Eze Castle Integration Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Infrastructure RSS

For Financial Firms, 'Set IT and Forget IT" Is Not an Effective Technology Strategy

By Kaleigh Alessandro,
Tuesday, July 18th, 2017

We spend a lot of time making suggestions and recommendations about what financial and investment firms should do when it comes to their technology. And while it might sometimes seem obvious, we also think it wise to remind firms what not to do from time to time. In fact, the following technology pitfalls are prime examples of what not to do with respect to your firm’s IT. 

Set IT and forget IT.

Technology isn’t evergreen, and it certainly isn’t infallible. With so many investment firms today reliant on managed service providers to support their IT operations, vendor management has become a critical area of importance.  IT outsourcing provides great opportunity for firms to rely on experts to manage infrastructure updates, maintenance windows and network upgrades, but the onus remains on your firm to ensure your technology is up-to-snuff and meets not only your demands but those of investors and regulators as well. A “set IT and forget IT” strategy won’t work here; even via outsourcing, your IT management responsibilities fall on you. 

Plan your infrastructure only for the short-term.

A crucial mistake often made by funds is not planning for the future. From the earliest pre-launch meeting, you should be thinking about what your firm will look like and what technology you will require down the road. Planning out two to three years in advance is recommended in order to reap the most benefits with regard to your infrastructure. Plus, if you don’t plan ahead, you may wind up incurring more costs and dealing with a much bigger headache if technology decisions need to be made unexpectedly (e.g. cloud and data migration). 

Categorized under: Hedge Fund Operations  Cloud Computing  Security  Operational Due Diligence  Outsourcing  Disaster Recovery  Hedge Fund Regulation  Infrastructure  Business Continuity Planning  Trends We're Seeing 



Understanding The Power Behind Your Network (Video)

By Lauren Zdanis,
Tuesday, June 20th, 2017

Technology is only effective if it’s supported by a robust network infrastructure. And despite that you can’t see it, your network is one of the most powerful (and underrated) components to your IT operations.

During a recent webinar, Eze Castle Integration's VP of Network Services, Mike Abbey, discussed trends in networking technology and highlighted the power behind your firm’s network. Some areas he explored during the 20-minute discussion include:

  • How private networks differ from traditional Internet lines

  • Why global private networks are particularly advantageous for financial and investment management firms 

  • How Internet of Things devices - and the multitude of devices in general - are impacting network infrastructure requirements (speed, bandwidth, etc.)

  • What benefits/advantages firms can gain from direct peering and connectivity

Watch below or click here for our full webinar.

Categorized under: Infrastructure  Communications  Trends We're Seeing  Videos And Infographics 



An Achievable Calendar for Cyber Security Plan Implementation

By Kaleigh Alessandro,
Thursday, June 15th, 2017

Keeping up with the myriad of cyber security requirements expected of today’s financial firms is a daunting – and sometimes unachievable – task. This list continues to grow in size and scope, and remembering how often to perform tests or when to change passwords is a growing challenge for CTOs and business execs responsible for technology.

To assist in guiding your firm with its cyber plan implementation, we’ve outlined a basic calendar of security reminders to help you stay on track. Listed in order of frequency, here’s how often you should plan to take these security steps:

3 months: Change your passwords.

At least every 90 days, we recommend changing your network, system and application passwords to prevent intruders from gaining unauthorized access. Remember: password creativity is critical, and password re-use is a big no-no.

3-6 months: Conduct a simulated phishing exercise.

Phishing is one of the most effective, and thus dangerous, social engineering scams in use today and threatens to deceive and manipulate users into opening gateways, sharing confidential information or, in many cases, making financial transactions. Simulated phishing exercises (whether conducted by your firm itself or via a managed service provider) are the most effective way to test users’ knowledge of email threats and train them to be cyber aware. Most firms opt to perform quarterly phishing tests, but semi-annual exercises are commonplace also.

Categorized under: Security  Cloud Computing  Operational Due Diligence  Outsourcing  Private Equity  Disaster Recovery  Infrastructure  Business Continuity Planning  Trends We're Seeing 



What Happens to Your Firm's IT Team When You Go Cloud?

By Kaleigh Alessandro,
Tuesday, May 30th, 2017

As your firm evaluates moving to the cloud – as most firms today will inevitably do – your list of priorities will likely include:

  1. Regulatory and investor impacthedge fund staffing and outsourcing

  2. Migration plans and operational effects

  3. Hardware disposal and infrastructure changes

But another critical business area your firm should put some thought into is the effect of the cloud movement on your internal IT department (assuming you have one). What exactly happens to a firm’s IT team once it moves operations into a cloud environment? Is there still value in maintaining an in-house staff?
 
