1. Establish an Incident Response Team.

Choose a select group of individuals to comprise your Incident Response Team (IRT). Assign each member a predefined role and set of responsibilities, which may in some cases, take precedence over normal duties. The IRT can be comprised of a variety of departments including Information Technology, Compliance and Human Resources.

2. Identify the type and extent of incident.

Before your IRT can alleviate any incidents, it must clearly assess the damage to determine the appropriate response. For example, if the incident is a computer virus that can be quickly and efficiently detected and removed (and no internal or external parties will be affected), the proper response may be to document the incident and keep it on file. This task could effectively be handled by the IT department.

If however, an incident occurs that affects multiple clients/investors/etc., the incident should be escalated to the IRT.

3. Escalate incidents as necessary.

Certain departments may be notified of select incidents, including the IT team and/or the client service team. These parties should use their discretion in escalating incidents to the IRT. Any event suspected as a result of sabotage or a targeted attack should be immediately escalated.

4. Notify affected parties and outside organizations.

One member of the IRT should be responsible for managing communication to affected parties. Depending on the severity of the incident, the IRT member will act as the liaison between the organization and law enforcement.

5. Gather evidence.

When appropriate and necessary, the IRT is responsible for identifying and gathering both physical and electronic evidence as part of the investigation.

6. Mitigate risk and exposure.

A technical member of the IRT should be responsible for monitoring the situation and ensuring any effects or damage created as a result of the incident are appropriately repaired and measures are taken to minimize future occurrences. The IRT will also need to define any necessary penalties as a result of the incident.

Here are a few more resources on hedge fund security you may find helpful:

• Best Practices for Managing Security Risks

• Sneak Peek: Hedge Fund Manager’s Guide to IT Security

• The Biggest Security Threat to Your Firm Might Be Sitting Next to You

Source: 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute & Symantec

Photo Credit: Flickr

Rather than looking at your IT budget first, start with your employees.
How is your staff using technology to perform their jobs? Are there changes that could be made to help them become more efficient? If you have employees who travel frequently or telecommute, consider how they’re accessing critical systems and applications. If many members of your staff are working remotely or using smartphones, tablets or laptops on a regular basis, what changes can be made to make their experiences more seamless?

Think like a CMO.
A recent Gartner study found that CIOs are highly focused on efficiency and processes, while chief marketing officers (CMOs) are more concentrated on delivering strategic value and developing long-term relationships. Try examining your firm’s needs from the marketer’s perspective. How are your clients using technology to interact with the firm? What information are they seeking when doing so? Could these experiences be enhanced in any way to foster a stronger relationship? Also, consider speaking directly with your Sales and Marketing personnel to gain a better understanding of how they're seeing clients interface with the company and where IT can get involved to ensure smoother interactions.

Take a close look at new tools and trends.
For many investment firms, cloud-based infrastructures are proving highly beneficial, especially in helping to increase operational efficiency without major capital outlays. Another new trend to keep a close eye on is BYOD (Bring Your Own Device). Enabling employees to utilize their personal mobile devices and tablets for business purposes can result in cost savings and greater computing flexibility for the organization.

Consider outsourcing options.
You IT staff is likely over-worked, and increasing headcount is an expensive solution. To supplement your existing team, it may make sense to outsource some aspects of the IT and operational aspects of the firm. Outsourcing options abound, so you can offload as little or as much are you’re comfortable with. Hosted IT services are a major area where we’re seeing firms outsource, but there are many others as well, including:

• Help desk support
• Staffing
• Application hosting
• Colocation
• FIX connectivity
• Disaster recovery
• Project management

For more information, be sure to check out our article on “Examining the Changing Role of the CTO,” or contact an Eze Castle Integration representative.

To learn more about Eze Castle Integration Colocation Services for investment management firms,
visit our website or contact an Eze Castle Integration representative.

Plan your infrastructure only for the short-term.

A crucial mistake often made by funds is not planning for the future. Even at launch, you should be thinking about what your firm will look like and what technology you will require down the road. Planning out two to three years in advance is recommended in order to reap the most benefits when it comes to your infrastructure. Plus, if you don’t plan ahead, you may wind up incurring more costs if technology decisions need to be made unexpectedly.

Ignore the importance of a business continuity plan.

It has become commonplace for hedge funds to employ disaster recovery strategies to protect mission-critical data and applications (due to a number of reasons including investor expectations, new regulations and the effect of unexpected natural disasters, e.g. Hurricane Sandy). But firms often overlook the equally important business continuity plan, which provides guidelines for what employees need to do in the event of a disaster. Yes, focusing on your infrastructure is essential to keeping your business afloat, but that business also cannot survive without its employees. Don’t forget to test that BCP plan once you’ve developed it – a good plan will only work if people know how to follow it.

Skimp on security.

This one is a no-brainer, right? There are times when firms think it’s okay to cut back on security, or they easily dismiss the idea that a firm could ever become the victim of a cyber-attack. Hackers have become more advanced over the past few years, and financial services firms are at the top of their list for targets. It’s worth investing in premium network security to ensure your firm does not become a victim, whether it’s at the hands of a professional hacker or a simple computer virus.

Fail to comply with industry regulations.

Regardless of whose jurisdiction your firm falls under, it’s essential you take the appropriate steps to ensure you’re meeting all necessary regulatory directives. Whether its system safeguards enacted through the Dodd-Frank Act or increased transparency requirements as a result of AIFMD, you can bet there’s some type of legislative requirement your firm is responsible for meeting. Can regulatory bodies like the SEC keep tabs on all hedge fund firms? Maybe not. But if the day comes when you receive an audit notice, you don’t want to be the firm who’s noncompliant.

Be opposed to change.

Just like the investment industry, technology is constantly evolving. Just a few years ago, firms were building out large Comm. Rooms to store massive servers and other equipment. That practice is fading today as firms rely on the cloud to meet their technology needs without unnecessary hardware purchases. Remember that just because you’ve always done something one way, it doesn’t mean it’s the only way. Learn to adapt with the changing industry and be open to trying new things. Who would have guessed just a few short years ago that we’d all be plugging into the cloud to do our day-to-day tasks?

Photo credit: Flickr

While some of the current proposals will undoubtedly be amended over the course of this lengthy process, let’s look at some of the practical steps companies should be considering now.

Move towards compliance

One of the main recommendations of the proposed regulation would ensure that companies have only one regulatory authority that supervises their activities across all EU member states. Businesses with multiple offices across several European countries should therefore consider which regulatory authority would be its supervisor.

Right to be forgotten

The new directive will enforce a right to be forgotten, which will allow people to request firms to delete their data permanently. Companies faced with a request for deletion of data will have the responsibility to pass that request on to companies that have copies of that data.

This rule will certainly affect Internet platforms, which tend to never forget. For example, even if data is taken down from a social networking site, such as Facebook or Twitter, it is not completely gone and will remain within the Internet cache.

Don't delay, get ready

Given the timeframe, many firms may feel they have plenty of time to get ready for the new data protection framework in Europe, but that is not the case. The clock is ticking.

While there may be a lot of work that still needs to be done before the proposals are finalised, firms should not wait to start preparations. It is important that firms get their privacy policies, procedures and documentation in order and keep them up to date.

Best Practices to Start Employing Now

• Appoint a data protection officer to act as the focal point for all data protection activities.

• Take a closer look at your privacy policies. In some cases, they will likely need to be re-written (new guidance states they must be written in plain English).

• Refresh your information asset register so it clearly identifies what data is held, where, how and why.

• Write and employ processes and procedures to handle data subject and data deletion requests.

• Review your technical and procedural controls around your data. A serious breach could cost your firm up to 2% of its global turnover.

But what is SSD?

SSD is a storage device that stores persistent data on solid-state flash memory, using integrated circuit assemblies as memory. SSD has no moving parts, which is one of many distinctions between SSD and traditional hard drives that have spinning disks.

SSD offers huge performance gains over other commonly used storage drives including SAS (serial attached SCSI) drives. For perspective, the typical enterprise spinning disk is a 15K SAS drive, which offers approximately 200 IOPS. Mainstream enterprise SSD on the other hand can offer 10,000-100,000 IOPS.

Why should I care?

Investment management firms are presented with an increasing amount of data, much of which holds the potential to uncover new investment opportunities. For some strategies (think high frequency trading and algo), the speed at which the data is processed is linked to the size of competitive gain.

This is where SSD comes in. The huge performance gains delivered by SSD have the ability to speed up large database applications and online transaction processing, which can be hugely impactful. Big-data analytics is another example of where SSD is appropriately suited.

Compliments of Wikipedia, here are some other advantages SSD provides:

Is SSD Panacea?

SSD delivers numerous performance advances as outlined above, however, there is a price (literally) associated with these gains. The typical enterprise spinning disk is a 15K SAS drive, which costs about $0.50 per gig and offers approximately 200 IOPS each. Enterprise SSDs vary in cost and performance, but $3.00-5.00 per gig, and 10,000-100,000 IOPS covers most of the mainstream drives.

As the price comes down, you can expect to see SSD more widely deployed.

Source: Jon Jacobi. (May 13, 2013). The proper care and feeding for SSD storage. PC World

• Deep experience and expertise in addressing the storages needs and challenges of the investment management industry
• Storage support experts available around the clock to answer questions or assist with any performance issues that may arise
• Preventive network and infrastructure maintenance
• Proactive monitoring and reporting on storage availability, utilization and performance so that you always know where you stand
• Monitoring of all SAN and virtualization alerts
• Managing of data backup, replication, recovery and archive processes
• Assistance with disaster recovery testing

Eze Castle Integration provides full storage management and maintenance service for hedge funds and investment management firms. For more information on SAN management or virtualization, visit our website or contact an Eze Castle Integration representative.

