IT outsourcing has become commonplace in the financial and professional services industries. More firms are now seeing the value in bringing in a partner or vendor, especially with the increase in new technology and constant innovation in IT. However, choosing a vendor or partner to manage your IT needs requires your time and consideration. Continue reading for some of Eze Castle Integration's best practices when looking to outsource IT for your firm.
Perform a self-assessment of your firm.
The first step when looking to outsource your IT needs is to do some reflecting on your firm's needs. Ask yourself the following:
What is right for your firm?
What are your firm's priorities?
What is the organization looking to achieve?
An assessment can help your firm find a compatible provider who understands your industry as well as your priorities and goals.
Perform Due Diligence
Once you know what you are looking for in a firm, it is crucial to perform due diligence on an IT service provider. Have they done projects similar to this before? Who are some of their clients? Are they familiar with the specific needs of your industry? You want to make sure that your firm is aligned with the provider in terms of expectations of service, project management, as well as expertise.
Pick the Right Projects to Outsource
Not all projects should be outsourced. One common trend in the financial industry is outsourcing migration to the cloud. While a CTO or Director of IT could perform this in-house, it is a complicated project. Your firm has to consider which cloud model fits best with the organization.
In the evolving technology landscape, coupled with regulatory concerns and investor demands, CTOs at investment management firms must be prepared for a host of complex technology challenges in today’s world. Here are some of the top challenges CTOs in the investment management industry are facing today:
1.) Data Security, Privacy and Governance
One of the top challenges, if not THE top challenge, for CTOs is cybersecurity. Troublesome threats include AI-driven cyber attacks, ransomware and malware attacks, phishing schemes and internal threats, among others. Cybersecurity programs require attention, expertise and consistent evaluation to ensure you have a robust security posture, and developing the proper protections, plans and programs is time consuming and challenging.
2.) Multi-cloud Computing Challenges
While cloud computing has grown in popularity and become more accepted by investment management firms, they were more comfortable with using the private cloud based on its inherent security. Now, due to advancements in security, more firms are incorporating the public cloud into their methodology. Challenges lie in every step, from planning and deciphering which cloud model best fits their firms' needs, to implementing and securing the cloud, managing vendors, and educating employees and other internal and external stakeholders.
3.) Compliance Regulations and Audits
All businesses in the financial space need to be especially cognizant of the regulatory bodies and compliance requirements specific to their industry. Compliance audits ensure that the firm is adhering to the regulatory guidelines and drive all technology related decisions. Failure to maintain compliance can result in hefty fines or legal action. This responsibility often falls on the CTO, and it is no easy job to maintain compliance across an investment firm.
4.) Strategic Investment in Technology and Budgetary Concerns
In general, IT budgets are growing among investment management firms, and with the progressive and evolving technology landscape, new tools, technologies and services appear and create tough choices regarding budget spend. CTOs must evaluate which tools are useful, valuable, and trustworthy for the organization. For some CTO's, getting management buy-in for new technologies is a challenge of its own. On the other hand, for some CTOs convincing the management team that a technology or tool isn't the right fit for the firm is the challenge.
5.) Finding Talent
According to our 2019 Global Investment Management IT Survey, respondents indicated that lack of in-house cybersecurity talent was a top 5 concern for 47% of UK businesses and 22% of businesses in the US. The talent pipeline depends on potential hires and their skill sets, and the shortage of talent in general, specifically in security, cloud computing, data analytics and business analytics.
For investment management firms to embrace a security-first approach, they must regularly audit and evaluate their cybersecurity risk profile and adjust as necessary based on the evolving security landscape and technological advances. Continue reading for six questions your firm should reflect on regarding their cybersecurity risk profile.
What is our commitment to cybersecurity and what is our outlook on the future?
Regulators and investors continue to ask more questions about cybersecurity because they want to know that firms are effectively mitigating risk. To meet these growing expectations, firms must demonstrate that you take cybersecurity risk seriously and have implemented sound systems, policies and procedures to combat those risks. As the threat landscape and technology continue to evolve, investment management firms need to evolve accordingly and develop better ways to counteract threats. Firms don’t necessarily need to implement every available security technology, but they should be keenly aware of their options and have a plan to effectively mitigate as much risk as possible.
