Eze Castle Integration Eze Castle Integration

Eze Castle Blog

> Subscribe to Blog Entries about Private Equity RSS

Six Questions to Ask About Your Investment Firm's Cybersecurity Risk

By Eze Castle Integration,
Thursday, April 25th, 2019

For investment management firms to embrace a security-first approach, they must regularly audit and evaluate their cybersecurity risk profile and adjust as necessary based on the evolving security landscape and technological advances. Continue reading for six questions your firm should reflect on regarding their cybersecurity risk profile.

What is our commitment to cybersecurity and what is our outlook on the future?

Regulators and investors continue to ask more questions about cybersecurity because they want to know that firms are effectively mitigating risk. To meet these growing expectations, firms must demonstrate that you take cybersecurity risk seriously and have implemented sound systems, policies and procedures to combat those risks. As the threat landscape and technology continue to evolve, investment management firms need to evolve accordingly and develop better ways to counteract threats. Firms don’t necessarily need to implement every available security technology, but they should be keenly aware of their options and have a plan to effectively mitigate as much risk as possible.

How are we addressing third party risk and oversight?

Investment management firms often rely on third party vendors to obtain functionality or capabilities that they need, want or can’t afford to produce on their own. But moving functions out of the firm's control can present challenges. With any outsourced function, the firm inherently takes on additional risks at the hands of the third party. But it's critical for investment managers to limit those risks through sufficient due diligence. To combat vendor risk, financial firms need to maintain strict oversight of all third party relationships and investigate security practices and protocols, particularly for those vendors who have access to the firm's confidential information. An outsourced vendor should be providing the same level of security (or better!) as your firm would if the function was under in-house control.

Categorized under: Security  Outsourcing  Private Equity  Hedge Fund Operations  Hedge Fund Regulation  Business Continuity Planning  Videos And Infographics 



Hello, Eze Dark Web Monitoring, A Deterrent to Account Takeover Activities

By Amanda Daly,
Tuesday, April 9th, 2019

Here at Eze Castle Integration, we take great pride in listening to our clients and the market as a whole. We follow a security-first approach in delivering complete cloud solutions complemented by the support of our award-winning global helpdesk, which operates 24x7x365. Whether using the public cloud, private cloud or a hybrid cloud approach, Eze Castle Integration excels in providing best-in-class solutions that address a firm’s specific needs.

Dark Web MonitoringAcross the dark web underworld criminals are buying and selling stolen user credentials, including email addresses, usernames and passwords, to access high value (i.e. executive and privileged user) accounts. Once in a system, criminals steal financial assets, uncover trade secrets and exploit other vulnerabilities. To stop this threat, firms must monitor the Dark Web and respond.

Enter Eze Dark Web Monitoring, a cost-efficient deterrent to ATO activities. Eze Dark Web Monitoring provides early detection, alerting clients when credentials are discovered and forcing users to reset passwords.

“Cybersecurity threats rank as some of the greatest risks facing the industry today with companies of all sizes under attack. At Eze Castle Integration, protecting clients is our mission. We follow a security first approach to IT and deliver fully managed security solutions, such as Eze Dark Web Monitoring, to fortify our client environments – whether they reside in a public cloud, private cloud or on-premise,” said Steve Schoener, Chief Technology Officer at Eze Castle Integration.

Categorized under: Security  Cloud Computing  Operational Due Diligence  Outsourcing  Private Equity  Disaster Recovery  Trends We're Seeing  Eze Castle Milestones 



2019 New Year's IT Resolutions for Investment Management Firms

By Olivia Munro,
Thursday, January 3rd, 2019


With the new year now upon us, what better time to create your 2019 resolutions for your firm's IT strategy! As we know, the threat landscape is constantly evolving, cloud computing has gained momentum and is now widely accepted in the investment management industry, and new technologies and trends are emerging to support firms with their IT and operational needs.

Continue reading for Eze Castle Integration's recommendations for IT resolutions for 2019:

1.) Create a Cybersecurity Incident Response Plan

As the experts in the industry say, it's not if, but when, a cybersecurity incident will occur. According to a recent report by TechCrunch, cyber attacks are set to spike again in 2019, meaning firms need to continue to stay on top of cybersecurity best practices, utilizing layers of security to protect sensitive data, of course, have a Cybersecurity Incident Response Plan. This includes creating an Incident Response Team consisting of members throughout different departments in the organization, and mapping out the steps to take before, during and after a security incident.

2.) Develop a Written Information Security Plan

Building on this, developing a Written Information Security Plan, or a WISP, is critical to securing your information, but also required if your firm is registered with the SEC. Having documentation of your firm's plan and systems in place to protect personal information and sensitive company information can help mitigate threats and risk against and protect the integrity, confidentiality, and availability of your firm's data.
 

3.) Create a comprehensive employee security training program

If you don't have an employee training program, it is critical that you create one in 2019. If you already have an existing employee training program, you must periodically audit this program, ensuring it is both effective and current. Having a managed phishing and training program is an effective way to train employees on how to spot and report phishing and social engineering attempts. These simulated phishing attacks against your employees provide real-time and interactive training. 

