Eze Castle Integration

Cloud Forum Blog

> Subscribe to Blog Entries about Security

A Look at OCIE's Cybersecurity Exam Sweep Findings: Hedge Funds Take Note

Posted by Mary Beth Hamilton on Tuesday, February 17th, 2015

In its 2015 priorities, the SEC’s Office of Compliance Inspections and Examinations (OCIE) listed cybersecurity as a key focus area in its risk-based assessments. Then on February 3, 2015, OCIE released summary findings from its Cybersecurity Examination Sweep.
 
OCIE’s sweep focused on written documentation for their assessment and conducted "limited testing" of the accuracy of the responses. They did not review the technical sufficiency of the firms’ programs either. OCIE’s reliance on documentation highlights the importance of complete Written Information Security Policies.
 
Following are noteworthy items Eze Castle Integration observed in reviewing the findings.

  • Most firms adopted written information security policies, but 43% of advisers did not conduct periodic audits to determine compliance with these information security policies and procedures. 
     

  • 49% of advisers did not discuss mitigating the effects of a cybersecurity incident and/or outline the plan to recover from such an incident in their written business continuity plans.
     

  • The vast majority of examined firms conduct periodic risk assessments, on a firm-wide basis, to identify cybersecurity threats, vulnerabilities, and potential business consequences. However, only 32% of advisers require cybersecurity risk assessments of vendors with access to their firms’ networks. 

In the Written Information Security Plans (WISP) Eze Castle Integration creates for clients, we include service provider risk assessments as a standard element.

Categorized under: Security  Launching A Hedge Fund  Hedge Fund Due Diligence  Infrastructure  Trends We're Seeing 



2015 Hedge Fund Trends & SEC Exam Priorities (Webinar Recap)

Posted by Anna Wendt on Thursday, February 5th, 2015

Ricardo Davidovich

With a new year comes new regulations for hedge funds and investment firms. Earlier this week, Eze Castle Integration hosted a webinar during which Ricardo Davidovich, partner at Haynes & Boone LLP shared his insight into the Securities and Exchange Commission’s (SEC) new examination priorities as well as reoccurring themes firms should expect to see play out through the year.

What’s New in 2015

Retail Investors

One priority for examinations this year is the focus on retail investors. Davidovich says that “hedge funds, which in [the SEC’s] mind have historically been an exclusive and private club, are being sold to the retail and consumer client base.” Meaning they will be taking a closer look at the types of fees being sold, the sales practices and the suitability analysis. Firms should focus on making sure no information released is misleading and that there are provisions against fraud. There should be a real emphasis on policies to create guidelines that can be shown and proven to the SEC.

Categorized under: Launching A Hedge Fund  Security  Hedge Fund Operations  Hedge Fund Regulation  Trends We're Seeing 



Three Reasons the Private Cloud is Just like Olympic Curling

Posted by Kaleigh Alessandro on Thursday, February 20th, 2014

Have you been enamored by the coverage of the Winter Olympics the last two weeks? We sure have. And watching all of these great sports we don’t normally get the chance to witness got us thinking – there are a lot of similarities between technology and Olympic sports. They’re both complex in many ways and require experts (engineers and athletes) who are the best of the best at what they do.Olympic Curling
 
One of our favorite sports to watch is curling. And we couldn’t help but notice that Olympic curling and the private cloud are a lot alike. Don’t believe us? Take a look.

Both are safe and secure.

Let’s be honest: curling clearly presents the least amount of danger and lowest risk for injury at the Winter Olympics. Skiing and snowboarding? We’ve seen our fair share of wipeouts this year. Bobsled, luge and skeleton? Those are terrifying enough just as a spectator. Even figure skating poses a risk when skaters are leaping and twizzling left and right.
 
But curling? Extremely safe. Athletes can be fairly certain – whether they are curling or sweeping – that they will come out of the event unscathed.

Categorized under: Cloud Computing  Launching A Hedge Fund  Security  Outsourcing  Trends We're Seeing 



Snapchat "Disappearing" Messages: What it is & why you should care

Posted by Dina Ferriero on Tuesday, July 2nd, 2013

You may have heard of it – the newest social media app that’s sweeping the 18-25 year old demographic – Snapchat. But what is it, and how could the technology behind it affect the business world?

Snapchat is a photo messaging application in which users can take photos or record short videos on their smartphones, then add text or drawing and send them to select contacts. When sending the content, users have the ability to set a time limit for how long the recipients can view it (up to 10 seconds), after which the photo or video will disappear from the recipient's device.

Here’s a recent Snapchat ad that depicts how the app is used:

Categorized under: Security  Software  Trends We're Seeing 



Recapping the 2013 London Hedge Fund Cloud Summit

Posted by Kulvinder Gill on Tuesday, March 26th, 2013

On 19th March, the Eze Castle Integration team in London hosted their first-ever Hedge Fund Cloud Summit at the Prince Philip House. 

Eze Castle Integration along with leading experts in the financial services industry - INDOS Financial Limited, Morgan Stanley Prime Brokerage, Bloomberg, Credit Suisse Prime Services, Lucidus Capital Partners LLP, Portman Square, LLP, eSentire, Global Relay, and Simmons & Simmons - came together to provide a half day educational seminar featuring a wealth of information on the cloud to over 100 hedge fund and alternative investments firms.