How are we addressing third party risk and oversight?
Investment management firms often rely on third party vendors to obtain functionality or capabilities that they need, want or can’t afford to produce on their own. But moving functions out of the firm's control can present challenges. With any outsourced function, the firm inherently takes on additional risks at the hands of the third party. But it's critical for investment managers to limit those risks through sufficient due diligence. To combat vendor risk, financial firms need to maintain strict oversight of all third party relationships and investigate security practices and protocols, particularly for those vendors who have access to the firm's confidential information. An outsourced vendor should be providing the same level of security (or better!) as your firm would if the function was under in-house control.
With new technology emerging, cloud computing becoming the new norm and cybersecurity threats growing exponentially, how does this impact investment management firms across the globe? To gain a better understanding of industry IT priorities, Eze Castle Integration, in partnership with Microsoft and IDG Research, conducted a survey of 150 senior-level executives from the United States and United Kingdom. The findings cover technology priorities, cybersecurity plans and concerns, outsourcing attitudes and trends, and IT budgeting.
Continue reading for a synopsis of our findings, or to view the full report, you can access The 2019 Global Investment Management Survey: Understanding Industry IT Priorities and Spending HERE.
Did you know that the global average cost of a data breach is $3.86 million? Or, that the average cost incurred for each record of lost or stolen sensitive and confidential information has increased by almost five (5) percent since 2017? A recent study found that breaches are only getting bigger; and I think we have the evolving sophisticated cyber threats that continue to surface.
With the new year now upon us, what better time to create your 2019 resolutions for your firm's IT strategy! As we know, the threat landscape is constantly evolving, cloud computing has gained momentum and is now widely accepted in the investment management industry, and new technologies and trends are emerging to support firms with their IT and operational needs.
Continue reading for Eze Castle Integration's recommendations for IT resolutions for 2019:
1.) Create a Cybersecurity Incident Response Plan
As the experts in the industry say, it's not if, but when, a cybersecurity incident will occur. According to a recent report by TechCrunch, cyber attacks are set to spike again in 2019, meaning firms need to continue to stay on top of cybersecurity best practices, utilizing layers of security to protect sensitive data, of course, have a Cybersecurity Incident Response Plan. This includes creating an Incident Response Team consisting of members throughout different departments in the organization, and mapping out the steps to take before, during and after a security incident.
Building on this, developing a Written Information Security Plan, or a WISP, is critical to securing your information, but also required if your firm is registered with the SEC. Having documentation of your firm's plan and systems in place to protect personal information and sensitive company information can help mitigate threats and risk against and protect the integrity, confidentiality, and availability of your firm's data.
3.) Create a comprehensive employee security training program
If you don't have an employee training program, it is critical that you create one in 2019. If you already have an existing employee training program, you must periodically audit this program, ensuring it is both effective and current. Having a managed phishing and training program is an effective way to train employees on how to spot and report phishing and social engineering attempts. These simulated phishing attacks against your employees provide real-time and interactive training.
For investment management firms, downtime caused by technology or application failure is not an option. Efficiency and speed are critical functions in this industry, and if your firm doesn't have the in-house experience to manage and troubleshoot IT issues, unnecessary downtime is inevitable. Continue reading for four signs that your investment management firm could benefit from an IT help desk partnership.
1.) Teams are suffering from downtime.
2.) Processes are stagnant.
3.) The firm doesn't have the in-house experience.
4.) Your IT team doesn't have the bandwidth to support the firm's employees.
If your firm is showing any of the signs above, you could be operating at lower efficiency and wasting valuable time and resources. This is not only frustrating for employees, but bad for the bottom line. Utilizing a help desk partnership is an excellent way of streamlining processes, creating additional resources for employees, improving efficiency and even increasing morale.
When evaluating partners for your help desk, make sure that they have deep financial services industry knowledge and experience, are well known and recognized in the industry, and come with raving reviews. If your firm is global, make sure that they offer global support, and have engineers live 24x7x365. On top of this, having a partner who utilizes a service management system, or a ticketing and tracking system, will keep your tickets organized and helps streamline the client support.
For more information on Eze Castle's Help Desk, contact us here.
