For investment management firms to embrace a security-first approach, they must regularly audit and evaluate their cybersecurity risk profile and adjust as necessary based on the evolving security landscape and technological advances. Continue reading for six questions your firm should reflect on regarding their cybersecurity risk profile.
What is our commitment to cybersecurity and what is our outlook on the future?
Regulators and investors continue to ask more questions about cybersecurity because they want to know that firms are effectively mitigating risk. To meet these growing expectations, firms must demonstrate that you take cybersecurity risk seriously and have implemented sound systems, policies and procedures to combat those risks. As the threat landscape and technology continue to evolve, investment management firms need to evolve accordingly and develop better ways to counteract threats. Firms don’t necessarily need to implement every available security technology, but they should be keenly aware of their options and have a plan to effectively mitigate as much risk as possible.
How are we addressing third party risk and oversight?
Investment management firms often rely on third party vendors to obtain functionality or capabilities that they need, want or can’t afford to produce on their own. But moving functions out of the firm's control can present challenges. With any outsourced function, the firm inherently takes on additional risks at the hands of the third party. But it's critical for investment managers to limit those risks through sufficient due diligence. To combat vendor risk, financial firms need to maintain strict oversight of all third party relationships and investigate security practices and protocols, particularly for those vendors who have access to the firm's confidential information. An outsourced vendor should be providing the same level of security (or better!) as your firm would if the function was under in-house control.
Here at Eze Castle Integration, we take great pride in listening to our clients and the market as a whole. We follow a security-first approach in delivering complete cloud solutions complemented by the support of our award-winning global helpdesk, which operates 24x7x365. Whether using the public cloud, private cloud or a hybrid cloud approach, Eze Castle Integration excels in providing best-in-class solutions that address a firm’s specific needs.
Across the dark web underworld criminals are buying and selling stolen user credentials, including email addresses, usernames and passwords, to access high value (i.e. executive and privileged user) accounts. Once in a system, criminals steal financial assets, uncover trade secrets and exploit other vulnerabilities. To stop this threat, firms must monitor the Dark Web and respond.
Enter Eze Dark Web Monitoring, a cost-efficient deterrent to ATO activities. Eze Dark Web Monitoring provides early detection, alerting clients when credentials are discovered and forcing users to reset passwords.
“Cybersecurity threats rank as some of the greatest risks facing the industry today with companies of all sizes under attack. At Eze Castle Integration, protecting clients is our mission. We follow a security first approach to IT and deliver fully managed security solutions, such as Eze Dark Web Monitoring, to fortify our client environments – whether they reside in a public cloud, private cloud or on-premise,” said Steve Schoener, Chief Technology Officer at Eze Castle Integration.
With the new year now upon us, what better time to create your 2019 resolutions for your firm's IT strategy! As we know, the threat landscape is constantly evolving, cloud computing has gained momentum and is now widely accepted in the investment management industry, and new technologies and trends are emerging to support firms with their IT and operational needs.
Continue reading for Eze Castle Integration's recommendations for IT resolutions for 2019:
1.) Create a Cybersecurity Incident Response Plan
As the experts in the industry say, it's not if, but when, a cybersecurity incident will occur. According to a recent report by TechCrunch, cyber attacks are set to spike again in 2019, meaning firms need to continue to stay on top of cybersecurity best practices, utilizing layers of security to protect sensitive data, of course, have a Cybersecurity Incident Response Plan. This includes creating an Incident Response Team consisting of members throughout different departments in the organization, and mapping out the steps to take before, during and after a security incident.
Building on this, developing a Written Information Security Plan, or a WISP, is critical to securing your information, but also required if your firm is registered with the SEC. Having documentation of your firm's plan and systems in place to protect personal information and sensitive company information can help mitigate threats and risk against and protect the integrity, confidentiality, and availability of your firm's data.
3.) Create a comprehensive employee security training program
If you don't have an employee training program, it is critical that you create one in 2019. If you already have an existing employee training program, you must periodically audit this program, ensuring it is both effective and current. Having a managed phishing and training program is an effective way to train employees on how to spot and report phishing and social engineering attempts. These simulated phishing attacks against your employees provide real-time and interactive training.
This article originally appeared in the February 2018 Private Equity Wire Awards Special Report. Eze Castle Integration won Best Technology Outsourcing Cloud Provider.
Fund managers face a multitude of pressures today, ranging from regulatory to investor demands for improved transparency and evidence that their data is being stored and secured to the highest standards.
This is a lot for PE groups to take on, who need to focus on the investment process without getting sidetracked having to manage technology risk. As such, demand for outsourced cloud solutions has strong momentum, with Eze Castle Integration very much at the forefront of this.
“We want to be sure that the technology being leveraged supports best-of-breed technology, both in the cloud as well as on-site,” explains Mark Coriaty, Chief Strategy Officer at Eze Castle Integration. “Fund managers want to ensure that their day-to-day workflows are reliable, secure and running off best-of-breed technologies.
“We have all of those components bundled together to provide a turnkey solution, whether that be our Eze Private Cloud or Eze Hybrid Cloud.”
