Eze Castle Integration

Cloud Forum Blog

> Subscribe to Blog Entries about Hedge Fund Due Diligence

Addressing Hedge Fund Audit Risk: Insights from KPMG

Posted by Katelyn Orrok on Thursday, October 13th, 2016

Categorized under: Hedge Fund Operations  Hedge Fund Due Diligence  Hedge Fund Regulation  Outsourcing 



Six Questions to Ask About Your Investment Firm's Cybersecurity Risk

Posted by Katelyn Orrok on Tuesday, September 27th, 2016

During Part 2 of our Risk Outlook Webinar Series we spoke with Eze Castle Integration Director Dan Long about how investment firms should address evolving cybersecurity risks, third party service provider oversight and employee training and education. Many of the points Dan addressed highlight questions hedge funds and private equity firms should be asking themselves.

Read on or scroll to the bottom to watch the full, 30-minute replay.

What is our commitment to cybersecurity and what is our outlook on the future?

Regulators and investors continue to ask more questions about cybersecurity because they want to know that firms are effectively mitigating risk. To meet these growing expectations, firms must demonstrate that you take cybersecurity risk seriously and have implemented sound systems, policies and procedures to combat those risks. As the threat landscape and technology continue to evolve, investment management firms need to evolve accordingly and develop better ways to counteract threats. Firms don’t necessarily need to implement every available security technology, but they should be keenly aware of their options and have a plan to effectively mitigate as much risk as possible.

How are we addressing third party risk and oversight?

Investment management firms often rely on third party vendors to obtain functionality or capabilities that they need, want or can’t afford to produce on their own. But moving functions out of the firm's control can present challenges. With any outsourced function, the firm inherently takes on additional risks at the hands of the third party. But it's critical for investment managers to limit those risks through sufficient due diligence. To combat vendor risk, financial firms need to maintain strict oversight of all third party relationships and investigate security practices and protocols, particularly for those vendors who have access to the firm's confidential information. An outsourced vendor should be providing the same level of security (or better!) as your firm would if the function was under in-house control.

Categorized under: Security  Private Equity  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Outsourcing  Business Continuity Planning  Videos And Infographics 



Understanding Social Engineering: How to Avoid Phishing Attacks

Posted by Katie Sloane on Tuesday, July 7th, 2015

In the context of information technology, social engineering refers to the act of tricking people into divulging confidential or sensitive business information, and breaking security policies. This form of attack infiltrates companies by targeting their weakest access point, which predominantly is a firm’s employees.Understanding Social Engineering; Spear Phishing, Cyber Security

The Art of the Phishing Con

Let’s examine a popular technique for social engineering known as phishing. In a phishing scheme, the hacker broadly disseminates a fraudulent email with aim to acquire sensitive data, such as, login credentials, IT resources or banking information. The message may request the recipient to submit personal information or to click on a link embedded with malware. Although this approach rarely dupes sophisticated users, a distracted employee could make one mistake and compromise a firm’s entire network.

Categorized under: Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Trends We're Seeing 



A Look at OCIE's Cybersecurity Exam Sweep Findings: Hedge Funds Take Note

Posted by Mary Beth Hamilton on Tuesday, February 17th, 2015

In its 2015 priorities, the SEC’s Office of Compliance Inspections and Examinations (OCIE) listed cybersecurity as a key focus area in its risk-based assessments. Then on February 3, 2015, OCIE released summary findings from its Cybersecurity Examination Sweep.
 
OCIE’s sweep focused on written documentation for their assessment and conducted "limited testing" of the accuracy of the responses. They did not review the technical sufficiency of the firms’ programs either. OCIE’s reliance on documentation highlights the importance of complete Written Information Security Policies.
 
Following are noteworthy items Eze Castle Integration observed in reviewing the findings.

  • Most firms adopted written information security policies, but 43% of advisers did not conduct periodic audits to determine compliance with these information security policies and procedures. 
     

  • 49% of advisers did not discuss mitigating the effects of a cybersecurity incident and/or outline the plan to recover from such an incident in their written business continuity plans.
     

  • The vast majority of examined firms conduct periodic risk assessments, on a firm-wide basis, to identify cybersecurity threats, vulnerabilities, and potential business consequences. However, only 32% of advisers require cybersecurity risk assessments of vendors with access to their firms’ networks. 

In the Written Information Security Plans (WISP) Eze Castle Integration creates for clients, we include service provider risk assessments as a standard element.

Categorized under: Security  Launching A Hedge Fund  Hedge Fund Due Diligence  Infrastructure  Trends We're Seeing 



Back to Basics: 10 Cloud Technology Terms to Know

Posted by Charlene Haddad on Tuesday, December 2nd, 2014

As technology changes, it can become overwhelming to keep up with. That’s why we’ve decided to take a step back in today’s blog article to go over some of the basic vocabulary involved in cloud computing. Here are 10 terms to get you started:
 
Cloud Computing
Services or applications that are hosted in a web-based repository known as the “cloud”; the service is often hosted by a third-party provider who then provides access to that service to users on an on-demand basis via a network connection. This alleviates that firm from having to purchase and maintain costly infrastructure in-house.

Data Center
A facility used to house computer systems and associated components, such as telecommunications and storage systems; typically includes redundant or backup power supplies, redundant communications connections, environmental controls and security features. The Update Institute classifies data centers into four tiers based on the percentage of availability and uptime.

