When it comes to cybersecurity there are many factors that you need to be conscious of. During a recent webinar, speakers from Eze Castle Integration and Wolf & Company shared 10 of the most common cybersecurity gaps identified during an IT audit/risk assessment. We’ve listed the top 10 below and shared some particulars on a few of the most critical (in our opinion). For more detail on how these gaps are presenting themselves – and also best practices for avoiding them – click here to listen to the full webinar replay.
Top 10 IT Security Gaps
Risk Management and Governance
IT Asset Management
Social Engineering & User Training
Business Continuity Planning
Third Party Vendor Management
User Provisioning and Management
Incident Response Planning/Procedures
Risk Management and Governance
Responsibility and accountability for risk management starts in-house – and at the top. Even for firms that rely on third party outsourced providers, it’s imperative (and often overlooked) to establish governance controls and outline who internally maintains ownership of the firm’s security posture – and more broadly, who owns the firm’s risks.
During Part 2 of our Risk Outlook Webinar Series we spoke with Eze Castle Integration Director Dan Long about how investment firms should address evolving cybersecurity risks, third party service provider oversight and employee training and education. Many of the points Dan addressed highlight questions hedge funds and private equity firms should be asking themselves.
Read on or scroll to the bottom to watch the full, 30-minute replay.
What is our commitment to cybersecurity and what is our outlook on the future?
Regulators and investors continue to ask more questions about cybersecurity because they want to know that firms are effectively mitigating risk. To meet these growing expectations, firms must demonstrate that you take cybersecurity risk seriously and have implemented sound systems, policies and procedures to combat those risks. As the threat landscape and technology continue to evolve, investment management firms need to evolve accordingly and develop better ways to counteract threats. Firms don’t necessarily need to implement every available security technology, but they should be keenly aware of their options and have a plan to effectively mitigate as much risk as possible.
How are we addressing third party risk and oversight?
Investment management firms often rely on third party vendors to obtain functionality or capabilities that they need, want or can’t afford to produce on their own. But moving functions out of the firm's control can present challenges. With any outsourced function, the firm inherently takes on additional risks at the hands of the third party. But it's critical for investment managers to limit those risks through sufficient due diligence. To combat vendor risk, financial firms need to maintain strict oversight of all third party relationships and investigate security practices and protocols, particularly for those vendors who have access to the firm's confidential information. An outsourced vendor should be providing the same level of security (or better!) as your firm would if the function was under in-house control.
Are you like one of the millions of people pondering the answer to ‘what is hypervisor-based replication and how will it change my disaster recovery approach’? I know I was.
So, let me help you with that!
Our technology experts here at Eze Castle Integration spent some time in the lab testing and evaluating hypervisor-based replication and recently incorporated it into our Eze Disaster Recovery 2.0 offering. We think it delivers excellent benefits, but let’s start with the basics.
What is hypervisor-based replication?
TechTarget defines hypervisor-based replication as “a technology that automatically creates and maintains replicas of virtual hard disks or entire virtual machines (depending on the platform that is being used).” Analyst firm IDC goes on to say that this replication approach “protects virtual machines (VMs) at the virtual machine disk format file level rather than at the LUN or storage volume level, thus replication can be done without the management and TCO challenges associated with array-based replication.”
Hurricane Sandy created a path of devastation, disrupted countless lives and businesses, and taught us many lessons. Over the last week, here at Eze Castle Integration we have reflected on what we learned now that the lives of our employees and clients are slowly getting back to “normal.”
Communicate Openly & Often.
With Hurricane Sandy we had the “luxury” of knowing the storm was approaching, however, that isn’t always the case. Companies must have a communication plan that can be quickly initiated should an unforeseen disaster occur. We encourage clients to look into Automated Messaging Systems that allow notifications to be sent to all employees or clients simultaneously across multiple devices (i.e. home phone, work phone, cell phone, email).
Categorized under: Business Continuity Planning
Today there is no excuse for a hedge fund not to have a disaster recovery plan in place. Both investors and regulators have raised their expectations and want to be sure that appropriate safeguards are in place.
Private cloud solutions are ideally suited to meet a hedge fund’s requirements for backup storage and disaster recovery (DR) solutions. Additionally, the growing acceptance of cloud-based services has driven down the costs substantially, making these solutions highly economical for funds of all sizes.
While business continuity planning (BCP) focuses on the people and processes needed to keep a hedge fund or investment firm in business – such as selecting a backup work site for staffers in an emergency – DR solutions emphasize the technology necessary to support a firm’s operations. In both areas, firms need to understand their operational processes and specific risk landscapes.
Happy 5th of July!
We interrupt this holiday week to talk about how cloud services are expanding disaster recovery options for users of Storage Area Networks (SAN that is).
A traditional SAN-to-SAN disaster recovery scenario may rely on host-based replication technology transmitting data and applications between two mirror SAN environments. While this works for some firms, cloud technology presents a viable, cost-effective alternative where data and applications from a firm’s production SAN are replicated to a cloud environment for disaster recovery.