour” of our Boston office. Nothing fancy, but certainly user-friendly.

Will you be giving MixBit a test drive?

<![CDATA[Why a Disaster Recovery Activation is So Much More Than a “Test”]]>, 06 Aug 2013 00:00:00 -0400 eci As you know, we encourage our clients to regularly test their disaster recovery systems (at least twice a year!). But believe it or not, there is actually an even better preparation for a DR situation - a planned activation.

In recent years, Eze Castle has seen a large increase in requests for planned activations amoungst our hedge fund clients. Why? A few notable reasons include:

  • Compliance purposes

  • Investor due diligence requests

  • A desire for more comprehensive scenario-testing

“But isn’t a planned activation the same thing as a DR test?”

I thought you might ask that! Believe it or not, they are two very different scenarios. Here’s the basic difference:

  • Planned Activation: The DR site is actually active and in use, and replication back to the production site is required.

  • Test: The DR site is only being accessed and tested, and any changes made during the DR test are overwritten when replication is restarted.

Below are a few other distinctions between DR activations and DR tests.

Disaster Recovery: Activations vs. Tests

With a planned activation, your DR provider has the luxury of time to prepare for the failover and failback, as this is not an automatic process and does not occur with ‘the flip of a switch.’ In this case, the disaster recovery team has ample time to notify internal groups and third parties, identify any risks or key areas of focus, and secure necessary service resources.

While there are a lot of cogs in the DR wheel and parties involved in making sure your DR activation runs smoothly, here is a quick snapshot of what the activation process looks like on both ends:


  1. Production services are disabled, including Exchange, SQL, Citrix, file shares, etc.Disaster Recovery Cog

  2. Replication is stopped from production to DR.

  3. Applications are brought up in the DR site.

  4. Clients work out of the DR site until test activation is completed.


  1. Replication begins from DR to production.

  2. Access to the DR site is closed.

  3. All applications and services in DR are shut down.

  4. Replication is completed between DR and production.

  5. Service is restored in production and all applications are tested and verified.

  6. Upon confirmation of restoration, replication is restarted from production to DR.

Our Eze Disaster Recovery Team works diligently with our hedge fund clients to plan activations and tests to meet the individual needs of each firm. You can learn more about our Eze DR service here.

Finally, you may also enjoy the following reference articles on hedge fund disaster recovery:

Contact an Eze Castle representative

Photo Credits: Eze Castle Integration and Pixabay

<![CDATA[In Business Continuity Planning, Employee Communication is Vital]]>, 01 Aug 2013 00:00:00 -0400 eci Remember earlier this week when we said we’d be talking more about BCP communication? Well, you know we always keep our word!

A successful business recovery requires more than the ability to access critical systems and applications. It also requires effective communication. It is vital to communicate with your employees about the procedures of your business continuity plan before, during and after an incident. By doing so, you set the wheels in motion by creating the guidelines for the firm’s recovery.

Effective communication should include, but not be limited to:

1) Accounting for employees;

2) Setting workload expectations; and

3) Providing employees with recovery status updates.

Let’s take a deeper look into those strategies.

In a disaster, account for all employeesAccounting for Your Employees
At the first sign of any major disruption, accounting for your employees should be at the top of the to-do list. At the core of every product or function within a firm are the people. And ensuring those people stay safe should be one of your company’s main concerns. Ask yourself critical questions:

  • Who isn’t in the office today?

  • Do you have emergency contact information in case you can’t get in touch with someone?

  • Were there any employees near the affected area?

A designated member of the Incident Response Team (the firm’s leaders who oversee the incident) should work with Human Recourses to track down and reach out to every employee, ensuring their safety. If employees are in an affected area, determine whether the firm will offer assistance to those in need. Accounting for employees’ safety will illustrate to employees that the priority is not only resuming business operations, but also ensuring the safety of the firm’s staff. Once employees are safe and accounted for, workload expectations should be set.

Set employee expectations during a disasterSetting Workload Expectations
Have you ever been left in the dark wondering what was happening? Leaving your employees to wonder can cause confusion about their responsibilities and next steps and ultimately lead to downtime. By reaching out to employees at the beginning stages of an incident, you are able to demonstrate the firm’s awareness and set the workload expectations for the organization as a whole.

Here are some more critical questions to ask:

  • Will staff be allowed to work from home?

  • Is it safer to keep them in the office for the time being?

  • Will you be sending employees home in waves or all at once?

Setting these expectations at the first sign of disruption will demonstrate to your employees that someone within the firm is in control of the situation and that they needn’t worry. Once these expectations are set and business operations resume, the incident response leaders should focus on providing timely updates ensuring awareness of the firm’s recovery efforts.

updated employees during a disasterProviding Recovery Status Updates
By providing recovery status updates throughout the incident, employees will calmly be able to support the recovery efforts. Depending on the severity of the incident, it should be communicated to employees that these status updates will be provided in a well-timed manner.

For instance, during Hurricane Sandy some firms set the expectation that status updates would occur every few hours. These high-level updates should include a recap of the event, what the firm knows and what response leaders are proactively doing to recover. If there are multiple offices, employees traveling, etc. those updates should be included in how they are being affected by the incident. Once the incident has been resolved, the last recovery status communication should be an incident recap.

Provide answers to the following critical questions:

  • What happened?

  • What did the firm do?

  • How did the firm react?

  • What was successful?

It is extremely important to have a communications plan outlined prior to an incident occurring. Delegating who will communicate to employees and what will be communicated is a vital piece to any business continuity plan and any firm’s successful recovery. By communicating effectively, your firm demonstrates its proactive approach to not only your employees, but external business partners as well.

About the Author: Katharine Washburn is a Business Continuity Analyst at Eze Castle Integration and regularly works with our hedge fund and alternative investment firm clients on their business continuity planning. Learn more about our Eze BCP Services HERE.

disaster recovery articles for hedge funds]]>
<![CDATA[Three Critical Steps to Business Continuity Planning Success]]>, 30 Jul 2013 00:00:00 -0400 eci Successfully implementing your business continuity plan requires more than just ensuring your systems are operational and accessible. Success starts with your employees – those who maintain the expertise and knowledge to keep your business operational. Communicating appropriate BCP steps to your employees is essential in ensuring your business is not impacted by a disaster or disruption. But more about BCP communication on Thursday…

Following are three critical steps firms should take to find business continuity planning success:

1. Identify a specific evacuation site in the event of a disaster. Designate a safe location for employees to gather if your firm’s building is evacuated. Don’t forget to:

  • Make sure the site is ALWAYS accessible. For example, don’t choose a restaurant as your evacuation site if they don’t open until 11 a.m. or are closed on Mondays.

  • Communicate the evacuation site details to all employees, including those who work at client sites. Because not all employees will necessarily be in the office when a disaster occurs, anyone off-site or returning from a meeting should know where to report to.BCP Success

2. Designate a team of disaster leaders. Determine who will make the executive decisions when a disruption occurs. This team is often referred to as an Incident Response Team, Recovery Management Team or Business Recovery Team.

  • The goal of this team is to ensure that a group of employees in leadership roles are responsible for declaring the situation a disaster, overseeing the incident, and delegating tasks as necessary.

  • The leaders will also determine whether employees should be sent to another location to work (e.g. home, alternate office, etc.) or remain at the evacuation site in hopes that the office will reopen.

3. Provide remote office instructions for employees. If your employees can’t return to the office, but your business needs to remain operational (which, of course, it does!), then employees will either need to work from their homes or an alternate location. Managers should be clear about setting expectations for employees when they are working outside of the primary office location. Be sure to provide employees with the following critical information:

It is important to have a complete and well-detailed business continuity plan, but it’s even more essential to ensure all employees understand the plan and what their individual responsibilities and expectations are. The information we’ve outlined above can easily be printed on a wallet card or quick reference card (QRC) and distributed for employees to keep on them or at their homes.

Once it’s clear to employees what is expected of them, they will focus on ensuring their daily tasks are completed, and ultimately, this will lead to ensuring your business does not suffer additional disruptions at the hands of a disaster.

Be sure to return to Hedge IT on Thursday to learn more about the importance of communication in business continuity planning!

In the meantime, you can read up on more of our BCP resources, such as these:

Photo Credit: Seeking Alpha

<![CDATA[Oracle Warns IT Security Not Protecting the Right Assets: Hedge Funds Take Notice]]>, 23 Jul 2013 00:00:00 -0400 eci man thinking about securityIt has been said that cyber security is becoming what disaster recovery was 20 years ago -- the threat is real and increasing at a notable rate, and precautions must be taken. As a result, studies abound about the potential impact of security threats on a company.

Just last week, CSO Custom Solutions Group and Oracle raised the question of whether companies are protecting the right assets. Based on a survey of 110 companies, including financial services firms, CSO and Oracle found that most IT security resources in today's enterprises are allocated to protecting network assets, even though the majority of enterprises believe a database security breach would be the greatest risk to their business.

Following are specific survey findings pulled from the report that aim to make the case that firms should focus more on protecting core systems (i.e. apps, databases) versus the network layer:

  • Nearly 66 percent of respondents said they apply an inside-out security strategy, whereas 35 percent base their strategy on end-point protection.

  • However, spending does not align, as more than 67 percent of IT security resources -- including budget and staff time -- remain allocated to protecting the network layer, and less than 23 percent of resources were allocated to protecting core systems like servers, applications and databases.

  • 44 percent believed that databases were safe because they were installed deep inside the perimeter.

  • 90 percent reporte the same or higher, level of spend compared to 12 months prior. The survey shows that 59 percent of participants plan to increase security spending in the next year.

  • In 35 percent of organizations, security spend was influenced by sensational informational sources rather than real organizational risks.

  • 40 percent of respondents believed that implementing fragmented point solutions created gaps in their security, and 42 percent believe that they have more difficulty preventing new attacks than in the past.

The study highlights the need to take a thoughtful approach to IT security and understand the changing landscape. However, companies, especially smaller ones, need to be realistic about the amount of security they can handle/afford. Eze Castle Integration helps clients tackle this consideration on a daily basis and can be a great resource.

Here are some other helpful articles:

Hedge Fund  Security Guidebook

Source: Oracle
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

<![CDATA[Ok Glass, Let's See What You Can Do]]>, 18 Jul 2013 00:00:00 -0400 eci Mirror, mirror on the wall. Ok Glass, who is the fairest of them all?

Goggle GlassThis is how I envision the modern day queen in Snow White receiving her daily validation. Why? Because Google’s Glass, a wearable smartphone, has the potential to shift how we function and put us all on the path to talking to ourselves on a daily basis.

Google Glass is one example of how smartphone technology is ditching the confines of phones and moving into new form factors including glasses and watches.

Currently, about 8,000 “Explorers” are testing Glass and experiencing how beginning a sentence with “Ok Glass” can dramatically change how you receive information. Earlier this month, Google provided more details on Glass and promised wider availability in 2014. They also took steps towards squashing privacy concerns.

The Glass screen, when activated, looks “a lot like a 25 inch color TV floating about 8 feet in front of you,” and the glasses weigh about as much as a pair of sunglasses.

So what can Glass do?

Pretty much anything your smartphone can do but with the added benefit that it is hands-free and looks {insert your descriptor}. Here is a rundown of the features:

  • Google Glass MapSearch: Saying “Ok Glass” gets you the information you need whether it is trivia answers or language translation.

