Eze Castle Integration

Cloud Forum Blog

> Subscribe to Blog Entries about Trends We're Seeing

Top 10 IT Security Audit Gaps and How to Avoid Them

Posted by Katelyn Orrok on Tuesday, April 11th, 2017

When it comes to cybersecurity there are many factors that you need to be conscious of. During a recent webinar, speakers from Eze Castle Integration and Wolf & Company shared 10 of the most common cybersecurity gaps identified during an IT audit/risk assessment. We’ve listed the top 10 below and shared some particulars on a few of the most critical (in our opinion). For more detail on how these gaps are presenting themselves – and also best practices for avoiding them – click here to listen to the full webinar replay

Top 10 IT Security Gaps  

  1. Risk Management and Governance

  2. IT Asset Management

  3. Vulnerability Assessments

  4. Patch Management 

  5. Social Engineering & User Training 

  6. Business Continuity Planning

  7. Multi-Factor Authentication

  8. Third Party Vendor Management 

  9. User Provisioning and Management 

  10. Incident Response Planning/Procedures 

Risk Management and Governance

Responsibility and accountability for risk management starts in-house – and at the top. Even for firms that rely on third party outsourced providers, it’s imperative (and often overlooked) to establish governance controls and outline who internally maintains ownership of the firm’s security posture – and more broadly, who owns the firm’s risks. 

Categorized under: Security  Operational Due Diligence  Outsourcing  Private Equity  Hedge Fund Operations  Infrastructure  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



Stuck on the Technology Treadmill? A Case for Hedge Fund Managed Services

Posted by Kulvinder Gill on Tuesday, March 28th, 2017

The technology treadmill is a tough place to be these days. Technology refresh cycles last only a mere three years, forcing firms to replace their infrastructures and make costly software and hardware upgrades on a too-frequent basis. And with hedge fund budgets tighter than ever, many firms cannot afford to stay on this path.Hedge Fund Cloud, 5 Reasons, hedge fund technology

But the hedge fund technology treadmill is not a firm’s only option. Costly in-house, 'traditional' IT services have given way to more cost-effective outsourced IT and managed services that get firms off the treadmill and on a path to success.

Let’s have a look at some of the key reasons why hedge funds and other investment management firms are moving from on-premise technology infrastructures to cloud and managed services.

Keys factors driving hedge funds to managed services

Many firms are turning to managed IT services because it allows them to align their IT requirements with their business needs, including tighter control on budgets and staff. Moving to a managed service platform provided by a reputable outsourced IT provider not only makes it easier to deploy technologies, but also allows firms to benefit from platforms inherently designed to meet the constraints of limited IT resources and budgets.

Categorized under: Cloud Computing  Security  Outsourcing  Infrastructure  Trends We're Seeing 



10 Questions to Ask Your Cloud Services Provider

Posted by Kaleigh Alessandro on Thursday, February 9th, 2017

When evaluating a cloud services provider there are a lot of factors to take into consideration: features & functionalities, security protections, provider experience, and industry certifications just to name a few. We've identified some of the most important questions today's investment management firms should be asking cloud services providers during the selection process.

Five or seven years ago, these questions would probably be fairly basic in nature. Does the infrastructure isolate individual client environments? (Yes). Can the cloud environment scale to meet a firm's growing resource needs? (Yes). In 2017, we can safely assume you understand the basics of the cloud, so the questions we've identified move beyond the basic and focus on critical infrastructure, security and support questions your cloud provider should be able to address.

Top Ten Questions to Consider:

  1. I'm most concerned about the security of my data. What types of security layers do you employ across the cloud platform and your broader organization to guarantee the safety of my firm's information?

  2. Does your cloud leverage proactive security technologies such as intrusion detection and prevention, next-generation firewalls and regular vulnerability assessments and/or penetration tests?

Categorized under: Cloud Computing  Trends We're Seeing 



Beware of Security Risks Lurking Behind Public Wi-Fi

Posted by Katelyn Orrok on Tuesday, January 31st, 2017

Public Wi-Fi networks are incredibly convenient and can be a great resource for airport layovers, coffee shop meetings or lengthy train commutes, but alongside convenience are a host of unnecessary risks. On open, unsecure networks, information is generally unencrypted, meaning with the use of a wireless network analyzer, it’s fairly easy to see what others are up to. What attackers try to do is intercept the communication between your computer and the computer you are sending information to so that they can gather useful information. A hacker, for instance, can see what webpages you’ve visited and what credentials you’ve entered into forms.

