Blog Entries from 01/2019
In a recent webinar, Eze Castle Integration's experts discussed IT priorities for investment firms in 2019 including:
Outsourcing to the Cloud: From public to private to hybrid, cloud outsourcing trends for 2019 and beyond
The New Age of Security: Required safeguards to securely leverage the cloud and operate in 2019
Leveraging Technology and Tools: The best-in-class technologies and tools your peers are utilizing
Continue reading for a recap of the webinar, or scroll to the bottom of the page to watch a replay of the presentation!
By now, we know that cloud outsourcing is inevitable. Whether you’ve already moved to the cloud, or plan on moving soon, the most important thing is that you have the appropriate layers of security to ensure your sensitive data and information is protected.
Ultimately, you’re looking for a single, secure and seamless solution on any cloud path your firm selects.
If you aren’t sure which cloud model is the best fit for your firm, you can bring in a consultant (hint: think Eze!) to help you choose which model is best for your firm specifically.
Security First Approach
Again, whichever model you choose, taking a security-first approach is the key to success in 2019. With potential threats such as malware, social engineering, external hacking, and insider data leakage/theft, mobile device theft and physical security attacks, it's critical to have an up-to-date understanding of the threat landscape to protect what your valuable data and implement the appropriate layers of security.
A security-first approach requires different components in order to create a secure foundation to operate a company such as:
Email Security Components
Cybersecurity/Advance Security Measures
- Employee Security Training
Technology plays a vital role in determining how successful organisations are in meeting their goals. Together, the right technology and IT strategy enables a firm to practice agility through adapting its business models to changing needs of the firm, as well as enhancing existing services and products to meet the ever-evolving needs of the market. Having the right security practices in place is also fundamental to ensuring a firm’s reputation remains intact no matter how aggressive the cyber threat landscape may become.
This blog article will share steps to building the best technology platform to deliver your organisational goals in today’s digital age.
At Eze Castle Integration we work with clients to utilize both public and private cloud tools in their disaster recovery strategy. Increasingly we are seeing firms consider utilizing Microsoft Azure as part of their disaster recovery design to mitigate risk. Below is a Microsoft infographic highlighting how Azure can enhance disaster recovery.
We also have a handy whitepaper on taking a hybrid approach to disaster recovery, which you can download here.
Categorized under: Cloud Computing
If you live in an area that often receives snow, you know and expect what the winter season will bring: disruption, delays, cancellations, and closures of roads, busses, trains, boats and subways that transport people to and from work. With this in mind, you should also be prepared for something more such as power outages, force evacuations, impact deliveries, and state travel ban.
In today’s article, we will take a look at some tips to help mitigate, prepare, respond, and recover during the winter weather.
In a recent webinar, members from the Eze Castle team talked about the security layers that are essential to cloud security for all investment firms. Topics for discussion include:
How to approach a security-first strategy to cloud systems
Defining the essential security layers from the outside in
Must have security safeguards from multi-factor authentication to employee training techniques
To start, we typically find three points in time when it makes the most sense for an existing firm to evaluate a move to the cloud. This includes during an office relocation, adding new applications, and an IT refresh.
Office relocation: This is an ideal time to evaluate your IT environment to determine if a refresh is around the corner. Often it doesn’t make sense to invest in moving a Comm. room that will require a refresh in the near term. We have found that migrating to a cloud environment prior to a relocation can be ideal because it makes the move very low risk and simplifies the process.
New applications: The cloud, of course, is great for applications because it gives firms flexibility to add on as their businesses grow.
Technology refresh: Hardware will typically run a lifecycle of 3 or 4 years before it needs to be refreshed. If you’re getting to that point where your servers and other hardware are getting stale, and if you’re going to be investing in new technology and upgrades anyway, it’s the perfect time to evaluate a cloud solution.
Categorized under: Cloud Computing
The following is an excerpt from Microsoft’s “Four Technology Trends Helping Businesses Thrive” eBook. The full article is available here.
Cloud computing is no longer just a buzzword.