  • Navigation: No more taking your eyes off the road to check out your GPS. Glass projects the turn by turn directions right in front of your eye.

  • Gmail & Calendar: Glass makes checking “email quick and easy” (according to Google).

  • Phone & SMS: Ditch your Bluetooth ear piece for Glass and gain the benefit of speech-to-text transcription.

  • Photos, Videos & Video calls: This is where the privacy concerns really start because early versions of Glass do not have a dedicated indicator light to show when a video or photo is being taken.

Google aims to easy privacy concerns by explaining, the “device’s screen is illuminated whenever it’s in use, and that applies to taking a picture or recording a video.”Additionally, Glass requires a verbal command to operate, so listen for “Ok Glass, take a picture” or “Ok Glass, record a video.”

Here’s a video on how life feels through Glass

Sources: Google
<![CDATA[As BlackBerry Woes Continue, We Wonder ‘What’s Next?’]]>, 16 Jul 2013 00:00:00 -0400 eci This week, Research in Motion officially became known as BlackBerry Ltd. But will the name change really change anything for this struggling company? It’s hard to say.

BlackBerry’s woes have multiplied of late, with personnel changes, price cuts and stakeholder dissatisfaction making headlines. Just this month, two long-time board members announced they will be stepping down, while CEO Thorsten Heins continues to ask shareholders for patience as the company tries to reinvent itself and compete with its successful rivals.BlackBerry Z10

On the smartphone market front, BlackBerry’s struggles continue. According to Gartner, BlackBerry's market share has dwindled from over 50 percent in 2009 to less than 3 percent. BlackBerry’s newest device, the Z10, has already lost its luster. US smartphone carriers including AT&T and Verizon have slashed prices from $199 to just $99, less than four months after the phone’s initial release. Retailers like Amazon and Best Buy are doing one better, and selling the phones for as low as $49 under contract.

To make matters worse, speculation is that BlackBerry is also planning to cut more jobs, signaling to many that the company is a long way from rebounding. There is positive news, however. Believe it or not, BlackBerry revenue was up 15 percent in the first quarter of fiscal 2014 compared to the previous quarter.

The company also recently announced it sold 18,000 iterations of its BlackBerry Enterprise Service (BES) 10 since its launch at the beginning of the year. More than 60 percent of US Fortune 500 companies have deployed BES 10 or are currently testing it, demonstrating the company has yet to relinquish its hold on the enterprise market. As you'll recall, the Z10 must be managed by the BES 10.

So, what’s next?

Only time will tell what the cards hold for BlackBerry and whether the organization will be able to bounce back and play a competitive role in the enterprise and consumer smartphone markets. Stay tuned!

To read more about mobile devices on Hedge IT, check out these posts:

Photo Credit: Flickr]]>
<![CDATA[Prohibition Era Ends, Hedge Fund Advertising To Resume]]>, 11 Jul 2013 00:00:00 -0400 eci In a move likely to redefine the financial industry, the SEC voted this week to rescind an 80-year-old ruling prohibiting hedge funds from public advertising. The ruling comes as the result of the Jumpstart Our Business Startups Act (JOBS Act), which is intended to make it easier for small businesses to raise capital.

The Securities Act of 1933 was originally implemented following the stock market crash in 1929 as a means to regulate and control securities sold, requiring that funds register with the SEC unless they met an exemption.Hedge Fund Advertising

Under the new rule, hedge funds, private equity funds and other investment firms will have the opportunity to publicly solicit capital via a variety of commercial advertising outlets, including websites, print ads, and social media. Hedge funds have historically been quiet on such mediums, largely due to fear of noncompliance with regulations.

Many, however, do not expect advertising fever to catch on too quickly. According to Forbes, “it’s more likely hedge funds will start slow. Some may start thinking about a real marketing strategy for the first time. Others might find the new rule as an opportunity to provide some more detail on their website, or speak in public about their funds.”

More Details:

  • Hedge funds and other firms will be required to notify the SEC 15 days prior to a public offering

  • Companies who fail to notify the SEC in advance of advertising will be barred from making public offerings for one year

  • Investments in the offerings remain restricted; Only “accredited investors” with a net worth of at least $1 million may invest

  • The ban will be officially lifted 60 days after the ruling is published in the Federal Register

The SEC also voted to propose a “package of investor protections” in hopes of better policing the private offerings that will ensue.

Looking for more information on hedge fund marketing? Check out our Hedge Fund Marketing Knowledge Center and learn how to stand out from the crowd!

Photo Credit: CNN Money

<![CDATA[Happy Independence Day from Eze Castle!]]>, 03 Jul 2013 00:00:00 -0400 eci We hope all of our readers, clients, partners and friends have a great Fourth of July holiday! We'll see you back here on the Hedge IT on Tuesday, July 9th for more tech talk!

happy fourth of july from eze castle integration

Photo Credit: Istock

<![CDATA[Snapchat "Disappearing" Messages: What it is & why you should care]]>, 02 Jul 2013 00:00:00 -0400 eci You may have heard of it – the newest social media app that’s sweeping the 18-25 year old demographic – Snapchat. But what is it, and how could the technology behind it affect the business world?

What is Snapchat?

Snapchat is a photo messaging application in which users can take photos or record short videos on their smartphones, then add text or drawing and send them to select contacts. When sending the content, users have the ability to set a time limit for how long the recipients can view it (up to 10 seconds), after which the photo or video will disappear from the recipient's device.

Here’s a recent Snapchat ad that depicts how the app is used:

How could it affect businesses?

While the app itself is primarily intended for use in the social sphere, the technology that powers Snapchat has caught the attention of some developers in the business world. Companies that regularly send and receive emails with highly sensitive or proprietary information are interested in having the ability to make those messages disappear after they’ve been read.

The idea is that email content would never actually reach the recipient’s internal server. The sender enters the content into an email, then the recipient gets a separate email containing a link to access the content entered by the sender. After a pre-determined period of time (typically chosen by the sender), the link will no longer work.

But, as with any new technology, there are certain benefits and pitfalls to be cognizant of before employing these tools in the workplace.

The Prossnapchat logo
According to a recent Wall Street Journal report, proponents of this technology believe that vanishing emails could be very useful in an era when forwarding, printing or sharing sensitive emails with unauthorized third parties is as easy as one click of a mouse or tap on a touch screen. It can also help reduce the risk of a cybersecurity breach. Email, as with other forms of online communication, has a high degree of permanence. An organization could face a public relations nightmare if years of stored emails are compromised. In theory, this technology could help prevent that scenario.

The Cons
In May, 2013, a Forbes investigation into Snapchat showed that the photos and videos don’t actually disappear from the receiver’s device. In fact, with just basic IT skills, they found the content can be retrieved long after its time limit expires. The Electronic Privacy Information Center has also filed a complaint with the FTC stating that Snapchat has been deceiving users by leading them to believe that their images are destroyed within seconds of being viewed. In a business setting, this flaw could result in sensitive information becoming easily accessible to even the most minimally-skilled hackers, which could make the firm susceptible to a major security breach.

In the financial services space, email archiving and retention are among companies’ top compliance concerns. Disappearing emails could pose a challenge in this area. So far, no direct legislation has been put in place to regulate the types of content that must be retained versus those that can be used in vanishing emails, so this is a bit of a gray area for the time being.

As developers continue to enhance this technology and regulators begin to formulate guidelines for using it in a business environment, disppearing content will likely become a hot discussion topic. Keep an eye out for more developments, and be sure to consider all of the pros and cons before deploying this technology for personal or professional use.

Hedge Fund Security Guidebook

Photo Credit: Shuttershock

<![CDATA[...And Many More: Happy 18th Birthday, Eze Castle!]]>, 27 Jun 2013 00:00:00 -0400 eci This month, Eze Castle turns 18! The company, founded in 1995 by childhood neighbors John Cahaly and Sean McLaughlin, has grown into a global technology operation with offices in the United States, Europe, and Asia. In honor of the Castle’s (that's our little nickname for ourselves) 18th birthday, let’s take a look at 18 fun facts highlighting not only our successes on a company level, but those of the wonderful employees who make it all possible.

Happy Birthday Eze!

<![CDATA[IT Ownership & Data Protection: A Security Roadmap]]>, 20 Jun 2013 00:00:00 -0400 eci Earlier this week, our friends at Varonis Systems joined us for a webinar to talk about information technology ownership and hedge fund data protection. IT threats as a result of external hackers or internal security breaches are on the rise, and therefore firms are encouraged to protect and audit file data in order to answer two simple questions:

Who has access to my data?
Who has accessed my data?

Let’s take a closer look at how Varonis helps investment firms accomplish this.

Context is king

Firms can hasten data protection by achieving a greater amount of context awareness. Some contextual questions to ask are:

  • Who owns the data?

  • Who uses the data?

  • Who should have access?

  • Who should not have access?

  • Who granted access?

  • Who moved my data?

Firms have complex ecosystems in which there are many different people who will interact with data (business users, IT and data owners), formats through which data will be presented (PDFs, media, video), and IT infrastructures to manage data (Exchange, Windows, SharePoint). Answering the above questions is necessary for a firm to understand how it can efficiently protect its valuable and sensitive data. Companies should optimize metadata functionalities to answer these questions and protect data through accessibility, collaboration, self-service, analytics and modeling, retention and storage, metadata collection, access monitoring, and content classification.

Protecting data in the real world

In order to protect sensitive information, firms should employ a metadata framework that has the ability to expand when necessary. This framework, which must not interrupt daily office activities, should be used to gather and evaluate metadata, systemize workflows to be efficient, and auto-generate reports. There should also be a clear and dependable operational plan in place to guarantee that data is always assigned to a unique owner.

How does Varonis leverage metadata to raise context awareness?

Varonis uses metadata to identify risks, and in turn prevent the occurrence of data leaks. There are four types of metadata to be collected in a non-intrusive way:

  1. File system and permissions information – Allows the company to understand who has access to which data

  2. User and group information – Permits the company to understand the groups and users that have access to certain data

  3. Access activity – Tells a company who is interacting with/accessing its data, and what they are doing with it

  4. Sensitive content indicators – Helps a company to identify where its sensitive data is, where it is overexposed, and how it can be protected

All of the above can be used to gather actionable data governance information that can assist data owners in the generation of automatic entitlement reviews and allow them to play a role in the authorization of workflows.

The following five-step process is used by Varonis to reduce the risk of data leaks:

Risk Reduction Operational Plan

We recommend our clients use Varonis to protect and audit their data as a means to thwart impending security attacks (whether internal or external). Varonis bases their model on these three pillars:

  • Governance – Firms must monitor employee data access to constantly guarantee that the correct people have access to the right data. This will allow for these firms to clearly see when data privileges are being exploited.

  • Access/collaboration – Firms should use shared drives on existing servers to allow for file synchronization and management, mobile access, and a way to securely share information with a third party.

  • Retention – Firms must use information technology to optimize data disposition, archiving, and migration processes, utilizing metadata.

To learn more about Varonis Systems, visit

Varonis Logo

<![CDATA[A Step-By-Step Guide to Dealing with a Security Breach]]>, 18 Jun 2013 00:00:00 -0400 eci If your firm hasn’t had to cope with the aftermath of a security breach, you’re probably one of the lucky ones. According to an analysis conducted by Ponemon Institute and Symantec in 2013, human errors and system glitches caused nearly two-thirds of data breaches globally in 2012.

