In a recent webinar, members from the Eze Castle team talked about the security layers that are essential to cloud security for all investment firms. Topics for discussion include:
How to approach a security-first strategy to cloud systems
Defining the essential security layers from the outside in
Must have security safeguards from multi-factor authentication to employee training techniques
To start, we typically find three points in time when it makes the most sense for an existing firm to evaluate a move to the cloud. This includes during an office relocation, adding new applications, and an IT refresh.
Office relocation: This is an ideal time to evaluate your IT environment to determine if a refresh is around the corner. Often it doesn’t make sense to invest in moving a Comm. room that will require a refresh in the near term. We have found that migrating to a cloud environment prior to a relocation can be ideal because it makes the move very low risk and simplifies the process.
New applications: The cloud, of course, is great for applications because it gives firms flexibility to add on as their businesses grow.
Technology refresh: Hardware will typically run a lifecycle of 3 or 4 years before it needs to be refreshed. If you’re getting to that point where your servers and other hardware are getting stale, and if you’re going to be investing in new technology and upgrades anyway, it’s the perfect time to evaluate a cloud solution.
This article first appeared on Hedgeweek as part of Eze Castle Integration's Technology Resource Center.
A string of high-profile ransomware attacks in recent years, led by the WannaCry attack in May 2017, has led to a growing awareness among the business community on the importance of proper patch management.
Just as your iPhone regularly alerts us to a new system upgrade, so computer networks must update their software to address vulnerabilities, which left unattended could lead to a serious cyber breach.
The importance of patch management was highlighted in a recent webinar featuring Scott Reardon, Director of Global Technical Services at Eze Castle Integration.
Beyond simply complying with expectations, patch management is an essential line of defence in cybersecurity protection. As Microsoft’s President, Brad Smith, once noted, as cyber criminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems.
Otherwise, they are literally fighting the problems of the present with tools of the past.
“Patch management is really applying new or changing existing code to a software program,” said Reardon. “It stems from enhancements to bug fixes and in today's world it's more popularly associated with security fixes. It is definitely a lot more complex than when I started out in the IT industry.”
For alternative investment firms, there a number of business and operational challenges to navigate on a daily basis. With the evolving IT landscape and new technologies and best practices emerging, it can be difficult to stay up to speed. Here, we’ll outline four common IT challenges for alternative investment firms.
With the security landscape becoming more complicated, it can be a challenge for alternative investment firms to stay up to date with the latest and greatest trends and technologies in security. Hackers are becoming more sophisticated, and social engineering attacks are on the rise, so it is crucial to ensure that your firm has the right protections and level of security to keep your confidential information safe.
To decipher which means of security are right for your firm, you need to look at your company size and risk profile. Suffering a breach or acybersecurity incident can be harmful to your organization’s reputation, which in turn is harmful to your bottom line. You can use our Cybersecurity Checklist to see the technologies and safeguards Eze Castle offers based on which tier you choose, Standard or Advanced.
2.) Adopting New Technology
Technology adoption is a common challenge for firms of all sizes. Smaller firms may not have the budget or resources to dedicate to the adoption of new technology, while larger firms face their own set of challenges, with more end-users, and potentially bandwidth restrictions of their own.
Whether adopting new applications or migrating to the cloud, having a trusted third-party vendor to guide you through the selection and implementation process can be invaluable. Using these vendors as consultants can help your firm navigate IT and technology decisions and choosing the best fit for your firm. When choosing a vendor for your technology needs, be sure to choose a firm with industry leading, best-of-breed solutions and 24x7x365 support.
Outsourcing in the Alternative Investment Management Industry: Navigating Cyber, Legal and Operational Risks + Webinar Replay
Investment firms are increasingly drawn to outsourcing to manage complex technology and operational requirements. And, of course, with this evolution comes a range of considerations. In a recent webinar, Eze Castle Integration’s Executive Director, Dean Hill, and, Lawrence Brown, Information, Communications and Technology Partner at law firm Simmons & Simmons, explored the cyber, legal and operational risks for firms looking to outsource.
Watch the full webinar replay here.
When it comes to protecting your business, you can never be too prepared. In the competitive investment management world, downtime for any reason is not an option. Whether it be a natural disaster, inclement weather, or even a flu epidemic sweeping the office, your firm needs to have both Disaster Recovery and Business Continuity Plans to ensure that your firm doesn't undergo the costly financial and reputational losses in the case of downtime.
Firstly, it’s important to understand difference between Disaster Recovery and Business Continuity Plans.