Industry Update: What’s Going On?

Increasing demands from hedge funds’ current and target investors are driving a variety of trends. Due diligence requirements are more advanced, as investors expect to see candid looks into a fund’s systems, disaster recovery capabilities and more. The increasing complexity of investments is also driving the need for more complex systems to handle these instruments.

Firms are starting smaller in today’s environment, with many starting with under $100mm in assets under management. Startup funds are looking for technology solutions to complement their size and give them the tools to efficiently run their businesses.

The Key Driver for Application Solutions? Managing Risk.

When it comes to implementing applications, there are many considerations to think about, some of which include addressing investor due diligence concerns, addressing regulatory requirements, and supporting client service demands. The most importance goal for many firms, however, is mitigating risk. There are three types of risk to manage:

1. Operational. A firm without a system already in place has most likely used Excel. It is important to transfer spreadsheets into an application because these systems are made to support the direct investment decision process, and therefore all data must be correct.

2. Counterparty. Firms need to be able to connect with a multitude of third parties, including fund administrators and prime brokers. Clients now want to be more operative, and therefore use multi-prime environments in which counter-parties have different specializations utilized by the firm. Many more firms now foster these counter-party relationships, and therefore need a system to bring everything together into one holistic setting.

3. Investment. Investment decision makers want to see accurate information. A research management system, for example, would allow a firm to track and save their investment research and choices for a possible audit.

Deploying Your Application: Top Considerations

When deploying an application, a firm must consider not only the up-front, short-term costs of supporting the application, but also the long-term costs. The firm must be sure that the overhead expense of the application is not too much of a burden on the business.

An application that is being deployed must be scalable. A firm may want to start with an application on a smaller scale, whose base can grow as the company does. The firm should be sure that the application being used will not force an arrangement that will limit its ability to scale up in the future.

Infrastructure Options: On-premise vs. Cloud

Deciding where to host your application is a major consideration. Many firms today are opting to host their apps in the cloud, an option that provides for more flexibility and cost-effectiveness. Beyond the on-premise vs. cloud debate is the decision about whether to utilize a public or private cloud.

Security continues to be the biggest concern in regards to the public cloud. Investors want to make sure that their data is as secure as possible because it is a fundamental part of the fund’s core. Access into private clouds is much more controlled, and there are fewer questions about the encryption of data at rest and the ability to access that data. A public cloud provider will make sure that its physical infrastructure is up and running, but will not necessarily be concerned about whether or not their clients’ applications are functional. Therefore, working with a smaller, niche provider may be better for many firms.

The Right Time to Implement an Application

Many more start-up funds are now bringing applications in on day one because they do not want to deal with the conversion and transfer of the data at a later date, and the cost is much more affordable from the get-go. However the firm philosophy also plays a part in the timing of an application’s implementation particularly depending on whether the firm is relying on outsourced application services or hosting their applications in-house. Budget may also play a large role here.

Application Provider Must-Haves

1. People. The application and/or hosting provider must have a structure that allows for them to be available when needed (whether through a help desk, etc.), and must be able to comfortably adapt to changes in its clients’ businesses.

2. Scalability. The provider must be able to be there for the long run, providing a system that handles the company’s growth without having to reinstall a new system and convert the data.

3. Strong Ecosystem Support. Firms can turn to the experts and create trusted partnerships with counterparties and consultants who have worked with similar client types (which will allow for them to understand the products being provided).

4. Ease of Use. This is not as important as the above three because most systems have the same functionality. A firm must survey the big picture when it comes to choosing a provider.

When it comes to evaluating which application vendor is right for your business, here are five key questions to ask:

• Does your software work in hosted environment?
• How is the application deployed? (e.g. via the Internet, Citrix, etc.)
• Are there any limitations?
• Do you have recommended hosting partners?
• Will there be any changes to my Service Level Agreement?

If you would like to speak to an Eze Castle representative about application hosting at your firm, please contact us today!

Service Provider Reports: Balancing Bias with Value

First up are free reports from hedge fund service providers such as Eze Castle Integration. Each year we publish a benchmark study that outlines top applications used in select front, middle and back office categories by hedge funds. This report will provide a baseline of the top three application vendors used in each category, but doesn’t dive into specific feature sets. The report can be downloaded HERE.

Vendor reports can be helpful in getting an initial understanding of the most frequently used applications and top features used by firms. You should always consider the source, as some vendor reports or whitepapers will be biased.

Industry Analyst Reports: Balancing Cost with Real Life

Next up are analyst groups, such as Aite Group, Celent and CEB TowerGroup, who regularly publish reports looking at hedge fund applications. Aite Group, for example, published a report titled “Buy-Side OMS Market Update 2013: Calm Before the Storm?” in March 2013. These reports can provide insight into the top application players in each market. It should be noted that some reports must be purchased, and free ones may be slightly biased if they are funded by an application vendor.

Here is a handy list of where to find reports published by these firms:

• Aite Group: HERE

• CEB TowerGroup: HERE

• Celent: HERE

• IDC Financial Insights: HERE

• Tabb Group: HERE

Phone a Friend

Finally, talking to hedge fund peers is extremely valuable in understanding the strengths and weaknesses of various applications. In addition to calling the references provided by the vendors (who you can assume are happy), try and find a few other users to speak with. Here are some questions to ask:

• How long have you been using the application?
• Did you receive any incentive for being a customer reference?
• Why did you select this application?
• Has the application met your expectations?
• What are the most important features to your firm?
• Did your firm customize the application? If so, what was that process like?
• What features do you wish they would add to the application? Areas for improvement?
• How responsive is customer support?
• Is there anything you would have done differently as part of the selection or implementation process?

Happy App Searching!

P.S. Here is another link to our 2012 Hedge Fund Technology Benchmark Study.

Achieving Institutional-Grade Technology

It’s 2013. Funds that lack a robust technology infrastructure to support their daily operations will struggle to meet the high expectations of investors, regulators and other stakeholders. Regardless of the size of your fund at the time of launch, there are certain key technological priorities all managers will need to address.

During this panel discussion, speakers from Evercore Partners, eSentire, and Eze Castle Integration shared their expertise on the essential IT requirements for hedge funds. Some of the most critical considerations they mentioned were the importance and widespread adoption of the cloud, disaster recovery and security.

Application Platforms for Successful Hedge Fund Operations

Now that the adoption of cloud technology has become widespread in the investment industry, the conversation is beginning to shift. Which of a firm’s essential applications should be hosted on a cloud-based platform? Which types of hosted applications should new fund managers ensure they have in place in order to satisfy investor requirements?

During this panel, experts from financial application vendors Eze Software Group, Advent and Code Red addressed the key considerations for new funds when it comes to determining when is the right time to implement certain apps, whether to host them in the cloud, and how to go about vendor selection. They stressed that the environment is constantly changing, so it’s crucial to be in tune with what functionality your firm requires, as well as what your investors want to see in place -- and these often evolve over time.

*Shameless Plug: To learn more about application hosting, be sure to attend our upcoming webinar, App Hosting 101: Managing Your Fund’s Essential Applications in the Cloud, on Tuesday, May 21.

Corporate Essentials: Human Resources, Insurance and Real Estate

As we mentioned in Tuesday’s post, this was one of the panels we were most looking forward to, and it certainly did not disappoint!

As you’d probably expect, most new hedge fund managers are highly focused on raising capital. This panel, on the other hand, dove more deeply into some often overlooked aspects of starting a new company: employee compensation and benefits, talent recruiting and management, insurance and real estate. Experts from McLagan, Ambrose, Newmark Grubb Knight Frank and Lenox Advisors came together to talk about some important considerations within these disciplines. Discussion centered on these main areas:

• Human resources essentials, such as compensation structures and benefits packages
• The types of insurance businesses require, and when new fund managers should consider implementing them
• The importance of instituting a strong HR infrastructure and policies even before a firm has a large staff in place
• Real estate options and the state of the New York City real estate market
• Compliance concerns

To learn more about how to launch a hedge fund, download our FREE 42-page guidebook, A Manager’s Guide to Establishing a Hedge Fund.

Human Resources

• Essential components of a human resources infrastructure
• Front and back office staffing requirements
• Employee benefits typically provided by hedge funds

Compensation

• Typical compensation structures for front, middle and back office
• Compensation trends in financial services
• ‘Hot’ functions in terms of recruiting and compensation

Insurance

• The types of insurance needed for a business, including professional liability, employment practices liability, and property & casualty
• The right time to investigate insurance options for your hedge fund
• The effect of the Affordable Care Act/Healthcare Reform on hedge fund insurance decision-making

Real Estate

• The real estate options available to new startup funds, including hedge fund hotels, commercial space and subleases
• The state of real estate in New York City
• Considerations for evaluating office space

Be sure to come back to the Hedge IT on Thursday for a recap of our Hedge Fund Launch 2.0 event! In the meantime, download our brand new Manager’s Guide to Establishing a Hedge Fund.

• First and foremost, they allow data collection for intelligence and computer network attack purposes.

• Second, they can be employed to constrain an adversary’s actions or slow response time by targeting network-based logistics, communications, and commercial activities.

• Third, they can serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict.

In other cyber security news, the UK is setting up a new £7.5 million government fund as part of the National Cyber-Security Strategy to create two research centers to combat the increasing threat of cyber-attacks.

And finally, this week Japan and the US held the first bilateral comprehensive dialogue on cyber security with the goal of establishing international rule and discussing countermeasures to cyber-attacks.

Here is a snapshot to recap this week in Cyber Security.

