Eze Castle Integration Eze Castle Integration

Eze Castle Blog

6 Best Practices for Outsourcing IT

By Olivia Munro,
Thursday, May 23rd, 2019

IT outsourcing has become commonplace in the financial and professional services industries. More firms are now seeing the value in bringing in a partner or vendor, especially with the increase in new technology and constant innovation in IT. However, choosing a vendor or partner to manage your IT needs requires your time and consideration. Continue reading for some of Eze Castle Integration's best practices when looking to outsource IT for your firm.

Perform a self-assessment of your firm.

The first step when looking to outsource your IT needs is to do some reflecting on your firm's needs. Ask yourself the following:

  • What is right for your firm?

  • What are your firm's priorities?

  • What is the organization looking to achieve?

An assessment can help your firm find a compatible provider who understands your industry as well as your priorities and goals. 

Perform Due Diligence 

Once you know what you are looking for in a firm, it is crucial to perform due diligence on an IT service provider. Have they done projects similar to this before? Who are some of their clients? Are they familiar with the specific needs of your industry? You want to make sure that your firm is aligned with the provider in terms of expectations of service, project management, as well as expertise. 

Pick the Right Projects to Outsource

Not all projects should be outsourced. One common trend in the financial industry is outsourcing migration to the cloud. While a CTO or Director of IT could perform this in-house, it is a complicated project. Your firm has to consider which cloud model fits best with the organization.

Categorized under: Outsourcing  Operational Due Diligence  Launching A Hedge Fund  Hedge Fund Operations  Project Management 



5 Reasons Investment Management Firms are Considering Public Cloud

By Olivia Munro,
Tuesday, May 21st, 2019

Public cloud computing is growing in popularity among investment management firms. In the past, firms embraced cloud computing technology via the private cloud methodology due to its inherent security features and service and support model. Now, with technological advancements enhancing security, investment management firms are embracing the public cloud model. Continue reading to learn why the investment industry has warmed up to public cloud computing.

Agility, Flexibility and Scalability

The public cloud's flexibility, agility and scalability make it an ideal option for fast-growing or evolving investment firms. The ability to add or remove cloud computing resources as your business needs evolve provides flexibility (not to mention cost savings, but we'll get to that later). This also allows firms to deploy new applications, solutions or technologies in a timely manner and with greater ease.
 

To learn more about the public cloud, you can read Microsoft's whitepaper, "10 Myths About Moving to the Cloud"!

Categorized under: Cloud Computing  Security  Outsourcing  Infrastructure  Trends We're Seeing 



Cybersecurity: How Many Warnings Do You Need?

By Amisha Shah,
Thursday, May 16th, 2019

Cross-platform messaging app, WhatsApp, earlier this week announced that it was breached. This breach left users unknowingly vulnerable to malicious spyware installed on their smartphones. The security vulnerability affected both iPhone and Android devices, with WhatsApp urging users to update their apps as soon as possible.

In light of this security breach, today’s blog article will share some best practices to help firms keep their names out of the headlines. Sometimes it’s the basics we forget about so here are four evergreen tips we recommend businesses to follow for robust IT and infrastructure.

Tip #1 - Guard Your Network

In addition to utilising data centres and/or investing time and money into building and maintaining a secure Comms. Room for infrastructure and physical devices, firms are advised to ensure the right practices are in place to protect just as important nontangible assets, their networks.

WannaCry is still fresh in the mind of CISOs and IT managers, it stands as a reminder as to just how important it is to secure your business network. Here’s are some tips from our experts:

  • Carefully consider who requires access to your network along with the level of access needed on a per user basis. Granting unlimited access to only trusted users will reduce the chances of any malicious content being introduced to your network.

  • Creating strong passwords for all your networks is a must. Whilst this may seem an obvious thing to do, it can often be overlooked when passwords are being changed frequently in a bid to boost security. Our recent blog share tips on creating strong passwords.

Categorized under: Security 



Selecting the Right Digital Defenses in Public Cloud

By Eze Castle Integration,
Tuesday, May 14th, 2019

The most effective cloud data security strategies feature several protective layers. System-level defenses, which constitute the outermost layer, secure the so-called plumbing of the cloud, or the compute containers, networks, operating systems and the other overarching components that facilitate cloud-based connectivity. Application-level security features follow.

Data-level protections form the final layer, which stands as the last line of defense against cybercriminals on the technology front. Past these layers stand your end users, who require training to ensure they don’t compromise the whole strategy.

