In case you missed it, this week the Pentagon released its Annual Report to Congress looking at the military and security developments involving China. According to the New York Times, the report is virtually the first time “the Obama administration has explicitly accused China’s military of mounting attacks on American government computer systems and defense contractors, saying one motive could be to map 'military capabilities that could be exploited during a crisis.'"
The report states that cyberwarfare capabilities could serve Chinese military operations in three key areas.
- First and foremost, they allow data collection for intelligence and computer network attack purposes.
- Second, they can be employed to constrain an adversary’s actions or slow response time by targeting network-based logistics, communications, and commercial activities.
- Third, they can serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict.
As you’re probably aware, the topic of cybersecurity has been splashed prominently across headlines lately. Earlier today, the US director of national intelligence, James Clapper, identified cybersecurity as the top global threat – even more treacherous than terrorism.
In his testimony before the Senate Intelligence Committee, Clapper cited several attacks on banking websites where sensitive customer data was compromised, as well as a security breach at an oil company that resulted in the destruction of 30,000 computers. If hackers are capable of such large-scale, damaging attacks, could investment management firms be at risk? What should you be doing to better protect your firm’s critical systems and data?
The truth is both large, well-established hedge funds and smaller startups are equally at risk of intrusion. Hackers may target large firms because they see an opportunity to profit from their substantial asset pools. Additionally, they might be after the notoriety associated with successfully hacking a well-known fund’s critical systems, especially in cases that will likely garner media attention. For smaller funds, hackers are likely after intellectual property, namely business plans, market forecasts and investment strategies.
Happy New Year everyone!
2013 is off and running, and the time has come to look ahead and set goals for your investment firm to ensure a successful and prosperous year. Many of the resolutions we recommended last year still hold true, including testing your disaster recovery system, reviewing and evaluating all telcom contracts, ensuring your business continuity plan is SEC-compliant and performing a comprehensive IT systems audit.
This year, it’s time to take those resolutions to the next level. We asked some of our internal experts here at Eze Castle to share some important resolutions hedge funds could consider making for 2013. Here’s what they had to say:
Last month our friends at eSentire published a Cloud Security Checklist to provide hedge funds and alternative investment firms a guide when evaluating a cloud provider such as Eze Castle Integration. The Checklist asked the question, “How can you know if your Cloud Service Provider has your best risk management interests in mind?”
Since here at Eze Castle Integration we are big proponents of secure cloud computing, we thought we’d be the first cloud service provider (that we know of!) to complete eSentire’s checklist.
1.0 Physical Security: Does the cloud provider have a rigorous physical access protocol?
Yes, yes and yes. Eze Castle has detailed Access Control and Premise Access policies that extend from physical to virtual environments. Following are some of the key physical access control protocols we have in place:
- 24x7x365 manned lobby with visual verification of identity
- Two-phase authentication of visitors (card and biometric)
- Secured access at all entry points, including doors and elevator banks
- Monitored security cameras as well as door, motion and camera sensors
- Visitor logs closely monitored and escorts required at all times
- Key-locked cages and cabinets at all data center facilities
With the BYOD trend invading financial services firms (and companies of all kinds), the need for mobile device management solutions is at an all-time high. While hedge funds once seemed like a BlackBerry-only industry, the emergence of high-powered smartphones has prompted a shift in corporate communications. But security remains a top concern for all funds.
"Unlike BlackBerry, platforms like iOS and Android are not built with the enterprise in mind," said Phil Redman, an analyst at Gartner. "They are simply not as secure as BlackBerry, and to make them secure, companies have to spend some money."
There are a number of mobile device management solutions in the marketplace, including AirWatch, Zenprise, Fiberlink Communications, SAP (formerly Sybase) and Symantec. Let’s take a closer look at three such solutions we’re seeing used frequently: Good Technology, MobileIron and BlackBerry Mobile Fusion.
On 20th November, the Eze Castle Integration team in London hosted a joint breakfast seminar with Simmons & Simmons looking at future IT and employment considerations for hedge fund managers.
We know building a hedge fund post successful launch is a challenging experience and requires a methodical approach and expert guidance. There are many factors to manage post launch including continuing capital raising, fulfilling investors’ performance and reporting expectations, meeting regulatory requirements and keeping technology systems running at peak levels.
You can watch a replay of the seminar here.
On Tuesday, October 2, the SEC held a roundtable discussion in Washington D.C. focused on technology use within the investment management sector. The following article from our guest blogger, Deborah Prutzman of the Regulatory Fundamentals Group, offers some highlights and insights from that meeting.
The 2010 Flash Crash, the Knight Capital incident, the Facebook IPO and the BATS IPO were all rooted in technological failures. An SEC roundtable held on October 2, 2012 at the SEC headquarters in Washington discussed ways to prevent future incidents like these from occurring again. The roundtable gave a “thumbs up” to the adoption of a “kill switch” and focused on a number of best practices that are likely to find their way into managers’ procedures and investors’ due diligence questionnaires. Perhaps the most important takeaway, however, is that the role of the technology team, and that of the CTO, will continue to grow in importance.
When it comes to compliance, hedge funds and investment management firms have a lot to think about. Dodd-Frank, registration, Form PF, oh my! And these days they can add one more thing to their plates: social media.
Social media, in the mainstream, may be a tool for chatting, researching or staying up-to-date on current events. But for investment firms, social media can be a great marketing opportunity and a way to spread their message. It must also be closely monitored, though, particularly as regulators seek to address its prevalence with archiving requirements.
A History of Social Media in the Financial World
Earlier this year, Goldman Sachs – one of the largest investment banks in the world – joined Twitter. It was a remarkable day, and with 132 characters (barely within the 140-character limit!), Goldman announced that it would be posting updates in the future about its work and its employees. You’re probably thinking “why so remarkable?” The reality is that the financial services industry has traditionally steered clear of social media, worried that it would only pose problems and concerned about bodies such as the SEC reacting in an unfavorable way.
Public cloud tools and free file sharing services are wholly owned and managed by third-party providers. Because infrastructure costs are spread across all users who are employing the service, each individual client is able to operate at a low cost. Public cloud tools are typically larger in scale than private enterprise clouds, which provide users with seamless, on-demand scalability.
These factors may seem to support the belief that public clouds and free file sharing services would suffice for a business’s basic infrastructure and file sharing needs. However, upon closer examination, it is clear that there are a number of areas in which these tools fall drastically short of meeting the crucial business needs of investment management firms.
Happy 5th of July!
We interrupt this holiday week to talk about how cloud services are expanding disaster recovery options for users of Storage Area Networks (SAN that is).
A traditional SAN-to-SAN disaster recovery scenario may rely on host-based replication technology transmitting data and applications between two mirror SAN environments. While this works for some firms, cloud technology presents a viable, cost-effective alternative where data and applications from a firm’s production SAN are replicated to a cloud environment for disaster recovery.
- Managing Your Applications in the Cloud: Webinar Recap & Replay
- A How-To on Appraising the Strengths and Weakness of a Hedge Fund Application
- New Considerations for Launching a Hedge Fund: Insights from the experts
- Corporate Essentials for Successful Hedge Fund Startups
- Recapping a Busy Week in Cyber Security Across the Globe
- business continuity planning
- cloud computing
- data loss prevention
- disaster recovery
- eze castle milestones
- hedge fund due diligence
- hedge fund marketing
- hedge fund operations
- hedge fund regulation
- help desk
- high frequency trading
- launching a hedge fund
- privacy compliance
- project management
- real estate
- startup & relocation
- trends we're seeing
- videos and infographics