When it comes to investment management firms, collaboration, efficiency, and cutting edge technology are all critical factors when it comes to growth. At Eze Castle Integration, we partner with Microsoft to offer our clients the option to utilize OneDrive and SharePoint, two tools that can dramatically improve collaboration and streamline processes for businesses, increasing efficiency for everyone. With more people working remotely and traveling for business than ever before, mobility, security and ease of use for applications is more relevant than ever.
Before we outline the five ways SharePoint and OneDrive can transform your business operations and enhance collaboration for investment firms, let's outline the functionality of these applications. It is also key to note that in this blog, we're referring to OneDrive for Business and SharePoint Online, which are business tools and products of Office365 for Business. There are similar tools you can utilize on your personal accounts, however today we're talking about how they can specifically impact your investment firm and day-to-day business.
OneDrive: Our partners at Microsoft simply define OneDrive as "the Microsoft cloud service that connects you to all your files". Simply put, OneDrive for Business is a storage location or repository for files and documents. You are able to access this tool through Office365, anywhere at anytime, regardless of whether you're connected to your firm's VPN.
SharePoint: Like OneDrive, you're also able to access SharePoint through Office365 anywhere and anytime. It's a tool that helps firms share and collaborate on documents and files from anywhere in a secure manner.
Now, let's dive into the 5 ways OneDrive and SharePoint Improve Collaboration for Investment Firms:
As previously mentioned, one of the best features of these tools is the ability to access your files anywhere. Today more than ever, due to technological advances like these, employees are are able to work remotely with little to no change in the processes. These tools allow you to securely store your files no matter where you are and whether you’re connected to your business’s VPN, share them with your team members or partners, and access them from any of your devices. If you aren’t connected to your firm’s network, you can access and work on documents in OneDrive, and when you return to the network, the files will automatically sync with your network, ensuring a seamless transition from working at home or from a plane to being back in the office.
For alternative investment firms, there a number of business and operational challenges to navigate on a daily basis. With the evolving IT landscape and new technologies and best practices emerging, it can be difficult to stay up to speed. Here, we’ll outline four common IT challenges for alternative investment firms.
With the security landscape becoming more complicated, it can be a challenge for alternative investment firms to stay up to date with the latest and greatest trends and technologies in security. Hackers are becoming more sophisticated, and social engineering attacks are on the rise, so it is crucial to ensure that your firm has the right protections and level of security to keep your confidential information safe.
To decipher which means of security are right for your firm, you need to look at your company size and risk profile. Suffering a breach or acybersecurity incident can be harmful to your organization’s reputation, which in turn is harmful to your bottom line. You can use our Cybersecurity Checklist to see the technologies and safeguards Eze Castle offers based on which tier you choose, Standard or Advanced.
2.) Adopting New Technology
Technology adoption is a common challenge for firms of all sizes. Smaller firms may not have the budget or resources to dedicate to the adoption of new technology, while larger firms face their own set of challenges, with more end-users, and potentially bandwidth restrictions of their own.
Whether adopting new applications or migrating to the cloud, having a trusted third-party vendor to guide you through the selection and implementation process can be invaluable. Using these vendors as consultants can help your firm navigate IT and technology decisions and choosing the best fit for your firm. When choosing a vendor for your technology needs, be sure to choose a firm with industry leading, best-of-breed solutions and 24x7x365 support.
In any relationship, when things are good, they’re usually pretty good. And when things are bad, sometimes they are really bad. There may come a point when you need to evaluate whether you’re still a good fit together.
Just like with a romantic relationship, your firm’s connection to a service provider (especially an infrastructure/cloud provider you rely on daily) should be strong enough to withstand a few hiccups and healthy enough to warrant open communication at all times. In some cases, it might be clear that you’re in a good place and moving forward together, but sometimes there are sure signs it’s time to call it quits.
Here are a few of those signs:
1. Your provider’s service levels are not up to snuff.
Maybe you recently experienced a major service outage or find that you not-so-conveniently have to work around confusing and interrupting maintenance schedules during work hours. You’re constantly frustrated and don’t feel like you are receiving the level of support that was agreed to – both verbally and as part of your Service Level Agreement (SLA).
Your SLA should clearly indicate the uptime standard (e.g. 99.995% availability) as well as repercussions to any breaches in the contract (for example, service credits) and associated RPOs if disaster recovery is involved