With the threat of security incidents at all all-time high, we want to ensure our clients and partners have a system in place to cope with any threats that may arise. Here is a step-by-step guide to follow in the event your firm suffers from a security breach.Panic Button

1. Establish an Incident Response Team.

Choose a select group of individuals to comprise your Incident Response Team (IRT). Assign each member a predefined role and set of responsibilities, which may in some cases, take precedence over normal duties. The IRT can be comprised of a variety of departments including Information Technology, Compliance and Human Resources.

2. Identify the type and extent of incident.

Before your IRT can alleviate any incidents, it must clearly assess the damage to determine the appropriate response. For example, if the incident is a computer virus that can be quickly and efficiently detected and removed (and no internal or external parties will be affected), the proper response may be to document the incident and keep it on file. This task could effectively be handled by the IT department.

If however, an incident occurs that affects multiple clients/investors/etc., the incident should be escalated to the IRT.

3. Escalate incidents as necessary.

Certain departments may be notified of select incidents, including the IT team and/or the client service team. These parties should use their discretion in escalating incidents to the IRT. Any event suspected as a result of sabotage or a targeted attack should be immediately escalated.

4. Notify affected parties and outside organizations.

One member of the IRT should be responsible for managing communication to affected parties. Depending on the severity of the incident, the IRT member will act as the liaison between the organization and law enforcement.

5. Gather evidence.

When appropriate and necessary, the IRT is responsible for identifying and gathering both physical and electronic evidence as part of the investigation.

6. Mitigate risk and exposure.

A technical member of the IRT should be responsible for monitoring the situation and ensuring any effects or damage created as a result of the incident are appropriately repaired and measures are taken to minimize future occurrences. The IRT will also need to define any necessary penalties as a result of the incident.

Here are a few more resources on hedge fund security you may find helpful:

Hedge Fund Security eBook

Source: 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute & Symantec

Photo Credit: Flickr

<![CDATA[The New CIO: From IT Manager to IT Innovator]]>, 13 Jun 2013 00:00:00 -0400 eci For years, the role of the chief information officer (CIO) has been to acquire and maintain cost-effective IT services for the organization. Technology was viewed as a basic necessity, so managing costs and ensuring systems were running smoothly were the primary areas of focus for corporate IT leaders.

Today, technology is much more than a commodity. In fact, for many investment management firms, it has evolved into a source of competitive advantage. This change, combined with stagnant IT budgets, has caused the role of the CIO to move away from basic IT management to become more of a forward-thinking innovator for the organization. Here are a few strategies to help ease this transition.

IT outsourcingRather than looking at your IT budget first, start with your employees.
How is your staff using technology to perform their jobs? Are there changes that could be made to help them become more efficient? If you have employees who travel frequently or telecommute, consider how they’re accessing critical systems and applications. If many members of your staff are working remotely or using smartphones, tablets or laptops on a regular basis, what changes can be made to make their experiences more seamless?

Think like a CMO.
A recent Gartner study found that CIOs are highly focused on efficiency and processes, while chief marketing officers (CMOs) are more concentrated on delivering strategic value and developing long-term relationships. Try examining your firm’s needs from the marketer’s perspective. How are your clients using technology to interact with the firm? What information are they seeking when doing so? Could these experiences be enhanced in any way to foster a stronger relationship? Also, consider speaking directly with your Sales and Marketing personnel to gain a better understanding of how they're seeing clients interface with the company and where IT can get involved to ensure smoother interactions.

Take a close look at new tools and trends.
For many investment firms, cloud-based infrastructures are proving highly beneficial, especially in helping to increase operational efficiency without major capital outlays. Another new trend to keep a close eye on is BYOD (Bring Your Own Device). Enabling employees to utilize their personal mobile devices and tablets for business purposes can result in cost savings and greater computing flexibility for the organization.

Consider outsourcing options.
You IT staff is likely over-worked, and increasing headcount is an expensive solution. To supplement your existing team, it may make sense to outsource some aspects of the IT and operational aspects of the firm. Outsourcing options abound, so you can offload as little or as much are you’re comfortable with. Hosted IT services are a major area where we’re seeing firms outsource, but there are many others as well, including:

  • Help desk support

  • Staffing

  • Application hosting

  • Colocation

  • FIX connectivity

  • Disaster recovery

  • Project management Photo Credit: Istock

For more information, be sure to check out our article on “Examining the Changing Role of the CTO,” or contact an Eze Castle Integration representative.

contact an eze castle integration representative

Photo Credit: Istock

<![CDATA[What Not to Do When It Comes to Your IT]]>, 06 Jun 2013 00:00:00 -0400 eci We spend a lot of time here on Hedge IT making suggestions about what hedge funds and investment firms should do when it comes to their technology. But today, we’re not going to tell you what you should do. In fact, these are things we definitely DON’T want you to do!

Plan your infrastructure only for the short-term.

A crucial mistake often made by funds is not planning for the future. Even at launch, you should be thinking about what your firm will look like and what technology you will require down the road. Planning out two to three years in advance is recommended in order to reap the most benefits when it comes to your infrastructure. Plus, if you don’t plan ahead, you may wind up incurring more costs if technology decisions need to be made unexpectedly.Stop

Ignore the importance of a business continuity plan.

It has become commonplace for hedge funds to employ disaster recovery strategies to protect mission-critical data and applications (due to a number of reasons including investor expectations, new regulations and the effect of unexpected natural disasters, e.g. Hurricane Sandy). But firms often overlook the equally important business continuity plan, which provides guidelines for what employees need to do in the event of a disaster. Yes, focusing on your infrastructure is essential to keeping your business afloat, but that business also cannot survive without its employees. Don’t forget to test that BCP plan once you’ve developed it – a good plan will only work if people know how to follow it.

Skimp on security.

This one is a no-brainer, right? There are times when firms think it’s okay to cut back on security, or they easily dismiss the idea that a firm could ever become the victim of a cyber-attack. Hackers have become more advanced over the past few years, and financial services firms are at the top of their list for targets. It’s worth investing in premium network security to ensure your firm does not become a victim, whether it’s at the hands of a professional hacker or a simple computer virus.

Fail to comply with industry regulations.

Regardless of whose jurisdiction your firm falls under, it’s essential you take the appropriate steps to ensure you’re meeting all necessary regulatory directives. Whether its system safeguards enacted through the Dodd-Frank Act or increased transparency requirements as a result of AIFMD, you can bet there’s some type of legislative requirement your firm is responsible for meeting. Can regulatory bodies like the SEC keep tabs on all hedge fund firms? Maybe not. But if the day comes when you receive an audit notice, you don’t want to be the firm who’s noncompliant.

Be opposed to change.

Just like the investment industry, technology is constantly evolving. Just a few years ago, firms were building out large Comm. Rooms to store massive servers and other equipment. That practice is fading today as firms rely on the cloud to meet their technology needs without unnecessary hardware purchases. Remember that just because you’ve always done something one way, it doesn’t mean it’s the only way. Learn to adapt with the changing industry and be open to trying new things. Who would have guessed just a few short years ago that we’d all be plugging into the cloud to do our day-to-day tasks?

Contact an Eze Castle representative

Photo credit: Flickr

<![CDATA[Data Protection Changes Coming to EU Firms]]>, 04 Jun 2013 00:00:00 -0400 eci Big changes are coming in the form of European Union data protection mandates. In January 2012, the European Commission announced a proposal to reform the current European Union's data protection framework, currently known as the 1995 EU Data Protection Directive, to better protect the personal data of EU citizens and update the current legislation to fit in with the 21st century requirements and rapid evolution of technology (including the prevalence of social networking and smartphones).

The EU proposal will give individuals more control over their data while also serving to promote the importance of data protection in a globalised world. The European Commission expects the rules will go into effect two years after they have been adopted by the member countries - officially around 2014 or 2015.

While some of the current proposals will undoubtedly be amended over the course of this lengthy process, let’s look at some of the practical steps companies should be considering now.

Move towards compliance

One of the main recommendations of the proposed regulation would ensure that companies have only one regulatory authority that supervises their activities across all EU member states. Businesses with multiple offices across several European countries should therefore consider which regulatory authority would be its supervisor.

Right to be forgotten

The new directive will enforce a right to be forgotten, which will allow people to request firms to delete their data permanently. Companies faced with a request for deletion of data will have the responsibility to pass that request on to companies that have copies of that data.

This rule will certainly affect Internet platforms, which tend to never forget. For example, even if data is taken down from a social networking site, such as Facebook or Twitter, it is not completely gone and will remain within the Internet cache.

Don't delay, get ready

Given the timeframe, many firms may feel they have plenty of time to get ready for the new data protection framework in Europe, but that is not the case. The clock is ticking.

While there may be a lot of work that still needs to be done before the proposals are finalised, firms should not wait to start preparations. It is important that firms get their privacy policies, procedures and documentation in order and keep them up to date.

Best Practices to Start Employing Now Checklist

  • Appoint a data protection officer to act as the focal point for all data protection activities.
  • Take a closer look at your privacy policies. In some cases, they will likely need to be re-written (new guidance states they must be written in plain English).
  • Refresh your information asset register so it clearly identifies what data is held, where, how and why.
  • Write and employ processes and procedures to handle data subject and data deletion requests.
  • Review your technical and procedural controls around your data. A serious breach could cost your firm up to 2% of its global turnover.

<![CDATA[Psst. Are you in the know about SSD (aka Solid State Disk)?]]>, 30 May 2013 00:00:00 -0400 eci To quote PC World, “A high-end SSD is the pinnacle of computer storage today. Ditching your hard drive for one of the latest SSD models is like dumping your go-kart and hopping into a Formula One car.”

But what is SSD?

SSDSSD is a storage device that stores persistent data on solid-state flash memory, using integrated circuit assemblies as memory. SSD has no moving parts, which is one of many distinctions between SSD and traditional hard drives that have spinning disks.

SSD offers huge performance gains over other commonly used storage drives including SAS (serial attached SCSI) drives. For perspective, the typical enterprise spinning disk is a 15K SAS drive, which offers approximately 200 IOPS. Mainstream enterprise SSD on the other hand can offer 10,000-100,000 IOPS.

Why should I care?

Investment management firms are presented with an increasing amount of data, much of which holds the potential to uncover new investment opportunities. For some strategies (think high frequency trading and algo), the speed at which the data is processed is linked to the size of competitive gain.

This is where SSD comes in. The huge performance gains delivered by SSD have the ability to speed up large database applications and online transaction processing, which can be hugely impactful. Big-data analytics is another example of where SSD is appropriately suited.

Compliments of Wikipedia, here are some other advantages SSD provides:

SSD Comparison Chart

Is SSD Panacea?

SSD delivers numerous performance advances as outlined above, however, there is a price (literally) associated with these gains. The typical enterprise spinning disk is a 15K SAS drive, which costs about $0.50 per gig and offers approximately 200 IOPS each. Enterprise SSDs vary in cost and performance, but $3.00-5.00 per gig, and 10,000-100,000 IOPS covers most of the mainstream drives.

As the price comes down, you can expect to see SSD more widely deployed.

