Is Dropbox becoming a noun? For the sake of this article, let’s say it is.
With over 200 million users, Dropbox (and similar services) is gaining popularity based on its ability to allow users to share files and sync data between devices. These capabilities are very appealing but rely on a public cloud platform that can introduce security and compliance concerns for hedge funds.
Dropbox made headlines last year when it was discovered by security researchers that the service opens some files once they are uploaded. While Dropbox provided an explanation, this can be a serious issue for businesses where employees are using Dropbox to share sensitive company and investment data.
So are your employees using Dropbox? Probably. A study conducted by Gigaom of 1,300 business professionals found that one out of five use public file sharing services, such as Dropbox, with work documents. And, half of those users know their companies have rules against it. This raises the question, how do you give employees access to a valuable tool in a way that meets compliance and security protection obligations?
It has been said that cyber weapons can be as dangerous as weapons of mass destruction. To emphasize this, at last night’s FBI Citizens Academy seminar on cyber security in financial markets, the speaker noted that if you take out an industry (think financial, teleco) you can cripple an entire country.
But just how would this happen? What’s in a hacker’s tool kit? Quinn Shamblin, executive director of information security at Boston University, provided a glimpse into the cyber security underworld.
Targeting Your Favorite Device
Let’s start with Mobile Device Security. Hackers are shifting their focus and resources to mobile devices. They recognize that a user’s life is virtually encapsulated on his/her mobile device. From contacts and email to documents, passwords and banking apps, mobile devices now hold as much as or more personal information than PCs or laptops. And most devices do not have anti-virus/malware software installed.
Just last Friday, Apple released a critical update to its iOS 7 operating system after a flaw was identified that could give an attacker with a privileged network position the ability to capture or modify data in sessions protected by SSL/TLS (aka public key encryption). Following that announcement, researchers at a cyber security firm (FireEye) published a proof of concept for a surveillance app that, if created and distributed by hackers, could capture every tap on an iPhone’s screen. The information captured, including passwords and credit card numbers, would be accessible to the attacker. These are just two examples of the cyber security threats facing mobile devices. Users need to be aware that these threats exist and practice smart computing on all devices.
Investment risk plays an important role in the life of a hedge fund manager, but technology risk should not. When it comes to your firm’s technology systems and operations, you want things to run efficiently, not add more stress to your already crowded plate.
Mitigating technology risk is a critical step to ensuring your hedge fund operates smoothly and successfully. Following are a few areas to keep in mind as you evaluate your firm’s technology risk:
Layers of Redundancy
One way to reduce your firm’s technology risk is to add layers of redundancy throughout your infrastructure. Whether you’re utilizing a cloud infrastructure or an on-premise environment, your servers, networking and telecomm lines should feature N+1 availability, a configuration in which multiple components have at least one independent backup component to ensure system functionality continues in the event of a failure.
When it comes to keeping your firm’s IT infrastructure running smoothly, it’s critical to perform routine maintenance. Whether you manage your own technology or rely on an outsourced service provider, maintenance plays an important role in keeping your IT running at full speed. Setting priorities and expectations ahead of time will ensure your maintenance is performed successfully and does not negatively impact your firm.
Following are four areas to focus on as you plan your scheduled maintenance with your in-house or outsourced IT staff.
Be clear on who is responsible for what when it comes to the entirety of the maintenance schedule. By planning ahead, you can greatly reduce the time it takes to complete your firm’s maintenance and the resources you will need to complete all tasks.
Categorized under: Hedge Fund Operations
This week we have a contributed post from Deborah Prutzman, CEO of The Regulatory Fundamentals Group.
Since the summer of 2012 the SEC has embarked on a drive to change the culture within financial services firms, including those in the alternatives space. At first the SEC focused on education—both of its staff and of industry participants. Now the SEC is actively using enforcement as a hammer to drive deeper change. Enforcement cases in 2013 included a focus on boards that failed to properly steer the valuation process and on individuals who misled compliance, as well as the highly-publicized cases involving insider trading.
What does this mean for you in 2014?
1. The SEC will continue to focus on governance and on gatekeepers. This means you. Whatever your role-- as an adviser, on a board, or as a service provider-- you must have a grasp of key regulatory requirements. The SEC has announced an initiative to bring enforcement actions for inadvertent (or in technical terms “non-scienter”) violations. Do not let your firm be on that list. Take the time to learn what is required of you. Doing otherwise is like crossing the street with your eyes closed. Some may make it across, but do you want to be the one hit by a truck?
