Don't Forget to Share this Post

Outsourcing: Finding Common Ground in the C-Suite

By Lauren Zdanis | Tuesday, May 23rd, 2017

Following is an excerpt from our whitepaper, Outsourcing Point-Counterpoint: Examining C-Level Perspectives at Hedge Funds and Private Equity Firms. If you want, click here to jump ahead and download the paper in full.

Outsourcing IT can be controversial across the C-suite. Your firm's CFO may see the move as financially responsible and a long-term strategic solution. Your CTO may have concerns about retaining control of the IT environment. Both sides have unique perspectives.

Just because CFOs/COOs and CTOs have different views into IT operations, outsourcing and the cloud, doesn’t mean there is no common ground. After all, both leaders ultimately want what’s best for investors and the firm. When you dig a little deeper, there are far more areas where CFOs/COOs and CTOs agree than where they differ when it comes to outsourcing IT. For example:

Risk reduction

The outdated due diligence argument against going to the cloud has been turned on its head in the current regulatory environment. CTOs may feel they’re doing the appropriate due diligence to manage all the risks themselves. However, assessing your own risk is incredibly challenging. To thoroughly evaluate risk as well as address investors’ five, 10 or even 20-page due diligence questionnaires about technology, partners, vendors, cybersecurity and operations, CTOs need to devote enormous amounts of time – repeatedly. Risk assessments are not one-and-done tasks. Vulnerabilities, particularly cybersecurity weaknesses, should be assessed in depth every six months, and remediation of identified issues must be addressed.

The importance of this is underscored by the spotlight that regulatory bodies – including the SEC, FINRA, the CFTC and the NFA – are shining on cybersecurity. Their collective position is that fund managers must design, implement and monitor programs that effectively protect the sensitive information investors entrust to them. To that end, the SEC is conducting reviews of systems, interviewing employees and evaluating responsiveness and efficacy of protective measures.

Technological innovation

Investors expect the latest and greatest technologies, especially when it comes to security. Not only does outdated technology affect the IT department and how it does its job, it can be a real red flag for discerning investors. Cloud providers are buying en masse and passing the cost savings along, making enterprise-level features affordable for even small to medium-sized hedge fund and private equity firms. Building your own production and secondary (redundant) infrastructures is increasingly an antiquated IT strategy in this day and age.

To demonstrate the breadth of IT requirements for even the smallest funds, let’s look at the cybersecurity pillar of an IT environment. When it comes to cybersecurity, investors and regulators expect funds to have layers and layers of security coupled with employee training. This list includes:

  • Physical security (i.e. locks, surveillance, log review/monitoring )

  • Anti-virus/End-point protection

  • Intrusion detection & prevention

  • Patch management

  • Phishing/Social Engineering Testing

  • Employee Cybersecurity Training

  • Risk Assessments/Vulnerability Assessments

  • Formalized Third-party Due Diligence & Evaluation

The process to evaluate, select, negotiate, deploy, maintain and train staff on all the IT tools is a full-time job in itself – one few IT teams have time to do. Any new on-premise IT project (from new applications to infrastructure hardware) introduces a complex, lengthy process that includes the following:

  • An RFP must be developed, agreed upon and sent out to a selected list of vendors.

  • Vendor responses to the RFP must be evaluated.

  • Due diligence is conducted on the vendor and its key counterparties.

  • Terms of the project must be negotiated with interested vendors.

  • A vendor must be selected to complete the project.

  • The project must be deployed.

  • Employees must be trained on the new technology.

  • This must be done repeatedly as tools and demands evolve.

  • That’s all before the technology or application investment starts doing what it was meant to do.

Strategic opportunities

Outsourcing IT shifts these time burdens to the cloud services provider, freeing IT leaders to go beyond the break-fix and reactive troubleshooting cycle. With basic-level desktop engineering off their plates, CTOs can focus on more strategic initiatives to drive the firm and its investors into the future.

These more strategic initiatives might include:

  • Leading development and testing efforts for new applications requested by the investment management and operations teams

  • Creating applications for high-frequency trading

  • Building risk mitigation and cybersecurity programs including training incident response teams

  • Investigating select, emerging technologies

  • Becoming the educational advocate for internal security practices

These are just a few of the dozens of areas where CTOs can deliver more strategic benefit.


There are many reasons why outsourcing IT operations to a service provider makes a lot of sense for hedge fund and private equity companies. They range from improved security and business continuity, to cost savings and efficiencies, to more time for strategic IT initiatives. While CTOs and CFOs may not immediately see the common ground between them when it comes to managed cloud services, the will of investors should bridge any gaps that exist.

Today’s investors expect hedge fund and private equity firms to utilize the cloud. They know that managed cloud providers have technical expertise that solitary IT shops simply can’t develop. They know that cloud providers have the latest technology and can help your firm make use of it. They know that cloud providers can make your organization more efficient and more secure.

These investors are right. C-level executives should take their lead and seriously investigate going to the cloud for many IT operations that are currently handled on-premise. It’s not just a matter of cost or convenience; those who don’t are in danger of falling behind the competition and attracting the negative attention of regulators.

Read More on Hedge Fund and Private Equity Outsourcing:

Hedge Fund and Private Equity Outsourcing

Photo Source: Creative Commons

Don't Forget to Share this Post

Related Posts

How Can Eze Castle Integration help you?Contact us today!