Source: Jon Jacobi. (May 13, 2013). The proper care and feeding for SSD storage. PC World

<![CDATA[Managing Your Applications in the Cloud: Webinar Recap & Replay]]>, 23 May 2013 00:00:00 -0400 eci We hosted a webinar earlier this week, App Hosting 101: Managing Your Essential Applications in the Cloud, in which Steve Schoener, Eze Castle Integration’s Vice President of Client Technology, and Martin Sreba, Senior Director at Advent Software, discussed topics such as industry trends in application hosting, key drivers of application solutions, common myths about the cloud, and the right time to put an application into effect. Continue reading for an overview of the webinar.

Industry Update: What’s Going On?

Increasing demands from hedge funds’ current and target investors are driving a variety of trends. Due diligence requirements are more advanced, as investors expect to see candid looks into a fund’s systems, disaster recovery capabilities and more. The increasing complexity of investments is also driving the need for more complex systems to handle these instruments.

Firms are starting smaller in today’s environment, with many starting with under $100mm in assets under management. Startup funds are looking for technology solutions to complement their size and give them the tools to efficiently run their businesses.

The Key Driver for Application Solutions? Managing Risk.

When it comes to implementing applications, there are many considerations to think about, some of which include addressing investor due diligence concerns, addressing regulatory requirements, and supporting client service demands. The most importance goal for many firms, however, is mitigating risk. There are three types of risk to manage:

  1. Operational. A firm without a system already in place has most likely used Excel. It is important to transfer spreadsheets into an application because these systems are made to support the direct investment decision process, and therefore all data must be correct. Cloud Computing

  2. Counterparty. Firms need to be able to connect with a multitude of third parties, including fund administrators and prime brokers. Clients now want to be more operative, and therefore use multi-prime environments in which counter-parties have different specializations utilized by the firm. Many more firms now foster these counter-party relationships, and therefore need a system to bring everything together into one holistic setting.

  3. Investment. Investment decision makers want to see accurate information. A research management system, for example, would allow a firm to track and save their investment research and choices for a possible audit.

Deploying Your Application: Top Considerations

When deploying an application, a firm must consider not only the up-front, short-term costs of supporting the application, but also the long-term costs. The firm must be sure that the overhead expense of the application is not too much of a burden on the business.

An application that is being deployed must be scalable. A firm may want to start with an application on a smaller scale, whose base can grow as the company does. The firm should be sure that the application being used will not force an arrangement that will limit its ability to scale up in the future.

Infrastructure Options: On-premise vs. Cloud

Deciding where to host your application is a major consideration. Many firms today are opting to host their apps in the cloud, an option that provides for more flexibility and cost-effectiveness. Beyond the on-premise vs. cloud debate is the decision about whether to utilize a public or private cloud.

Security continues to be the biggest concern in regards to the public cloud. Investors want to make sure that their data is as secure as possible because it is a fundamental part of the fund’s core. Access into private clouds is much more controlled, and there are fewer questions about the encryption of data at rest and the ability to access that data. A public cloud provider will make sure that its physical infrastructure is up and running, but will not necessarily be concerned about whether or not their clients’ applications are functional. Therefore, working with a smaller, niche provider may be better for many firms.

The Right Time to Implement an Application

Many more start-up funds are now bringing applications in on day one because they do not want to deal with the conversion and transfer of the data at a later date, and the cost is much more affordable from the get-go. However the firm philosophy also plays a part in the timing of an application’s implementation particularly depending on whether the firm is relying on outsourced application services or hosting their applications in-house. Budget may also play a large role here.

Application Provider Must-Haves

  1. People. The application and/or hosting provider must have a structure that allows for them to be available when needed (whether through a help desk, etc.), and must be able to comfortably adapt to changes in its clients’ businesses.

  2. Scalability. The provider must be able to be there for the long run, providing a system that handles the company’s growth without having to reinstall a new system and convert the data.

  3. Strong Ecosystem Support. Firms can turn to the experts and create trusted partnerships with counterparties and consultants who have worked with similar client types (which will allow for them to understand the products being provided).

  4. Ease of Use. This is not as important as the above three because most systems have the same functionality. A firm must survey the big picture when it comes to choosing a provider.

When it comes to evaluating which application vendor is right for your business, here are five key questions to ask:

  • Does your software work in hosted environment?

  • How is the application deployed? (e.g. via the Internet, Citrix, etc.)

  • Are there any limitations?

  • Do you have recommended hosting partners?

  • Will there be any changes to my Service Level Agreement?

If you would like to speak to an Eze Castle representative about application hosting at your firm, please contact us today!

Contact an Eze Castle representative
Photo Credit: Shuttershock
<![CDATA[A How-To on Appraising the Strengths and Weakness of a Hedge Fund Application]]>, 21 May 2013 00:00:00 -0400 eci We were recently asked by a COOConnect member about the best sources for information about the strengths/weaknesses of the various hedge fund applications including front, middle and back office. Since we know many folks have this same question, today I am going to expand on the original answer given by our expert, Mark Coriaty.

Now the way a hedge fund uses an application will vary based on its investment strategy, and therefore the perceived strengths and weaknesses may vary as well. However, there are multiple ways to establish a baseline of strengths and weaknesses.

Service Provider Reports: Balancing Bias with Value

First up are free reports from hedge fund service providers such as Eze Castle Integration. Each year we publish a benchmark study that outlines top applications used in select front, middle and back office categories by hedge funds. This report will provide a baseline of the top three application vendors used in each category, but doesn’t dive into specific feature sets. The report can be downloaded HERE.

Vendor reports can be helpful in getting an initial understanding of the most frequently used applications and top features used by firms. You should always consider the source, as some vendor reports or whitepapers will be biased.

Industry Analyst Reports: Balancing Cost with Real Life

Next up are analyst groups, such as Aite Group, Celent and CEB TowerGroup, who regularly publish reports looking at hedge fund applications. Aite Group, for example, published a report titled “Buy-Side OMS Market Update 2013: Calm Before the Storm?” in March 2013. These reports can provide insight into the top application players in each market. It should be noted that some reports must be purchased, and free ones may be slightly biased if they are funded by an application vendor.

Here is a handy list of where to find reports published by these firms:

  • CEB TowerGroup: HERE
  • IDC Financial Insights: HERE

Phone a Friend

Finally, talking to hedge fund peers is extremely valuable in understanding the strengths and weaknesses of various applications. In addition to calling the references provided by the vendors (who you can assume are happy), try and find a few other users to speak with. Here are some questions to ask:

  • How long have you been using the application?

  • Did you receive any incentive for being a customer reference?

  • Why did you select this application?

  • Has the application met your expectations?

  • What are the most important features to your firm?

  • Did your firm customize the application? If so, what was that process like?

  • What features do you wish they would add to the application? Areas for improvement?

  • How responsive is customer support?

  • Is there anything you would have done differently as part of the selection or implementation process?

Happy App Searching!

P.S. Here is another link to our 2012 Hedge Fund Technology Benchmark Study.

Hedge Fund Application Benchmark Study

<![CDATA[Corporate Essentials for Successful Hedge Fund Startups]]>, 14 May 2013 00:00:00 -0400 eci Tomorrow, we are co-hosting an exciting seminar in New York City with our friends at KPMG on the topic of launching a hedge fund. The half-day event, Hedge Fund Launch 2.0: Navigating the New Environment, will feature expert panel sessions on variety of topics including technology, regulations, capital raising, application platforms and more.

One panel we’re particularly interested in – beyond the technology panels, of course – is Corporate Essentials, a program focused on the often forgotten-about aspects of launching a new business. These aspects include human resources, compensation, insurance and real estate. Here’s a sneak peek at some of the content our panelists will be discussing at tomorrow’s event:

Human Resources

  • Essential components of a human resources infrastructure

  • Front and back office staffing requirements

  • Employee benefits typically provided by hedge funds


  • Typical compensation structures for front, middle and back office

  • Compensation trends in financial services

  • ‘Hot’ functions in terms of recruiting and compensation


  • The types of insurance needed for a business, including professional liability, employment practices liability, and property & casualty

  • The right time to investigate insurance options for your hedge fund

  • The effect of the Affordable Care Act/Healthcare Reform on hedge fund insurance decision-making

Real Estate

Be sure to come back to the Hedge IT on Thursday for a recap of our Hedge Fund Launch 2.0 event! In the meantime, download our brand new Manager’s Guide to Establishing a Hedge Fund.

A Manager's Guide to Launching a Hedge Fund

<![CDATA[Recapping a Busy Week in Cyber Security Across the Globe]]>, 09 May 2013 00:00:00 -0400 eci In case you missed it, this week the Pentagon released its Annual Report to Congress looking at the military and security developments involving China. According to the New York Times, the report is virtually the first time “the Obama administration has explicitly accused China’s military of mounting attacks on American government computer systems and defense contractors, saying one motive could be to map 'military capabilities that could be exploited during a crisis.'"

The report states that cyberwarfare capabilities could serve Chinese military operations in three key areas.

  • First and foremost, they allow data collection for intelligence and computer network attack purposes.

  • Second, they can be employed to constrain an adversary’s actions or slow response time by targeting network-based logistics, communications, and commercial activities.

  • Third, they can serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict.

In other cyber security news, the UK is setting up a new £7.5 million government fund as part of the National Cyber-Security Strategy to create two research centers to combat the increasing threat of cyber-attacks.

And finally, this week Japan and the US held the first bilateral comprehensive dialogue on cyber security with the goal of establishing international rule and discussing countermeasures to cyber-attacks.

Here is a snapshot to recap this week in Cyber Security.

Cybersecurity headlines

Be sure to check out these helpful security articles:

Hedge Fund Security Guidebook

<![CDATA[What Do Hedge Fund Investors Ask About IT? A Technology DDQ cheat sheet]]>, 07 May 2013 00:00:00 -0400 eci Question markIt is becoming cliché to say, but the investor due diligence process has truly evolved from a ‘check the box’ activity to a detailed and analytical process. Today, hedge fund investors want to see a tested investment strategy coupled with institutional-grade business processes.

Here at Eze Castle Integration, each year we help more and more hedge fund clients complete the Technology portion of investor due diligence questionnaires (DDQ). So we thought it would be helpful to share some of the more common technology related questions we are seeing. Not surprisingly, you’ll see security and disaster recovery questions on the list.

As you consider your responses to these questions, keep in mind that in some cases investors are more concerned with your decision process as opposed to seeing the “right” answer. The reality is that often the “right” answer varies from firm to firm and depends on a number of factors, including investment strategy.

On to the questions…also, you can download our more extensive Technology DDQ list HERE – it includes questions on your company and processes.

The Questions

  • Provide an overview of your IT and telecom infrastructure. Please specify whether this solution is hosted onsite, outsourced to a cloud/hosting provider or whether you use a variety of approaches.

  • Where are your primary, secondary, business continuity and disaster recovery data centers located and what technology is located in each?

  • Who is responsible for IT support? Describe the service they provide.

  • Please list any outsourced technology service providers. Please give an overview of the providers and their credentials, as well as background of the relationship.

  • Describe your physical and application security protocols to protect building, office, hardware, and data accessibility.

  • Detail user login and password requirements for staff accessing systems while in the office as well as remotely.

  • Describe your process for application/system change management, including:

    • Who is responsible for authorizing changes,
    • Who has access to the development and production environments, and
    • The process to release code/changes into the production environment.
  • Describe the organization’s Business Continuity and Disaster Recovery philosophy and provisions, including any relationships with third-party providers.

