Eze Castle Integration Eze Castle Integration

Eze Castle Blog

> Subscribe to Blog Entries about Private Equity RSS

2019 New Year's IT Resolutions for Investment Management Firms

By Olivia Munro,
Thursday, January 3rd, 2019

With the new year now upon us, what better time to create your 2019 resolutions for your firm's IT strategy! As we know, the threat landscape is constantly evolving, cloud computing has gained momentum and is now widely accepted in the investment management industry, and new technologies and trends are emerging to support firms with their IT and operational needs.

Continue reading for Eze Castle Integration's recommendations for IT resolutions for 2019:

1.) Create a Cybersecurity Incident Response Plan

As the experts in the industry say, it's not if, but when, a cybersecurity incident will occur. According to a recent report by TechCrunch, cyber attacks are set to spike again in 2019, meaning firms need to continue to stay on top of cybersecurity best practices, utilizing layers of security to protect sensitive data, of course, have a Cybersecurity Incident Response Plan. This includes creating an Incident Response Team consisting of members throughout different departments in the organization, and mapping out the steps to take before, during and after a security incident.

2.) Develop a Written Information Security Plan

Building on this, developing a Written Information Security Plan, or a WISP, is critical to securing your information, but also required if your firm is registered with the SEC. Having documentation of your firm's plan and systems in place to protect personal information and sensitive company information can help mitigate threats and risk against and protect the integrity, confidentiality, and availability of your firm's data.

3.) Create a comprehensive employee security training program

If you don't have an employee training program, it is critical that you create one in 2019. If you already have an existing employee training program, you must periodically audit this program, ensuring it is both effective and current. Having a managed phishing and training program is an effective way to train employees on how to spot and report phishing and social engineering attempts. These simulated phishing attacks against your employees provide real-time and interactive training. 

Categorized under: Cloud Computing  Security  Outsourcing  Private Equity  Disaster Recovery  Hedge Fund Operations  Help Desk  Infrastructure  Communications  Business Continuity Planning  Trends We're Seeing 

Taking a Layered Approach to Cybersecurity

By Eze Castle Integration,
Tuesday, May 1st, 2018

This article first appeared on Hedgeweek and Private Equity Wire as part of Eze Castle Integration's Technology Resource Center

Every fund manager knows that the risk of cyber attacks impacting the way they do business are exponentially rising. For some managers, knowing the proper approach to cybersecurity, within the limits of available resources and budget, can feel disorienting, 

To overcome this, firms are best advised to think about taking a layered approach to building a robust cybersecurity posture. Eze Castle Integration refers to three tiers, with Tier 0 representing the most basic must-have protections. The next level up, Tier 1, is a standard framework that builds on the basics of Tier 0 and incorporates additional enhanced features and employee security awareness training; presently, this is where most investment managers fit.

The third, Tier 2, is considered an advanced tier and features state-of-the-art progressive tools, next generation firewalls and puts managers in the best possible light with institutional investors.

Each layer of the pyramid includes a number of measures that fund managers must have in place to handle a cyber attack. These can be broken down into four components:

  • Perimeter & Network Security

  • Access Control Measures

  • Policies & Procedures

  • Employee/User Behaviour

1. Perimeter & Network Security

Tier 0:

For any fund manager to stand the chance of thwarting a cyber attack, they will need to ensure that firewalls are installed along with anti-virus software and software patching. Software patching should be part of a firm’s ongoing IT management. As a best practice, this will prevent software vulnerabilities from potentially being exploited by threat actors.

These tools will go some way to protecting a firm’s perimeter from low-level attacks and prevent unwanted spam.

Tier 1:

Tier 1 security builds on the above by introducing greater network access control beyond reliance on standard firewalls and anti-virus software. It also focuses on enhanced email security features to protect sensitive information. These features often include targeted attack protection, attachment scanning and encryption.

Categorized under: Security  Launching A Hedge Fund  Private Equity  Hedge Fund Operations  Infrastructure  Trends We're Seeing 

Why Private Equity Firms Prefer Eze Castle's Outsourced Cloud Solutions

By Private Equity Wire,
Thursday, March 1st, 2018

This article originally appeared in the February 2018 Private Equity Wire Awards Special Report. Eze Castle Integration won Best Technology Outsourcing Cloud Provider.

Fund managers face a multitude of pressures today, ranging from regulatory to investor demands for improved transparency and evidence that their data is being stored and secured to the highest standards.

Best Cloud for Private EquityThis is a lot for PE groups to take on, who need to focus on the investment process without getting sidetracked having to manage technology risk. As such, demand for outsourced cloud solutions has strong momentum, with Eze Castle Integration very much at the forefront of this.

