1. Establish an Incident Response Team.

Choose a select group of individuals to comprise your Incident Response Team (IRT). Assign each member a predefined role and set of responsibilities, which may in some cases, take precedence over normal duties. The IRT can be comprised of a variety of departments including Information Technology, Compliance and Human Resources.

2. Identify the type and extent of incident.

Before your IRT can alleviate any incidents, it must clearly assess the damage to determine the appropriate response. For example, if the incident is a computer virus that can be quickly and efficiently detected and removed (and no internal or external parties will be affected), the proper response may be to document the incident and keep it on file. This task could effectively be handled by the IT department.

If however, an incident occurs that affects multiple clients/investors/etc., the incident should be escalated to the IRT.

3. Escalate incidents as necessary.

Certain departments may be notified of select incidents, including the IT team and/or the client service team. These parties should use their discretion in escalating incidents to the IRT. Any event suspected as a result of sabotage or a targeted attack should be immediately escalated.

4. Notify affected parties and outside organizations.

One member of the IRT should be responsible for managing communication to affected parties. Depending on the severity of the incident, the IRT member will act as the liaison between the organization and law enforcement.

5. Gather evidence.

When appropriate and necessary, the IRT is responsible for identifying and gathering both physical and electronic evidence as part of the investigation.

6. Mitigate risk and exposure.

A technical member of the IRT should be responsible for monitoring the situation and ensuring any effects or damage created as a result of the incident are appropriately repaired and measures are taken to minimize future occurrences. The IRT will also need to define any necessary penalties as a result of the incident.

Here are a few more resources on hedge fund security you may find helpful:

• Best Practices for Managing Security Risks

• Sneak Peek: Hedge Fund Manager’s Guide to IT Security

• The Biggest Security Threat to Your Firm Might Be Sitting Next to You

Source: 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute & Symantec

Photo Credit: Flickr

Rather than looking at your IT budget first, start with your employees.
How is your staff using technology to perform their jobs? Are there changes that could be made to help them become more efficient? If you have employees who travel frequently or telecommute, consider how they’re accessing critical systems and applications. If many members of your staff are working remotely or using smartphones, tablets or laptops on a regular basis, what changes can be made to make their experiences more seamless?

Think like a CMO.
A recent Gartner study found that CIOs are highly focused on efficiency and processes, while chief marketing officers (CMOs) are more concentrated on delivering strategic value and developing long-term relationships. Try examining your firm’s needs from the marketer’s perspective. How are your clients using technology to interact with the firm? What information are they seeking when doing so? Could these experiences be enhanced in any way to foster a stronger relationship? Also, consider speaking directly with your Sales and Marketing personnel to gain a better understanding of how they're seeing clients interface with the company and where IT can get involved to ensure smoother interactions.

Take a close look at new tools and trends.
For many investment firms, cloud-based infrastructures are proving highly beneficial, especially in helping to increase operational efficiency without major capital outlays. Another new trend to keep a close eye on is BYOD (Bring Your Own Device). Enabling employees to utilize their personal mobile devices and tablets for business purposes can result in cost savings and greater computing flexibility for the organization.

Consider outsourcing options.
You IT staff is likely over-worked, and increasing headcount is an expensive solution. To supplement your existing team, it may make sense to outsource some aspects of the IT and operational aspects of the firm. Outsourcing options abound, so you can offload as little or as much are you’re comfortable with. Hosted IT services are a major area where we’re seeing firms outsource, but there are many others as well, including:

• Help desk support
• Staffing
• Application hosting
• Colocation
• FIX connectivity
• Disaster recovery
• Project management

For more information, be sure to check out our article on “Examining the Changing Role of the CTO,” or contact an Eze Castle Integration representative.

Plan your infrastructure only for the short-term.

A crucial mistake often made by funds is not planning for the future. Even at launch, you should be thinking about what your firm will look like and what technology you will require down the road. Planning out two to three years in advance is recommended in order to reap the most benefits when it comes to your infrastructure. Plus, if you don’t plan ahead, you may wind up incurring more costs if technology decisions need to be made unexpectedly.

Ignore the importance of a business continuity plan.