Be sure to check out these helpful security articles:

• Best Practices for Managing Security Risks (Webinar Recap)

• Hackers are Watching: New security threats facing investment firms

• Sneak Peak: Hedge Fund Manager's Guide to IT Security

The Questions

• Provide an overview of your IT and telecom infrastructure. Please specify whether this solution is hosted onsite, outsourced to a cloud/hosting provider or whether you use a variety of approaches.

• Where are your primary, secondary, business continuity and disaster recovery data centers located and what technology is located in each?

• Who is responsible for IT support? Describe the service they provide.

• Please list any outsourced technology service providers. Please give an overview of the providers and their credentials, as well as background of the relationship.

• Describe your physical and application security protocols to protect building, office, hardware, and data accessibility.

• Detail user login and password requirements for staff accessing systems while in the office as well as remotely.

• Describe your process for application/system change management, including:
  • Who is responsible for authorizing changes,
  • Who has access to the development and production environments, and
  • The process to release code/changes into the production environment.

• Describe the organization’s Business Continuity and Disaster Recovery philosophy and provisions, including any relationships with third-party providers.

• Describe your provisions for data back-up, including the frequencies and methods of the back-up. How would data be restored in the event of a loss, and how long would this take? How would you operate in the meantime?

• What would happen in the event that a key decision maker became incapacitated, for example the chief investment officer or portfolio management staff?

• How often is the BCP/DR plan tested? What was the last test date and describe the results.

In addition to downloading our complete IT DDQ list, you can also check out these articles:

• What are Investors Thinking...When it Comes to Hedge Fund IT?

• I’m Launching a Hedge Fund. What Tech Questions Do I Ask?

• Taking the Cloud Security Exam (aka Hedge Fund Checklist)

Social Media Trends

In recent years, social media usage has expanded rapidly in the business sector. Of the various social media offerings currently available, Twitter, Facebook and LinkedIn tend to be the most widely utilized within business settings. Reasons for connecting through various social networking websites range from a desire to keep in touch with friends and family to researching products and services and keeping up with news. Social networking comprises a huge portion of the time spent online, with 25% of all time on the Internet spent on these websites. Furthermore, not only do social media users access these platforms via their computers, but 40% also visit social media sites via mobile devices. Additionally, social media applications are now the third most utilized by smartphone owners, an essential statistic for companies to keep in mind when crafting their social media policies.

Social Media and the Investment Industry

In the past, the investment industry largely avoided social media. However, more recently, many firms have begun to embrace the various social media platforms. Earlier this year, the SEC released a guidance update on social media usage, as well as a statement indicating that social media platforms are acceptable vehicles for investment firms to use for communications with the public. Leading this move towards social media is Goldman Sachs, who created a Twitter page in 2012 which now has 44,000 followers. Today, up to 50% of financial advisors now use social media to communicate with clients and other stakeholders. However, the rules and regulations regarding social media usage by investment firms continue to be highly complex, causing some hedge funds to continue steering clear of these sites.

Currently, only 1% of hedge funds are actively taking advantage of Twitter’s offerings. Despite this, firms' employees are increasingly using social media platforms on their own, which is why it's becoming more and more important for firms to develop a social media usage policy to govern these online communciations.

Here at Eze Castle, we're seeing hedge funds handling the changing regulatory landscape regarding social media in the following ways:

1. A small percentage of firms take the approach of completely blocking all social media use by employees.
2. Some firms take the approach of blocking just the communications side of social media sites in the workplace.
3. A large number of firms do not limit social media usage at all.

How do regulators view social media?

In the eyes of regulators, social media is viewed in the same regard as other forms of electronic communication. The SEC has deemed social media a suitable platform for distributing public information, as long as the public is directed where to look for it. Specifically, social media falls under the existing “media-neutral” requirements, including the following:

• Record Keeping. Firms must be able to capture and preserve all electronic business records.

• Supervision. Firms must supervise and enforce supervisory policies.

• Audit Readiness. Firms must consider their preparation for an audit when producing data for auditors.

• Social Media Specific. Before engaging with social media, firms must be certain that they have the technology required to record and retain their communications.

However, there are also some key differences to be aware of when it comes to social media communications. These include:

• Static Content. Static content is content that remains posted until changed by the firm or individual, and is accessible to all website visitors. This type of content -- including initial tweets, Facebook wall posts and LinkedIn network updates -- necessitates principal pre-approval.

• Interactive Content. Interactive content is considered real-time communication and requires supervision after the fact, on a risk basis. This type of content ranges from emails, IMs and Facebook wall comments to LinkedIn network comments and retweets.

• Linking to Third-Party Content. When linking to third-party content, firms are responsible for the content of linked sites and what reps endorse. It is vital to be aware of the fact that “linking” or endorsing can trigger entanglement principles. Examples of this include Facebook “likes,” Twitter “retweets” and LinkedIn “recommendations.”

Personal vs. Corporate Information

Even as some investment firms are still steering clear of social media, there is an increasingly indistinct boundary between the personal and professional realms of social media usage, especially with the rise of LinkedIn. Social media platforms such as LinkedIn also pose further challenges to firms because, unlike email, employees own and control most social media accounts. One way to handle this challenge is to require employees to opt in for social media archiving. To protect employee privacy, firms must ensure that employee passwords will not be shared. Also, firms must ensure that their social media compliance solution covers content originating from mobile devices, home computers and public computers.

Best Practices for Creating a Social Media Policy

When crafting a social media policy, investment firms should use the following three questions to frame their approach:

1. Is it appropriate or necessary for employees to visit social media sites such as Facebook, LinkedIn or Twitter during the work day?
2. Are employees considered to be representatives of the company in their online interactions?
3. Is it the firm’s responsibility to limit or control what employees are able to access on the Internet while at work?

There are also a variety of other considerations that go into drafting a successful social media policy. These include:

• Representation. Employees must not represent their opinions published through social media channels as those of the company. If an employee has chosen to document his or her relationship with the firm, he or she must take care to guarantee all online actions and opinions reflect those of the firm.

• Defamation. Employees must not defame or post any type of abusive content online, under any circumstances. The firm policy should clarify that any such actions will result in disciplinary action for the offending employee.

• Responsibility. Employees must exercise strong judgment whenever using the Internet, and should expect to be responsible for any liabilities that arise from their online interactions.

• Time. Employees should be sure that their social media interactions do not become so time consuming that their work performance is negatively impacted.

• Record Keeping. If employees choose to communicate through social networking sites, firms should implement social media archiving technology such as the solutions provided by Global Relay to ensure compliance.

• Regulations. A company’s social media policy should reflect the current regulatory requirements.

For more information on social media compliance for investment firms, contact an Eze Castle Integration representative. In the meantime, check out the full replay from our webinar, “Going Social: What Investment Firms Need to Know about Social Media Compliance” featuring Global Relay.

Our Favorite Topics

The A-List Speakers

The Best (and most fun!) Networking Opportunities

On Wednesday, May 8 and Thursday, May 9, Eze Castle Integration is teaming up with Eze Software Group to host a Cabana Party at the Bellagio Pool! Stop by to meet our team members, talk tech, have a cocktail and enjoy the beautiful Las Vegas weather!

Here are a few other SALT-sponsored events we'd highly recommend checking out:

• Fiesta Latina: A Poolside Party of Food, Drink & Entertainment (Wednesday, 8:00pm, Bellagio Pool)
• Starry Night: A Night of Cocktails & Entertainment Featuring Grammy Award-Winning Band TRAIN (Thursday, 8:30pm Bellagio Ballroom)

For more information on next week’s SALT Conference, visit http://www.saltconference.com/. If you’re planning to attend this event, be sure to let us know, and stop by the Eze Cabana Party!

• Reduce hardware and networking costs

• Increase the benefits of virtualization

• Support aggressive service levels with RPOs of seconds and RTOs of minutes

• Leverage a simple product or a simple service for simple disaster recovery

You can check out the entire discussion below.

For more information, or to speak with a liquidity management expert, contact an Eze Castle Integration representative, or visit the Ledgex Systems website.

Image credits: Google, Sungard

Business Continuity Planning

Although many companies recognize the importance of crafting an effective business continuity plan, few actually feel that they have prepared one adequately. According to Continuity Compliance, while 70% of businesses have created a robust business continuity and emergency response plan, only 25% have also accounted for human resiliency. Furthermore, a recent survey commissioned by the Ad Council found that only 17% of the 60% of Americans that feel preparation for natural or manmade disasters is essential consider themselves to be very prepared for an emergency situation.

Business Impact Analysis

There are several areas companies should cover when developing a business continuity plan. The first step for putting together your plan is developing the Business Impact Analysis. This is the foundation of the business continuity plan and determines what the firm needs to focus on protecting. An essential component of the firm that needs to be protected is its employees. When looking at employees, consider:

• How they are going to recover;

• Where they are going to go; and

• What resources they will need (applications, data, and what resources they can access at home).

Strategies

The second step is to analyze the strategies used by the company and its employees in order to identify the company’s risks and exposures. The plan must examine potential scenarios and decide the most effective way to react to them.

Communications

The third step is to identify the most effective way to provide information about particular scenarios to employees, internally and externally.

Employee Resources

In order to efficiently deal with a potential emergency incident, specific steps must be taken in order to ensure the safety of each employee. These include:

• Ensuring employee specific documentation: Information contained in the business continuity plan is contained on Quick Reference Cards, Wallet Cards, or Regional Reference Guides.

• Mapping out employee locations: It is essential to map out where employees are located in regards to the office, in order to recover most effectively during an emergency incident.

• Developing manager guides: Develop manager guides in order to validate employee remote connectivity, redirect incoming calls, and secure contact information in case of an emergency.

