Wishing all of our clients, partners and friends a happy and safe Fourth of July!
Categorized under: Communications
In this interview, Eze Castle's Chief Strategy Officer, Mark Coriaty, discusses the emergence of the hybrid cloud and why some financial and investment firms are taking a closer look. NOTE: This article first appeared on Hedgeweek and Private Equity Wire.
Talk about the advancement and evolution of cloud services in recent years and how we’ve ended up where we are.
MC: If you step back and look at the landscape over the last four or five years, we have seen a lot of changes both on the technology front, as well as within the financial markets. Whether the result of fund raising challenges or increasing regulatory demands, the landscape for alternative fund managers has changed significantly.
We’ve therefore had to adapt to the market and this includes three different components: service, technology, and networking/security. With all the different regulatory bodies and demands from standards boards and governments, we needed to make sure we were providing a solution to our clients that a) met those requirements and b) was up to par with the security measures that we pride ourselves on at Eze Castle.
When you look at the Eze Private Cloud, it is a very controlled environment. It features a number of components related to private networking, client controls, data integrity controls, as well as enterprise-standard security measures. But as the public cloud has started to become more popular and mature in recent years, firms have started to pay closer attention to it.
Typically, this is because the cost structure is scalable. If you look at major providers like Amazon, Microsoft and Google, they have enough scale in their infrastructure such that it becomes less expensive for the customer to use the public cloud. However, when you analyse what they deliver versus the requirements of a lot of investment firms, oftentimes those requirements supersede what these large public cloud providers can offer.
Hence the hybrid cloud.
Here at Eze Castle Integration we take great pride in listening to our clients and the market as a whole. It is this approach that led us to build the hedge fund industry’s first Private Cloud, which today supports firms around the globe. It is also the catalyst behind our newest cloud offering, Eze Hybrid Cloud.
The Eze Hybrid Cloud combines our premier Eze Private Cloud with Microsoft Cloud services to deliver a secure and flexible environment fully managed by Eze’s world-class service organization.
The Eze Hybrid Cloud innovation was born of Eze Castle Integration’s years of private cloud experience, deep Microsoft partnership and award-winning service organization. Eze Hybrid Cloud draws layers of security and resiliency from the Eze Private Cloud, applications from the Microsoft Cloud and 24x7x365 expert support from the Eze global service team.
Categorized under: Cloud Computing
This article first appeared on Hedgeweek and Private Equity Wire as part of Eze Castle Integration's Technology Resource Center.
Just a decade ago, the cyber threat landscape was far less pronounced, but thanks to significant advances in IT, mobile technology and digital platforms, the the threat of cybercrime has grown exponentially and poses risks across the global industry and for national critical infrastructure (power stations, hospitals, dams, financial services).
As managers in the financial services industry increasingly adopt digital technologies, they increase the number of attack surfaces and weakness points within their networks. As a fund manager introduces a new counterparty into their network, the exact increase in risk is unknown but it may likely be substantial.
“Unless you are running a shutdown, fully closed network environment, the reality is you are always going to have the risk of someone trying to gain access to your network,” says Mark Coriaty (pictured), Chief Strategy Officer, Eze Castle Integration.
“That said, when you look at the different technologies that exist today – next generation firewalls, endpoint protection, active threat protection – there are many ways to keep on top of cyber risk. These layers of protection can be enhanced by real-time monitoring by security analysts. Companies that operate a security operations centre (SOC) can bring a human level of interaction too. They will proactively monitor for active threats across thousands of networks, which gives them an advantage in identifying and preventing intrusions."
Technology is only effective if it’s supported by a robust network infrastructure. And despite that you can’t see it, your network is one of the most powerful (and underrated) components to your IT operations.
During a recent webinar, Eze Castle Integration's VP of Network Services, Mike Abbey, discussed trends in networking technology and highlighted the power behind your firm’s network. Some areas he explored during the 20-minute discussion include:
How private networks differ from traditional Internet lines
Why global private networks are particularly advantageous for financial and investment management firms
How Internet of Things devices - and the multitude of devices in general - are impacting network infrastructure requirements (speed, bandwidth, etc.)
What benefits/advantages firms can gain from direct peering and connectivity
Watch below or click here for our full webinar.
Keeping up with the myriad of cyber security requirements expected of today’s financial firms is a daunting – and sometimes unachievable – task. This list continues to grow in size and scope, and remembering how often to perform tests or when to change passwords is a growing challenge for CTOs and business execs responsible for technology.
To assist in guiding your firm with its cyber plan implementation, we’ve outlined a basic calendar of security reminders to help you stay on track. Listed in order of frequency, here’s how often you should plan to take these security steps:
3 months: Change your passwords.
At least every 90 days, we recommend changing your network, system and application passwords to prevent intruders from gaining unauthorized access. Remember: password creativity is critical, and password re-use is a big no-no.
3-6 months: Conduct a simulated phishing exercise.
Phishing is one of the most effective, and thus dangerous, social engineering scams in use today and threatens to deceive and manipulate users into opening gateways, sharing confidential information or, in many cases, making financial transactions. Simulated phishing exercises (whether conducted by your firm itself or via a managed service provider) are the most effective way to test users’ knowledge of email threats and train them to be cyber aware. Most firms opt to perform quarterly phishing tests, but semi-annual exercises are commonplace also.