  • Describe your provisions for data back-up, including the frequencies and methods of the back-up. How would data be restored in the event of a loss, and how long would this take? How would you operate in the meantime?

  • What would happen in the event that a key decision maker became incapacitated, for example the chief investment officer or portfolio management staff?

  • How often is the BCP/DR plan tested? What was the last test date and describe the results.

In addition to downloading our complete IT DDQ list, you can also check out these articles:

<![CDATA[Webinar Recap: What Investment Firms Need to Know about Social Media Compliance]]>, 02 May 2013 00:00:00 -0400 eci Yesterday, we hosted a webinar, “Going Social: What Investment Firms Need to Know about Social Media Compliance” along with Global Relay, an Eze Castle Integration partner and provider of enterprise message archiving and monitoring services. Global Relay's vice president of sales, Bryan Young, and our own vice president of marketing, Mary Beth Hamilton, discussed a range of topics including the changing SEC guidance on social media, compliance requirements for hedge funds and key components of instituting a social media policy at an investment management firm. Read on for a recap of the event.

Bryan Young vice president of sales global relaySocial Media Trends

In recent years, social media usage has expanded rapidly in the business sector. Of the various social media offerings currently available, Twitter, Facebook and LinkedIn tend to be the most widely utilized within business settings. Reasons for connecting through various social networking websites range from a desire to keep in touch with friends and family to researching products and services and keeping up with news. Social networking comprises a huge portion of the time spent online, with 25% of all time on the Internet spent on these websites. Furthermore, not only do social media users access these platforms via their computers, but 40% also visit social media sites via mobile devices. Additionally, social media applications are now the third most utilized by smartphone owners, an essential statistic for companies to keep in mind when crafting their social media policies.

Social Media and the Investment Industry

In the past, the investment industry largely avoided social media. However, more recently, many firms have begun to embrace the various social media platforms. Earlier this year, the SEC released a guidance update on social media usage, as well as a statement indicating that social media platforms are acceptable vehicles for investment firms to use for communications with the public. Leading this move towards social media is Goldman Sachs, who created a Twitter page in 2012 which now has 44,000 followers. Today, up to 50% of financial advisors now use social media to communicate with clients and other stakeholders. However, the rules and regulations regarding social media usage by investment firms continue to be highly complex, causing some hedge funds to continue steering clear of these sites.

social media word cloud cube

Currently, only 1% of hedge funds are actively taking advantage of Twitter’s offerings. Despite this, firms' employees are increasingly using social media platforms on their own, which is why it's becoming more and more important for firms to develop a social media usage policy to govern these online communciations.

Here at Eze Castle, we're seeing hedge funds handling the changing regulatory landscape regarding social media in the following ways:

  1. A small percentage of firms take the approach of completely blocking all social media use by employees.

  2. Some firms take the approach of blocking just the communications side of social media sites in the workplace.

  3. A large number of firms do not limit social media usage at all.

How do regulators view social media?

In the eyes of regulators, social media is viewed in the same regard as other forms of electronic communication. The SEC has deemed social media a suitable platform for distributing public information, as long as the public is directed where to look for it. Specifically, social media falls under the existing “media-neutral” requirements, including the following:

  • Record Keeping. Firms must be able to capture and preserve all electronic business records.

  • Supervision. Firms must supervise and enforce supervisory policies.

  • Audit Readiness. Firms must consider their preparation for an audit when producing data for auditors.

  • Social Media Specific. Before engaging with social media, firms must be certain that they have the technology required to record and retain their communications.

However, there are also some key differences to be aware of when it comes to social media communications. These include:

  • Static Content. Static content is content that remains posted until changed by the firm or individual, and is accessible to all website visitors. This type of content -- including initial tweets, Facebook wall posts and LinkedIn network updates -- necessitates principal pre-approval.

  • Interactive Content. Interactive content is considered real-time communication and requires supervision after the fact, on a risk basis. This type of content ranges from emails, IMs and Facebook wall comments to LinkedIn network comments and retweets.

  • Linking to Third-Party Content. When linking to third-party content, firms are responsible for the content of linked sites and what reps endorse. It is vital to be aware of the fact that “linking” or endorsing can trigger entanglement principles. Examples of this include Facebook “likes,” Twitter “retweets” and LinkedIn “recommendations.”

Mary Beth Hamilton vice president of marketing eze castle integrationPersonal vs. Corporate Information

Even as some investment firms are still steering clear of social media, there is an increasingly indistinct boundary between the personal and professional realms of social media usage, especially with the rise of LinkedIn. Social media platforms such as LinkedIn also pose further challenges to firms because, unlike email, employees own and control most social media accounts. One way to handle this challenge is to require employees to opt in for social media archiving. To protect employee privacy, firms must ensure that employee passwords will not be shared. Also, firms must ensure that their social media compliance solution covers content originating from mobile devices, home computers and public computers.

Best Practices for Creating a Social Media Policy

When crafting a social media policy, investment firms should use the following three questions to frame their approach:

  1. Is it appropriate or necessary for employees to visit social media sites such as Facebook, LinkedIn or Twitter during the work day?

  2. Are employees considered to be representatives of the company in their online interactions?

  3. Is it the firm’s responsibility to limit or control what employees are able to access on the Internet while at work?

There are also a variety of other considerations that go into drafting a successful social media policy. These include:

  • Representation. Employees must not represent their opinions published through social media channels as those of the company. If an employee has chosen to document his or her relationship with the firm, he or she must take care to guarantee all online actions and opinions reflect those of the firm.

  • Defamation. Employees must not defame or post any type of abusive content online, under any circumstances. The firm policy should clarify that any such actions will result in disciplinary action for the offending employee.

  • Responsibility. Employees must exercise strong judgment whenever using the Internet, and should expect to be responsible for any liabilities that arise from their online interactions.

  • Time. Employees should be sure that their social media interactions do not become so time consuming that their work performance is negatively impacted.

  • Record Keeping. If employees choose to communicate through social networking sites, firms should implement social media archiving technology such as the solutions provided by Global Relay to ensure compliance.

  • Regulations. A company’s social media policy should reflect the current regulatory requirements.

For more information on social media compliance for investment firms, contact an Eze Castle Integration representative. In the meantime, check out the full replay from our webinar, “Going Social: What Investment Firms Need to Know about Social Media Compliance” featuring Global Relay.

contact an eze castle integration representative
Photo Credit: Shuttershock
<![CDATA[What to Look for at the 2013 SALT Conference]]>, 30 Apr 2013 00:00:00 -0400 eci Next week – Tuesday, May 7 through Friday, May 10 to be exact – one of the largest annual gatherings of investment management professionals will be taking place at the beautiful Bellagio Las Vegas. The SALT Conference will feature over 100 expert speakers participating in 36 panel discussions, individual speeches and breakout seminars throughout the four-day event. The focus of this year’s conference is on macro-economic trends, the political environment and opportunities for alternative investment firms within the context of the global economy.

As in past years, the SALT Conference is sure to be a who’s who of industry professionals. Past keynote speakers have included such notable names as Bill Clinton, George W. Bush, Al Gore, Mitt Romney, Colin Powell and Tony Blair. Who is on the docket to speak this year? What will the specific discussions and hot topics be? Following are some highlights we’re looking forward to at next week’s event.

Our Favorite Topics

SALT Conference hot topics schedule

The A-List Speakers

SALT Conference featured speakers schedule

The Best (and most fun!) Networking Opportunities

On Wednesday, May 8 and Thursday, May 9, Eze Castle Integration is teaming up with Eze Software Group to host a Cabana Party at the Bellagio Pool! Stop by to meet our team members, talk tech, have a cocktail and enjoy the beautiful Las Vegas weather!

Here are a few other SALT-sponsored events we'd highly recommend checking out:

  • Fiesta Latina: A Poolside Party of Food, Drink & Entertainment (Wednesday, 8:00pm, Bellagio Pool)

  • Starry Night: A Night of Cocktails & Entertainment Featuring Grammy Award-Winning Band TRAIN (Thursday, 8:30pm Bellagio Ballroom)

For more information on next week’s SALT Conference, visit If you’re planning to attend this event, be sure to let us know, and stop by the Eze Cabana Party!

contact an eze castle integration representative
<![CDATA[Video Week Continues! Channel Partners 360° Puts the Spotlight on Eze]]>, 25 Apr 2013 00:00:00 -0400 eci We hope you're enjoying this week full of videos here on the Hedge IT blog! On Tuesday, we shared footage from our friends at Zerto featuring our vice president of client technology, Steve Schoener, who spoke about cloud disaster recovery during a recent webinar.

Today, we're excited to share with our readers a video spotlighting Eze Castle Integration that was produced by the team at Channel Partners Online. Recently, the group honored Eze with its Channel Partners 360° Award, which celebrates excellence in innovation, technology solutions and customer satisfaction.

Check out the video they created about our team, solutions and services. And, of course, a special thanks goes out to Channel Partners Online for their fantastic work!

<![CDATA[A Look at Liquidity Risk Management]]>, 18 Apr 2013 00:00:00 -0400 eci In the wake of the 2008 financial credit crisis, investment firms have recognized the need for more robust liquidity risk management tools and procedures. However, due to shifting regulations and detailed fund and investment structures, fund of funds, private equity firms, hedge funds, and institutional investors continue to grapple with liquidity management and reporting within their investment portfolios. The following is a high level overview of both the liquidity risk challenges facing firms today, and the ways in which some fund managers are overcoming these challenges.

What is liquidity risk, and how does it affect funds?
Liquidity is the extent to which an asset or security can be bought or sold in the market, while not impacting the asset’s price. The concept of liquidity is comprised of illiquid assets, which are the result of liquidity risk and cannot be instantly sold due to value uncertainty and lack of a market. Liquidity risk refers to the concept that an asset or security cannot be traded at the rate necessary to achieve returns and bypass losses. In the last several years, worldwide economic challenges including rising liquidity costs, a more uncertain market and lower levels of market assurance have contributed to the liquidity management challenges facing funds. Liquidity risk’s ability to negatively impact and compound other types of risk, such as credit risk, also has far reaching consequences for the financial markets. These consequences make it even more imperative for firms to get a handle on their liquidity risk management practices.

take risk? yes noHedge funds and fund of funds are directly impacted by liquidity risk. Hedge funds undergo both position and fund liquidity. Position liquidity refers to how quickly the instruments employed in the strategy can be converted to cash at a known value. On the other hand, fund liquidity refers to how fast the stated terms will allow an investor to exit a fund investment. Fund of funds typically offer superior liquidity in comparison to hedge funds. This is due to their investment strategy, which involves investing in groups of various unregistered hedge funds rather than stocks, bonds or other securities. Other types of fund of funds include private equity fund of funds, mutual fund of funds and investment trust fund of funds.