Testing

One of the most important aspects of developing a successful business continuity plan is undergoing testing (we recommend at least twice per year). Every aspect of the plan needs to be tested, although it is not necessary for them all to be tested at once. Here are some tips to keep in mind when developing the plan:

• Make the scenario real

• Test it bi-annually

• Ensure participation from all business units

• Test on a slow day

• Test each component of the plan

• Document all issues, resolutions, and results

Preparing Your Employees

• Critical Contacts: Ensure that critical contacts are available outside of the office. These include both critical people and businesses such as members of the household, insurance agents, schools, places of employment for family members, local hotels, and healthcare providers.

• Build your Emergency Kit: Make sure that employees take care to build emergency kits and know where to access them inside and outside of the office. Suggested resources include a first aid kit, photo ID, cash, aspirin or tylenol, blankets, clothes, water, canned food, maps, battery-powered radio, pocket knife, flashlight, matches, and candles.

• Considerations: Employees should take care to prepare for an emergecy if time allows, and consider if they have enough of the above resources to be prepared for an emergency. Preparing in advance will also alleviate stress during the incident. Other items to stock up on include gas for the car and fully charged electronic equipment. Employees may also want to consider investing in a Power Dome, which allows electronics to be charged even if there is a lack of power.

• Recommendations: Employees should make sure that they are aware of where they can receive vital information at the time of an incident. Some of these places include emergency management agencies, local news, local hospitals, emergency radio stations and social media outlets.

To watch the complete replay of our BCP Tips webinar, click here or click the video below.

• VMware Horizon View

• VMware Horizon Mirage

• VMware Horizon Workspace

• VMware Horizon Suite

Here’s a quick video to hear VMware’s strategy straight from the proverbial horse’s mouth:

Wait One Second!

While people are rushing out to purchase the new device, it is important to understand that the new device is quite different from previous versions, and I don’t mean from a look and feel perspective (well, that too.) The BlackBerry 10 operating system uses ActiveSync (think Android, iPhones and Windows Phones), which means that they cannot be managed from an existing Blackberry Enterprise Server (BES).

This has implications for corporate users and IT departments. Chances are your IT department already has a plan in place to support the new device, but it is important to check before purchasing the BlackBerry 10.

How is it Different?

Let’s get semi-technical here. The BlackBerry Z10 devices need to be managed from a BlackBerry Enterprise Service 10 server, which is an upgrade from BES 5. BlackBerry is allowing customers to trade up their existing licenses for the new BES 10 for free (learn how here).

However, this new software cannot be installed on the same server as an existing BES version. Previous BlackBerry devices (software running 7, 6, 5) cannot be managed directly by BES 10, which means that an additional server may be required if there are users with new and old BlackBerry devices.

Now if your firm has already embraced the bring your own device (BYOD) trend and is using Androids/iPhones/Windows phones with a TMG/NetScaler, there is a good chance the BlackBerry 10 devices can be configured to send and receive email easily. To receive added functionality and security (like that of BES 5) a Blackberry Enterprise Service 10 – Enterprise Mobility Management is needed.

What Now?

Check with IT or your trusty service provider (Eze Castle Integration!) to discuss how you can start using the BlackBerry Z10.

The Legal Perspective of Retaining Social Messages

According to the SEC’s Rule 17a-4(b), registered investment advisers and broker-dealers should archive (think Eze Archiving!) all business communications on social media for a minimum of three years. As the frequency of discovery audits continues to rise, firms should ensure these communications are easily searchable and can be recovered quickly in the event of an SEC inquiry.

Additionally, Section 24(b) of the Investment Company Act of 1940 requires investment firms to file all advertisements or other promotional materials to investors within 10 days of their release. A 2010 update to this regulation issued by FINRA declared that interactive content on social media platforms qualifies as advertising, and therefore falls under Section 24(b). The FINRA update also states that social media content falls under the jurisdiction of Rule 482 which requires firms to file registered investment company performance ads and promotional content.

New Guidance from the SEC

Since these FINRA updates were announced in 2010, little advancement has been made in the regulation of social media correspondence by investment organizations – until about two weeks ago.

On March 15^th the SEC issued its first “Guidance Update,” which – according to the Commission’s press release – will be the first in a series of upcoming guidances designed to express its views on emerging technologies and issues. The goal is to “increase transparency and enhance compliance with the federal securities laws and regulations.” And then today, the SEC officially stated that social media is okay for company announcements as long as investors have been alerted about which social media will be used to disseminate such information.

This first SEC Guidance Update addresses the requirement of investment firms to archive content that is posted on real-time social media sites such as Facebook and Twitter. The SEC notes that many firms have been extremely thorough in their compliance efforts, and have been filing nearly all of their social media correspondences (well done, fund managers!) regardless of content or context.

The new Guidance Update indicates that investment companies can now relax this practice somewhat, and need not file ALL social media content. Instead, consider the content, context and presentation of the communications in order to determine whether they are within the jurisdiction of the pertinent SEC rules and regulations. For instance, firms do not need to file social media correspondence that is simply a response to a question or sharing of existing content from another source.

According to the legal experts at Bingham, the following types of online communications are examples of those which do not need to be filed according to the most recent guidance:

• Content which only contains incidental mention of the fund’s name

• Incidental use of the word “performance”

• A factual statement including a hyperlink to a fund prospectus or to information already filed in accordance with SEC regulations

• A factual statement not related to a discussion of the investment merits of a fund which includes a hyperlink to general financial information

• Responses to another social media user’s inquiry in which “discrete factual information” is conveyed, and/or a hyperlink to sales literature is shared

Key Takeaways

This new SEC update is a sign that regulators are aware of the importance of social media communication in today’s business world. By clarifying the types of content that do and do not need to be filed, they’re paving the way for more real-time interaction between investment organizations and their online communities.

As your firm moves forward with incorporating social media into its business strategy, it’s important to develop a written social media usage policy to outline acceptable and unacceptable use of social media for employees. This is a highly recommended best practice for managing effective social media campaigns, especially given the uptick in discovery audits administered by the SEC.

Additionally, firms should utilize social media archiving tools such as Eze Archiving to ensure compliance with SEC regulations. As Twitter and Facebook become mainstream platforms for communication in the financial services industry, you’ll want to ensure your firm is always putting its best foot forward on all interactive social media sites.

To learn more about social media compliance for investment management firms, be sure to check out these helpful articles:

• What's Hot: Social Media Compliance and Archiving for Investment Advisers

• How To Implement A Social Media Policy For Your Firm

• Hedge Fund Tech Compliance: Archiving, Security & Mobile Device Management

• The business case for moving apps to the cloud
• What applications are ideally suited for a cloud environment?
• Evaluating providers and putting SLAs in place

Cloud Security: The last and most talked about topic was cloud security. Security still remains a top concern for firms when evaluating moving into the cloud.

Last year, Eze Castle Integration conducted a survey of 125 financial services firms to learn how hedge funds and investments firms are currently using cloud services, as well as to provide insight into the factors influencing this growing trend and the barriers to adopting the cloud. According to the survey, concerns about security was top followed by concerns about meeting regulatory or compliance requirements.

Find out more about the cloud! Check out the useful resources below:

Cloud Forum - 100% dedicated to the topic of cloud computing for hedge funds and investment firms, the Cloud Forum has a wealth of information available via articles, videos, whitepapers and much more.

Also, be sure to download our 2013 Guide to Cloud Computing in the Hedge Fund Industry. This comprehensive guidebook examines:

• Why Are Firms Going to the Cloud?
• Public and Private Clouds: Why Private?
• What Are the Use Cases for the Cloud?
• Secure Computing in the Cloud
• Checklist Questions to Ask Cloud Providers

The Current Scope of Cyber Threats

In his March 12^th address to congress, Director of National Intelligence James R. Clapper identified cyber attacks as the most immediate threat to global security. Clapper’s remarks emphasize the importance taking measures to prevent cyber attacks today. These intrusions can originate from a variety of sources, including:

• criminal organizations
• nation states
• insiders
• “hacktivist” groups such as Anonymous

It is widely believed that government support is making hacker groups more powerful than ever. Currently, one of the largest threats to cyber-security originates from a China-based group known as Unit 61389 of the People’s Liberation Army. According to a report produced by Mandiant, an information security company, the group is comprised of up to a thousand members, and has been responsible for stealing hundreds of terabytes of data from 141 companies in 20 industries. Groups similar to Unit 61389 have cropped up in other countries as well.

According to the 2012 Verizon Data Breach Investigations Report, an international study of cyber-security violations:

• 70% of cyber attacks target large organizations (over 1,000 employees)
• 50% of intrusions take several months or even years to be recognized by the victim organization
• 75% of the time it takes several days to steal data from larger companies

So, what should you be aware of to help protect your firm from an intrusion? There are a variety of sources from which cyber attacks can originate, including:

• Phishing scams: In these scenarios, a member of the organization receives a socially engineered email attempting to steal information. Upon opening the email, the employee allows the malware to infiltrate the network.

• USB media devices: This is a very common source of attack that has been widely improved over the years. In this case, an infected USB drive is dropped or left unattended in a public space, intending to be picked by a well-meaning employee who will plug it into his or her computer to see who the device belongs to. Once plugged in, the device emits malware into the network.

• Universal Plug & Play (UPnP): UPnP allows computers and other network-enabled devices to efficiently communicate with one another. Recently, however, these devices have come under harsh criticism due to a variety of security weaknesses such as programming flaws and a lack of required authentication, making the devices easy targets for viral attacks.

• Malware via Drive-by Download: Drive-by downloads occur when a person downloads an infection, either knowingly or without understanding the consequences. The infection typically takes the form of a computer virus, spyware, malware or crimeware.