The simple answer is ‘yes,’ but the day-to-day responsibilities for those staffers may not look quite the same post-cloud. Outsourcing to the cloud continues to grow in popularity among firms small and large. With a fully managed service provider, everyday management is typically taken care of – leaving internal resources with a lot more time on their hands. But that doesn’t mean there’s no longer a need for an IT department. And it certainly doesn’t mean IT managers should be left to twiddle their thumbs.

In fact, according to our Private Equity CTO Survey, 93 percent of firms believe their Chief Technology Officer is becoming more important to their business. As the role of the CTO evolves, particularly in light of cloud adoption, many firms expect their CTOs/IT Directors to take on additional responsibilities.

Categorized under: Cloud Computing  Security  Outsourcing  Private Equity  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Trends We're Seeing 



Hedge Funds and Private Equity Firms: What's Your Security Attitude?

By Kaleigh Alessandro,
Tuesday, May 2nd, 2017

If there’s one thing we’ve learned over the years when it comes to security, it’s that there’s a whole lot more to creating a secure investment firm than robust technology. Before identifying infrastructure components and implementing operational policies, a firm must first be clear on what its attitude is toward security. This attitude will filter through the company from the top down, and will therefore dictate how employees and the business as a whole operate on a daily basis.
 
To give you a clearer understanding of what we mean, we’ve created three security profiles that cover a wide spectrum in terms of security attitudes and practices.

Under the Radar: Low Security

If you’re attitude toward security is low, odds are you’re barely scraping the surface in terms of what practices and policies you should be employing to maintain proper security firm-wide. You likely rely on quick fixes to solve problems instead of looking at the bigger picture and thinking strategically about how security can both benefit and protect your business. You’ve employed minimal preparedness efforts and could be in for a difficult task if faced with a serious security incident. You probably take a “it won’t happen to me” attitude and don’t take security seriously enough – a stance that could endanger your firm in the long term.

Categorized under: Security  Operational Due Diligence  Outsourcing  Private Equity  Hedge Fund Operations  Infrastructure  Trends We're Seeing 



Hedge Fund Cloud Summit Five Years Later: What's Changed?

By Kaleigh Alessandro,
Thursday, April 20th, 2017

I love a good Throwback Thursday, and for today's post, I want to throw it back to five years ago this month. It was April 2012, and we were hosting one of our biggest and most ambitious events: a Hedge Fund Cloud Summit. At the time, cloud computing was widely discussed and adoption was certainly growing, but there were still a number of lingering questions heard across the industry with regards to financial and business impacts of the cloud, effects on in-house IT staffs and, of course, security. 

We still answer many questions related to these topics today, so I thought it might be fun to take a look back at the four panel topics we addressed back in the 2012 event and examine how much the conversation has really changed - or in some cases, how perhaps it's stayed the same. 

Making the Business (and Financial) Case for the Cloud

For hedge fund COOs and CFOs, the business impact of a move to the cloud is still a critical consideration for established firms. But many of the myths and common questions that were prevalent back in 2012 are now pretty easy to explain. How do investors feel about the cloud? In 2017, investors are generally comfortable with the cloud if not in favor of it over legacy, on-premise IT infrastructure setups. Is the cloud really more cost-effective? This question was a long-standing 'myth' that's been debunked; for some firms, yes, costs may be lower depending on their previous infrastructure and personnel situation, but for all, the predictability of cost is what has become a primary driver for cloud adopters. 

Categorized under: Cloud Computing  Security  Operational Due Diligence  Outsourcing  Launching A Hedge Fund  Private Equity  Hedge Fund Operations  Infrastructure  Trends We're Seeing 



The Value of a Global Network: Q&A with Networking Expert Mike Abbey

By Eze Castle Integration,
Tuesday, April 18th, 2017

With the gravitation towards all things cloud, understanding the role a global network plays in all layers of connectivity is crucial, especialy for the financial sector where firms rely on low-latency and seamless access to counterparties across the globe. 

mike abbey eze castle integration headshotSo, as we often like to do here on the Hedge IT blog, we turned to the experts.
 
Mike Abbey is the vice president of network services here at Eze Castle Integration. He joined the company in 1999 and is currently responsible for ECINet, our global carrier class network platform. Mike also provides design consulting and best practice audits on fault tolerance and scalable optical, Ethernet, and IP-based networks, from single and multi-site domestic networks to multi-site, global deployments. He is a graduate of Binghamton University.
 