Data Management Challenges
Data management continues to be a serious challenge for many funds. This is the result of funds’ limited analytical capabilities and lack of a centralized, systematic approach to examining liquidity risk. Because liquidity has the ability to compound many other types of risk, it’s important for firms to take a centralized approach to analyzing liquidity. Employing a siloed approach prevents managers from fully understanding their liquidity position on a wider scale.

liquidity risk managementThe lack of efficient data management technologies prohibits firms from accurately predicting cash flows. However, many software solution providers are attacking this challenge head on by offering state-of-the-art financial automation platforms. One such company is our partner, Ledgex Systems, whose Ledgex Platform product suite simplifies the management of these complex requirements. According to the experts at Ledgex, there has been a recent shift in the investor/allocator community that calls for cutting-edge liquidity analysis capabilities. Using this advanced platform is one way that fund of funds are dealing with the stringent requirements.

How are firms dealing with liquidity risk management challenges?
Tools such as the Ledgex Platform are especially helpful when it comes to data management, which is directly linked to a firm’s liquidity management practices. In order to achieve the highest level of liquidity management efficiency, it’s vital for data to be collected, analyzed and conveyed at a variety of aggregate levels. Because many funds have not yet undertaken the necessary data management measures, they have incurred heavy and undesirable financial costs in addition to having their liquidity risk management procedures severely stalled. Software tools like Ledgex enable funds to gain a stronger understanding of their internal liquidity management practices and allow them to achieve a higher level of operational efficiency within their technology infrastructure. Specifically, the Ledgex Platform streamlines data management practices across all facets of the firm, clarifying its level of liquidity risk and enabling portfolio management, monitoring, reporting, and risk and compliance tasks to be run more effectively.

Of course, funds must also remained focus on compliance. Many liquidity issues have arisen as a result of poor or non-existent stress testing procedures. In light of the financial crisis that plagued 2008 and the newly imposed regulations which resulted from it, firms are now required to develop appropriate stress management procedures and consistently undergo testing. In addition, regulators are now looking for evidence that management has been deeply involved in the development of the stress testing procedures.

Following are some frequently asked questions regarding the challenging issue of liquidity risk management:

liquidity risk management frequently asked questions

Watch Ledgex's Liquidity Management Software Demo

For more information, or to speak with a liquidity management expert, contact an Eze Castle Integration representative, or visit the Ledgex Systems website.

contact an eze castle integration representative

Image credits: Google, Sungard

<![CDATA[Keeping Boston in Our Hearts]]>, 16 Apr 2013 00:00:00 -0400 eci In the wake of the horrible tragedy that unfolded at yesterday's Boston Marathon, we'd like to express our deepest sympathies to the victims and everyone who was affected. We're keeping the great city of Boston in our hearts and thoughts, and we stand with you during this difficult time.

To honor those who lost their lives, those who were injured and those who are mourning for loved ones, we have compiled the following photo collage depicting just a few of the many instances of heroism, support and unity that were on display in Boston and around the world during and after the attacks.

Stay strong, Boston.

Photo Credit: Wikipedia
<![CDATA[Webinar Recap: BCP Tips - Are Your Employees Ready for a Disaster?]]>, 11 Apr 2013 00:00:00 -0400 eci Yesterday, we hosted a webinar on business continuity best practices, featuring Eze Castle Integration’s own business continuity experts: Lisa Smith, a Certified Business Continuity Planner and Manager of Business Continuity and Data Privacy, and Katharine Washburn, Business Continuity and Data Privacy Coordinator. The presentation covered everything from developing business continuity best practices to ensuring that a company’s employees are personally prepared. Read on for a quick recap of everything covered during the event.

Business Continuity Planning

Although many companies recognize the importance of crafting an effective business continuity plan, few actually feel that they have prepared one adequately. According to Continuity Compliance, while 70% of businesses have created a robust business continuity and emergency response plan, only 25% have also accounted for human resiliency. Furthermore, a recent survey commissioned by the Ad Council found that only 17% of the 60% of Americans that feel preparation for natural or manmade disasters is essential consider themselves to be very prepared for an emergency situation.

Business Impact Analysis

There are several areas companies should cover when developing a business continuity plan. The first step for putting together your plan is developing the Business Impact Analysis. This is the foundation of the business continuity plan and determines what the firm needs to focus on protecting. An essential component of the firm that needs to be protected is its employees. When looking at employees, consider:

  • How they are going to recover;

  • Where they are going to go; and

  • What resources they will need (applications, data, and what resources they can access at home).


The second step is to analyze the strategies used by the company and its employees in order to identify the company’s risks and exposures. The plan must examine potential scenarios and decide the most effective way to react to them.


The third step is to identify the most effective way to provide information about particular scenarios to employees, internally and externally.

Employee Resources

In order to efficiently deal with a potential emergency incident, specific steps must be taken in order to ensure the safety of each employee. These include:

  • Ensuring employee specific documentation: Information contained in the business continuity plan is contained on Quick Reference Cards, Wallet Cards, or Regional Reference Guides.

  • Mapping out employee locations: It is essential to map out where employees are located in regards to the office, in order to recover most effectively during an emergency incident.

  • Developing manager guides: Develop manager guides in order to validate employee remote connectivity, redirect incoming calls, and secure contact information in case of an emergency.


One of the most important aspects of developing a successful business continuity plan is undergoing testing (we recommend at least twice per year). Every aspect of the plan needs to be tested, although it is not necessary for them all to be tested at once. Here are some tips to keep in mind when developing the plan:

  • Make the scenario real

  • Test it bi-annually

  • Ensure participation from all business units

  • Test on a slow day

  • Test each component of the plan

  • Document all issues, resolutions, and results

Preparing Your Employees

  • Critical Contacts: Ensure that critical contacts are available outside of the office. These include both critical people and businesses such as members of the household, insurance agents, schools, places of employment for family members, local hotels, and healthcare providers.

  • Build your Emergency Kit: Make sure that employees take care to build emergency kits and know where to access them inside and outside of the office. Suggested resources include a first aid kit, photo ID, cash, aspirin or tylenol, blankets, clothes, water, canned food, maps, battery-powered radio, pocket knife, flashlight, matches, and candles.

  • Considerations: Employees should take care to prepare for an emergecy if time allows, and consider if they have enough of the above resources to be prepared for an emergency. Preparing in advance will also alleviate stress during the incident. Other items to stock up on include gas for the car and fully charged electronic equipment. Employees may also want to consider investing in a Power Dome, which allows electronics to be charged even if there is a lack of power.

  • Recommendations: Employees should make sure that they are aware of where they can receive vital information at the time of an incident. Some of these places include emergency management agencies, local news, local hospitals, emergency radio stations and social media outlets.

To watch the complete replay of our BCP Tips webinar, click here or click the video below.

Photo Credit: Wikimedia Commons

<![CDATA[What’s up at VMware? End-User Computing]]>, 09 Apr 2013 00:00:00 -0400 eci VMware, the original virtualization company, is continuing to evolve as virtualization technology heads towards the commodity department. The company’s newest push is around the concept of End-User Computing.

With its end-user computing products and strategy, VMware is aiming to give IT the tools and means to transform “siloed desktops, applications, and data into centrally managed IT services, delivered to end-users securely, on the device of their choice.” This means allowing IT to centrally set policies, encrypt data, ensure corporate governance is followed and do much more on all devices a user may use.

The products under VMware’s End-User Computing umbrella carry the moniker “Horizon” and include:

  • VMware Horizon View

  • VMware Horizon Mirage

  • VMware Horizon Workspace

  • VMware Horizon Suite

Here’s a quick video to hear VMware’s strategy straight from the proverbial horse’s mouth:

<![CDATA[BlackBerry Z10 Is Special, So Check With Your Friendly IT Expert]]>, 04 Apr 2013 00:00:00 -0400 eci Mobile phoneIn honor of the mobile phone turning 40 years old this week, today’s post is on the BlackBerry Z10. (BTW: did you know the first mobile phone weighed 2.5 pounds and took 10 hours to charge?!)

Back to the topic at hand. In January, when the BlackBerry Z10 was just officially unveiled, we took a look at the bells and whistles available on the device (Read: BlackBerry’s Reinvention: A look at BlackBerry Z10). And now that the BlackBerry Z10 is available in over 35 countries, by all accounts it is just what the company needs if they have any hope of taking back market share from iPhone and Android makers.

As part of its promotional push, BlackBerry is even letting iPhone and Android users test drive the new operating system by pointing their mobile browsers to

Wait One Second!

While people are rushing out to purchase the new device, it is important to understand that the new device is quite different from previous versions, and I don’t mean from a look and feel perspective (well, that too.) The BlackBerry 10 operating system uses ActiveSync (think Android, iPhones and Windows Phones), which means that they cannot be managed from an existing Blackberry Enterprise Server (BES).

This has implications for corporate users and IT departments. Chances are your IT department already has a plan in place to support the new device, but it is important to check before purchasing the BlackBerry 10.

How is it Different?

Let’s get semi-technical here. The BlackBerry Z10 devices need to be managed from a BlackBerry Enterprise Service 10 server, which is an upgrade from BES 5. BlackBerry is allowing customers to trade up their existing licenses for the new BES 10 for free (learn how here).BlackBerry Z10

However, this new software cannot be installed on the same server as an existing BES version. Previous BlackBerry devices (software running 7, 6, 5) cannot be managed directly by BES 10, which means that an additional server may be required if there are users with new and old BlackBerry devices.

Now if your firm has already embraced the bring your own device (BYOD) trend and is using Androids/iPhones/Windows phones with a TMG/NetScaler, there is a good chance the BlackBerry 10 devices can be configured to send and receive email easily. To receive added functionality and security (like that of BES 5) a Blackberry Enterprise Service 10 – Enterprise Mobility Management is needed.

What Now?

Check with IT or your trusty service provider (Eze Castle Integration!) to discuss how you can start using the BlackBerry Z10.

Photo Credit: americanlivewire & blackbetry

<![CDATA[SEC’s Social Media Guidance Is Changing, Here's What You Need to Know]]>, 02 Apr 2013 00:00:00 -0400 eci Historically, financial services firms have not been the most active group in the social media sphere. In a 2011 survey of hedge fund managers conducted by MHP Communications, only 1% of firms were active participants on Twitter, and none of the managers surveyed were active on Facebook. More recently, however, the tides have begun to change. Following Goldman Sachs’ entrance into the Twitterverse in May 2012, investment management firms and their employees have started to increase their social media participation. With this growing trend comes the added layer of social media compliance with industry legislation.

social media compliance for investment firmsThe Legal Perspective of Retaining Social Messages

According to the SEC’s Rule 17a-4(b), registered investment advisers and broker-dealers should archive (think Eze Archiving!) all business communications on social media for a minimum of three years. As the frequency of discovery audits continues to rise, firms should ensure these communications are easily searchable and can be recovered quickly in the event of an SEC inquiry.

Additionally, Section 24(b) of the Investment Company Act of 1940 requires investment firms to file all advertisements or other promotional materials to investors within 10 days of their release. A 2010 update to this regulation issued by FINRA declared that interactive content on social media platforms qualifies as advertising, and therefore falls under Section 24(b). The FINRA update also states that social media content falls under the jurisdiction of Rule 482 which requires firms to file registered investment company performance ads and promotional content.

New Guidance from the SEC

Since these FINRA updates were announced in 2010, little advancement has been made in the regulation of social media correspondence by investment organizations – until about two weeks ago.

SEC Social Media HeadlinesOn March 15th the SEC issued its first “Guidance Update,” which – according to the Commission’s press release – will be the first in a series of upcoming guidances designed to express its views on emerging technologies and issues. The goal is to “increase transparency and enhance compliance with the federal securities laws and regulations.” And then today, the SEC officially stated that social media is okay for company announcements as long as investors have been alerted about which social media will be used to disseminate such information.