We recently sat down with Matt Donahue, Security/Data Privacy Consultant and Steve Banda, Senior Product Manager, to discuss cyber security trends in the family office space, as well as what steps these and other wealth management firms can take to prevent cyber-attacks. NOTE: This article originally appeared in MarketCurrents' Technology Trends - Family Office Series 2017.
What are the biggest cybersecurity threats investment management firms face?
There are constant threats facing organizations internally and externally, especially within the financial industry. One of the biggest issues is that the cyber threat landscape is continuously evolving. Hackers are trying to compromise firms in a number of ways – from phishing and social engineering to ransomware. It’s becoming much like an arms race, where both sides (hackers and criminals vs. security firms and CISOs) are diligent, organized, and well-funded, each gaining and losing the upper hand on a daily basis.
From an internal perspective, threats emerge as a result of employees being inadequately trained, falling prey to social engineering scams or not following corporate policies. They also come from technology gaps including outdated IT systems, lack of patch management and other shortcomings that could have been addressed by vulnerability assessments.
Building on the importance of vulnerability assessments, firms should recognize that hackers are always scanning to identify holes and gaps that may provide an opportunity to breach an environment. This risk reinforces the importance of technology security defenses including next-generation firewalls, intrusion detection and prevention systems (IDS/IPS) and penetration testing. Ultimately firms want to close gaps and make IT environments unappealing to hackers.
Earlier this week, our friends at Proofpoint released their 2017 Human Factor Report, which shines a light on the role individuals play in protecting organizations against cyber security threats. The trends highlighted in the report reinforce a number of ongoing trends we’ve written about before, notably the growing threat of phishing scams and business email compromise. Let’s review some of the key findings.
Hackers are consistently impersonating your CEO.
According to Proofpoint, business email compromise attacks increased 45% in Q4 2016 (compared to Q3). These types of attacks consistently involve hackers posing as firm CEOs and requesting wire transfers and sensitive material disclosures from CFOs and other internal contacts. Compromises of this nature can be extremely damaging – and avoiding them requires diligence on the part of individuals to execute checks and balances internally to review and approve any material handoffs or financial transactions.
Email isn’t the only way hackers are phishing users.
Email may be the most popular way to target individuals with phishing scams, but SMS/text scams are widely growing in popularity. Oftentimes, individuals are more keen to open messages or click on hyperlinks from their mobile devices, giving weight to these “smishing” scams. Additionally, social media phishing continues to grow. Sometimes known as “angler phishing”, in these cases, hackers pose at company support accounts and take advantage when users request support or customer service from various organizations. This is an easy way to goad users into sharing their credentials or clicking on malicious links/attachments – and Proofpoint reports an increase in occurrences by 150% in 2016!
The recent tragic attacks that occurred in London remind us all that we can never be too prepared for an emergency situation. Therefore we are republishing this article that provides some key reminders to help ensure the safety of your employees and the business continuity of your firm during these types of disaster scenarios.
Assessing the Scenario
Every scenario is different and lends itself to a certain degree of impact, whether it’s confined to an office building or a broader regional impact. Start with ensuring that your employees are accounted for and in a safe location. Then consider: will the events at hand impact their ability to continue with their jobs? Obviously, if the office space is affected, a secondary location may come into play, or firms may opt to allow employees to work remotely. Next, review critical business systems, data and resources. Are your data and assets up and running so employees can continue business functions? Are phone systems or email functioning properly?
Internal and External Communication
Depending on the severity of the situation, you’ll need to determine the level of communication to both internal and external parties. If the event or disruption will impact employees getting to or from the office or if the building is inaccessible, obviously you’ll need to notify personnel. If there may be an impact to the business itself (trading, for instance), you may want to communicate with external parties such as investors, business partners, and/or regulators. It’s helpful to have a communication plan in place to guide this process. And remember: all communications should be reviewed and approved by the individual(s) overseeing the business continuity program and the plans associated with it.
Categorized under: Business Continuity Planning
There’s a lot hackers can do to wreak havoc for private equity and other investment firms – and it extends far beyond forcing users to change their passwords. In fact, with their roguish hands on the right information, the consequences can be downright destructive for a firm’s business operations and integrity.
Systems & Network Access
Of course, with stolen passwords and login credentials, hackers can gain access to company systems and networks – not an insignificant feat. Unfortunately, we’ve seen many cases over the years where users rely on reused passwords across multiple systems – meaning when a hacker deciphers a password, it’s a profitable gateway beyond a user’s individual email account.
That said, within that email account alone, a number of critical dangers await. For example, inside your email, a hacker can access, send and delete communications at will, potentially intercepting company sensitive material, financial data or personal details they can use to further infiltrate your network.
They can also easily decipher the corporate hierarchy and capitalize on relationships with those responsible for company payments and financials. For instance, they may send a phishing email to your CFO, posing as you, requesting a fund transfer to a provided bank account number – and depending on your role within the firm, this could be considered routine and easily executed upon.
Beyond email, if a hacker gains entry to your firm’s network, they may also get their hands on company files, personnel information, financial reports, and more.