It has become commonplace for hedge funds to employ disaster recovery strategies to protect mission-critical data and applications (due to a number of reasons including investor expectations, new regulations and the effect of unexpected natural disasters, e.g. Hurricane Sandy). But firms often overlook the equally important business continuity plan, which provides guidelines for what employees need to do in the event of a disaster. Yes, focusing on your infrastructure is essential to keeping your business afloat, but that business also cannot survive without its employees. Don’t forget to test that BCP plan once you’ve developed it – a good plan will only work if people know how to follow it.

Skimp on security.

This one is a no-brainer, right? There are times when firms think it’s okay to cut back on security, or they easily dismiss the idea that a firm could ever become the victim of a cyber-attack. Hackers have become more advanced over the past few years, and financial services firms are at the top of their list for targets. It’s worth investing in premium network security to ensure your firm does not become a victim, whether it’s at the hands of a professional hacker or a simple computer virus.

Fail to comply with industry regulations.

Regardless of whose jurisdiction your firm falls under, it’s essential you take the appropriate steps to ensure you’re meeting all necessary regulatory directives. Whether its system safeguards enacted through the Dodd-Frank Act or increased transparency requirements as a result of AIFMD, you can bet there’s some type of legislative requirement your firm is responsible for meeting. Can regulatory bodies like the SEC keep tabs on all hedge fund firms? Maybe not. But if the day comes when you receive an audit notice, you don’t want to be the firm who’s noncompliant.

Be opposed to change.

Just like the investment industry, technology is constantly evolving. Just a few years ago, firms were building out large Comm. Rooms to store massive servers and other equipment. That practice is fading today as firms rely on the cloud to meet their technology needs without unnecessary hardware purchases. Remember that just because you’ve always done something one way, it doesn’t mean it’s the only way. Learn to adapt with the changing industry and be open to trying new things. Who would have guessed just a few short years ago that we’d all be plugging into the cloud to do our day-to-day tasks?

Photo credit: Flickr

While some of the current proposals will undoubtedly be amended over the course of this lengthy process, let’s look at some of the practical steps companies should be considering now.

Move towards compliance

One of the main recommendations of the proposed regulation would ensure that companies have only one regulatory authority that supervises their activities across all EU member states. Businesses with multiple offices across several European countries should therefore consider which regulatory authority would be its supervisor.

Right to be forgotten

The new directive will enforce a right to be forgotten, which will allow people to request firms to delete their data permanently. Companies faced with a request for deletion of data will have the responsibility to pass that request on to companies that have copies of that data.

This rule will certainly affect Internet platforms, which tend to never forget. For example, even if data is taken down from a social networking site, such as Facebook or Twitter, it is not completely gone and will remain within the Internet cache.

Don't delay, get ready

Given the timeframe, many firms may feel they have plenty of time to get ready for the new data protection framework in Europe, but that is not the case. The clock is ticking.

While there may be a lot of work that still needs to be done before the proposals are finalised, firms should not wait to start preparations. It is important that firms get their privacy policies, procedures and documentation in order and keep them up to date.

Best Practices to Start Employing Now

• Appoint a data protection officer to act as the focal point for all data protection activities.

• Take a closer look at your privacy policies. In some cases, they will likely need to be re-written (new guidance states they must be written in plain English).

• Refresh your information asset register so it clearly identifies what data is held, where, how and why.

• Write and employ processes and procedures to handle data subject and data deletion requests.

• Review your technical and procedural controls around your data. A serious breach could cost your firm up to 2% of its global turnover.

But what is SSD?

SSD is a storage device that stores persistent data on solid-state flash memory, using integrated circuit assemblies as memory. SSD has no moving parts, which is one of many distinctions between SSD and traditional hard drives that have spinning disks.

SSD offers huge performance gains over other commonly used storage drives including SAS (serial attached SCSI) drives. For perspective, the typical enterprise spinning disk is a 15K SAS drive, which offers approximately 200 IOPS. Mainstream enterprise SSD on the other hand can offer 10,000-100,000 IOPS.

Why should I care?

