With the new year now upon us, what better time to create your 2019 resolutions for your firm's IT strategy! As we know, the threat landscape is constantly evolving, cloud computing has gained momentum and is now widely accepted in the investment management industry, and new technologies and trends are emerging to support firms with their IT and operational needs.
Continue reading for Eze Castle Integration's recommendations for IT resolutions for 2019:
1.) Create a Cybersecurity Incident Response Plan
As the experts in the industry say, it's not if, but when, a cybersecurity incident will occur. According to a recent report by TechCrunch, cyber attacks are set to spike again in 2019, meaning firms need to continue to stay on top of cybersecurity best practices, utilizing layers of security to protect sensitive data, of course, have a Cybersecurity Incident Response Plan. This includes creating an Incident Response Team consisting of members throughout different departments in the organization, and mapping out the steps to take before, during and after a security incident.
Building on this, developing a Written Information Security Plan, or a WISP, is critical to securing your information, but also required if your firm is registered with the SEC. Having documentation of your firm's plan and systems in place to protect personal information and sensitive company information can help mitigate threats and risk against and protect the integrity, confidentiality, and availability of your firm's data.
3.) Create a comprehensive employee security training program
If you don't have an employee training program, it is critical that you create one in 2019. If you already have an existing employee training program, you must periodically audit this program, ensuring it is both effective and current. Having a managed phishing and training program is an effective way to train employees on how to spot and report phishing and social engineering attempts. These simulated phishing attacks against your employees provide real-time and interactive training.
This article originally appeared in the February 2018 Private Equity Wire Awards Special Report. Eze Castle Integration won Best Technology Outsourcing Cloud Provider.
Fund managers face a multitude of pressures today, ranging from regulatory to investor demands for improved transparency and evidence that their data is being stored and secured to the highest standards.
This is a lot for PE groups to take on, who need to focus on the investment process without getting sidetracked having to manage technology risk. As such, demand for outsourced cloud solutions has strong momentum, with Eze Castle Integration very much at the forefront of this.
“We want to be sure that the technology being leveraged supports best-of-breed technology, both in the cloud as well as on-site,” explains Mark Coriaty, Chief Strategy Officer at Eze Castle Integration. “Fund managers want to ensure that their day-to-day workflows are reliable, secure and running off best-of-breed technologies.
“We have all of those components bundled together to provide a turnkey solution, whether that be our Eze Private Cloud or Eze Hybrid Cloud.”
The Eze Private Cloud is a very controlled environment. It contains a lot of components to do with private networking, client controls, data integrity controls, as well as enterprise standard security measures.
To adapt to the changing market landscape, Eze Castle Integration is able to offer all of its clients a hybrid cloud solution, if they wish, by combining the Eze Private Cloud with public cloud services.
As Coriaty explains, the hybrid cloud takes two things into account: “The standards that we put forth as best practices to our clients within the Eze Private Cloud, as well as all the regulatory requirements that alternative fund managers face. Then we connect key components of Microsoft’s public cloud.
“We have directly connected our private cloud with the Microsoft Cloud so that we can look at and control all the networking, the security components, as well as the end user experience.”
Tis the season of giving and the year of cybersecurity, so we’ve pulled together a top five list of gifts to (not give!) your friendly internet hacker – even though we’re sure they’d love them.
1. Unchanging Passwords: Cha-cha-changes
Whether you’re safeguarding your PC, mobile device or online presence, password security is the first and arguably most important step you can take to protect your sensitive information. And unfortunately, users often don’t put the necessary effort into creating strong, unique and secure passwords. Read up on the five hallmarks of a strong password strategy, including Diversity (different passwords for different sites), Frequency (change every 90 days) and Complexity + Length (make it hard to guess).
2. Outdated Patches
WannaCry is back in the headlines as the US blames North Korea for the massive May 2017 ransomware cyberattack that spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows.
This attack demonstrated the importance of effective patch management programs and services (think Eze Castle!) that ensure the timely implementation of system updates. As Brad Smith, president of Microsoft, wrote, “As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past.”
Our two-part feature covers the legal and IT considerations for launching a private equity firm. In Part 1 we talked legal considerations for launching a private equity firm. Now on to Part 2 where we will talk IT considerations. Be sure to watch the full webinar replay for deeper guidance from our expert Tim Kennedy, SVP of Eze Castle Integration.
On the technology side, there’s a lot to consider. Whether you’re spinning out of a successful fund or beginning your own venture from scratch, it’s imperative to have enterprise-grade IT when you’re managing and growing a portfolio of companies.