Categorized under: Cloud Computing  Launching A Hedge Fund  Hedge Fund Due Diligence 



Is Bigger Always Better? Advice for Hedge Funds Named David

Posted by Kaleigh Alessandro on Thursday, September 12th, 2013

David vs. GoliathLike David bravely dueling with the larger Goliath, small and mid-sized investment firms are often faced with insurmountable odds when competing against larger (and better endowed) funds. With more experience and more assets, larger firms have the advantage when it comes to soliciting investor allocations. But do these inherent shortcomings equal certain failure? If David can emerge victorious, can’t smaller hedge funds?
 
Earlier this week, we gathered a panel of experts in San Francisco to discuss this topic at length. Following is a brief synopsis of the topics they covered.

Categorized under: Hedge Fund Operations  Cloud Computing  Hedge Fund Due Diligence  Infrastructure  Launching A Hedge Fund  Outsourcing  Real Estate  Trends We're Seeing 



Hedge Fund Infographic: You know you're a Private Cloud User if...

Posted by Jessica Sipprelle on Tuesday, March 19th, 2013

Today, we're excited be hosting the 2013 London Hedge Fund Cloud Summit at the Prince Philip House in London. The event features a variety of industry experts participating in thought-provoking panel disccussions focused on the cloud adoption trends shaping the investment industry. Conversations will touch on everything from the differences between public and private clouds to cloud security and application hosting.

In honor of this event and to provide a visual to help encapsulate the many benefits that come from leveraging a private cloud, we have published a new infographic entitled “You Might be a Private Cloud User If…” Check it out to see the top 10 signs that you are likely a private cloud user. For more information and details on the 2013 London Hedge Fund Cloud Summit please visit the event page. Also, be sure to look out for a recap of the event here on the Hedge IT blog next week!

you know you're a private cloud user if...infographic

Categorized under: Cloud Computing  Eze Castle Milestones  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Launching A Hedge Fund  Trends We're Seeing  Videos And Infographics 



What are Investors Thinking...When it Comes to Hedge Fund IT?

Posted by Mary Beth Hamilton on Thursday, March 14th, 2013

Yesterday our VP of client technology, Steve Schoener, presented on a California Hedge Fund Association webinar about building an institutional infrastructure at today’s hedge funds. A lofty topic (so consider this a basic primer), Steve focused on four key discussion areas, which we’ll recap here. They were:

  • Investor Expectations of IT

  • On-premise & Cloud solutions: Which is right?

  • Security Risks & Best Practices

  • Disaster Recovery How-Tos

You can watch the 30-minute webinar now or keep reading below.

Categorized under: Infrastructure  Cloud Computing  Hedge Fund Due Diligence  Hedge Fund Operations  Launching A Hedge Fund  Outsourcing  Security  Trends We're Seeing 



I’m Launching a Hedge Fund. What Tech Questions Do I Ask?

Posted by Mary Beth Hamilton on Tuesday, January 29th, 2013

The latest HFR Global Hedge Fund Industry Report found that hedge fund assets increased by $60 billion in the fourth quarter of 2012, bringing total industry capital to a record $2.25 trillion.  With hedge funds posting performance gains and the new year upon us, we expect to see new hedge fund launches take off. 

Technology is just one of the many areas to consider when starting a hedge fund.  To help jump start the process, below is a list of some commonly asked questions we receive.

Where do I start in creating a technology budget for my hedge fund?

It is important to note that whether a firm selects to go with an in-house IT solution or cloud computing there will be implications on technology budgeting.  Once in-house versus cloud is evaluated, it is important to think about the workflows and systems you use to complete your work – be it email, reports, phones, market vendor applications, and/or risk systems.  You can find a technology budgeting worksheet here to help with your planning.

Categorized under: Launching A Hedge Fund  Cloud Computing  Hedge Fund Due Diligence  Hedge Fund Operations  Infrastructure  Outsourcing 



Taking the Cloud Security Exam (aka Hedge Fund Checklist)

Posted by Mary Beth Hamilton on Tuesday, December 4th, 2012

Question markLast month our friends at eSentire published a Cloud Security Checklist to provide hedge funds and alternative investment firms a guide when evaluating a cloud provider such as Eze Castle Integration.  The Checklist asked the question, “How can you know if your Cloud Service Provider has your best risk management interests in mind?”

Since here at Eze Castle Integration we are big proponents of secure cloud computing, we thought we’d be the first cloud service provider (that we know of!) to complete eSentire’s checklist.

Here goes!

1.0 Physical Security: Does the cloud provider have a rigorous physical access protocol?

Yes, yes and yes.  Eze Castle has detailed Access Control and Premise Access policies that extend from physical to virtual environments.  Following are some of the key physical access control protocols we have in place:

  • 24x7x365 manned lobby with visual verification of identity

  • Two-phase authentication of visitors (card and biometric)

  • Secured access at all entry points, including doors and elevator banks

  • Monitored security cameras as well as door, motion and camera sensors

  • Visitor logs closely monitored and escorts required at all times

  • Key-locked cages and cabinets at all data center facilities

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Infrastructure 



View earlier posts in the archive

Recent Posts

 

Subscribe to Hedge IT

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Cloud Forum Blog

Categories

Archives