While cloud-computing vendors are responsible for developing and deploying the data security features included in the first layer, internal IT teams or managed service providers must build out the two remaining strata.

Many cloud application environments are subject to established data security tools that have proven effective over time, including:

Categorized under: Cloud Computing  Security 



Top Technology Challenges for CTO's in the Investment Industry

By Olivia Munro,
Thursday, May 9th, 2019

In the evolving technology landscape, coupled with regulatory concerns and investor demands, CTOs at investment management firms must be prepared for a host of complex technology challenges in today’s world. Here are some of the top challenges CTOs in the investment management industry are facing today:

1.) Data Security, Privacy and Governance

One of the top challenges, if not THE top challenge, for CTOs is cybersecurity. Troublesome threats include AI-driven cyber attacks, ransomware and malware attacks, phishing schemes and internal threats, among others. Cybersecurity programs require attention, expertise and consistent evaluation to ensure you have a robust security posture, and developing the proper protections, plans and programs is time consuming and challenging.

2.) Multi-cloud Computing Challenges

While cloud computing has grown in popularity and become more accepted by investment management firms, they were more comfortable with using the private cloud based on its inherent security. Now, due to advancements in security, more firms are incorporating the public cloud into their methodology. Challenges lie in every step, from planning and deciphering which cloud model best fits their firms' needs, to implementing and securing the cloud, managing vendors, and educating employees and other internal and external stakeholders. 

3.) Compliance Regulations and Audits

All businesses in the financial space need to be especially cognizant of the regulatory bodies and compliance requirements specific to their industry. Compliance audits ensure that the firm is adhering to the regulatory guidelines and drive all technology related decisions. Failure to maintain compliance can result in hefty fines or legal action. This responsibility often falls on the CTO, and it is no easy job to maintain compliance across an investment firm.

4.) Strategic Investment in Technology and Budgetary Concerns

In general, IT budgets are growing among investment management firms, and with the progressive and evolving technology landscape, new tools, technologies and services appear and create tough choices regarding budget spend. CTOs must evaluate which tools are useful, valuable, and trustworthy for the organization. For some CTO's, getting management buy-in for new technologies is a challenge of its own. On the other hand, for some CTOs convincing the management team that a technology or tool isn't the right fit for the firm is the challenge.

5.) Finding Talent

According to our 2019 Global Investment Management IT Survey, respondents indicated that lack of in-house cybersecurity talent was a top 5 concern for 47% of UK businesses and 22% of businesses in the US. The talent pipeline depends on potential hires and their skill sets, and the shortage of talent in general, specifically in security, cloud computing, data analytics and business analytics.

Download out eBook to read the full list of top technology challenges for CTO's and how to avoid them.

Categorized under: Trends We're Seeing  Cloud Computing  Security  Operational Due Diligence  Outsourcing  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Project Management 



Is Your CFO in the London Blue Hacker Database? Be Prepared

By Mary Beth Hamilton,
Tuesday, May 7th, 2019

Hacker groups continue to become more sophisticated and targeted in their attacks. Case in point is the “London Blue” hackers organization, which is called “one of the most notorious business email compromise hacking groups.”

London Blue has created a database of 50,000+ executives, who they impersonate in wire transfer request emails to company finance department. The spear phishing emails appear real and convey a sense of urgency. According to security provider, Invinsec, the group compiled the list by “looking for people with the positions of CFO, CEO, Executive Assistant of CFO and other financial related positions in websites like LinkedIn.”<

Preparing Your Employees

Here are three recommendations firms should follow to avoid becoming prey.

  1. Wire Transfer Processes: Establish a strict wire transfer and validation process that employees must follow regardless of the request originator – i.e. even if the CEO stats they transfer is urgent your employees must still follow protocol. As for protocol, at a minimum you should require a two-step verification, including a phone verification if the request comes via email. Additional recommendations provided by Invinsec include:

    1. “Have separation of duties so that a single employee cannot transfer large sums of money alone. Having a second approver makes it much more likely that an erroneous transfer request will be spotted before being executed; and

    2. Follow strict methods for requesting transfers, establishing whether an email from C-level executives is an approved request mechanism.”

  2. Monitor the Dark Web: User credentials are for sale across the Dark Web, which makes it imperative for firms to have a monitoring program in place. Here at Eze Castle Integration we offer Eze Dark Web Monitoring, which continuously scans the Dark Web for user credentials and then takes automatic action if a compromise is discovered.