Disaster Recovery refers to the policies and procedures to enable the recovery of key technology systems after the event of a disaster. A robust DR program ensures that data centers are highly redundant, have multiple entry fiber paths and multiple power grids, undergoes annual testing, and comes with around the clock support, as outages can easily occur outside of business hours.
Business Continuity refers to a document that outlines how your firm will respond when confronted with unexpected business disruptions. A cohesive Business Continuity Plan has proven methodology to ensure your firm is prepared for the unexpected, includes a detailed risk assessment and business impact analysis, has strategies and plan development, includes testing and training, and is continuously evaluated and maintained. Our new eBook outlines the seven steps to create a BCP, download your copy here.
Technology has changed the working world and continues to do so as it evolves at a rapid speed. Law firms around the globe have seen a significant improvement in the speed and efficiencies of business processes, gained from IT advances over the past two decades. Equally, the number of threats and risks targeting firms are on the rise. Cyber-attacks and social engineering methods are becoming increasingly sophisticated and deceptive in their approach to steal confidential client and firm data. For example, law firm Mossack Fonseca was under international scrutiny when more than 11.5 million firm documents, coined as ‘The Panama Papers’, were leaked in 2017. More recently, we’ve seen reputable businesses such as Facebook and British Airways fall victim to malicious breaches. As a result, firms and their clients are becoming more risk averse and paying greater attention to the security measures and practices in place to protect their reputation. And, with October globally recognised as ‘Cybersecurity Awareness Month’, there is no better time for firms to assess and strengthen any defence practices in place.
The support of a trusted managed services provider can help your firm keep on top of all things IT and leverage new innovations to retain and build your client base - all whilst boosting your operating efficiency as a business. Consider these top five reasons for partnering with a trusted managed services provider to see how you can take your firm to the next level.
When confronted with unexpected business disruptions, alternative investment firms must react swiftly, methodically and successfully or else risk significant financial loss. This level of response requires extensive business continuity planning to ensure all aspects of a firm’s business are evaluated and protected. In this blog, we will help you create a Business Continuity Plan and help you identify which threats pose a risk to your firm.
With Cybersecurity Awareness Month steadily approaching in October, there's no time like the present to evaluate your firm's IT vulnerabilities and make sure that your firm is taking steps to mitigate these threats. When looking for vulnerabilities in your organization's IT, there are questions you can ask yourself to help pinpoint the vulnerabilities and remediate the findings.
1.) Does my firm know what assets, both hardware and software, are in inventory?
The first step to considering your vulnerabilities is to create a complete inventory of technology assets. How can you know what your vulnerabilities are if you don't know what systems and data you need to protect? Keeping a list of workstations, servers, applications and smartphone devices in one central location is crucial. As your firm grows in assets, products and headcount, are you continuing to re-evaluate your IT inventory? You'll want to have a running list of technology assets as the firm evolves and grows.
2.) Are we patching effectively and appropriately?
Your firm should be patching quickly and appropriately, as poor patch management can leave your firm exposed to potential threats. Zero-day threats take advantage of software vulnerabilities before patches and updates are available to the public. The best way to protect yourself against this is installing updates as soon as they become available. Having a patch management process in place allows firms to roll out these updates when necessary.
Operational due diligence has become a hot topic that continues to gain importance and attention throughout the alternative investment industry. Over the past few years, as regulations have changed and investors increasingly seek transparency, funds are spending more time than ever preparing for the due diligence process.
It is no surprise that the investment industry landscape is becoming more and more competitive. As this trend continues, investors are raising their expectations and looking towards funds that display the highest levels in operational excellence. One important way to ensure your firm meets these high standards is to complete a due diligence questionnaire (DDQ) that can be shared with potential investors.
A comprehensive DDQ covers a wide range of topics, from assets under management to audited financial statements and investment strategies. One major area of focus is the fund’s IT and accompanying cybersecurity policies and procedures.At Eze Castle, we frequently assist our clients in completing DDQ questions on technology, and we often see the same types of questions popping up. So, to help you get started, we have compiled the following list of some frequently asked DDQ questions.
Investment risk plays an important role in the life of the fund manager, but technology risk should not. When it comes to your firm’s technology systems and operations, you want things to run efficiently, not add more stress to your already crowded plate.
Mitigating technology risk is a critical step to ensuring your firm operates smoothly and successfully. Following are a few areas to keep in mind as you evaluate your firm’s technology risk:
Layers of Redundancy
One way to reduce your firm’s technology risk is to add layers of redundancy throughout your infrastructure. Whether you’re utilizing a cloud infrastructure or an on-premise environment, your servers, networking and telecomm lines should feature N+1 availability, a configuration in which multiple components have at least one independent backup component to ensure system functionality continues in the event of a failure.