Recently, Eze Castle Integration moved office locations in London. In fact, we had just finished moving into our office, and minutes later the London Bridge attack occured. Fortunately, all of our employees were safe, but the next day our office was closed due to the ongoing investigation. WIth an updated business continuity plan in place, Eze Castle employees were still able to run business operations as usual.
Take our real-life scenario as a lesson that even if you have security in place, disaster scenarios can still happen either directly or indirectly, so it is best to be prepared.
What does developing a business continuity plan entail?
Step 1: Identify by utilizing risk assessments
Step 2: Analyse the effects on your business (Business Impact Analysis)
Step 3: Design, execute and implement a strategy
Step 4: Measure- Plan testing, training and maintenance
We spend a lot of time making suggestions and recommendations about what financial and investment firms should do when it comes to their technology. And while it might sometimes seem obvious, we also think it wise to remind firms what not to do from time to time. In fact, the following technology pitfalls are prime examples of what not to do with respect to your firm’s IT.
Set IT and forget IT.
Technology isn’t evergreen, and it certainly isn’t infallible. With so many investment firms today reliant on managed service providers to support their IT operations, vendor management has become a critical area of importance. IT outsourcing provides great opportunity for firms to rely on experts to manage infrastructure updates, maintenance windows and network upgrades, but the onus remains on your firm to ensure your technology is up-to-snuff and meets not only your demands but those of investors and regulators as well. A “set IT and forget IT” strategy won’t work here; even via outsourcing, your IT management responsibilities fall on you.
Plan your infrastructure only for the short-term.
A crucial mistake often made by funds is not planning for the future. From the earliest pre-launch meeting, you should be thinking about what your firm will look like and what technology you will require down the road. Planning out two to three years in advance is recommended in order to reap the most benefits with regard to your infrastructure. Plus, if you don’t plan ahead, you may wind up incurring more costs and dealing with a much bigger headache if technology decisions need to be made unexpectedly (e.g. cloud and data migration).
Categorized under: Hedge Fund Operations Cloud Computing Security Operational Due Diligence Outsourcing Disaster Recovery Hedge Fund Regulation Infrastructure Business Continuity Planning Trends We're Seeing
This article first appeared on Hedgeweek as part of their 'Cybersecurity in Europe 2017' Special Report.
According to the PhishMe 2016 Q3 Malware Review, the proportion of phishing emails containing ransomware grew to 97.25 per cent in Q3 last year. This is a threat that is becoming more sophisticated, and more targeted. Not only that, but the frequency of attacks is at an all-time high.
"As people become better aware of what a phishing attack is, so the sophistication of attacks targeting individuals and organisations becomes greater," says Dean Hill, Executive Director, Eze Castle Integration.
This is also being driven by continued investments in technology, making it harder for hackers to breach organisations. There is, in effect, an arms race between organisations and hackers, each trying to stay one step ahead of the other.
Stephen Banda is Senior Product Manager at Eze Castle Integration. Discussing the more targeted nature of phishing attacks, he says: "They are doing a really good job of mimicking an email that might genuinely have come from the CEO. It's difficult for the recipient to discern this unless they really take care to look at the email signature – is there a 1 being used instead of an I, for example, in the person's email name?"
The most vital asset a business controls is its information. As the driver of many business processes, data is a powerful tool, and therefore has to be secure, accurate and accounted for. When this sensitive information gets into the wrong hands, it can cause serious damage to a firm’s business operations and reputation.
Types of dirty data
Forgotten data poses a critical security risk to financial firms. This type of data includes old reports, archived emails, outdated customer information and information that is stored on devices you may not realize (e.g. flash drives, scanners, printers, and video conference equipment). Verizon’s 2008 Data Breach Investigations Report found that 66 percent of breaches involved forgotten data that companies were unaware was in their systems.
Duplicate data, similar to forgotten data, is a danger to firms because it is sometimes unknown that copies exist. Backup files can be misplaced and left behind, leaving hackers with additional access points into your network.
Outdated or incomplete data is information that employees hold on to. Whether it is old client contact information, employee information or corporate presentations, data that is not current and, hence, unneeded in your environment adds an additional access point into your systems.
Categorized under: Security
Last month, the Eze Castle Integration team in London celebrated its 10th anniversary. The momentous milestone was marked with a staff party at a traditional pub on the River Thames with panoramic views of the city. I recently sat down with Simon Eyre, director of service, who was one of the three employees transferred over from New York to help setup the London office, to talk about the ten years in an ever-changing technology landscape and look into the future.
