Eze Castle Integration

Questions to Ask a Cloud Provider
Here's a detailed list of the questions to ask a potential hedge fund cloud provider

Questions on the Service Provider’s Practices

  • Is the provider's cloud infrastructure built with an N+1 configuration to withstand equipment failure?
  • What are the cloud provider's backup and retention procedures? How long is data retained?
  • What is the provider's disaster recovery strategy, and how frequently is it tested?
  • What type of security and monitoring practices are in place at the data center?
  • Who can access the provider's data and at what level?
  • Can the provider share an audit trail which logs who has accessed what?
  • Is data encrypted in transit?
  • What Service Level Agreements (SLAs) are in place for the infrastructure and applications? What is the agreed upon uptime?
  • How are support requests handled, and what is the expected response time?
  • Has the provider ever experienced a security breach? If so, how was it resolved, and what safeguards were implemented to prevent a repeat experience?
  • Is the data center SAS70 Type-II or SSAE 16 Type II certified?

Questions on Internal Practices

  • How financially stable is the cloud provider? Can they provide audited financials? Can they sustain business in the long run?
  • When an employee leaves, what is the process for blocking access to applications to prevent data downloads?
  • How do we prevent employees from sharing login credentials with unauthorized employees?
  • How do we define and enforce user roles to control access levels?
  • Who has the authority to add new users?
  • How often will employees be required to reset passwords? Are there requirements around complexity standards for passwords?

Questions on Application Hosting

  • Which application vendors have systems operating in the cloud?
  • Does the application vendor confirm their product works in a hosted environment?
  • Are there any issues associated with virtualizing the applications?
  • How is the application deployed? Does the software run native over the Internet, or does it require a delivery mechanism such as Citrix?
  • Are there any limitations with this type of deployment? Are there certain pieces of functionality that will not work if remotely deployed? Are there display limitations?
  • How many clients for the specific application have a hosted implementation? 
  • What certification levels does the cloud provider have with these application vendors?
  • Will the application vendor help with a “proof of concept”?
  • Will there be any changes to the level of service if the application is deployed in a hosted environment?

Cloud security guidebook

Discover the Eze Private Cloud: Built for Hedge Funds and Investment Firms




Questions to Ask Cloud Provider


Cybersecurity Questions the SEC is Asking RIAs
Here's a Look at the Cybersecurity Guidance Questions the SEC is Asking Registered Investment Advisers

Part 2: SEC Cyber security Guidance on Strategy

Part 2: SEC Cyber security Guidance on Strategy