In a recent webinar, members from the Eze Castle team talked about the security layers that are essential to cloud security for all investment firms. Topics for discussion include:
How to approach a security-first strategy to cloud systems
Defining the essential security layers from the outside in
Must have security safeguards from multi-factor authentication to employee training techniques
To start, we typically find three points in time when it makes the most sense for an existing firm to evaluate a move to the cloud. This includes during an office relocation, adding new applications, and an IT refresh.
Office relocation: This is an ideal time to evaluate your IT environment to determine if a refresh is around the corner. Often it doesn’t make sense to invest in moving a Comm. room that will require a refresh in the near term. We have found that migrating to a cloud environment prior to a relocation can be ideal because it makes the move very low risk and simplifies the process.
New applications: The cloud, of course, is great for applications because it gives firms flexibility to add on as their businesses grow.
Technology refresh: Hardware will typically run a lifecycle of 3 or 4 years before it needs to be refreshed. If you’re getting to that point where your servers and other hardware are getting stale, and if you’re going to be investing in new technology and upgrades anyway, it’s the perfect time to evaluate a cloud solution.
Categorized under: Cloud Computing
The following is an excerpt from Microsoft’s “Four Technology Trends Helping Businesses Thrive” eBook. The full article is available here.
Cloud computing is no longer just a buzzword.
Cloud technology sets the foundation of transformation for businesses. The adoption of cloud services worldwide has continued to accelerate at an incredible pace. For almost all industries, the cloud changes how people work, where people work, and the way people do business. While cost reduction is still a top priority, scalability and business agility have stepped to the forefront as primary reasons businesses are adopting cloud solutions.
The next generation of business applications in the cloud allow businesses to start with what makes the most sense for their business now, and easily extend and modify as their business needs change over time without IT complexity and disruption to their business. With the right service provider and the right applications in the cloud, even complex business processes can be moved to the cloud with confidence.
“By 2020 clouds will stop being referred to as ‘public’ and ‘private.’ It will simply be the way business is done and IT is provisioned.” – IDC
Digital transformation is taking connectivity to new heights.
We recently surveyed small and mid-sized business owners and employees to understand their most challenging problems. Lost productivity spent working across multiple systems that don’t talk to each other was a common issue reported by business owners and IT managers. Disconnected systems cause manual processes, duplicate entries, and reports that are out-of-date before they finish running. Lack of visibility hinders decision-making and puts the longevity of your business at risk.
For businesses to survive and thrive in this new era, they must embrace digital transformation. But what is digital transformation? A simple definition is the use of digital technologies, such as mobile, social, analytics, and cloud to transform how people work and businesses operate. Less-mature digital businesses are focused on solving discrete business problems with individual digital technologies. The businesses that are connecting their processes, systems, people, and data are able to get deep insight into what’s happening in their business. They are also able to anticipate what will happen and capitalize on that insight quickly.
Categorized under: Cloud Computing
Cybersecurity experts are universally quoted as saying “not if but when” with respect to cyber security attacks and breaches. A 2018 Data Threat Report1 found that 73% of US global enterprises have been breached and the rate continues to increase. Additionally, another study found that hacker attacks of computers with Internet access occur every 39 seconds on average2.
These statistics reinforce the reality that every firm is a target and ever target has a potential weakness. That is why preparedness and response on top of security layers are so important.
Let’s walk through a potential cyber incident to demonstrate how a well-crafted security strategy works in the face of an attack.
A user’s password credentials are compromised allowing an attacker to access a legacy remote access application without multi-factor authentication enabled. The compromised account is a basic user who does not have advanced, executive or privileged credentials.
The Incident Response:
The organization is alerted to the credential compromise based on suspicious activity, which is immediately reported to the IT department, who disables the user’s account and all computing sessions associated with the user account. It is also escalated to the organization’s Computer Security Response Team.
The Computer Security Response Team immediately jumps into action, taking the following remediation steps.
Categorized under: Security
With the new year now upon us, what better time to create your 2019 resolutions for your firm's IT strategy! As we know, the threat landscape is constantly evolving, cloud computing has gained momentum and is now widely accepted in the investment management industry, and new technologies and trends are emerging to support firms with their IT and operational needs.
Continue reading for Eze Castle Integration's recommendations for IT resolutions for 2019:
1.) Create a Cybersecurity Incident Response Plan
As the experts in the industry say, it's not if, but when, a cybersecurity incident will occur. According to a recent report by TechCrunch, cyber attacks are set to spike again in 2019, meaning firms need to continue to stay on top of cybersecurity best practices, utilizing layers of security to protect sensitive data, of course, have a Cybersecurity Incident Response Plan. This includes creating an Incident Response Team consisting of members throughout different departments in the organization, and mapping out the steps to take before, during and after a security incident.
Building on this, developing a Written Information Security Plan, or a WISP, is critical to securing your information, but also required if your firm is registered with the SEC. Having documentation of your firm's plan and systems in place to protect personal information and sensitive company information can help mitigate threats and risk against and protect the integrity, confidentiality, and availability of your firm's data.
3.) Create a comprehensive employee security training program
If you don't have an employee training program, it is critical that you create one in 2019. If you already have an existing employee training program, you must periodically audit this program, ensuring it is both effective and current. Having a managed phishing and training program is an effective way to train employees on how to spot and report phishing and social engineering attempts. These simulated phishing attacks against your employees provide real-time and interactive training.
We'd like to take this moment to wish all of our clients, partners, friends, and colleagues Happy New Year 2019!
Categorized under: Trends We're Seeing
As we wrap up 2018 and start looking forward to 2019, we thought it would be helpful to share some of our favorite cybersecurity articles from this year!
You may also want to check out the launch of our online Cybersecurity Information Center, three new whitepapers and a series of educational webinars.
Now is the perfect time for firms to reflect on what’s often classed as a key contributing factor to cyber breaches – its employees. We hate to admit it, but human error tends to be the weakest link of any defense practices firms have in place. The IBM X-Force Threat Intelligence Index 2017 advises that simply having the right technology is not enough to ensure protection from threats we’ve seen grow in frequency and sophistication, of late. Reputable airline, British Airways, is one of many businesses to fall victim to a reputation damaging data breach in 2018, compromising the personal and financial details of approximately 380,000 customers.
Read more on how to build a strong human firewall for your firm here.
With the holiday season upon us, we'd like to take this moment to wish all of our clients, partners, friends, and colleagues Happy Holidays and a healthy, successful 2019!
As hedge funds continue to grow and prosper, the need for a “one-stop shop” IT
provider is becoming increasingly necessary. As a fund manager, your job is demanding enough; therefore, finding one company that can hone in on your technology needs and quickly provide solutions is a smart investment, as well as a good relief. Here are a few of the main benefits firms can realize in working with a single, all-inclusive IT provider.