Cybersecurity and Hedge Funds: A Manager's Experience
This article first appeared on Opalesque as part of a four-part series on cybersecurity.
Ruane, Cunniff and Goldfarb, Inc. used to have their own IT infrastructure. Todd Ruoff, Executive Vice President in charge of trading, operations and technology, was responsible for its maintenance. Then he started looking at outsourced providers a couple of years ago, as he wanted a better disaster recovery solution, the equipment was ageing and the firm was planning an office relocation. His firm is now using Eze Castle Integration’s Private Cloud, the ECINet private Internet service and Eze Castle’s Vault backup and recovery service. He tells Opalesque how that works for him.
Ruane, Cunniff and Goldfarb is an investment advisor and broker-dealer in the US, which manages an $8bn mutual fund, a '40 Act company called the Sequoia fund. The firm has around $5bn managed in hedge funds, and another $15bn in separately managed accounts run for HNWIs and institutions.
"As a broker, we need the ability to trade," Todd Ruoff says. "We are a long-term investor who invests in large, concentrated positions, focused on a few securities. It’s important that we have access to real-time market data, which we get from various sources, as well as access to our trading systems for execution and order management. As an advisor, we need to be able to report for our clients, as well as internal portfolio management teams. All of our research is done in-house, through an organic internal process, whereby our analysts work on the subject companies, which are publicly traded equities. We invest primarily in common stocks in the US, Europe and Asia."
The firm needed a backbone that could support all aspects of an investment organization: the trading side, market data, and meet its storage needs for research, analysis and hold client data, he explains. It was becoming too expensive, risky and cumbersome to maintain the technical environment in-house, so he decided to migrate to Eze Castle’s Private Cloud, "which is much more dynamic and can adjust to our growing needs as our assets increase. The Eze Cloud can respond to our changing requirements for storage and processor utilization on the fly."
He maintains a small server presence but strictly for things that one would need onsite.
He believes there is benefit in keeping the Microsoft Office files locally and then replicate them in real-time to the cloud, as it is faster to open a large spreadsheet from within the office than pulling it over point-to-point circuit from the data center. The files are technically stored in the cloud, but also available locally to increase response and access times. The firm has a 1-gigabit network backbone locally but connects to the data center over multiple private 100mb point-to-point circuits.
"We have not recently experienced any direct hacking attacks, denial of service attacks for example, as we don’t maintain an external network presence (no public facing websites)," he notes. "Our firm is very selective to new business so we do not market, and have minimal public exposure."
The firm does have strict security measures in place with Eze Castle’s security provider, eSentire, to protect everything in the cloud, as well as on the PCs and servers. He performs periodic penetration testing through eSentire. He uses local firewalls but, primarily, it is the point-to-point connection that needs to be secured to the cloud.
"Our firewall is very hardened in that we don’t need to allow any incoming traffic, so all inbound ports are closed," he adds.