Q. Mike, what are you hearing from clients regarding networking and Internet services?
A. To be honest, most hedge fund managers don’t have the time – and don’t necessarily want – to grapple with the complicated intricacies of securing and maintaining an enterprise-class network or Internet service. That’s where my team and I come in. We help simplify this process for our clients using Eze Castle’s ECINet global private network.

Categorized under: Communications  Cloud Computing  Outsourcing  Hedge Fund Operations  Infrastructure 



Top 10 IT Security Audit Gaps and How to Avoid Them

By Katelyn Orrok,
Tuesday, April 11th, 2017

When it comes to cybersecurity there are many factors that you need to be conscious of. During a recent webinar, speakers from Eze Castle Integration and Wolf & Company shared 10 of the most common cybersecurity gaps identified during an IT audit/risk assessment. We’ve listed the top 10 below and shared some particulars on a few of the most critical (in our opinion). For more detail on how these gaps are presenting themselves – and also best practices for avoiding them – click here to listen to the full webinar replay

Top 10 IT Security Gaps  

  1. Risk Management and Governance

  2. IT Asset Management

  3. Vulnerability Assessments

  4. Patch Management 

  5. Social Engineering & User Training 

  6. Business Continuity Planning

  7. Multi-Factor Authentication

  8. Third Party Vendor Management 

  9. User Provisioning and Management 

  10. Incident Response Planning/Procedures 

Risk Management and Governance

Responsibility and accountability for risk management starts in-house – and at the top. Even for firms that rely on third party outsourced providers, it’s imperative (and often overlooked) to establish governance controls and outline who internally maintains ownership of the firm’s security posture – and more broadly, who owns the firm’s risks. 

Categorized under: Security  Operational Due Diligence  Outsourcing  Private Equity  Hedge Fund Operations  Infrastructure  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



IRS Phishing and Malware Scams Abound, Here’s How to Avoid the Bait

By Mary Beth Hamilton,
Tuesday, April 4th, 2017

As April 18th (US) and April 30th (Canada) near, cyber scammers are pulling out all their tax scams to trick consumers and capitalize on the flurry of activity. Our friends over at Proofpoint say that “this year, [they have] tracked malware distribution in addition to the customary phishing schemes among the email threats related to federal taxes.”

The IRS is also urging people to remember that “the IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. In addition, IRS does not threaten taxpayers with lawsuits, imprisonment or other enforcement action.”

So to help our clients stay vigilant, we’re highlighting some recent phishing tricks and sharing phishing flags every employee should recognize.

IRS Phishing and Malware Scam Examples

Example 1: Malware Distribution

This first example centers on malware delivery and was identified by the Proofpoint researchers who analyzed numerous tax/IRS-related phishing emails. In this IRS phishing campaign, the recipient was asked to read the IRS Privacy Policy, which was attached to the email (hint: don’t open unexpected attachments!). With this campaign, once the attachment was opened and the embedded macros where enabled, the macros downloaded malware (Dridex botnet ID 1105).


IRS malware scam email by Proofpoint

Categorized under: Security  Operational Due Diligence  Hedge Fund Operations  Infrastructure  Trends We're Seeing 



Stuck on the Technology Treadmill? A Case for Hedge Fund Managed Services

By Kulvinder Gill,
Tuesday, March 28th, 2017

The technology treadmill is a tough place to be these days. Technology refresh cycles last only a mere three years, forcing firms to replace their infrastructures and make costly software and hardware upgrades on a too-frequent basis. And with hedge fund budgets tighter than ever, many firms cannot afford to stay on this path.Hedge Fund Cloud, 5 Reasons, hedge fund technology

But the hedge fund technology treadmill is not a firm’s only option. Costly in-house, 'traditional' IT services have given way to more cost-effective outsourced IT and managed services that get firms off the treadmill and on a path to success.

Let’s have a look at some of the key reasons why hedge funds and other investment management firms are moving from on-premise technology infrastructures to cloud and managed services.

Keys factors driving hedge funds to managed services

Many firms are turning to managed IT services because it allows them to align their IT requirements with their business needs, including tighter control on budgets and staff. Moving to a managed service platform provided by a reputable outsourced IT provider not only makes it easier to deploy technologies, but also allows firms to benefit from platforms inherently designed to meet the constraints of limited IT resources and budgets.

Categorized under: Cloud Computing  Security  Outsourcing  Infrastructure  Trends We're Seeing 



View earlier posts in the archive

Recent Posts / All Posts