This first SEC Guidance Update addresses the requirement of investment firms to archive content that is posted on real-time social media sites such as Facebook and Twitter. The SEC notes that many firms have been extremely thorough in their compliance efforts, and have been filing nearly all of their social media correspondences (well done, fund managers!) regardless of content or context.

The new Guidance Update indicates that investment companies can now relax this practice somewhat, and need not file ALL social media content. Instead, consider the content, context and presentation of the communications in order to determine whether they are within the jurisdiction of the pertinent SEC rules and regulations. For instance, firms do not need to file social media correspondence that is simply a response to a question or sharing of existing content from another source.

According to the legal experts at Bingham, the following types of online communications are examples of those which do not need to be filed according to the most recent guidance:

  • Content which only contains incidental mention of the fund’s name

  • Incidental use of the word “performance”

  • A factual statement including a hyperlink to a fund prospectus or to information already filed in accordance with SEC regulations

  • A factual statement not related to a discussion of the investment merits of a fund which includes a hyperlink to general financial information

  • Responses to another social media user’s inquiry in which “discrete factual information” is conveyed, and/or a hyperlink to sales literature is shared

Key Takeaways

This new SEC update is a sign that regulators are aware of the importance of social media communication in today’s business world. By clarifying the types of content that do and do not need to be filed, they’re paving the way for more real-time interaction between investment organizations and their online communities.

As your firm moves forward with incorporating social media into its business strategy, it’s important to develop a written social media usage policy to outline acceptable and unacceptable use of social media for employees. This is a highly recommended best practice for managing effective social media campaigns, especially given the uptick in discovery audits administered by the SEC.

Additionally, firms should utilize social media archiving tools such as Eze Archiving to ensure compliance with SEC regulations. As Twitter and Facebook become mainstream platforms for communication in the financial services industry, you’ll want to ensure your firm is always putting its best foot forward on all interactive social media sites.

To learn more about social media compliance for investment management firms, be sure to check out these helpful articles:

contact an eze castle integration representative
<![CDATA[Our 60-Second Answer to Why Go Eze Private Cloud?]]>, 28 Mar 2013 00:00:00 -0400 eci Cloud computing is becoming a standard IT deployment method for the investment management industry. In fact, our 2012 survey found that 8 in 10 investment management firms are either currently or planning to use a cloud service. So once a hedge fund or alternative investment firm decides to go cloud the next question is "Why go Eze Private Cloud?"

Well, we have the perfect answer to that, and you can have it in just 60-seconds. Watch our quick video and learn why Eze Private Cloud is the investment industry standard for cloud services.

Learn about Eze Private Cloud

<![CDATA[Recapping the 2013 London Hedge Fund Cloud Summit]]>, 26 Mar 2013 00:00:00 -0400 eci On 19th March, the Eze Castle Integration team in London hosted their first-ever Hedge Fund Cloud Summit at the Prince Philip House.

Eze Castle Integration along with leading experts in the financial services industry - INDOS Financial Limited, Morgan Stanley Prime Brokerage, Bloomberg, Credit Suisse Prime Services, Lucidus Capital Partners LLP, Portman Square, LLP, eSentire, Global Relay, and Simmons & Simmons - came together to provide a half day educational seminar featuring a wealth of information on the cloud to over 100 hedge fund and alternative investments firms.

Technology has undergone tremendous change in the past five years, and many hedge funds and investment firms have started to look for ways to increase efficiencies while reducing costs.

The half day conference was spilt into three panel sessions covering the following topics:

Defining the Private and Public Clouds: This panel explored the key differences and advantages in cloud models and solutions, the considerations for migrating to the cloud, selecting the appropriate cloud solution or mix and the deployment expectations and long-term outlook.

The most common choice is moving into a private cloud, such as the Eze Private Cloud. Private clouds are typically better suited for the alternative investment industry which requires a great deal of sophistication, application integration and support.

Application Hosting: This panel explored the front, middle and back office systems, which can now be supported in a cloud environment. But how do you know when the cloud is a good fit for your applications? This panel included experts from companies that taut some of the leading hedge fund applications on the market and examined the pros and cons of hosting your key hedge fund applications in the cloud. The panellists on this panel covered:

  • The business case for moving apps to the cloud

  • What applications are ideally suited for a cloud environment?

  • Evaluating providers and putting SLAs in place

download the hedge fund cloud computing survey reportCloud Security: The last and most talked about topic was cloud security. Security still remains a top concern for firms when evaluating moving into the cloud.

Last year, Eze Castle Integration conducted a survey of 125 financial services firms to learn how hedge funds and investments firms are currently using cloud services, as well as to provide insight into the factors influencing this growing trend and the barriers to adopting the cloud. According to the survey, concerns about security was top followed by concerns about meeting regulatory or compliance requirements.

Find out more about the cloud! Check out the useful resources below:

Cloud Forum - 100% dedicated to the topic of cloud computing for hedge funds and investment firms, the Cloud Forum has a wealth of information available via articles, videos, whitepapers and much more.

Also, be sure to download our 2013 Guide to Cloud Computing in the Hedge Fund Industry. This comprehensive guidebook examines:

  • Why Are Firms Going to the Cloud?

  • Public and Private Clouds: Why Private?

  • What Are the Use Cases for the Cloud?

  • Secure Computing in the Cloud

  • Checklist Questions to Ask Cloud Providers

Guide to Cloud Computing
contact an eze castle integration representative]]>
<![CDATA[Best Practices for Managing Security Risks (Webinar Recap)]]>, 21 Mar 2013 00:00:00 -0400 eci Last week, we hosted a webinar with eSentire on best practices for managing security risks. eSentire is the leading managed security service vendor protecting 25% of the global hedge fund market by AuM. During the webinar, the company's director of marketing, Mark Sangster, and our own vice president of client technology, Steve Schoener, explored topics including the scope of cyber threats, the anatomy of a cyber attack, continuous security monitoring and security policies and procedures for hedge funds to consider. Read on for a full recap of the information covered during the event.

The Current Scope of Cyber Threats

mark sangster esentire headshot

In his March 12th address to congress, Director of National Intelligence James R. Clapper identified cyber attacks as the most immediate threat to global security. Clapper’s remarks emphasize the importance taking measures to prevent cyber attacks today. These intrusions can originate from a variety of sources, including:

  • criminal organizations

  • nation states

  • insiders

  • “hacktivist” groups such as Anonymous

It is widely believed that government support is making hacker groups more powerful than ever. Currently, one of the largest threats to cyber-security originates from a China-based group known as Unit 61389 of the People’s Liberation Army. According to a report produced by Mandiant, an information security company, the group is comprised of up to a thousand members, and has been responsible for stealing hundreds of terabytes of data from 141 companies in 20 industries. Groups similar to Unit 61389 have cropped up in other countries as well.

According to the 2012 Verizon Data Breach Investigations Report, an international study of cyber-security violations:

  • 70% of cyber attacks target large organizations (over 1,000 employees)

  • 50% of intrusions take several months or even years to be recognized by the victim organization

  • 75% of the time it takes several days to steal data from larger companies

So, what should you be aware of to help protect your firm from an intrusion? There are a variety of sources from which cyber attacks can originate, including:

  • Phishing scams: In these scenarios, a member of the organization receives a socially engineered email attempting to steal information. Upon opening the email, the employee allows the malware to infiltrate the network.

  • USB media devices: This is a very common source of attack that has been widely improved over the years. In this case, an infected USB drive is dropped or left unattended in a public space, intending to be picked by a well-meaning employee who will plug it into his or her computer to see who the device belongs to. Once plugged in, the device emits malware into the network.

  • Universal Plug & Play (UPnP): UPnP allows computers and other network-enabled devices to efficiently communicate with one another. Recently, however, these devices have come under harsh criticism due to a variety of security weaknesses such as programming flaws and a lack of required authentication, making the devices easy targets for viral attacks.

  • Malware via Drive-by Download: Drive-by downloads occur when a person downloads an infection, either knowingly or without understanding the consequences. The infection typically takes the form of a computer virus, spyware, malware or crimeware.

The Future of Cyber Security

steve schoener eze castle integration headshot

Increasingly, security threats threatening the investment management industry are low volume, high value (aka targeted) in nature. In these cases, the attacker possesses a great deal of knowledge regarding the value of the victimized company’s assets, and wants to steal this information for his or her own benefit. These attackers will employ intricate plots to gain access to the information. The problem with typical security protection programs such as anti-virus software and firewalls is that they are not preventative, and can only identify threats that have already occurred.The industry has been shifting from the use of managed security service provider (MSSP) to continuous monitoring as a service (CMaaS). The primary components of CMaaS are:

  • Sensor on the Network: Network sensors gather data.

  • Risk-Status Displays: Data is gathered from the sensors and used to develop reports.

  • Security Consulting: Security experts analyze the reports so that they can develop appropriate security measures.

  • Real-time Detection and Mitigation: Security firms such as eSentire have added this step due to the belief that security concerns need to be resolved immediately rather than after they have occurred.

Tips to Protect Your Firm Against Malware and Hacking

eSentire has developed a list of steps hedge funds should follow to protect themselves against security threats. The steps are based off the concept of the cyber kill chain, which states that the earlier a threat is recognized, the better.

  • Perform a vulnerability assessment. It is essential that companies authenticate firewall configuration and anti-virus patching, network device security and evidence of criminal activity. You'll want to know where vulnerabilities exist before implementing additional security measures.

  • Establish privileged access to core data. Companies should only designate access to necessary employees and place private data on password-backed servers.

  • Develop an Acceptable Usage Policy. Firms should ensure that their Acceptable Usage Policy provides guidelines for software downloads, personal mobile devices, cloud-based email and storage services as well as the access and distribution of privileged data.

  • Engage real-time intrusion detection/mitigation solutions. Be sure to track and observe all network actions to be aware of breaches, attacks or the access of sensitive information.

  • Establish legal safeguards. Companies should ensure that they utilize confidentiality, non-disclosure, non-competition and non-solicitation arrangements to protect intellectual property.

  • Know who you're hiring. Employers should screen employees pre-hire and conduct trainings to make all employees aware of appropriate and inappropriate conduct, contractual arrangements and firm policies and procedures.

  • Monitor and log network activity. Restrict electronic transfers, enforce password protection, encrypt computer systems, limit accessibility to core assets, and observe and track all network and email actions.

Policies & Procedures

Here at Eze Castle, we recommend that all hedge funds employ multiple layers of security to reduce the amount of undesired traffic on the network, and thereby reduce the opportunities for a security breach. This is often called the Principle of Defense in Depth. Examples of defense layers may include having Windows protected by anti-virus software with up-to-date virus definitions and all Internet and DMZ facing hosts protected by OSSEC host-based intrusion detection.

In addition to these layers, we also recommend that investment firms employ the following policies and procedures to ensure their critical systems and data do not fall into the wrong hands.

  • Principle of Least Privilege: This involves restricting access to only those employees who need it. Keep access control lists on all applications and data and inbound/outbound internet access to keep track of who can gain access to what. Also, log the use of audited one-time passwords and minimum privilege shared accounts.

