Eze Castle Integration

Cloud Forum Blog

What Makes Hybrid Clouds Appealing?

Posted by Mary Beth Hamilton on Tuesday, October 10th, 2017

There has been discussion for years about whether public or private cloud platforms were more suitable to financial and investment management firms. And that debate continues, but with the addition of a new player – the hybrid cloud.

While the public cloud receives praise for its flexibility and potential cost savings and the private cloud for its robust security and reliable performance, the hybrid iteration essentially marries these features to create a compelling package for firms who don’t fit naturally into the previous two categories.

As its applicability continues to surge, it is worth understanding the concepts and benefits behind the hybrid cloud. Let’s take a look at what makes hybrid environments appealing to some organizations:

  • Agility & Flexibility: A hybrid cloud model allows a company to combine public cloud assets with those in a private cloud to increase agility and availability. For example, combine Microsoft Exchange and file services via the public cloud with robust security layers and 24x7x365 managed support via the private cloud, and suddenly you’re benefiting from the best of both worlds (hint: we’re talking about the Eze Hybrid Cloud).

Categorized under: Cloud Computing  Security  Outsourcing  Launching A Hedge Fund  Private Equity  Disaster Recovery  Infrastructure  Trends We're Seeing 



This Week in Cybersecurity: Phishing & Ransomware Take Center Stage

Posted by Katelyn Orrok on Thursday, May 4th, 2017

What can hedge funds and private equity firms learn from the Google Phishing Attack?

Employees can either be your firm’s biggest strength or biggest threat when it comes to phishing. It is critical that your employees receive regular information security awareness training to better understand the types of security threats with the potential to hit their inbox.

Beyond annual training, managed and simulated phishing exercises (like Eze Managed Phishing & Training) are reliable, cost-effective tools to train users to identify red flags in emails and avoid succumbing to malicious attacks.

What Netflix Reminded Us about Vendor Risk Management

The Netflix security breach highlights the critical importance of managing third-party vendors for firms and businesses who rely on outsourced providers to support their operations. A few key reminders on vendor due diligence and risk management:

  • Understand who your outsourced providers are, what functions they provide and what data/systems they have access to

  • Consider sending regular requests for proposals (RFPs) and DDQ documentation requests to any third parties you are evaluating or those you are already engaged with

  • Continuously evaluate and monitor to ensure all parties are achieving their end goals and meeting expectations

  • Conduct regular vulnerability assessments and/or penetration tests to have a clear understanding of your IT security weakness

Remember: It’s one thing to put faith in your service providers to do their jobs effectively. It’s another to ignore your own firm’s responsibility to manage that provider in an effort to protect your own firm.

Categorized under: Security  Trends We're Seeing 



Top 10 IT Security Audit Gaps and How to Avoid Them

Posted by Katelyn Orrok on Tuesday, April 11th, 2017

When it comes to cybersecurity there are many factors that you need to be conscious of. During a recent webinar, speakers from Eze Castle Integration and Wolf & Company shared 10 of the most common cybersecurity gaps identified during an IT audit/risk assessment. We’ve listed the top 10 below and shared some particulars on a few of the most critical (in our opinion). For more detail on how these gaps are presenting themselves – and also best practices for avoiding them – click here to listen to the full webinar replay

Top 10 IT Security Gaps  

  1. Risk Management and Governance

  2. IT Asset Management

  3. Vulnerability Assessments

  4. Patch Management 

  5. Social Engineering & User Training 

  6. Business Continuity Planning

  7. Multi-Factor Authentication

  8. Third Party Vendor Management 

  9. User Provisioning and Management 

  10. Incident Response Planning/Procedures 

Categorized under: Security  Operational Due Diligence  Outsourcing  Private Equity  Hedge Fund Operations  Infrastructure  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



Stuck on the Technology Treadmill? A Case for Hedge Fund Managed Services

Posted by Kulvinder Gill on Tuesday, March 28th, 2017

The technology treadmill is a tough place to be these days. Technology refresh cycles last only a mere three years, forcing firms to replace their infrastructures and make costly software and hardware upgrades on a too-frequent basis. And with hedge fund budgets tighter than ever, many firms cannot afford to stay on this path.Hedge Fund Cloud, 5 Reasons, hedge fund technology

But the hedge fund technology treadmill is not a firm’s only option. Costly in-house, 'traditional' IT services have given way to more cost-effective outsourced IT and managed services that get firms off the treadmill and on a path to success.

Let’s have a look at some of the key reasons why hedge funds and other investment management firms are moving from on-premise technology infrastructures to cloud and managed services.

Keys factors driving hedge funds to managed services

Many firms are turning to managed IT services because it allows them to align their IT requirements with their business needs, including tighter control on budgets and staff. Moving to a managed service platform provided by a reputable outsourced IT provider not only makes it easier to deploy technologies, but also allows firms to benefit from platforms inherently designed to meet the constraints of limited IT resources and budgets.

Categorized under: Cloud Computing  Security  Outsourcing  Infrastructure  Trends We're Seeing 



Cybersecurity Basics for Asset Managers (Webinar Replay)

Posted by Katelyn Orrok on Tuesday, February 28th, 2017

When it comes to cybersecurity, the list of haves and have nots is constantly evolving due to the changing regulatory and threat landscape. In case you missed it, we hosted a webinar this week on Cybersecurity Basics for Asset Managers, during which we uncovered various elements within three primary cybersecurity layers: from Tier 0 (Basic Protection) to Tier 1 (Industry Standard) to Tier 2 (Advanced Protection).