Wishing all of our clients, partners and friends a happy and safe Fourth of July!
Categorized under: Communications
In this interview, Eze Castle's Chief Strategy Officer, Mark Coriaty, discusses the emergence of the hybrid cloud and why some financial and investment firms are taking a closer look. NOTE: This article first appeared on Hedgeweek and Private Equity Wire.
Talk about the advancement and evolution of cloud services in recent years and how we’ve ended up where we are.
MC: If you step back and look at the landscape over the last four or five years, we have seen a lot of changes both on the technology front, as well as within the financial markets. Whether the result of fund raising challenges or increasing regulatory demands, the landscape for alternative fund managers has changed significantly.
We’ve therefore had to adapt to the market and this includes three different components: service, technology, and networking/security. With all the different regulatory bodies and demands from standards boards and governments, we needed to make sure we were providing a solution to our clients that a) met those requirements and b) was up to par with the security measures that we pride ourselves on at Eze Castle.
When you look at the Eze Private Cloud, it is a very controlled environment. It features a number of components related to private networking, client controls, data integrity controls, as well as enterprise-standard security measures. But as the public cloud has started to become more popular and mature in recent years, firms have started to pay closer attention to it.
Typically, this is because the cost structure is scalable. If you look at major providers like Amazon, Microsoft and Google, they have enough scale in their infrastructure such that it becomes less expensive for the customer to use the public cloud. However, when you analyse what they deliver versus the requirements of a lot of investment firms, oftentimes those requirements supersede what these large public cloud providers can offer.
Hence the hybrid cloud.
Here at Eze Castle Integration we take great pride in listening to our clients and the market as a whole. It is this approach that led us to build the hedge fund industry’s first Private Cloud, which today supports firms around the globe. It is also the catalyst behind our newest cloud offering, Eze Hybrid Cloud.
The Eze Hybrid Cloud combines our premier Eze Private Cloud with Microsoft Cloud services to deliver a secure and flexible environment fully managed by Eze’s world-class service organization.
The Eze Hybrid Cloud innovation was born of Eze Castle Integration’s years of private cloud experience, deep Microsoft partnership and award-winning service organization. Eze Hybrid Cloud draws layers of security and resiliency from the Eze Private Cloud, applications from the Microsoft Cloud and 24x7x365 expert support from the Eze global service team.
Categorized under: Cloud Computing
This article first appeared on Hedgeweek and Private Equity Wire as part of Eze Castle Integration's Technology Resource Center.
Just a decade ago, the cyber threat landscape was far less pronounced, but thanks to significant advances in IT, mobile technology and digital platforms, the the threat of cybercrime has grown exponentially and poses risks across the global industry and for national critical infrastructure (power stations, hospitals, dams, financial services).
As managers in the financial services industry increasingly adopt digital technologies, they increase the number of attack surfaces and weakness points within their networks. As a fund manager introduces a new counterparty into their network, the exact increase in risk is unknown but it may likely be substantial.
“Unless you are running a shutdown, fully closed network environment, the reality is you are always going to have the risk of someone trying to gain access to your network,” says Mark Coriaty (pictured), Chief Strategy Officer, Eze Castle Integration.
“That said, when you look at the different technologies that exist today – next generation firewalls, endpoint protection, active threat protection – there are many ways to keep on top of cyber risk. These layers of protection can be enhanced by real-time monitoring by security analysts. Companies that operate a security operations centre (SOC) can bring a human level of interaction too. They will proactively monitor for active threats across thousands of networks, which gives them an advantage in identifying and preventing intrusions."
Technology is only effective if it’s supported by a robust network infrastructure. And despite that you can’t see it, your network is one of the most powerful (and underrated) components to your IT operations.
During a recent webinar, Eze Castle Integration's VP of Network Services, Mike Abbey, discussed trends in networking technology and highlighted the power behind your firm’s network. Some areas he explored during the 20-minute discussion include:
How private networks differ from traditional Internet lines
Why global private networks are particularly advantageous for financial and investment management firms
How Internet of Things devices - and the multitude of devices in general - are impacting network infrastructure requirements (speed, bandwidth, etc.)
What benefits/advantages firms can gain from direct peering and connectivity