“We want to be sure that the technology being leveraged supports best-of-breed technology, both in the cloud as well as on-site,” explains Mark Coriaty, Chief Strategy Officer at Eze Castle Integration. “Fund managers want to ensure that their day-to-day workflows are reliable, secure and running off best-of-breed technologies.

“We have all of those components bundled together to provide a turnkey solution, whether that be our Eze Private Cloud or Eze Hybrid Cloud.”

The Eze Private Cloud is a very controlled environment. It contains a lot of components to do with private networking, client controls, data integrity controls, as well as enterprise standard security measures.

To adapt to the changing market landscape, Eze Castle Integration is able to offer all of its clients a hybrid cloud solution, if they wish, by combining the Eze Private Cloud with public cloud services.

As Coriaty explains, the hybrid cloud takes two things into account: “The standards that we put forth as best practices to our clients within the Eze Private Cloud, as well as all the regulatory requirements that alternative fund managers face. Then we connect key components of Microsoft’s public cloud.

“We have directly connected our private cloud with the Microsoft Cloud so that we can look at and control all the networking, the security components, as well as the end user experience.”

Categorized under: Cloud Computing  Private Equity  Trends We're Seeing  Eze Castle Milestones 

Five Gifts on Your ‘Friendly’ Hacker’s Christmas List

By Mary Beth Hamilton,
Tuesday, December 19th, 2017

Tis the season of giving and the year of cybersecurity, so we’ve pulled together a top five list of gifts to (not give!) your friendly internet hacker – even though we’re sure they’d love them.

1. Unchanging Passwords: Cha-cha-changes

Whether you’re safeguarding your PC, mobile device or online presence, password security is the first and arguably most important step you can take to protect your sensitive information. And unfortunately, users often don’t put the necessary effort into creating strong, unique and secure passwords. Read up on the five hallmarks of a strong password strategy, including Diversity (different passwords for different sites), Frequency (change every 90 days) and Complexity + Length (make it hard to guess).

2. Outdated Patches

WannaCry is back in the headlines as the US blames North Korea for the massive May 2017 ransomware cyberattack that spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows.

This attack demonstrated the importance of effective patch management programs and services (think Eze Castle!) that ensure the timely implementation of system updates. As Brad Smith, president of Microsoft, wrote, “As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past.”

Categorized under: Security  Private Equity 

IT Considerations for Starting A Private Equity Firm

By Amanda Daly,
Thursday, October 26th, 2017

Our two-part feature covers the legal and IT considerations for launching a private equity firm. In Part 1 we talked legal considerations for launching a private equity firm. Now on to Part 2 where we will talk IT considerations. Be sure to watch the full webinar replay for deeper guidance from our expert Tim Kennedy, SVP of Eze Castle Integration.

On the technology side, there’s a lot to consider. Whether you’re spinning out of a successful fund or beginning your own venture from scratch, it’s imperative to have enterprise-grade IT when you’re managing and growing a portfolio of companies.

When selecting your IT provider, you want to consider these:

  • Company background and financials

  • Service team and org chart

  • Breadth of services

  • Information security policies & practices

  • Disaster recovery and business resilience

  • Do they have an extensive partner network? Can they leverage industry-leading vendor relationships for infrastructure, software, etc.?

  • Do they have a global presence? If your firm expands across the US or internationally, can they support additional offices?

Private Equity Outsourcing is Going Cloud, but Which One?

Categorized under: Private Equity  Cloud Computing  Security  Operational Due Diligence 

Legal Considerations for Starting A Private Equity Firm

By Amanda Daly,
Tuesday, October 24th, 2017

Private equity firms are enjoying record buyout values in 2017, so it’s no surprise there’s growing interest in joining the industry. But successfully starting a private equity firm is not without its challenges.

During a recent webinar, we covered legal and IT considerations for launching a private equity firm with Monica Arora, Partner, Proskauer Rose LLP, and Tim Kennedy, SVP, Eze Castle Integration. Today, we are going to briefly review the legal considerations to help you navigate the competitive landscape for new private equity firms. Be sure to watch the full webinar replay for deeper guidance from our expert Monica Arora.

Key Points about Vehicles:

  • Fund Vehicle Limited Partnership, for U.S based funds, typically uses Delaware or Cayman Islands jurisdiction for a limited partnership

  • Limited Partners are your 3rd party investors

  • General Partners are your private equity firms

  • Fund Manager is a different entity, which is a special purpose vehicle that is typically created for each fund, is the bricks and mortor

Categorized under: Private Equity  Cloud Computing  Security  Operational Due Diligence 

What Makes Hybrid Clouds Appealing?