Categorized under: Security 



World Password Day – How to Protect Your Credentials on the Dark Web

By Eze Castle Integration,
Friday, May 3rd, 2019

To celebrate World Password Day, continue reading to learn about password safety best practices! Stolen credentials like usernames and passwords and account takeover (ATO) instances are increasing at an alarming rate. This can occur when credentials are stolen and sold to the highest bidder on the dark web. This can wreak havoc on a firm's reputation, relationships, and finances. Continue reading to learn about password safety best practices.

Passwords like “12345” or “password” are very predictable, as are consecutive letters. To ensure the safety of your password and privacy, be sure to:

  • Keep the password complex, i.e. incorporate letters, numbers, and symbols and that change often. By doing so, this alleviates the option of someone cracking the code of your password. Additionally, aim for a long password (think 8 characters) - the longer the password the better, and same goes for complexity.
     

  • Avoid using personal information in your password that may be easy for someone to figure out. Things to avoid include your name, address, date of birth, pet’s name and children’s names. Instead, make up a sentence and use the first letters. For example, 'I love creating complex passwords with eight characters!' turns into this password: Ilccpw8c! 
     

  • Make sure your passwords vary across different platforms – switch it up. It is okay to use the same word, but be sure to change it up by capitalizing different letters, or substituting letters for numbers such as changing an “e” to “3”.
     

Categorized under: Security  Operational Due Diligence  Trends We're Seeing 



Top Questions to Ask a Cloud Service Provider

By Amanda Daly,
Tuesday, April 30th, 2019

Once you’ve decided to adopt cloud computing, it’s time to begin your search for a cloud services provider.

Likely, the first you will come across when looking for a cloud service provider is that there are many cloud service providers (CSP) out there. So, how do you know which provider is the right one for your investment firm? Following are five attributes to look for when vetting a cloud consultant:

  • Depth and Quality of Staff

  • Strong Communication Skill

  • A Proven Strategy

  • Experience in Cloud Deployment

  • Deep Security Knowledge

Categorized under: Cloud Computing  Outsourcing 



Six Questions to Ask About Your Investment Firm's Cybersecurity Risk

By Eze Castle Integration,
Thursday, April 25th, 2019

For investment management firms to embrace a security-first approach, they must regularly audit and evaluate their cybersecurity risk profile and adjust as necessary based on the evolving security landscape and technological advances. Continue reading for six questions your firm should reflect on regarding their cybersecurity risk profile.

What is our commitment to cybersecurity and what is our outlook on the future?

Regulators and investors continue to ask more questions about cybersecurity because they want to know that firms are effectively mitigating risk. To meet these growing expectations, firms must demonstrate that you take cybersecurity risk seriously and have implemented sound systems, policies and procedures to combat those risks. As the threat landscape and technology continue to evolve, investment management firms need to evolve accordingly and develop better ways to counteract threats. Firms don’t necessarily need to implement every available security technology, but they should be keenly aware of their options and have a plan to effectively mitigate as much risk as possible.

How are we addressing third party risk and oversight?

Investment management firms often rely on third party vendors to obtain functionality or capabilities that they need, want or can’t afford to produce on their own. But moving functions out of the firm's control can present challenges. With any outsourced function, the firm inherently takes on additional risks at the hands of the third party. But it's critical for investment managers to limit those risks through sufficient due diligence. To combat vendor risk, financial firms need to maintain strict oversight of all third party relationships and investigate security practices and protocols, particularly for those vendors who have access to the firm's confidential information. An outsourced vendor should be providing the same level of security (or better!) as your firm would if the function was under in-house control.

Categorized under: Security  Outsourcing  Private Equity  Hedge Fund Operations  Hedge Fund Regulation  Business Continuity Planning  Videos And Infographics 



Five Qualities to Look for in a 24x7 Help Desk

By Kulvinder Gill,
Tuesday, April 23rd, 2019

When evaluating technology providers, there are a number of factors to consider when determining which is the best fit for your firm. One important, and often overlooked, criterion is the quality of the Help Desk. Firms rely heavily on technology, but no technology is completely infallible. In the event of an unexpected issue, having a knowledgeable, experienced Help Desk at your fingertips is essential.

So, what makes an exceptional Help Desk?

In today's blog article, we will take a look at some critical considerations and provide guidelines for what to look for when selecting a Help Desk provider for your firm. 

Categorized under: Help Desk  Trends We're Seeing 



Recent Posts / All Posts / Next Page


 

Subscribe

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Recent Articles

Categories

Archives