The Future of Cyber Security

Increasingly, security threats threatening the investment management industry are low volume, high value (aka targeted) in nature. In these cases, the attacker possesses a great deal of knowledge regarding the value of the victimized company’s assets, and wants to steal this information for his or her own benefit. These attackers will employ intricate plots to gain access to the information. The problem with typical security protection programs such as anti-virus software and firewalls is that they are not preventative, and can only identify threats that have already occurred.The industry has been shifting from the use of managed security service provider (MSSP) to continuous monitoring as a service (CMaaS). The primary components of CMaaS are:

• Sensor on the Network: Network sensors gather data.

• Risk-Status Displays: Data is gathered from the sensors and used to develop reports.

• Security Consulting: Security experts analyze the reports so that they can develop appropriate security measures.

• Real-time Detection and Mitigation: Security firms such as eSentire have added this step due to the belief that security concerns need to be resolved immediately rather than after they have occurred.

Tips to Protect Your Firm Against Malware and Hacking

eSentire has developed a list of steps hedge funds should follow to protect themselves against security threats. The steps are based off the concept of the cyber kill chain, which states that the earlier a threat is recognized, the better.

• Perform a vulnerability assessment. It is essential that companies authenticate firewall configuration and anti-virus patching, network device security and evidence of criminal activity. You'll want to know where vulnerabilities exist before implementing additional security measures.

• Establish privileged access to core data. Companies should only designate access to necessary employees and place private data on password-backed servers.

• Develop an Acceptable Usage Policy. Firms should ensure that their Acceptable Usage Policy provides guidelines for software downloads, personal mobile devices, cloud-based email and storage services as well as the access and distribution of privileged data.

• Engage real-time intrusion detection/mitigation solutions. Be sure to track and observe all network actions to be aware of breaches, attacks or the access of sensitive information.

• Establish legal safeguards. Companies should ensure that they utilize confidentiality, non-disclosure, non-competition and non-solicitation arrangements to protect intellectual property.

• Know who you're hiring. Employers should screen employees pre-hire and conduct trainings to make all employees aware of appropriate and inappropriate conduct, contractual arrangements and firm policies and procedures.

• Monitor and log network activity. Restrict electronic transfers, enforce password protection, encrypt computer systems, limit accessibility to core assets, and observe and track all network and email actions.

Policies & Procedures

Here at Eze Castle, we recommend that all hedge funds employ multiple layers of security to reduce the amount of undesired traffic on the network, and thereby reduce the opportunities for a security breach. This is often called the Principle of Defense in Depth. Examples of defense layers may include having Windows protected by anti-virus software with up-to-date virus definitions and all Internet and DMZ facing hosts protected by OSSEC host-based intrusion detection.

In addition to these layers, we also recommend that investment firms employ the following policies and procedures to ensure their critical systems and data do not fall into the wrong hands.

• Principle of Least Privilege: This involves restricting access to only those employees who need it. Keep access control lists on all applications and data and inbound/outbound internet access to keep track of who can gain access to what. Also, log the use of audited one-time passwords and minimum privilege shared accounts.

• Secure User Authentication Protocols: Secure user authentication protocols include:
  • Assigning unique domain user IDs to each employee
  • Implementing strong domain password policies
  • Monitoring data security passwords and ensuring that they are kept in a secure location
  • Limiting access to only active users and active user accounts

• Information Management Security Policy: Develop a plan that details how the firm will handle a security incident. The plan should outline who is in charge of managing a security incident, the required reporting and investigation procedures, communications policies for contacting clients and the post-incident remediation procedures.

• Visitor/Contractor Premise Access Policy: It is essential that firms keep track of all people who have visited the site through the use of physical security checkpoints and surveillance.

• Mobile Device Policy: Develop guidelines for use of personal mobile devices in the workplace, and train staff on mobile device security. Firms should employ security measures such as requiring passwords, having the ability to remotely wipe devices and employing encryption tools.

Having a high level of security in place at your investment firm helps to restore faith in investors who are undoubtedly hearing about cyber attacks regularly in the media. Following industry best practices and implementing the appropriate tools and policies demonstrates that the firm has planned in advance instead of scrambling to handle a security breach after it has occurred. This also ensures that costly disasters are averted and normal business operations can be restored efficiently in the event of a security breach.

Click here to watch a full replay of our recent webinar, "Best Practices for Managing Security Risks."

• Investor Expectations of IT

• On-premise & Cloud solutions: Which is right?

• Security Risks & Best Practices

• Disaster Recovery How-Tos

You can watch the 30-minute webinar now or keep reading below.

What are Investors Thinking?

Today’s investors grew up with technology and as a result are asking much more detailed questions (here is a handy list). Also, just having an answer is no longer enough. So what is the perfect answer? The reality is that there isn’t one perfect answer that is right for every firm. More than looking for a specific answer, investors want to see that your answer is well thought out and logically addresses your specific fund operations.

Take security, for example. Not every firm needs every layer of security, but you do need to be able to discuss why you made the security decisions you did when it comes to protecting the fund from threats.

Here are the key areas investors are asking about:

• Annual assessment and audits

• Access control policies

• Network security policies

• Physical security policies

• Disaster recovery and business continuity plans

Going to the Clouds or Staying Firmly Planted on the Ground?

The question start up hedge funds regularly ask is, “should we go with on premise or in a private cloud?” Increasingly, the answer for new firms is the cloud. And when it comes to public versus private, we see very little adoption of public clouds in the hedge fund space for a number of reasons (service, integration with third-party applications, disaster recovery, etc).

Established hedge funds typically first enter the cloud through hosting of applications including, OMS, Risk and Accounting, or when it is time for a technology refresh. Additionally, we are increasingly seeing that hedge fund teams are small and looking for ways to leverage third-party services, such as the cloud, to streamline operations and outsource non-critical business functions.

A final note on selecting a cloud provider – be sure to have a conversation to understand how you can move your data off a cloud. With a reputable provider, migrating off a cloud should not be an arduous process (here are some handy cloud provider questions).

2013’s Hot Topic – Cyber Security

Just this week the US director of national intelligence, James Clapper, identified cyber security as the top global threat – even more treacherous than terrorism. So what is the anatomy of a cyber attack?

Many of the most successful attacks today are through malware that is delivered via email, drive-by or USB to an unsuspecting user. In the case of email malware, a user typically receives a message with a link to something that appears legitimate, such as an ADP paycheck. Clicking the link then infects the computer.

A high number of viruses are looking to take information. They want to get at financial information and other information they can sell. Basic security components that every hedge fund should already have in place include:

• Anti-virus protection

• Network firewall

• Web filtering

• Strong password policy

When it comes to passwords it is important to note that changing passwords is essential. The longer a password is out there the more damage can occur. Some hackers may just watch your email to gather information and get ahead of you in trades, for example.

More advanced security components firms should consider are:

• Intrusion detection

• Advanced Password Policy

• Multi-factor authentication

• Policies & Procedures for Security Management

Four Steps to Disaster Recovery and Business Continuity Planning

There are many steps to creating a DR and BCP, however, here are four considerations to help frame your planning.

1. Identify critical systems

2. Identify design requirements

• Look at all your systems and determine how old the data can be in the event of a disaster – this is your Recover Point Objective. When does a system need to be up and running? – this is your Recovery Time Objective.

3. Choose your DR method

• This is a discussion of on-premise versus a cloud solution. With Cloud DR, the responsibility to manage everything is removed from the hedge fund. There can be trade-offs. For example, if your trades are based on proprietary algorithms you may prefer to own the physical servers. Also, if you have in-house IT, they may prefer to manage in-house.

4. Choose a data center location/facility

• Investors are going to want to know about access controls and security at the data center.

• Half the data centers in NY lost power during Sandy. Not all of them were able to get fuel. All Eze Castle Integration data centers stayed up because we conduct extensive due diligence on all our data centers before selecting one. Be sure to do thorough due diligence on your service providers.

Want to discuss technology further? Contact us or subscribe to our Hedge IT blog.

The Good News? It has historically been that the anti-malware developers have deeper pockets than hacker groups. However, it appears that this is beginning to change. One troubling new trend that has emerged recently is state-sponsored hacking. According to a recent New York Times report, the Chinese government has been accused of fostering the efforts of hackers targeting organizations in the US and around the world to gain access to sensitive information. Similar stories have begun to surface from Russia and other nations as well. With sponsorship from national governments or other large resource pools, hackers are going to get more sophisticated and more difficult to detect.

So, what should you do to protect your fund? First, be sure to have all of the defense layers in place that we mentioned earlier, such as antivirus and antimalware tools and firewalls. You may also want to consider a more robust, comprehensive intrusion detection systems such as the one provided by our friends at eSentire, which can mitigate a potential threat before irreparable damage is done.

Once these tools are in place, fund managers should educate their employees on potential security risks and train them on best practices for mitigating those threats. Policies should be in place around:

• Access Control

• Acceptable Use

• Information Security Incident Management

• Personal Communications/Mobile Device Management

Often times, staff members don’t realize the extent of the risk to the organization if a cybersecurity attack occurs or sensitive company data is compromised. Employees who understand security threats and how to thwart them will serve as your fund’s best asset for keeping systems and information secure. Read more about Security Policies in this article.

Get even more hedge fund security tips directly from the experts! Register for our complimentary webinar “Best Practices for Managing Security Risks” taking place this Thursday, March 14th at 11:00am ET. Mark Sangster of eSentire and Steve Schoener of Eze Castle will be discussing current data protection trends in the alternative investment industry as well as best practices for ensuring your firm is secure.

What is the current state of the hedge fund industry in Asia?

Singapore and Hong Kong are the hedge fund capitals in Asia. We have seen a contrast between the status of large and small hedge funds in Asia. Many larger funds are struggling, with some shutting down, while smaller funds are increasingly doing well and delivering positive results to their investors. Both groups, however, are looking for ways to increase efficiencies and reduce costs.