How does your firm stack up when it comes to your cybersecurity practices? Watch the replay below and find out where you fit in.

  • Tier 0: We call this level Tier 0 in part because, well, there’s zero chance your firm will have long-term success in thwarting cyber risks if you don’t employ these basic security measures.

Categorized under: Security  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Videos And Infographics 



10 Questions to Ask Your Cloud Services Provider

Posted by Kaleigh Alessandro on Thursday, February 9th, 2017

When evaluating a cloud services provider there are a lot of factors to take into consideration: features & functionalities, security protections, provider experience, and industry certifications just to name a few. We've identified some of the most important questions today's investment management firms should be asking cloud services providers during the selection process.

Five or seven years ago, these questions would probably be fairly basic in nature. Does the infrastructure isolate individual client environments? (Yes). Can the cloud environment scale to meet a firm's growing resource needs? (Yes). In 2017, we can safely assume you understand the basics of the cloud, so the questions we've identified move beyond the basic and focus on critical infrastructure, security and support questions your cloud provider should be able to address.

Top Ten Questions to Consider:

  1. I'm most concerned about the security of my data. What types of security layers do you employ across the cloud platform and your broader organization to guarantee the safety of my firm's information?

  2. Does your cloud leverage proactive security technologies such as intrusion detection and prevention, next-generation firewalls and regular vulnerability assessments and/or penetration tests?

Categorized under: Cloud Computing  Trends We're Seeing 



Beware of Security Risks Lurking Behind Public Wi-Fi

Posted by Katelyn Orrok on Tuesday, January 31st, 2017

Public Wi-Fi networks are incredibly convenient and can be a great resource for airport layovers, coffee shop meetings or lengthy train commutes, but alongside convenience are a host of unnecessary risks. On open, unsecure networks, information is generally unencrypted, meaning with the use of a wireless network analyzer, it’s fairly easy to see what others are up to. What attackers try to do is intercept the communication between your computer and the computer you are sending information to so that they can gather useful information. A hacker, for instance, can see what webpages you’ve visited and what credentials you’ve entered into forms.

Common attacks that occur on public Wi-Fi include:

Man-in-the-middle attacks (MITM)

Attackers will set up their own network between your computer and the computer you are connecting to so that all the information you enter is first routed through their device.

Categorized under: Security  Communications  Trends We're Seeing 



The Threat of the Internet of Things (IoT): Security Concerns with Connected Devices

Posted by Katelyn Orrok on Tuesday, November 15th, 2016

The Internet of Things (IoT) is what allows us to connect all of our devices to the Internet - these devices that we use every day to make our lives easier, more efficient and, most of the time, safer. IoT devices can be usually be monitored or controlled from a remote location. For example, we use baby monitors and cameras to watch over our kids and houses, apps to control the temperature and lights in our homes, and webcams chat with long-distance friends or conduct business meetings and interviews. Although there are enormous benefits to streamlining and connecting these devices across both business and personal settings, the Internet of Things can also pose a real threat to the security posture of both an individual and an organization. 

Like the recent DDoS attack which brought down major sites such as Twitter, Reddit and Netflix, sophisticated hackers can take advantage of these everyday IoT devices to gain access to networks and sensitive information. For example, hackers can release malicious malware onto the Internet that looks for vulnerable devices, including IoT devices. Once a device or devices are detected, the malware is then able to get into the network and cause disruptions, potentially leading to users losing control of functionality, shutting down of websites, or theft of information. 

One concern is that when developers design IoT devices, they often overlook the software needed to protect consumers. In many cases, they may be more concerned with functionality, design and the value said device will bring to users. IoT devices are easy to attack because they usually connect to the Internet by default and use stock code from open source software. Developers also can’t assume that consumers know the risks they face when using IoT devices. While robust security features, such as firewalls, can't truly be installed within IoT devices themselves, in the future designers need to pay closer attention to security to prevent devices from becoming easy targets. 

Categorized under: Security  Communications  Trends We're Seeing 



Addressing Hedge Fund Audit Risk: Insights from KPMG

Posted by Katelyn Orrok on Thursday, October 13th, 2016

Categorized under: Hedge Fund Operations  Hedge Fund Regulation  Outsourcing 



Five Hedge Fund Cybersecurity Risks and Struggles

Posted by Katelyn Orrok on Tuesday, October 4th, 2016

In Part Three of our Risk Outlook Webinar Series, Michael Corcione, Managing Director of Cordium, spoke about compliance and cybersecurity trends in the investment industry. Although cybersecurity risks and struggles can vary from firm to firm, it is important to address a number of key areas.

Continue reading for quick takeaways or scroll down to watch the 30 minute video replay.

Regulation

Good security can be achieved as firms move from reactive to proactive strategies. Firms usually start with the goal of checking the box for regulators, but they need to get beyond the 'check-the-box' exercises and test controls. The SEC’s 2015 cybersecurity guidance update provided more specific insights on cybersecurity focus areas for investment firms - governance and risk assessments, training and awareness, incident response, data loss prevention, access rights controls, and vendor risk management. Hedge funds and investment firms should use this as a framework, understand how they have addressed these areas and where they need to improve. 

Leadership

A good cybersecurity program starts with the leadership team, and they need to set the tone from the top down. This way everybody understands the impact of risk and its effects on the firm. Leaders should acknowledge risk, understand risk, and lead ongoing discussions firm-wide.

Categorized under: Security  Hedge Fund Operations  Trends We're Seeing  Videos And Infographics 



Recent Posts / Next Page

 

Subscribe to Hedge IT

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Cloud Forum Blog

Categories

Archives