By Mary Beth Hamilton,
Tuesday, October 10th, 2017

There has been discussion for years about whether public or private cloud platforms were more suitable to financial and investment management firms. And that debate continues, but with the addition of a new player – the hybrid cloud.

While the public cloud receives praise for its flexibility and potential cost savings and the private cloud for its robust security and reliable performance, the hybrid iteration essentially marries these features to create a compelling package for firms who don’t fit naturally into the previous two categories.

As its applicability continues to surge, it is worth understanding the concepts and benefits behind the hybrid cloud. Let’s take a look at what makes hybrid environments appealing to some organizations:

  • Agility & Flexibility: A hybrid cloud model allows a company to combine public cloud assets with those in a private cloud to increase agility and availability. For example, combine Microsoft Exchange and file services via the public cloud with robust security layers and 24x7x365 managed support via the private cloud, and suddenly you’re benefiting from the best of both worlds (hint: we’re talking about the Eze Hybrid Cloud).

Categorized under: Cloud Computing  Security  Outsourcing  Launching A Hedge Fund  Private Equity  Disaster Recovery  Infrastructure  Trends We're Seeing 

Service Provider Risk: Understanding Scope & Calculating Exposures

By Kaleigh Alessandro,
Thursday, September 21st, 2017

Risks are everywhere, particularly in today’s cyber-focused environment. But the risk a financial firm undertakes when outsourcing a function of its business to a service provider is enormous. Not only is the firm relinquishing control to an outside vendor, it also takes on the added burden of managing that company, in addition to its own.

I recently interviewed Eze Castle Cybersecurity and Data Privacy Analyst, Matt Donahue, and we spoke about how hedge funds, private equity firms and other alternatives can roll out and improve third party risk management programs.

Within an organization, where does the accountability for risk live and how do third parties fit into that structure?

Typically, when firms think about where responsibility and accountability live within their organization they mention compliance or information technology – when, in reality, there should be a sense of responsibility at almost every level. As we’ve noted before when talking about establishing a culture of security, tone should be set from the top down – and in this case, risk management responsibility starts at the top also.

If you’re making decisions with only a single lens on technology or cybersecurity or any one area – you’re missing the big picture. Senior execs bring a high-level view point that will help the risk management program align throughout the entire organization.

Categorized under: Outsourcing  Security  Operational Due Diligence  Private Equity  Hedge Fund Operations  Trends We're Seeing 

Key Cybersecurity Risks to Private Equity Firms

By Amanda Daly,
Tuesday, September 5th, 2017

Below is an excerpt from our whitepaper, 'Cybersecurity for Private Equity'. Click here to download the full whitepaper.

As private equity firms become more dependent on outsourcing and adopt new technologies to support operations, the number of threats they expose themselves to increases exponentially. It can be a daunting task to stay on top of the new and evolving risks at hand, but meticulous attention needs to be employed to mitigate these ongoing threats.

Today’s hackers and cyber criminals are not only targeting IT systems, but humans as well. Attacks vary in target, size and motive, but all pose serious risks to your firm’s wellbeing, thus it’s vital to be aware of common threat types targeting your firm and the broader private equity community. Here are a few to be mindful of:

  • Malware/Ransomware

  • Social Engineering

  • Hacktivism

  • Insider Threats

Download Cybersecurtiy for Private Equity Whitepaper

Categorized under: Security  Outsourcing  Private Equity  Trends We're Seeing 

Five Ransomware Prevention Tips to Thwart Future Cyber Attacks

By Kaleigh Alessandro,
Thursday, August 3rd, 2017

Ransomware threats are on the rise – WannaCry and Petya are just the beginning. To prevent future cyber threats from causing harm, financial and investment firms should employ security practices that include deep layers of protection. Here are five suggestions to keep in mind:

  1. Back up. Unfortunately, hackers initiating ransomware attacks aren’t exactly on the up-and-up. After they’ve stolen your files and demanded a ransom, they claim files will be decrypted and restored – but those promises are typically dishonest. Odds are, even if you pay a ransom (which you shouldn’t!), your files won’t be decrypted. That means backups are the only way to successfully recover your data. Ensure you leverage a secure and reliable backup and recovery tool that will de-duplicate, compress, encrypt and securely transfer your data to an offsite data center.

  2. Scan. To construct appropriate defenses against external threats, including ransomware attacks, financial firms should conduct regular vulnerability assessments on their networks. These assessments are critical to detecting actual and likely vulnerabilities, including potentially outdated patches. Vulnerability assessments scan for malware, viruses, backdoors, hosts communicating with botnet-infected systems, known/unknown processes and web services linking to malicious content.

Categorized under: Security  Outsourcing  Private Equity  Disaster Recovery  Infrastructure  Software  Trends We're Seeing 

View earlier posts in the archive

Recent Posts / All Posts