Categorized under: Cloud Computing  Security  Infrastructure  Outsourcing  Trends We're Seeing 



What are Investors Thinking...When it Comes to Hedge Fund IT?

Posted by Mary Beth Hamilton on Thursday, March 14th, 2013

Yesterday our VP of client technology, Steve Schoener, presented on a California Hedge Fund Association webinar about building an institutional infrastructure at today’s hedge funds. A lofty topic (so consider this a basic primer), Steve focused on four key discussion areas, which we’ll recap here. They were:

  • Investor Expectations of IT

  • On-premise & Cloud solutions: Which is right?

  • Security Risks & Best Practices

  • Disaster Recovery How-Tos

You can watch the 30-minute webinar now or keep reading below.

Categorized under: Infrastructure  Cloud Computing  Hedge Fund Due Diligence  Hedge Fund Operations  Launching A Hedge Fund  Outsourcing  Security  Trends We're Seeing 



What's Trendy in Technology? Predictions for 2013

Posted by Kaleigh Alessandro on Tuesday, December 11th, 2012

It’s that time of year again: time to take a look ahead and make predictions for the top technology trends of 2013. I don’t think any of these trends will come as a surprise to you, but let’s take a closer look.

Mobility

I know - we had this topic on last year’s list, too. But it’s so important, it deserves another nod. Smartphones and tablets have invaded the enterprise world like never before, and we’re seeing companies work more diligently to manage the use of these devices. Strategies such as Bring Your Own Device (BYOD) give firms the ability to allow employees to use personal devices for work purposes. While this provides employees with flexibility in terms of which devices they can use (and eliminates the need to carry more than one), it also highlights the importance of enhancing security measures to protect sensitive company information from getting into the wrong hands. Speaking of security…

Categorized under: Trends We're Seeing  Cloud Computing  Security  Communications  Outsourcing 



Taking the Cloud Security Exam (aka Hedge Fund Checklist)

Posted by Mary Beth Hamilton on Tuesday, December 4th, 2012

Question markLast month our friends at eSentire published a Cloud Security Checklist to provide hedge funds and alternative investment firms a guide when evaluating a cloud provider such as Eze Castle Integration.  The Checklist asked the question, “How can you know if your Cloud Service Provider has your best risk management interests in mind?”

Since here at Eze Castle Integration we are big proponents of secure cloud computing, we thought we’d be the first cloud service provider (that we know of!) to complete eSentire’s checklist.

Here goes!

1.0 Physical Security: Does the cloud provider have a rigorous physical access protocol?

Yes, yes and yes.  Eze Castle has detailed Access Control and Premise Access policies that extend from physical to virtual environments.  Following are some of the key physical access control protocols we have in place:

  • 24x7x365 manned lobby with visual verification of identity

  • Two-phase authentication of visitors (card and biometric)

  • Secured access at all entry points, including doors and elevator banks

  • Monitored security cameras as well as door, motion and camera sensors

  • Visitor logs closely monitored and escorts required at all times

  • Key-locked cages and cabinets at all data center facilities

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Infrastructure 



Hedge Fund Tech Compliance Update

Posted by Kaleigh Alessandro on Thursday, July 26th, 2012

On Tuesday, we began our webinar recap by looking at Form PF requirements and recommendations and other essentials for maintaining an effective compliance program. The second half of our webinar focused on technology compliance, specifically around message archiving, email security and mobile device management. Let’s take a closer look at some of the content that was covered. If video is more your style, you can watch a replay of the webinar here.Archive
 

Record Retention & Message Archiving

The SEC currently requires investment advisers to retain all internal and external electronic business communications. Rule 204-2 mentions the following specific measures:

  • In order to meet the requirements of the SEC, firms must retain and archive more than just email. Instant messages, Bloomberg and Thomson Reuters messages and other electronic communications are also considered required archival material.

Categorized under: Hedge Fund Regulation  Security  Communications  Trends We're Seeing 



Cloud Adoption in the Investment Industry: Survey Results Part 2

Posted by Kaleigh Alessandro on Tuesday, June 12th, 2012

Last week, we revealed Part 1 of our cloud adoption trends survey results and detailed how hedge funds and investment firms are currently leveraging the cloud, as well as what kinds of cloud deployment models they are using (private clouds take the cake).

Some additional data points we learned as a result of this survey include the driving factors influencing firms’ decisions to use the cloud, potential barriers to cloud adoption and the key evaluation criteria for cloud services providers. Let’s take a closer look at what survey respondents had to say relative to these categories.

Factors Influencing the Decision to Use the Cloud

There are a multitude of factors that alternative investment firms need to take into consideration as they evaluate cloud offerings. Survey respondents were asked to rank the importance of several factors related to their cloud decision-making, including cost, flexibility, functionality and speed.

Categorized under: Cloud Computing  Security  Trends We're Seeing 



View earlier posts in the archive

Recent Posts

 

Subscribe to Hedge IT

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Cloud Forum Blog

Categories

Archives