Cloud technology sets the foundation of transformation for businesses. The adoption of cloud services worldwide has continued to accelerate at an incredible pace. For almost all industries, the cloud changes how people work, where people work, and the way people do business. While cost reduction is still a top priority, scalability and business agility have stepped to the forefront as primary reasons businesses are adopting cloud solutions.
The next generation of business applications in the cloud allow businesses to start with what makes the most sense for their business now, and easily extend and modify as their business needs change over time without IT complexity and disruption to their business. With the right service provider and the right applications in the cloud, even complex business processes can be moved to the cloud with confidence.
“By 2020 clouds will stop being referred to as ‘public’ and ‘private.’ It will simply be the way business is done and IT is provisioned.” – IDC
Digital transformation is taking connectivity to new heights.
We recently surveyed small and mid-sized business owners and employees to understand their most challenging problems. Lost productivity spent working across multiple systems that don’t talk to each other was a common issue reported by business owners and IT managers. Disconnected systems cause manual processes, duplicate entries, and reports that are out-of-date before they finish running. Lack of visibility hinders decision-making and puts the longevity of your business at risk.
For businesses to survive and thrive in this new era, they must embrace digital transformation. But what is digital transformation? A simple definition is the use of digital technologies, such as mobile, social, analytics, and cloud to transform how people work and businesses operate. Less-mature digital businesses are focused on solving discrete business problems with individual digital technologies. The businesses that are connecting their processes, systems, people, and data are able to get deep insight into what’s happening in their business. They are also able to anticipate what will happen and capitalize on that insight quickly.
Categorized under: Cloud Computing
Cybersecurity experts are universally quoted as saying “not if but when” with respect to cyber security attacks and breaches. A 2018 Data Threat Report1 found that 73% of US global enterprises have been breached and the rate continues to increase. Additionally, another study found that hacker attacks of computers with Internet access occur every 39 seconds on average2.
These statistics reinforce the reality that every firm is a target and ever target has a potential weakness. That is why preparedness and response on top of security layers are so important.
Let’s walk through a potential cyber incident to demonstrate how a well-crafted security strategy works in the face of an attack.
A user’s password credentials are compromised allowing an attacker to access a legacy remote access application without multi-factor authentication enabled. The compromised account is a basic user who does not have advanced, executive or privileged credentials.
The Incident Response:
The organization is alerted to the credential compromise based on suspicious activity, which is immediately reported to the IT department, who disables the user’s account and all computing sessions associated with the user account. It is also escalated to the organization’s Computer Security Response Team.
The Computer Security Response Team immediately jumps into action, taking the following remediation steps.
Categorized under: Security
With the new year now upon us, what better time to create your 2019 resolutions for your firm's IT strategy! As we know, the threat landscape is constantly evolving, cloud computing has gained momentum and is now widely accepted in the investment management industry, and new technologies and trends are emerging to support firms with their IT and operational needs.
Continue reading for Eze Castle Integration's recommendations for IT resolutions for 2019:
1.) Create a Cybersecurity Incident Response Plan
As the experts in the industry say, it's not if, but when, a cybersecurity incident will occur. According to a recent report by TechCrunch, cyber attacks are set to spike again in 2019, meaning firms need to continue to stay on top of cybersecurity best practices, utilizing layers of security to protect sensitive data, of course, have a Cybersecurity Incident Response Plan. This includes creating an Incident Response Team consisting of members throughout different departments in the organization, and mapping out the steps to take before, during and after a security incident.
Building on this, developing a Written Information Security Plan, or a WISP, is critical to securing your information, but also required if your firm is registered with the SEC. Having documentation of your firm's plan and systems in place to protect personal information and sensitive company information can help mitigate threats and risk against and protect the integrity, confidentiality, and availability of your firm's data.
3.) Create a comprehensive employee security training program
If you don't have an employee training program, it is critical that you create one in 2019. If you already have an existing employee training program, you must periodically audit this program, ensuring it is both effective and current. Having a managed phishing and training program is an effective way to train employees on how to spot and report phishing and social engineering attempts. These simulated phishing attacks against your employees provide real-time and interactive training.