Common attacks that occur on public Wi-Fi include:

Man-in-the-middle attacks (MITM)

Attackers will set up their own network between your computer and the computer you are connecting to so that all the information you enter is first routed through their device.

Categorized under: Security  Communications  Trends We're Seeing 



The Threat of the Internet of Things (IoT): Security Concerns with Connected Devices

Posted by Katelyn Orrok on Tuesday, November 15th, 2016

The Internet of Things (IoT) is what allows us to connect all of our devices to the Internet - these devices that we use every day to make our lives easier, more efficient and, most of the time, safer. IoT devices can be usually be monitored or controlled from a remote location. For example, we use baby monitors and cameras to watch over our kids and houses, apps to control the temperature and lights in our homes, and webcams chat with long-distance friends or conduct business meetings and interviews. Although there are enormous benefits to streamlining and connecting these devices across both business and personal settings, the Internet of Things can also pose a real threat to the security posture of both an individual and an organization. 

Like the recent DDoS attack which brought down major sites such as Twitter, Reddit and Netflix, sophisticated hackers can take advantage of these everyday IoT devices to gain access to networks and sensitive information. For example, hackers can release malicious malware onto the Internet that looks for vulnerable devices, including IoT devices. Once a device or devices are detected, the malware is then able to get into the network and cause disruptions, potentially leading to users losing control of functionality, shutting down of websites, or theft of information. 

One concern is that when developers design IoT devices, they often overlook the software needed to protect consumers. In many cases, they may be more concerned with functionality, design and the value said device will bring to users. IoT devices are easy to attack because they usually connect to the Internet by default and use stock code from open source software. Developers also can’t assume that consumers know the risks they face when using IoT devices. While robust security features, such as firewalls, can't truly be installed within IoT devices themselves, in the future designers need to pay closer attention to security to prevent devices from becoming easy targets. 

Categorized under: Security  Communications  Trends We're Seeing 



Five Hedge Fund Cybersecurity Risks and Struggles

Posted by Katelyn Orrok on Tuesday, October 4th, 2016

In Part Three of our Risk Outlook Webinar Series, Michael Corcione, Managing Director of Cordium, spoke about compliance and cybersecurity trends in the investment industry. Although cybersecurity risks and struggles can vary from firm to firm, it is important to address a number of key areas.

Continue reading for quick takeaways or scroll down to watch the 30 minute video replay.

Regulation

Good security can be achieved as firms move from reactive to proactive strategies. Firms usually start with the goal of checking the box for regulators, but they need to get beyond the 'check-the-box' exercises and test controls. The SEC’s 2015 cybersecurity guidance update provided more specific insights on cybersecurity focus areas for investment firms - governance and risk assessments, training and awareness, incident response, data loss prevention, access rights controls, and vendor risk management. Hedge funds and investment firms should use this as a framework, understand how they have addressed these areas and where they need to improve. 

Leadership

A good cybersecurity program starts with the leadership team, and they need to set the tone from the top down. This way everybody understands the impact of risk and its effects on the firm. Leaders should acknowledge risk, understand risk, and lead ongoing discussions firm-wide.

Categorized under: Security  Hedge Fund Operations  Trends We're Seeing  Videos And Infographics 



The Transformation of Private Equity Operations

Posted by Katelyn Orrok on Thursday, September 22nd, 2016

Private equity firms have been slow to embrace outsourcing, but managing data and technology is more complex than ever. With increasing regulatory requirements and a growing urge to focus on core competencies, PE firms are shifting their views of the back office. As such, we're examining the changing tide for private equity operations and how CFOs, CTOs and fund managers alike can control operating costs, maximize efficiency and better perfect operational workflows.

Drivers for change.

The number one reason for managers to make the switch to an outsourced solution is the desire for managers to get back to their roots. The idea of back office transformation is really founded in that managers have found themselves spending much more time doing everything but raising money and investing money.

Beneath this layer, back office transformation is also driven by regulation, investor transparency, the lifecycle of a private equity firm, and global reach. Slow adoption, fast results. The private equity sector has been slow on the uptake when it comes to outsourcing, and we contribute this lag due to lack of education on the process and benefits of outsourcing. In the past three to five years, adoption in the PE space has increased because it is cost effective, secure and feature rich. Private equity firms that have made the switch wonder why others are not doing the same. The idea of leveraging an experienced managed service provider is one that private equity firms have really embraced because there is no burden for firms to hire and attract talent, which can be challenging and expensive.