Has Asia adopted the cloud?

There is a tremendous opportunity for private cloud services in Asia, however, cloud adoption in the region has yet to reach its full potential. The regulatory landscape in the UK and US, and the varying market maturity levels have fragmented the adoption of cloud computing. Many hedge funds and the alternative investment industry are still taking a measured approach to cloud computing, as the industry awaits further clarity on cloud computing regulations and better articulation of business benefits by IT vendors.

What are the barriers to cloud adoption?

Asia is a tough market to tap into, especially with increasing regulations both in the UK and US. The Alternative Investment Fund Directive (AIFMD), for example, can be one of the reasons why it could be difficult for many hedge fund managers to attract investor capital. Many managers in Asia are less inclined than their US or UK peers to make significant capital expenditures in technology on day one. Data privacy and lack of knowledge and understanding of the cloud are some of the obstacles preventing firms from benefiting from this technology.

The attitudes in Asia towards cloud computing are similar to those we had seen in the UK a few years back when cloud computing was the buzz word, but no-one really knew what the cloud was and the benefits it could bring.

What is the future for cloud computing in Asia?

There is a future for hedge funds and investment firms to adopt cloud computing in Asia. Asia offers the tallest buildings, which do not have air conditioning 24/7, so it is very difficult for firms to build out their own communications rooms on premise, and the cost of real estate, especially in Hong Kong is expensive, so the alternative for hedge fund managers is to host their infrastructure with a trusted private cloud service provider.

The cloud provides many benefits such as:

• To increase the speed of technology deployment
• To simplify IT management and support
• To improve IT flexibility and scalability of on-demand resources
• To take advantage of built-in disaster recovery and business continuity features and functionality

View our market survey on hedge funds and investment firms’ adopting the cloud. The 18-page report includes details on:

• Current & Future Adoption of Cloud Services
• Investment Firms' First Cloud Initiatives
• Cloud Deployment Models (Public vs. Private vs. Hybrid)
• Factors Influencing the Decision to Use the Cloud
• Barriers to Cloud Adoption
• Evaluation of Cloud Services Providers

• An AIF is broadly defined as any non UCITS vehicle that raises capital from a variety of investors. The majority of hedge funds, fund of hedge funds, private equity funds, real estate funds, infrastructure funds, and commodity funds will be considered AIFs.

• There will be exemptions for certain funds, such as single investor funds or managed accounts (both subject to certain conditions), as well as family offices.

• The majority of Cayman Island hedge funds, whether master or feeder or in corporate or limited partnership form will be designated as AIF. This is important to consider because several US managers manage Cayman funds in order to target their marketing efforts towards European investors.

• Each AIF must be assigned an individual alternative investment fund manager (AIFM). An AIFM is considered any business that delivers portfolio management and risk management services to one or more AIFs. The designation stands regardless of where the business is located.

• AIFMs do not have to be EU managers to be considered AIFMs. If a US manager is providing an AIF with portfolio management services or risk management services, they will be considered a non-EU AIFM. Every AIF must possess a single AIFM.

• US based firms that are only engaging in US business will be designated as non-EU AIFMs under the AIFMD.

• It is essential that US entities with EU affiliates examine which entity will be considered the AIFM, due to the fact that the regulations governing EU AIFMs are significantly more burdensome.

• The decision regarding which entity will be considered the AIFM should largely be founded on the degree to which investment management functions (defined by the directive as being portfolio management and risk management) are performed in either the US or by an EU affiliate.

• US firms managing an EU-based AIF or marketing a non-EU based AIF to EU investors will be caught by AIFMD.

Which US Managers are within Scope?
The level to which US managers are impacted depends on whether they manage EU AIFs or market non-EU AIFs to European investors. If US managers are not marketing their funds to EU investors, then they should fall outside the scope of AIFMD and will not be impacted by the regulations. When determining whether your firm and funds are within scope, keep the following in mind:

• According to the AIFMD, marketing is defined as a “direct or indirect offering or placement at the initiative of the AIFM, or by another firm acting on behalf of the AIFM.

• Another key area to look out for is passive marketing, also known as reverse solicitation. In this case, investors contact the manager directly to express interest in the AIF. Reverse solicitation is considered outside of the scope of AIFMD. Managers who engage in this type of marketing should have clear practices and controls in place to ensure their efforts are not viewed as active marketing.

• US managers not marketing their non-EU or EU funds to EU investors should not be subject to the AIFMD regulations even if EU investors occupy the funds.

• EU countries employ different laws governing direct marketing to professional investors through national private placement regimes (NPPR). This will be the only route to actively market to EU investors, at least until 2015. Also, in many European countries private placement is not allowed, so it’s essential that managers are familiar with the rules of the particular EU country in which they intend to market.

What Will Change?
With the onset of AIFMD, managers can anticipate a variety of changes that will characterize the alternative investment industry. Beginning on July 22nd, 2013, US managers marketing an EU AIF or a non-EU AIF in an EU state under NPPR must satisfy certain transparency and reporting requirements. These include:

• Making disclosures to their investors pre investment;

• Publishing an annual report for the pertinent AIF and;

• Reporting to national regulators in the countries that AIF is being marketed into.

The Future

• From July 2015, there is a possibility that EU managers will be able to access the pan-European marketing passport subject to becoming authorized under the AIFMD and complying with the full requirements of the directive.

• From 2015 onwards, non-EU AIFMs managing EU AIFs may also be required by the AIFMD to become authorized. In this case, they would also be able to access the EU marketing passport.

• From July 2018 onwards, there is the potential that the existing NPPR may cease altogether. In this case, managers with the desire to market an AIF within the EU would need to be authorized under AIFMD in order to access the EU marketing passport.

The AIFMD is a complex regulation and US managers should consult their professional advisors for further specific advice as to how it will impact their business.

For more on hedge fund regulations and AIFMD, check out these articles:

• A Snapshot of US Financial Regulation in 2013

• The SEC Wants to Know How Your BCP Fared During Hurricane Sandy

• Hedge Fund Form PF: Getting the compliance basics right

Enjoy! (And be sure to click into the presentation to experince our winners.)

Managing Security Threats Facing Hedge Funds

Most successful cybersecurity attacks in today’s environment occur via three different methods: malware via email, malware via a website download (drive-by download or man-in-the-middle) and transfer via USB. In most cases, an employee will download an unsuspecting virus or open an unsuspecting email, triggering a malware attack that could open the door for further intrusion. Alternatively, a trend becoming more common is the threat of employees transferring information onto USB drives (whether knowingly or unknowingly), resulting in an internal security breach. Externally –and regardless of the intrusion method – attacks typically follow a similar path from start to finish. Global security firm Lockheed Martin has identified steps to what they call the “cyber kill chain.”

• Reconnaissance: Collecting information and learning about the internal structure of the host organization
• Weaponization: How the attacker packages the threat for delivery
• Delivery: The actual delivery of the threat (via email, web, USB, etc.)
• Exploitation: Once the host is compromised, the attacker can take advantage and conduct further attacks
• Installation: Installing the actual malware, for example
• Command & Control: Setting up controls so the attacker can have future access to the host’s network
• Actions or Objections: The attacker meets his/her goal (e.g. stealing information, gaining elevated privileges or damaging the host completely)

While these steps may seem well thought-out and can be easily executed by an attacker, the benefit to understanding the cyber kill chain is that it gives the host a chance to counteract. The sooner into the cyber kill chain the host can identify the threat, the better chance it has of thwarting it. And there are several options for thwarting attacks, depending on the stage in which the attack is identified.

Mitigation activities on the host’s part can include: detection, denial, disruption, degradation, deception and destruction. Creating a course of action based on various scenarios and a firm’s current abilities to thwart attacks can gauge effectiveness against such intrusions and provide areas for improvement in a firm’s defense strategy. As part of an overall strategy, firms should also look to implement the following simple best practices to help prevent costly attacks:

• Enforce strong passwords and (at least) two-factor authentication
• Remove local administrative privileges when possible
• Keep patches up-to-date for Microsoft, Adobe, Java Runtime and browsers (the most common threats originate here)
• Restrict executable downloads and installations

In addition to implementing technical measures to protect their infrastructures, firms must also employ operational policies and procedures to document incidents and provide transparency to investors and auditors.

Mobile Device Security: Navigating the BYOD Trend

By allowing employees to supply their own devices, an organization inherently loses control over the hardware, how it is used and must ask the question how the company can be affected. Governing the fine line between personal and professional use on the same device can be challenging. But without clearly defined policies in place companies are making themselves vulnerable to a number of security risks.

For instance, 48% of respondents in a recent InformationWeek survey indicated that employees within their organizations had their mobile devices lost or stolen in the past year, with 12% of those cases requiring public disclosure, causing inevitable harm to the business. If proper security measures are not in place, the information contained on that device could become accessible to unauthorized parties and the company's reputation may suffer irreparable damage.

Additionally, there are many security risks involved in using one’s personal device for business purposes that most users may not even be aware of. Many popular smartphone apps, such as public file transfer services, could allow sensitive information to be easily intercepted. Other common activities that could result in leakage of sensitive data include using personal devices to automatically forward work emails to public webmail services and using smartphones to create open Wi-Fi hotspots. Both of these practices make a company’s data extremely vulnerable to hackers.

But there are steps you can take to protect your firm from BYOD security threats – we outline these in our Best Practices for Managing IT Security Risks Guide.

Additional topics covered in the Guide include:

• Working with Service Providers
• Hedge Fund Cloud Security Checklist (See how Eze Castle Integration fared on this test HERE)
• Looking Ahead

For more information on cloud services for hedge funds, download our Guide to Cloud Computing in the Hedge Fund Industry.