I know, I know, we say it every year. But can you believe another year has come to an end? Even more amazing? We’ve now been bringing you fresh content on Hedge IT for nearly four years – including close to 400 articles! As we look ahead to 2014, we want to extend a huge THANK YOU to our loyal Hedge IT readers and hope you’ll stick around to see what we have up our sleeves in the New Year. Here’s a hint: it may even include a fresh new look...
With that said, as we do every year, let’s take a look back at some of our most popular Hedge IT articles from 2013. Here are some of your favorites (and ours, too).
Back in September, we revealed the results of our 2013 Survey: Examining Cloud Usage within the Investment Management Industry. In conjunction with IDG Research, we surveyed more than 100 financial services firms and found that nearly all of them (87%) are using the cloud in some way. Other key findings included the dominance of the private cloud (74%) and the growing belief that the private cloud is just as secure as an on-premise infrastructure. Read the complete survey report here.
Categorized under: Trends We're Seeing Business Continuity Planning Cloud Computing Disaster Recovery Hedge Fund Operations Hedge Fund Regulation Infrastructure Launching A Hedge Fund Outsourcing Security Software
The results from our Global Hedge Fund Technology and Operations Benchmark Study are in and here is a snapshot of the 2013 findings. You can find the complete report here. We surveyed 538 buy-side firms across the United States, UK and Asia in order to discover their front, middle, and back office technology and application preferences.
All survey respondents fell into the following categories within the financial industry: hedge fund (60%), asset/investment manager (13%), private equity firm (8%), fund of hedge fund (5%), non-financial firm (5%), advisory firm (1%), broker dealer (1%), venture capital firm (1%), quant fund (1%), or ‘other’ (3%).
The firms resided in three different asset classes: 30 percent reported their AUM as $100 million and under; 32 percent fell between $101 and $500 million; and 38 percent reported over $500 million in assets under management.
In regards to investment strategy, long/short equity continues to dominate as the most favorable with 45 percent of respondents reporting this to be their primary investment strategy. Other preferred strategies include fixed income (8%), credit (7%), global macro (6%), emerging markets (6%), distressed debt (5%), and event driven (4%). The top prime brokers employed by firms in 2013 are Goldman Sachs, Morgan Stanley, Credit Suisse, JP Morgan and UBS (same as last year).
Now let's look at front, middle and back office applications most commonly used at hedge funds.
They say a picture is worth a thousand words so here is an infographic of our 2013 Global Hedge Fund Technology Benchmark Study that explores the most common front, middle and back office applications and technology used at today's hedge funds.
Yesterday marked exactly five years since the infamous Bernie Madoff was arrested for executing the largest Ponzi scheme in U.S. history. As a result, Wall Street and the investment community has undergone a plethora of changes designed to avoid such scandals in the future. Let’s take a look at the lasting impact of Madoff and what changes we can still expect to see in the future.
Unless you’ve been living under a cave for the last several years, you’ve heard the name Bernie Madoff and understand its association with all things negative: scandal, fraud and disgrace. The former NASDAQ chairman and founder of Bernard L. Madoff Investment Securities LLC (BLMIS) swindled billions of dollars and affected more than 12,000 investors, faking investment returns over the course of multiple years.
Amidst the nation’s most serious financial crisis since the Great Depression, we all learned of Madoff’s devastating scheme. He eventually turned himself in at the urging of his sons and is currently serving 150 years in federal prison for his crimes.
At last week’s Hedge Fund Launch 2.0 seminar, the topic of the malicious Cryptolocker malware that is circulating was highlighted as a wakeup call for why backup and security are nonnegotiable IT components. Questions abounded about this new evolution in malware so today’s post aims to address the who, what, when and where of Cryptolocker as well as a few other common Qs.
What is Cryptolocker?
Cryptolocker is a new variant of ransomware that restricts access to infected computers by encrypting them and demanding that the victim pay the attackers a ransom in order to decrypt and recover their files. Some versions of Cryptolocker can encrypt local files as well as external hard drives, network file shares and even cloud storage services that allow local folders to sync with online storage. The malware is severe and a real threat. If a company becomes infected and does not have their files backed up the files may be lost.
At Eze Castle Integation we have had clients become infected. Thankfully in these cases the clients had the appropriate backup systems in place and were able to restore the files to the pre-infection state. As of this time, the US-CERT says the primary means of infection appears to be phishing emails containing malicious attachments. The attachments may look like legitimate emails, so it is important to remind users not to click on any email links if they do not know the sender.