Categorized under: Cloud Computing  Security  Outsourcing  Private Equity  Disaster Recovery  Hedge Fund Operations  Help Desk  Infrastructure  Communications  Business Continuity Planning  Trends We're Seeing 



Taking a Layered Approach to Cybersecurity

By Eze Castle Integration,
Tuesday, May 1st, 2018

This article first appeared on Hedgeweek and Private Equity Wire as part of Eze Castle Integration's Technology Resource Center

Every fund manager knows that the risk of cyber attacks impacting the way they do business are exponentially rising. For some managers, knowing the proper approach to cybersecurity, within the limits of available resources and budget, can feel disorienting, 

To overcome this, firms are best advised to think about taking a layered approach to building a robust cybersecurity posture. Eze Castle Integration refers to three tiers, with Tier 0 representing the most basic must-have protections. The next level up, Tier 1, is a standard framework that builds on the basics of Tier 0 and incorporates additional enhanced features and employee security awareness training; presently, this is where most investment managers fit.

The third, Tier 2, is considered an advanced tier and features state-of-the-art progressive tools, next generation firewalls and puts managers in the best possible light with institutional investors.

Each layer of the pyramid includes a number of measures that fund managers must have in place to handle a cyber attack. These can be broken down into four components:

  • Perimeter & Network Security

  • Access Control Measures

  • Policies & Procedures

  • Employee/User Behaviour

1. Perimeter & Network Security

Tier 0:

For any fund manager to stand the chance of thwarting a cyber attack, they will need to ensure that firewalls are installed along with anti-virus software and software patching. Software patching should be part of a firm’s ongoing IT management. As a best practice, this will prevent software vulnerabilities from potentially being exploited by threat actors.

These tools will go some way to protecting a firm’s perimeter from low-level attacks and prevent unwanted spam.

Tier 1:

Tier 1 security builds on the above by introducing greater network access control beyond reliance on standard firewalls and anti-virus software. It also focuses on enhanced email security features to protect sensitive information. These features often include targeted attack protection, attachment scanning and encryption.

Categorized under: Security  Launching A Hedge Fund  Private Equity  Hedge Fund Operations  Infrastructure  Trends We're Seeing 



Why Private Equity Firms Prefer Eze Castle's Outsourced Cloud Solutions

By Private Equity Wire,
Thursday, March 1st, 2018

This article originally appeared in the February 2018 Private Equity Wire Awards Special Report. Eze Castle Integration won Best Technology Outsourcing Cloud Provider.

Fund managers face a multitude of pressures today, ranging from regulatory to investor demands for improved transparency and evidence that their data is being stored and secured to the highest standards.

Best Cloud for Private EquityThis is a lot for PE groups to take on, who need to focus on the investment process without getting sidetracked having to manage technology risk. As such, demand for outsourced cloud solutions has strong momentum, with Eze Castle Integration very much at the forefront of this.

“We want to be sure that the technology being leveraged supports best-of-breed technology, both in the cloud as well as on-site,” explains Mark Coriaty, Chief Strategy Officer at Eze Castle Integration. “Fund managers want to ensure that their day-to-day workflows are reliable, secure and running off best-of-breed technologies.

“We have all of those components bundled together to provide a turnkey solution, whether that be our Eze Private Cloud or Eze Hybrid Cloud.”

The Eze Private Cloud is a very controlled environment. It contains a lot of components to do with private networking, client controls, data integrity controls, as well as enterprise standard security measures.

To adapt to the changing market landscape, Eze Castle Integration is able to offer all of its clients a hybrid cloud solution, if they wish, by combining the Eze Private Cloud with public cloud services.

As Coriaty explains, the hybrid cloud takes two things into account: “The standards that we put forth as best practices to our clients within the Eze Private Cloud, as well as all the regulatory requirements that alternative fund managers face. Then we connect key components of Microsoft’s public cloud.

“We have directly connected our private cloud with the Microsoft Cloud so that we can look at and control all the networking, the security components, as well as the end user experience.”

Categorized under: Cloud Computing  Private Equity  Trends We're Seeing  Eze Castle Milestones 



Five Gifts on Your ‘Friendly’ Hacker’s Christmas List

By Mary Beth Hamilton,
Tuesday, December 19th, 2017

Tis the season of giving and the year of cybersecurity, so we’ve pulled together a top five list of gifts to (not give!) your friendly internet hacker – even though we’re sure they’d love them.

1. Unchanging Passwords: Cha-cha-changes

Whether you’re safeguarding your PC, mobile device or online presence, password security is the first and arguably most important step you can take to protect your sensitive information. And unfortunately, users often don’t put the necessary effort into creating strong, unique and secure passwords. Read up on the five hallmarks of a strong password strategy, including Diversity (different passwords for different sites), Frequency (change every 90 days) and Complexity + Length (make it hard to guess).

2. Outdated Patches

WannaCry is back in the headlines as the US blames North Korea for the massive May 2017 ransomware cyberattack that spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows.