• Every child deserves the right to a quality education.
• Education is the key to unlocking a brighter future and breaking the cycle of homelessness.
• Community support is vital in helping achieve the goal of providing academic stability and hope for all children who have no permanent home.

School on Wheels achieves these goals through a variety of programs, most notably its volunteer tutor program, which trains and matches tutors to homeless students in the community. Tutors are trained and paired with one student in order to ensure a sense of stability, and assist students with not only school related projects but also confidence building exercises. Volunteers also work with the students to help them stay on track in school and reach their educational goals, which include attending college. Through its High School Plus Program, School on Wheels of MA has already helped 15 homeless students reach college.

To support this worthy organization, Eze Castle is hosting a social media fundraiser during which we pledge to donate $1.00 to School on Wheels (up to $1,000) for every new “like” we receive on our Facebook page and every new Twitter follower obtained between February 14, 2013 and March 14, 2013.

Please take a moment and “like” us on Facebook or follow us on Twitter to help us support this amazing cause. In addition to the good karma you’ll earn, you’ll also have the added benefit of enjoying innovative hedge fund technology insights and news directly on your Facebook and Twitter feeds!

With the new Z10, BlackBerry has moved away from their traditional screen and keyboard approach to a total touch screen experience. The new device is bigger and thicker at 130mm x 65.6mm x 9mm than an iPhone but has almost everything diehard BlackBerry fans have been waiting for: a sleek, modern, and professional touch-screen with an up-to-date OS to match and 4G LTE support. But what else is new? Here at Eze Castle we have done our research and bring you all the information you need.

Interface

BlackBerry has merged home-screens, widgets, app lists and a unified inbox into one slick interface, offering up an easy-to-navigate user experience. The main home-screen comprises of 'Active Frames' (mini-applications), which gives you an overview of information from a particular app and launch the full version when tapped. Users can select up to eight of these active frames, which arrange themselves in order of most recently used, with the latest app appearing in the top left position.

BlackBerry Hub, Flow and Peek

The new operating system features a string of new additions to the BlackBerry to equip it to compete with modern smartphones. The new system will have features called the BlackBerry Hub, Flow, and Peek, which make it easier for users to move between apps, emails and social media platforms.

Keyboard

The BlackBerry Z10 has a touch screen keyboard, which includes a ‘gesture typing’ feature that allows users to ping predicated words into their messages. The new touchscreen keyboard aims to provides an effortless typing experience. It learns your writing style and suggests words to help you type faster, more accurately and with the least amount of effort.

BlackBerry Messenger (BBM)

The popular BlackBerry Messenger app has also been updated to include a video facility allowing users to chat face-to-face as well as a picture editing feature. This new picture editing feature allows the user to pinpoint and adjust elements of their picture to get the photo they want.

Camera

The new ‘Time Shift’ feature captures milliseconds before and after your photo—so you can scroll back on the dial to open and create the perfect picture. For example; open one friend’s eyes and then forward to catch your other friend smiling, before combining it all to create that picture perfect moment.

Applications

More than 70,000 apps will be available to download, including Skype, Kindle, WhatsApp and Angry Birds, however, this is still a far cry from the iPhone's nearly 750,000 apps.

Pre-loaded Apps: BlackBerry Hub, Contacts, Browser, Calendar, BBM, Text Messages, BlackBerry World, BlackBerry Remember, Docs To Go, Pictures, Music, Videos, Story Maker, Facebook^, Twitter, LinkedIn, Foursquare, BlackBerry Maps, Games, YouTube , BlackBerry Newsstand, Voice Control, Weather, Clock, Calculator, Compass, File Manager, Box, BlackBerry Connect for Dropbox, Print To Go, Smart Tags, Settings, Adobe^® Reader, Phone, Camera/Video Camera/Time Shift, Setup, Help, SIM Toolkit and Search.

Our Assessment?

Overall the BlackBerry Z10 delivers the must have features that will allow it to compete with the iPhone, however, many are wondering if it is too little to late to effectively capture market share from its strong competitors. We'll just have to wait and see user reactions. It is now available for sale in the UK, however, US users will have to wait unti March 2013 to give it a test spin.

Check out a Product Demo HERE and decide for yourself.

Subscribe to the Hedge IT Blog to stay up-to-date with the latest trends in technology.

Photo credit: http://uk.blackberry.com/

Where do I start in creating a technology budget for my hedge fund?

It is important to note that whether a firm selects to go with an in-house IT solution or cloud computing there will be implications on technology budgeting. Once in-house versus cloud is evaluated, it is important to think about the workflows and systems you use to complete your work – be it email, reports, phones, market vendor applications, and/or risk systems. You can find a technology budgeting worksheet here to help with your planning.

Why should I consider cloud computing?

Cloud computing is the preferred IT delivery model for most new hedge fund launches for a number of reasons. In fact, 8 in 10 investment management firms are using a cloud service today. The advantages of the cloud include reducing and transferring costs from CapEx to OpEx, increasing speed of technology deployment and simplifying IT management. Additionally, many private cloud solutions offer built-in disaster recovery along with an enterprise caliber infrastructure that delivers availability assurance to end-users as well as investors. Visit the Hedge Fund Cloud Forum to learn more about cloud computing in the hedge fund industry.

If I decide to build an in-house IT infrastructure, how long will it take and what steps are involved?

There are many crucial aspects of an IT build-out including technology infrastructure concept development, construction administration, telecommunications and market circuit procurement and systems installation/implementation management. This process can take over six weeks.

To maximize the efficiency of the project, it should first be broken down into carefully planned stages comprised of specific tasks and activities. Each task acts as a stepping stone or foundation on which the next task can begin, and pre-determined milestones should be built in to ensure each task is completed. Checkout this handy IT project plan template for an idea of what you can expect.

What questions should I ask as part of the Request for Proposal (RFP) process when evaluating potential IT providers?

Here at Eze Castle we’ve answered just about every technology question under the sun. Using these experiences we created an extensive list of sample technology RFP questions. The list is long, so as a word of consideration, select the questions that are most applicable to your needs/businesses. We’ve divided the list into two sections, which you can access via the links below:

• Staffing, Client Service and User Support Questions

• DR, Backup & Retention and Data Security Questions

Are there specific questions I should ask a Cloud Computing Provider?

Yes there are. Since your entire IT world will be in the hands of the cloud provider you want to thoroughly vet their company as well as the services and cloud infrastructure they provide. On the Hedge Fund Cloud Forum you can find a list of 26 questions to ask a potential cloud provider.

Also, managed security service provider, eSentire, has developed a checklist of security related questions to ask a cloud provider. You can find that list as well as Eze Castle Integration’s answers here.

What are potential investors going to ask me during an operational due diligence review?

A comprehensive DDQ covers a wide range of topics, from assets under management to audited financial statements and investment strategies. One major area of focus is the fund’s IT and accompanying security policies and procedures. At Eze Castle, we frequently assist our hedge fund clients in completing DDQ questions on technology, and we often see the same types of questions popping up. So, to help you get started, we have compiled a list of some frequently asked DDQ questions and you can download the sample hedge fund DDQ list here.

What are some common mistakes hedge fund managers make when it comes to technology?

We originally published this list of common mistakes in our Guide to Launching a Hedge Fund and they still stand true:

• Looking for the perfect solution

• Insufficient planning for the future

• Failing to understand how much you rely on technology today

• Overestimating your internal capacity to manage technology

• Shortchanging the training options and resources

• Not testing disaster recovery and business continuity plans regularly

There are conflicting opinions as to whether the JOBS Act will actually increase the number of companies seeking IPOs. One point of contention is the newly permitted confidential filing process, which allows new companies to privately submit draft registration statements to the SEC. Arguments focus on whether the confidential filing process will, in fact, result in a lack of transparency for investors when advising clients.

Although the JOBS Act was signed into law in April, some tenants of the bill have yet to go into effect, including the lift of the solicitation ban that prohibits hedge funds from advertising to potential individual investors. The ban was intended to be lifted in August, but the rule was not finalized because the SEC missed the July 4 deadline, in part due to former SEC Chairwoman Mary Schapiro’s departure and alleged opposition to lifting the ban. While there is no clear date set for when the JOBS Act will take full effect, there is discussion that more investor protections need to be added.

SEC’s Asset Management Unit Directives
In 2013, hedge funds can also expect continued vigilance by the SEC through several initiatives imposed by the Asset Management Unit (AMU) of its Division of Enforcement. The AMU is tasked specifically with preventing fraud in the hedge fund industry. The hedge fund managers and private equity analysts who comprise this unit help provide a more transparent overview of the inner workings of these firms, and aid in developing policies, investigations, exams and trainings. Although in the past, hedge funds and private equity firms were lightly regulated by the SEC, in 2013 managers can expect to see a much stronger SEC presence and a higher level of regulation within their firms. Additionally, expect a higher level of in-person investigations focused on specific workings of the firm. The AMU’s new focus will center on investor/client relationships and aim to prevent hedge fund managers from giving out any recommendations to potential clients that are not well intentioned.

The Dodd-Frank Act
In 2013, hedge fund managers can expect to see the SEC advance with the rulemaking required by the Dodd-Frank Act. Although the Dodd-Frank Act has been passed for some time, there are aspects of this legislation that will be taking effect this year. For instance, there will be a much higher level of onsite risk-based presence exams, during which SEC staff will investigate high risk areas of the fund. The SEC’s continued emphasis on hedge fund regulations requires that a high level of detail and focus is placed on risk and compliance initiatives within these firms.