The Eze Private Cloud is a very controlled environment. It contains a lot of components to do with private networking, client controls, data integrity controls, as well as enterprise standard security measures.
To adapt to the changing market landscape, Eze Castle Integration is able to offer all of its clients a hybrid cloud solution, if they wish, by combining the Eze Private Cloud with public cloud services.
As Coriaty explains, the hybrid cloud takes two things into account: “The standards that we put forth as best practices to our clients within the Eze Private Cloud, as well as all the regulatory requirements that alternative fund managers face. Then we connect key components of Microsoft’s public cloud.
“We have directly connected our private cloud with the Microsoft Cloud so that we can look at and control all the networking, the security components, as well as the end user experience.”
Tis the season of giving and the year of cybersecurity, so we’ve pulled together a top five list of gifts to (not give!) your friendly internet hacker – even though we’re sure they’d love them.
1. Unchanging Passwords: Cha-cha-changes
Whether you’re safeguarding your PC, mobile device or online presence, password security is the first and arguably most important step you can take to protect your sensitive information. And unfortunately, users often don’t put the necessary effort into creating strong, unique and secure passwords. Read up on the five hallmarks of a strong password strategy, including Diversity (different passwords for different sites), Frequency (change every 90 days) and Complexity + Length (make it hard to guess).
2. Outdated Patches
WannaCry is back in the headlines as the US blames North Korea for the massive May 2017 ransomware cyberattack that spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows.
This attack demonstrated the importance of effective patch management programs and services (think Eze Castle!) that ensure the timely implementation of system updates. As Brad Smith, president of Microsoft, wrote, “As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past.”
Our two-part feature covers the legal and IT considerations for launching a private equity firm. In Part 1 we talked legal considerations for launching a private equity firm. Now on to Part 2 where we will talk IT considerations. Be sure to watch the full webinar replay for deeper guidance from our expert Tim Kennedy, SVP of Eze Castle Integration.
On the technology side, there’s a lot to consider. Whether you’re spinning out of a successful fund or beginning your own venture from scratch, it’s imperative to have enterprise-grade IT when you’re managing and growing a portfolio of companies.
When selecting your IT provider, you want to consider these:
Company background and financials
Service team and org chart
Breadth of services
Information security policies & practices
Disaster recovery and business resilience
Do they have an extensive partner network? Can they leverage industry-leading vendor relationships for infrastructure, software, etc.?
Do they have a global presence? If your firm expands across the US or internationally, can they support additional offices?
Private equity firms are enjoying record buyout values in 2017, so it’s no surprise there’s growing interest in joining the industry. But successfully starting a private equity firm is not without its challenges.
During a recent webinar, we covered legal and IT considerations for launching a private equity firm with Monica Arora, Partner, Proskauer Rose LLP, and Tim Kennedy, SVP, Eze Castle Integration. Today, we are going to briefly review the legal considerations to help you navigate the competitive landscape for new private equity firms. Be sure to watch the full webinar replay for deeper guidance from our expert Monica Arora.
Key Points about Vehicles:
Fund Vehicle Limited Partnership, for U.S based funds, typically uses Delaware or Cayman Islands jurisdiction for a limited partnership
Limited Partners are your 3rd party investors
General Partners are your private equity firms
Fund Manager is a different entity, which is a special purpose vehicle that is typically created for each fund, is the bricks and mortor
There has been discussion for years about whether public or private cloud platforms were more suitable to financial and investment management firms. And that debate continues, but with the addition of a new player – the hybrid cloud.
While the public cloud receives praise for its flexibility and potential cost savings and the private cloud for its robust security and reliable performance, the hybrid iteration essentially marries these features to create a compelling package for firms who don’t fit naturally into the previous two categories.
As its applicability continues to surge, it is worth understanding the concepts and benefits behind the hybrid cloud. Let’s take a look at what makes hybrid environments appealing to some organizations:
Agility & Flexibility: A hybrid cloud model allows a company to combine public cloud assets with those in a private cloud to increase agility and availability. For example, combine Microsoft Exchange and file services via the public cloud with robust security layers and 24x7x365 managed support via the private cloud, and suddenly you’re benefiting from the best of both worlds (hint: we’re talking about the Eze Hybrid Cloud).
Risks are everywhere, particularly in today’s cyber-focused environment. But the risk a financial firm undertakes when outsourcing a function of its business to a service provider is enormous. Not only is the firm relinquishing control to an outside vendor, it also takes on the added burden of managing that company, in addition to its own.
I recently interviewed Eze Castle Cybersecurity and Data Privacy Analyst, Matt Donahue, and we spoke about how hedge funds, private equity firms and other alternatives can roll out and improve third party risk management programs.
Within an organization, where does the accountability for risk live and how do third parties fit into that structure?
Typically, when firms think about where responsibility and accountability live within their organization they mention compliance or information technology – when, in reality, there should be a sense of responsibility at almost every level. As we’ve noted before when talking about establishing a culture of security, tone should be set from the top down – and in this case, risk management responsibility starts at the top also.
If you’re making decisions with only a single lens on technology or cybersecurity or any one area – you’re missing the big picture. Senior execs bring a high-level view point that will help the risk management program align throughout the entire organization.