Yesterday our VP of client technology, Steve Schoener, presented on a California Hedge Fund Association webinar about building an institutional infrastructure at today’s hedge funds. A lofty topic (so consider this a basic primer), Steve focused on four key discussion areas, which we’ll recap here. They were:
Investor Expectations of IT
On-premise & Cloud solutions: Which is right?
Security Risks & Best Practices
Disaster Recovery How-Tos
You can watch the 30-minute webinar now or keep reading below.
What are Investors Thinking?
Today’s investors grew up with technology and as a result are asking much more detailed questions (here is a handy list). Also, just having an answer is no longer enough. So what is the perfect answer? The reality is that there isn’t one perfect answer that is right for every firm. More than looking for a specific answer, investors want to see that your answer is well thought out and logically addresses your specific fund operations.
Take security, for example. Not every firm needs every layer of security, but you do need to be able to discuss why you made the security decisions you did when it comes to protecting the fund from threats.
Here are the key areas investors are asking about:
Annual assessment and audits
Access control policies
Network security policies
Physical security policies
Disaster recovery and business continuity plans
Going to the Clouds or Staying Firmly Planted on the Ground?
The question start up hedge funds regularly ask is, “should we go with on premise or in a private cloud?” Increasingly, the answer for new firms is the cloud. And when it comes to public versus private, we see very little adoption of public clouds in the hedge fund space for a number of reasons (service, integration with third-party applications, disaster recovery, etc).
Established hedge funds typically first enter the cloud through hosting of applications including, OMS, Risk and Accounting, or when it is time for a technology refresh. Additionally, we are increasingly seeing that hedge fund teams are small and looking for ways to leverage third-party services, such as the cloud, to streamline operations and outsource non-critical business functions.
A final note on selecting a cloud provider – be sure to have a conversation to understand how you can move your data off a cloud. With a reputable provider, migrating off a cloud should not be an arduous process (here are some handy cloud provider questions).
2013’s Hot Topic – Cyber Security
Just this week the US director of national intelligence, James Clapper, identified cyber security as the top global threat – even more treacherous than terrorism. So what is the anatomy of a cyber attack?
Many of the most successful attacks today are through malware that is delivered via email, drive-by or USB to an unsuspecting user. In the case of email malware, a user typically receives a message with a link to something that appears legitimate, such as an ADP paycheck. Clicking the link then infects the computer.
A high number of viruses are looking to take information. They want to get at financial information and other information they can sell. Basic security components that every hedge fund should already have in place include:
Strong password policy
When it comes to passwords it is important to note that changing passwords is essential. The longer a password is out there the more damage can occur. Some hackers may just watch your email to gather information and get ahead of you in trades, for example.
More advanced security components firms should consider are:
Advanced Password Policy
Policies & Procedures for Security Management
Four Steps to Disaster Recovery and Business Continuity Planning
There are many steps to creating a DR and BCP, however, here are four considerations to help frame your planning.
1. Identify critical systems
2. Identify design requirements
- Look at all your systems and determine how old the data can be in the event of a disaster – this is your Recover Point Objective. When does a system need to be up and running? – this is your Recovery Time Objective.
3. Choose your DR method
- This is a discussion of on-premise versus a cloud solution. With Cloud DR, the responsibility to manage everything is removed from the hedge fund. There can be trade-offs. For example, if your trades are based on proprietary algorithms you may prefer to own the physical servers. Also, if you have in-house IT, they may prefer to manage in-house.
4. Choose a data center location/facility
- Investors are going to want to know about access controls and security at the data center.
- Half the data centers in NY lost power during Sandy. Not all of them were able to get fuel. All Eze Castle Integration data centers stayed up because we conduct extensive due diligence on all our data centers before selecting one. Be sure to do thorough due diligence on your service providers.
Want to discuss technology further? Contact us or subscribe to our Hedge IT blog.
- New Considerations for Launching a Hedge Fund: Insights from the experts
- Corporate Essentials for Successful Hedge Fund Startups
- Recapping a Busy Week in Cyber Security Across the Globe
- What Do Hedge Fund Investors Ask About IT? A Technology DDQ cheat sheet
- Webinar Recap: What Investment Firms Need to Know about Social Media Compliance
- business continuity planning
- cloud computing
- data loss prevention
- disaster recovery
- eze castle milestones
- hedge fund due diligence
- hedge fund marketing
- hedge fund operations
- hedge fund regulation
- help desk
- high frequency trading
- launching a hedge fund
- privacy compliance
- project management
- real estate
- startup & relocation
- trends we're seeing
- videos and infographics