This attack demonstrated the importance of effective patch management programs and services (think Eze Castle!) that ensure the timely implementation of system updates. As Brad Smith, president of Microsoft, wrote, “As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past.”

Categorized under: Security  Private Equity 



IT Considerations for Starting A Private Equity Firm

By Amanda Daly,
Thursday, October 26th, 2017

Our two-part feature covers the legal and IT considerations for launching a private equity firm. In Part 1 we talked legal considerations for launching a private equity firm. Now on to Part 2 where we will talk IT considerations. Be sure to watch the full webinar replay for deeper guidance from our expert Tim Kennedy, SVP of Eze Castle Integration.

On the technology side, there’s a lot to consider. Whether you’re spinning out of a successful fund or beginning your own venture from scratch, it’s imperative to have enterprise-grade IT when you’re managing and growing a portfolio of companies.

When selecting your IT provider, you want to consider these:

  • Company background and financials

  • Service team and org chart

  • Breadth of services

  • Information security policies & practices

  • Disaster recovery and business resilience

  • Do they have an extensive partner network? Can they leverage industry-leading vendor relationships for infrastructure, software, etc.?

  • Do they have a global presence? If your firm expands across the US or internationally, can they support additional offices?

Private Equity Outsourcing is Going Cloud, but Which One?

Categorized under: Private Equity  Cloud Computing  Security  Operational Due Diligence 



Legal Considerations for Starting A Private Equity Firm

By Amanda Daly,
Tuesday, October 24th, 2017

Private equity firms are enjoying record buyout values in 2017, so it’s no surprise there’s growing interest in joining the industry. But successfully starting a private equity firm is not without its challenges.

During a recent webinar, we covered legal and IT considerations for launching a private equity firm with Monica Arora, Partner, Proskauer Rose LLP, and Tim Kennedy, SVP, Eze Castle Integration. Today, we are going to briefly review the legal considerations to help you navigate the competitive landscape for new private equity firms. Be sure to watch the full webinar replay for deeper guidance from our expert Monica Arora.

Key Points about Vehicles:

  • Fund Vehicle Limited Partnership, for U.S based funds, typically uses Delaware or Cayman Islands jurisdiction for a limited partnership

  • Limited Partners are your 3rd party investors

  • General Partners are your private equity firms

  • Fund Manager is a different entity, which is a special purpose vehicle that is typically created for each fund, is the bricks and mortor

Categorized under: Private Equity  Cloud Computing  Security  Operational Due Diligence 



What Makes Hybrid Clouds Appealing?

By Mary Beth Hamilton,
Tuesday, October 10th, 2017

There has been discussion for years about whether public or private cloud platforms were more suitable to financial and investment management firms. And that debate continues, but with the addition of a new player – the hybrid cloud.

While the public cloud receives praise for its flexibility and potential cost savings and the private cloud for its robust security and reliable performance, the hybrid iteration essentially marries these features to create a compelling package for firms who don’t fit naturally into the previous two categories.

As its applicability continues to surge, it is worth understanding the concepts and benefits behind the hybrid cloud. Let’s take a look at what makes hybrid environments appealing to some organizations:

  • Agility & Flexibility: A hybrid cloud model allows a company to combine public cloud assets with those in a private cloud to increase agility and availability. For example, combine Microsoft Exchange and file services via the public cloud with robust security layers and 24x7x365 managed support via the private cloud, and suddenly you’re benefiting from the best of both worlds (hint: we’re talking about the Eze Hybrid Cloud).

Categorized under: Cloud Computing  Security  Outsourcing  Launching A Hedge Fund  Private Equity  Disaster Recovery  Infrastructure  Trends We're Seeing 



Service Provider Risk: Understanding Scope & Calculating Exposures

By Kaleigh Alessandro,
Thursday, September 21st, 2017

Risks are everywhere, particularly in today’s cyber-focused environment. But the risk a financial firm undertakes when outsourcing a function of its business to a service provider is enormous. Not only is the firm relinquishing control to an outside vendor, it also takes on the added burden of managing that company, in addition to its own.

I recently interviewed Eze Castle Cybersecurity and Data Privacy Analyst, Matt Donahue, and we spoke about how hedge funds, private equity firms and other alternatives can roll out and improve third party risk management programs.

Within an organization, where does the accountability for risk live and how do third parties fit into that structure?

Typically, when firms think about where responsibility and accountability live within their organization they mention compliance or information technology – when, in reality, there should be a sense of responsibility at almost every level. As we’ve noted before when talking about establishing a culture of security, tone should be set from the top down – and in this case, risk management responsibility starts at the top also.

If you’re making decisions with only a single lens on technology or cybersecurity or any one area – you’re missing the big picture. Senior execs bring a high-level view point that will help the risk management program align throughout the entire organization.

Categorized under: Outsourcing  Security  Operational Due Diligence  Private Equity  Hedge Fund Operations  Trends We're Seeing 



View earlier posts in the archive

Recent Posts / All Posts


 

Subscribe

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Recent Articles

Categories

Archives