When selecting your IT provider, you want to consider these:
Company background and financials
Service team and org chart
Breadth of services
Information security policies & practices
Disaster recovery and business resilience
Do they have an extensive partner network? Can they leverage industry-leading vendor relationships for infrastructure, software, etc.?
Do they have a global presence? If your firm expands across the US or internationally, can they support additional offices?
Private equity firms are enjoying record buyout values in 2017, so it’s no surprise there’s growing interest in joining the industry. But successfully starting a private equity firm is not without its challenges.
During a recent webinar, we covered legal and IT considerations for launching a private equity firm with Monica Arora, Partner, Proskauer Rose LLP, and Tim Kennedy, SVP, Eze Castle Integration. Today, we are going to briefly review the legal considerations to help you navigate the competitive landscape for new private equity firms. Be sure to watch the full webinar replay for deeper guidance from our expert Monica Arora.
Key Points about Vehicles:
Fund Vehicle Limited Partnership, for U.S based funds, typically uses Delaware or Cayman Islands jurisdiction for a limited partnership
Limited Partners are your 3rd party investors
General Partners are your private equity firms
Fund Manager is a different entity, which is a special purpose vehicle that is typically created for each fund, is the bricks and mortor
There has been discussion for years about whether public or private cloud platforms were more suitable to financial and investment management firms. And that debate continues, but with the addition of a new player – the hybrid cloud.
While the public cloud receives praise for its flexibility and potential cost savings and the private cloud for its robust security and reliable performance, the hybrid iteration essentially marries these features to create a compelling package for firms who don’t fit naturally into the previous two categories.
As its applicability continues to surge, it is worth understanding the concepts and benefits behind the hybrid cloud. Let’s take a look at what makes hybrid environments appealing to some organizations:
Agility & Flexibility: A hybrid cloud model allows a company to combine public cloud assets with those in a private cloud to increase agility and availability. For example, combine Microsoft Exchange and file services via the public cloud with robust security layers and 24x7x365 managed support via the private cloud, and suddenly you’re benefiting from the best of both worlds (hint: we’re talking about the Eze Hybrid Cloud).
Risks are everywhere, particularly in today’s cyber-focused environment. But the risk a financial firm undertakes when outsourcing a function of its business to a service provider is enormous. Not only is the firm relinquishing control to an outside vendor, it also takes on the added burden of managing that company, in addition to its own.
I recently interviewed Eze Castle Cybersecurity and Data Privacy Analyst, Matt Donahue, and we spoke about how hedge funds, private equity firms and other alternatives can roll out and improve third party risk management programs.
Within an organization, where does the accountability for risk live and how do third parties fit into that structure?
Typically, when firms think about where responsibility and accountability live within their organization they mention compliance or information technology – when, in reality, there should be a sense of responsibility at almost every level. As we’ve noted before when talking about establishing a culture of security, tone should be set from the top down – and in this case, risk management responsibility starts at the top also.
If you’re making decisions with only a single lens on technology or cybersecurity or any one area – you’re missing the big picture. Senior execs bring a high-level view point that will help the risk management program align throughout the entire organization.
Below is an excerpt from our whitepaper, 'Cybersecurity for Private Equity'. Click here to download the full whitepaper.
As private equity firms become more dependent on outsourcing and adopt new technologies to support operations, the number of threats they expose themselves to increases exponentially. It can be a daunting task to stay on top of the new and evolving risks at hand, but meticulous attention needs to be employed to mitigate these ongoing threats.
Today’s hackers and cyber criminals are not only targeting IT systems, but humans as well. Attacks vary in target, size and motive, but all pose serious risks to your firm’s wellbeing, thus it’s vital to be aware of common threat types targeting your firm and the broader private equity community. Here are a few to be mindful of:
Ransomware threats are on the rise – WannaCry and Petya are just the beginning. To prevent future cyber threats from causing harm, financial and investment firms should employ security practices that include deep layers of protection. Here are five suggestions to keep in mind:
Back up. Unfortunately, hackers initiating ransomware attacks aren’t exactly on the up-and-up. After they’ve stolen your files and demanded a ransom, they claim files will be decrypted and restored – but those promises are typically dishonest. Odds are, even if you pay a ransom (which you shouldn’t!), your files won’t be decrypted. That means backups are the only way to successfully recover your data. Ensure you leverage a secure and reliable backup and recovery tool that will de-duplicate, compress, encrypt and securely transfer your data to an offsite data center.
Scan. To construct appropriate defenses against external threats, including ransomware attacks, financial firms should conduct regular vulnerability assessments on their networks. These assessments are critical to detecting actual and likely vulnerabilities, including potentially outdated patches. Vulnerability assessments scan for malware, viruses, backdoors, hosts communicating with botnet-infected systems, known/unknown processes and web services linking to malicious content.