Categorized under: Private Equity  Cloud Computing  Security  Outsourcing  Infrastructure  Trends We're Seeing 



Recapping the Latest Apple Release: iPhone 7, Watch Series 2 and AirPods

Posted by Katelyn Orrok on Thursday, September 8th, 2016

The day that many Apple users wait for every year finally came - the release of the newest Apple products. From the latest iPhone to the all-new Airpods, Apple had a lot to share with us yesterday afternoon. We’ve recapped some highlights below.

Watch Series 2

Unlike the Watch Series 1, the Watch Series 2 now has a built-in GPS and is water resistant. The new processor will now be in the Watch Series 1 and the Watch Series 2, but there will be a $100 price difference between the two models.

iPhone 7

The new iPhone 7 introduces a new camera, better performance, longer battery life, stereo speakers, the brightest display yet, and it’s the first water resistant iPhone. iPhone 7 and iPhone 7 Plus are splash, water, and dust resistant and were tested under controlled laboratory conditions with a rating of IP67 under IEC standard 60529. Battery life and charge cycles vary by use and settings, but the iPhone 7 and & 7 Plus have been tested to hold a charge up to one (7 Plus) or two (7) hours longer.
 
Strangely, Apple seemed quite excited to announce the introduction of two new colors - black and jet black.
 
The biggest change for iPhone users is the elimination of the audio port. Stepping in are AirPods, Apple’s version of wireless headphones. The iPhone 7 will come with traditional EarPods that are connected through the lighting connector (goodbye, headphone jack!), or you can use an old set of headphones using the provided adapter. AirPods are an additional cost ($159).

Categorized under: Communications  Trends We're Seeing 



Setting Up Secure File Sharing at Your Hedge Fund: Varonis on Eze Cloud

Posted by Mary Beth Hamilton on Tuesday, September 6th, 2016

As we work with clients on completing due diligence questionnaires (DDQs), one increasingly common question is, “does your firm block access to data sharing sites such as DropBox or Google Drive?”

Generally the answer to this question should be ‘Yes,’ but that isn’t always the case because public file sharing services such as these are very convenient, and firms may overlook the security risk they pose. Additionally, employees accustomed to using Dropbox for personal use may be tempted to go for convenience over security when they need to share a large file or data set.

However, with security threats multiplying exponentially, hedge funds and alternative investment firms need to be proactive in protecting data and personally identifiable information (PII) from accidental and malicious insider risks. That’s why for secure file sharing Eze Castle Integration includes Varonis' DatAnywhere product as a standard feature within our Eze Managed Suite. Varonis' DatAnywhere offers users seamless and secure collaboration and file sharing across devices.

Beyond security, Varonis' DatAnywhere is easy to use. Users receive the same drag-n-drop experience as shared network drives or a cloud sync folder, which means no need for training on complex user interfaces and collaboration workflows. Additionally, data is automatically backed up and version controlled.

Categorized under: Infrastructure  Cloud Computing  Security  Trends We're Seeing  Videos And Infographics 



A How-To Guide to Selling the Cloud to Your Chief Financial Officer (CFO)

Posted by Kaleigh Alessandro on Tuesday, December 8th, 2015

handshakeIf you’re one of the seemingly few firms who has yet to make the move to the cloud, it could be for a variety of reasons. Perhaps you want to maintain total control of your IT environment. Or maybe you’re waiting for a tech refresh to motivate you. Alternatively, it could be that you just haven’t made the proper case to management for switching to the cloud – and many times the one who really needs convincing is the Chief Financial Officer (CFO).
 
If you’re the Chief Technology Officer (CTO) or IT Manager, your responsibility is determining the infrastructure choices that are going to best suit operations at your firm. But those priorities may not line up exactly with those of the firm’s CFO. IT doesn’t always have insight into the financial ramifications of an operations decision of this magnitude. Instead they are typically focused on the other benefits including personnel reallocation, workflow efficiencies, etc.
 
The CFO, on the other hand, is ultimately tasked with ensuring the company’s financial decisions are appropriate, and therefore, it’s often advantageous to at least attempt to speak his/her language when pushing for an IT change.

Categorized under: Cloud Computing  Hedge Fund Operations  Outsourcing  Trends We're Seeing 



View earlier posts in the archive

Recent Posts

 

Subscribe to Hedge IT

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Cloud Forum Blog

Categories

Archives