Some of the Dodd-Frank updates that will be occurring this year include finalizing the Volcker Rule, which bans proprietary trading by banks (expected in early 2013) as well as the development of a new regulation that will allow for greater supervision of foreign banks’ US operations. The rule will require foreign banks with substantial US operations to uphold stronger capital and liquidity positions in the US as well as create an intermediary holding company over its US subsidiaries. In 2013, the Consumer Financial Protection Bureau (CFPB) will also examine crucial issues surrounding fair lending. Reports indicate that the CFPB is developing new rules in order to reinforce regulation surrounding fair lending practices. These rules are connected to the Truth in Lending Act, Equal Credit Opportunity Act and Home Mortgage Disclosure Act.

For more information, be sure to check out our collection of complimentary resources on helping your firm navigate the complex regulatory environment, or contact an Eze Castle Integration representative.

Application Providers: Here's what the Eze App Cloud has for you.

Combine your proven software with our premier cloud infrastructure to give clients a complete, cost-effective package that speeds time to value. A few benefits of using our Eze App Cloud are:

• Meet the market’s growing preference for cloud

• Use our Private Network which serves as the communications gateway to more than 400 buy-side firms and offers direct connectivity to key trading counterparties

• Breakdown international deployment barriers – the Eze Private Cloud spans three continents

Client (i.e. the VIPs) Benefits

• Gain cost-effective access to an enterprise-grade infrastructure that is highly available and professionally managed and monitored

• Focus on business priorities and core competencies rather than application and IT management

• Transfer technology costs from capital expenditures to operating expenses, and eliminate the need to purchase, maintain and refresh equipment

Watch & Learn: Eze Private Cloud Overview

We asked our Business Continuity Planning experts to give 10 tips on keeping your firm up and operational during flu season. Watch and learn or download our handy 10 Tips Article.

You can also download our Preparing Your Firm for Flu Season article, which outlines tips for keeping your hedge fund up and running during Flu season and advice on pandemic planning.

Our BCP experts are also always available to assist with planning.

What can you expect from an SEC/FINRA exam?

Questions in the post-Sandy exam request information on a range of topics covering both disaster recovery systems and business continuity procedures. Be sure your firm is able to respond to the items and provide supporting documentation where appropriate in order to successfully complete a potential post-Sandy sweep:

• Provide documentation of the firm’s business continuity plans, including procedures for responding to an emergency or disaster.

• Identify the individuals within the organization (names and titles) who are responsible for initiating the emergency procedures outlined in the BCP.

• Provide documented results of the most recent assessment/testing of the firm’s BCP. Include details on how often the plan is tested, when the tests occur, what specific steps are taken as part of the tests, any weaknesses identified during the tests, and changes that were made to the BCP as a result of these discoveries.

• Provide evidence of any weaknesses that were uncovered through implementation of the firm’s BCP during Hurricane Sandy. Indicate whether the firm expects to modify the existing BCP as a result of the hurricane or any issues it may have revealed.

• Provide copies of communications with employees regarding the firm’s operations during the time when the BCP procedures were in effect.

• Provide copies of communications with external third parties (i.e. clients, banks, etc.) during the time when the BCP procedures were in effect.

• Provide service agreements or other documentation demonstrating the firm’s use of a disaster recovery or backup site during the October 28, 2012 – present timeframe. Include details on the periods of time the site was used, reason for use and whether, at any time, the firm was fully relying on the disaster recovery site.

• Provide evidence of the most recent test (with results) of the disaster recovery site.

Investment firms with comprehensive business continuity and disaster recovery plans in place that engage in regular, proactive testing exercises (which we highly recommend!) should have little to no difficulty responding to these requests.

To learn more about best practices for DR & BCP, be sure to check out the vast collection of free resources in our Knowledge Center, or contact an experienced Eze Castle Integration expert.

Download the complete case study to learn more!

To learn more about disaster recovery and business continuity planning, check out these resources:

• Guidebook: Establishing Disaster Recovery & Business Continuity Plans
• Webcast: Disaster Preparedness - Is Your Investment Firm Ready?
• Article: Do You Know the Lingo? Key DR Terms Defined

Jason Nolan, Product Manager: Perform comprehensive evaluations before selecting a cloud service provider.

Last year at this time, we were encouraging our clients to learn more about the cloud and consider moving to a cloud-based IT infrastructure to take advantage of cost benefits and increased operational efficiencies. Today, the hedge fund industry has a much deeper understanding of this technology and is ready to take the cloud discussion to a deeper level. Our big push for 2013 is to encourage investment firms to thoroughly vet potential cloud providers on a number of key areas including backup and retention procedures, security and monitoring practices in place at data centers, Service Level Agreements (SLAs), SSAE 16 certifications and more. Also, be sure to gain an understanding of the service provider’s internal policies as they relate to data access and security procedures.

Lisa Smith, Business Continuity & Data Privacy Manager: Review and enhance your BCP and communicate it well.

If there is one thing we learned from Hurricane Sandy, it’s that, for alternative investment firms, having a comprehensive and robust business continuity plan in place is crucial to achieving success. Of course, this is not new information, and most firms already have plans in place to protect their businesses from these types of events. However, simply having a plan in place is not enough. We encourage our clients to review and discuss their BCPs on an ongoing, regular basis to ensure they continue to evolve as business needs, key personnel and other factors change over time. In addition, it’s important to effectively communicate these plans to all employees within the organization, as well as any pertinent third parties (clients, vendors, investors, etc.), so that everyone understands what to do in the event of a disaster or outage. Keep in mind communicating the details of your company’s BCP can be done through training sessions, information sessions and testing. These are the most effective ways to ensure your employees know what to do during a disaster.

Bob Guilbert, Managing Director: Don’t overlook the importance of security.

In 2013, security will be one of the most discussed topics in the world of hedge fund technology. While we’ve been preaching strong security practices for quite some time, this year will bring a host of new challenges in this arena, especially in the areas of mobility, cyber-attacks and internal breaches. Firms should develop a strategy to combat these security threats, including implementing best practices such as enforcing strong passwords and multi-factor authentication, keeping patches up-to-date for Microsoft, Adobe and the like, restricting executable downloads and creating a mobile computing policy that addresses both company-issued devices and BYOD management.

Marc Gold, Director of New York Client Service: Be prepared for an operational due diligence questionnaire.

It’s no surprise that the hedge fund industry has become increasingly competitive. Investors’ expectations are on the rise, and they’re looking for funds that display the highest levels in operational excellence. At the same time, new regulations are aimed at increasing transparency. As a result, operational due diligence has become a hot topic amongst alternative investment firms. Now, more than ever, it’s critical to ensure your firm meets these high standards by preparing for – or completing in advance – a due diligence questionnaire (DDQ). Operational DDQs cover a wide range of topics, including the fund’s IT infrastructure and the accompanying security procedures. At Eze Castle, our client service team regularly assists funds in completing DDQs. Be sure to download our sample DDQ for hedge funds to help you get started.

Photo credit: gotgame.com

Cloud Adoption Survey Results Revealed: Part 1

This year, we undertook a research study surveying 130 hedge funds and alternative investment firms in regards to their adoption of cloud technology. The results revealed that more than eight out of ten investment firms are either currently using or planning to use cloud computing services in the near future. This shift towards the cloud signifies a major trend in the financial services space as firms look to move away from costly on-premise technology infrastructures. You can download the complete survey report here.

Hedge Fund Cybersecurity: Preparing Your Firm For an Intrusion

In 2012, we announced a strategic partnership with eSentire, a leader in managed security services for hedge funds. The partnership comes at a time when firms are on high alert regarding security concerns and are shoring up their businesses to mitigate future threats. In a live webinar, eSentire’s CTO reviewed internal and external security threats to hedge funds and strategies for thwarting such attacks.

Operational Due Diligence: Common DDQ Questions

As competition for investors continues to increase, firms are looking for ways to stay ahead of the crowd. The investor due diligence process has become much more thorough as investors have become savvier about operations and technology matters. Here is a list of common due diligence questions your firm may be asked as part of the DDQ process.

Examining the Changing Role of the Hedge Fund CTO

One of the panels at our first annual Hedge Fund Cloud Summit this year took a look at how the role of the head of technology at an investment firm is changing, particularly with increasing regulatory demands and reporting requirements from investors. Find out more about the new responsibilities hedge fund CTOs are undertaking and where the future of the role is headed.

Why Outsource? The Advantages of Using a Third-Party Help Desk

Earlier in 2012, Eze Castle was awarded with the prestigious Help Desk Institute (HDI) Team Excellence Award. Go, Eze! The win was great validation for our 24x7x365 outsourced help desk, which works with our clients day in and day out to resolve their issues and meet their immediate technology needs. This article takes you through some of the key advantages of using a help desk service like ours.

Take a Tour of Eze Castle's Data Centers (New Video!)

One of our favorite videos of the year was an inside look at our colocation facilities. Take a tour with this short video to see where our data centers are located worldwide and how our technology team works to keep your data and infrastructure safe and sound.

Hedge Fund Tech Compliance: Archiving, Security & Mobile Device Management

Our most popular webinar of the year focused on hedge fund compliance directives and covered everything from Form PF to message archiving and mobile device management. The regulatory requirements for hedge funds continue to mount, so read on to find out which directives your firm needs to comply with.

What Hedge Funds Can Learn from Hurricane Sandy

One of the most significant and devastating events of 2012 was Hurricane Sandy. The superstorm affected countless businesses and residences up and down the East Coast. Many of our clients were directly affected, and hence, we learned a lot through the course of the storm and in the aftermath. Disaster recovery and business continuity planning are essential to all firms, and Hurricane Sandy was another reason why firms should work diligently to prepare for unexpected events like these in the future.

From all of us here at Eze Castle Integration, we wish you a Happy New Year and look forward to seeing you in 2013!

Click here to view our 2012 Holiday e-Card!