  • Secure User Authentication Protocols: Secure user authentication protocols include:

    • Assigning unique domain user IDs to each employee
    • Implementing strong domain password policies
    • Monitoring data security passwords and ensuring that they are kept in a secure location
    • Limiting access to only active users and active user accounts
  • Information Management Security Policy: Develop a plan that details how the firm will handle a security incident. The plan should outline who is in charge of managing a security incident, the required reporting and investigation procedures, communications policies for contacting clients and the post-incident remediation procedures.

  • Visitor/Contractor Premise Access Policy: It is essential that firms keep track of all people who have visited the site through the use of physical security checkpoints and surveillance.

  • Mobile Device Policy: Develop guidelines for use of personal mobile devices in the workplace, and train staff on mobile device security. Firms should employ security measures such as requiring passwords, having the ability to remotely wipe devices and employing encryption tools.

Having a high level of security in place at your investment firm helps to restore faith in investors who are undoubtedly hearing about cyber attacks regularly in the media. Following industry best practices and implementing the appropriate tools and policies demonstrates that the firm has planned in advance instead of scrambling to handle a security breach after it has occurred. This also ensures that costly disasters are averted and normal business operations can be restored efficiently in the event of a security breach.

replay webinar now

<![CDATA[Hedge Fund Infographic: You know you're a Private Cloud User if...]]>, 19 Mar 2013 00:00:00 -0400 eci Today, we're excited be hosting the 2013 London Hedge Fund Cloud Summit at the Prince Philip House in London. The event features a variety of industry experts participating in thought-provoking panel disccussions focused on the cloud adoption trends shaping the investment industry. Conversations will touch on everything from the differences between public and private clouds to cloud security and application hosting.

In honor of this event and to provide a visual to help encapsulate the many benefits that come from leveraging a private cloud, we have published a new infographic entitled “You Might be a Private Cloud User If…” Check it out to see the top 10 signs that you are likely a private cloud user. Also, be sure to look read the London Hedge Fund Summit event recap HERE!

you know you're a private cloud user if....infographic

Guide to cloud computing

<![CDATA[What are Investors Thinking...When it Comes to Hedge Fund IT?]]>, 14 Mar 2013 00:00:00 -0400 eci Yesterday our VP of client technology, Steve Schoener, presented on a California Hedge Fund Association webinar about building an institutional infrastructure at today’s hedge funds. A lofty topic (so consider this a basic primer), Steve focused on four key discussion areas, which we’ll recap here. They were:

  • Investor Expectations of IT

  • On-premise & Cloud solutions: Which is right?

  • Security Risks & Best Practices

  • Disaster Recovery How-Tos

You can watch the 30-minute webinar now or keep reading below.

What are Investors Thinking?

Today’s investors grew up with technology and as a result are asking much more detailed questions (here is a handy list). Also, just having an answer is no longer enough. So what is the perfect answer? The reality is that there isn’t one perfect answer that is right for every firm. More than looking for a specific answer, investors want to see that your answer is well thought out and logically addresses your specific fund operations.

Take security, for example. Not every firm needs every layer of security, but you do need to be able to discuss why you made the security decisions you did when it comes to protecting the fund from threats.

Here are the key areas investors are asking about:

  • Annual assessment and audits

  • Access control policies

  • Network security policies

  • Physical security policies

  • Disaster recovery and business continuity plans

Going to the Clouds or Staying Firmly Planted on the Ground?

The question start up hedge funds regularly ask is, “should we go with on premise or in a private cloud?” Increasingly, the answer for new firms is the cloud. And when it comes to public versus private, we see very little adoption of public clouds in the hedge fund space for a number of reasons (service, integration with third-party applications, disaster recovery, etc).

Established hedge funds typically first enter the cloud through hosting of applications including, OMS, Risk and Accounting, or when it is time for a technology refresh. Additionally, we are increasingly seeing that hedge fund teams are small and looking for ways to leverage third-party services, such as the cloud, to streamline operations and outsource non-critical business functions.

A final note on selecting a cloud provider – be sure to have a conversation to understand how you can move your data off a cloud. With a reputable provider, migrating off a cloud should not be an arduous process (here are some handy cloud provider questions).

2013’s Hot Topic – Cyber Security

Security headlinesJust this week the US director of national intelligence, James Clapper, identified cyber security as the top global threat – even more treacherous than terrorism. So what is the anatomy of a cyber attack?

Many of the most successful attacks today are through malware that is delivered via email, drive-by or USB to an unsuspecting user. In the case of email malware, a user typically receives a message with a link to something that appears legitimate, such as an ADP paycheck. Clicking the link then infects the computer.

A high number of viruses are looking to take information. They want to get at financial information and other information they can sell. Basic security components that every hedge fund should already have in place include:

  • Anti-virus protection

  • Network firewall

  • Web filtering

  • Strong password policy

Thinking about securityWhen it comes to passwords it is important to note that changing passwords is essential. The longer a password is out there the more damage can occur. Some hackers may just watch your email to gather information and get ahead of you in trades, for example.

More advanced security components firms should consider are:

  • Intrusion detection

  • Advanced Password Policy

  • Multi-factor authentication

  • Policies & Procedures for Security Management

Four Steps to Disaster Recovery and Business Continuity Planning

There are many steps to creating a DR and BCP, however, here are four considerations to help frame your planning.

1. Identify critical systems

2. Identify design requirements

  • Look at all your systems and determine how old the data can be in the event of a disaster – this is your Recover Point Objective. When does a system need to be up and running? – this is your Recovery Time Objective.

3. Choose your DR method

  • This is a discussion of on-premise versus a cloud solution. With Cloud DR, the responsibility to manage everything is removed from the hedge fund. There can be trade-offs. For example, if your trades are based on proprietary algorithms you may prefer to own the physical servers. Also, if you have in-house IT, they may prefer to manage in-house.

4. Choose a data center location/facility

  • Investors are going to want to know about access controls and security at the data center.

  • Half the data centers in NY lost power during Sandy. Not all of them were able to get fuel. All Eze Castle Integration data centers stayed up because we conduct extensive due diligence on all our data centers before selecting one. Be sure to do thorough due diligence on your service providers.

Want to discuss technology further? Contact us or subscribe to our Hedge IT blog.

<![CDATA[Hackers are Watching: New security threats facing investment firms]]>, 12 Mar 2013 00:00:00 -0400 eci As you’re probably aware, the topic of cybersecurity has been splashed prominently across headlines lately. Earlier today, the US director of national intelligence, James Clapper, identified cybersecurity as the top global threat – even more treacherous than terrorism.

Security HeadlinesIn his testimony before the Senate Intelligence Committee, Clapper cited several attacks on banking websites where sensitive customer data was compromised, as well as a security breach at an oil company that resulted in the destruction of 30,000 computers. If hackers are capable of such large-scale, damaging attacks, could investment management firms be at risk? What should you be doing to better protect your firm’s critical systems and data?

The truth is both large, well-established hedge funds and smaller startups are equally at risk of intrusion. Hackers may target large firms because they see an opportunity to profit from their substantial asset pools. Additionally, they might be after the notoriety associated with successfully hacking a well-known fund’s critical systems, especially in cases that will likely garner media attention. For smaller funds, hackers are likely after intellectual property, namely business plans, market forecasts and investment strategies.

What new threats are out there and how can firms better protect themselves from a cybersecurity breach?

Hackers are always seeking new ways to gain access to protected systems and accomplish their goals. Antivirus and anti-malware developers are likewise on the hunt for ways to protect these systems and data from new intrusion methods. To increase protection, investment firms should employ a “defense in depth” strategy. This includes maintaining up-to-date antivirus and anti-malware software as well as network firewalls, deep inspection proxy and IDS/IPS to reduce the amount of traffic on the network. (Checkout: Malware Definitions & Security Tips.)

Unfortunately, even a network that’s equipped with the most recent O/S and fully upgraded applications with robust anti-malware tools in place can still be vulnerable to a cyber attack. This is because, in the ongoing Hackers v/s Anti-malware Developers Arms Race, hackers maintain the upper hand. They simply familiarize themselves with the most widely used antivirus tools, exploit software vulnerabilities that have not yet been acknowledged by the vendors and outsmart endpoint protection programs.

The Good News? It has historically been that the anti-malware developers have deeper pockets than hacker groups. However, it appears that this is beginning to change. One troubling new trend that has emerged recently is state-sponsored hacking. According to a recent New York Times report, the Chinese government has been accused of fostering the efforts of hackers targeting organizations in the US and around the world to gain access to sensitive information. Similar stories have begun to surface from Russia and other nations as well. With sponsorship from national governments or other large resource pools, hackers are going to get more sophisticated and more difficult to detect.

So, what should you do to protect your fund? First, be sure to have all of the defense layers in place that we mentioned earlier, such as antivirus and antimalware tools and firewalls. You may also want to consider a more robust, comprehensive intrusion detection systems such as the one provided by our friends at eSentire, which can mitigate a potential threat before irreparable damage is done.

Once these tools are in place, fund managers should educate their employees on potential security risks and train them on best practices for mitigating those threats. Policies should be in place around:

  • Access Control

  • Acceptable Use

  • Information Security Incident Management

  • Personal Communications/Mobile Device Management

Often times, staff members don’t realize the extent of the risk to the organization if a cybersecurity attack occurs or sensitive company data is compromised. Employees who understand security threats and how to thwart them will serve as your fund’s best asset for keeping systems and information secure. Read more about Security Policies in this article.

Hedge Fund Security Guidebook
Photo Credit: Flickr]]>
<![CDATA[Is the Asia Hedge Fund Market Going Cloud? A Q&A with Serge Bukhar]]>, 07 Mar 2013 00:00:00 -0500 eci Last year, Eze Castle Integration expanded their award winning Eze Private Cloud services to Asia. The Eze Private Cloud is used by more than 2,000 hedge fund professionals worldwide to simplify operations, minimise upfront capital costs and gain a highly resilient, enterprise-grade IT infrastructure on par with billion-dollar funds.

I recently sat down with Serge Bukhar, Executive Director of International Operations at Eze Castle Integration, to talk about the hedge fund market in Asia, and the attitude and adoption of cloud computing.Serge Bukhar

What is the current state of the hedge fund industry in Asia?

Singapore and Hong Kong are the hedge fund capitals in Asia. We have seen a contrast between the status of large and small hedge funds in Asia. Many larger funds are struggling, with some shutting down, while smaller funds are increasingly doing well and delivering positive results to their investors. Both groups, however, are looking for ways to increase efficiencies and reduce costs.

Has Asia adopted the cloud?

There is a tremendous opportunity for private cloud services in Asia, however, cloud adoption in the region has yet to reach its full potential. The regulatory landscape in the UK and US, and the varying market maturity levels have fragmented the adoption of cloud computing. Many hedge funds and the alternative investment industry are still taking a measured approach to cloud computing, as the industry awaits further clarity on cloud computing regulations and better articulation of business benefits by IT vendors.

What are the barriers to cloud adoption?

Asia is a tough market to tap into, especially with increasing regulations both in the UK and US. The Alternative Investment Fund Directive (AIFMD), for example, can be one of the reasons why it could be difficult for many hedge fund managers to attract investor capital. Many managers in Asia are less inclined than their US or UK peers to make significant capital expenditures in technology on day one. Data privacy and lack of knowledge and understanding of the cloud are some of the obstacles