Investment management firms are presented with an increasing amount of data, much of which holds the potential to uncover new investment opportunities. For some strategies (think high frequency trading and algo), the speed at which the data is processed is linked to the size of competitive gain.

This is where SSD comes in. The huge performance gains delivered by SSD have the ability to speed up large database applications and online transaction processing, which can be hugely impactful. Big-data analytics is another example of where SSD is appropriately suited.

Compliments of Wikipedia, here are some other advantages SSD provides:

Is SSD Panacea?

SSD delivers numerous performance advances as outlined above, however, there is a price (literally) associated with these gains. The typical enterprise spinning disk is a 15K SAS drive, which costs about $0.50 per gig and offers approximately 200 IOPS each. Enterprise SSDs vary in cost and performance, but $3.00-5.00 per gig, and 10,000-100,000 IOPS covers most of the mainstream drives.

As the price comes down, you can expect to see SSD more widely deployed.

Source: Jon Jacobi. (May 13, 2013). The proper care and feeding for SSD storage. PC World

Industry Update: What’s Going On?

Increasing demands from hedge funds’ current and target investors are driving a variety of trends. Due diligence requirements are more advanced, as investors expect to see candid looks into a fund’s systems, disaster recovery capabilities and more. The increasing complexity of investments is also driving the need for more complex systems to handle these instruments.

Firms are starting smaller in today’s environment, with many starting with under $100mm in assets under management. Startup funds are looking for technology solutions to complement their size and give them the tools to efficiently run their businesses.

The Key Driver for Application Solutions? Managing Risk.

When it comes to implementing applications, there are many considerations to think about, some of which include addressing investor due diligence concerns, addressing regulatory requirements, and supporting client service demands. The most importance goal for many firms, however, is mitigating risk. There are three types of risk to manage:

1. Operational. A firm without a system already in place has most likely used Excel. It is important to transfer spreadsheets into an application because these systems are made to support the direct investment decision process, and therefore all data must be correct.

2. Counterparty. Firms need to be able to connect with a multitude of third parties, including fund administrators and prime brokers. Clients now want to be more operative, and therefore use multi-prime environments in which counter-parties have different specializations utilized by the firm. Many more firms now foster these counter-party relationships, and therefore need a system to bring everything together into one holistic setting.

3. Investment. Investment decision makers want to see accurate information. A research management system, for example, would allow a firm to track and save their investment research and choices for a possible audit.

Deploying Your Application: Top Considerations

When deploying an application, a firm must consider not only the up-front, short-term costs of supporting the application, but also the long-term costs. The firm must be sure that the overhead expense of the application is not too much of a burden on the business.

An application that is being deployed must be scalable. A firm may want to start with an application on a smaller scale, whose base can grow as the company does. The firm should be sure that the application being used will not force an arrangement that will limit its ability to scale up in the future.

Infrastructure Options: On-premise vs. Cloud

Deciding where to host your application is a major consideration. Many firms today are opting to host their apps in the cloud, an option that provides for more flexibility and cost-effectiveness. Beyond the on-premise vs. cloud debate is the decision about whether to utilize a public or private cloud.

Security continues to be the biggest concern in regards to the public cloud. Investors want to make sure that their data is as secure as possible because it is a fundamental part of the fund’s core. Access into private clouds is much more controlled, and there are fewer questions about the encryption of data at rest and the ability to access that data. A public cloud provider will make sure that its physical infrastructure is up and running, but will not necessarily be concerned about whether or not their clients’ applications are functional. Therefore, working with a smaller, niche provider may be better for many firms.

The Right Time to Implement an Application

Many more start-up funds are now bringing applications in on day one because they do not want to deal with the conversion and transfer of the data at a later date, and the cost is much more affordable from the get-go. However the firm philosophy also plays a part in the timing of an application’s implementation particularly depending on whether the firm is relying on outsourced application services or hosting their applications in-house. Budget may also play a large role here.

Application Provider Must-Haves

1. People. The application and/or hosting provider must have a structure that allows for them to be available when needed (whether through a help desk, etc.), and must be able to comfortably adapt to changes in its clients’ businesses.

2. Scalability. The provider must be able to be there for the long run, providing a system that handles the company’s growth without having to reinstall a new system and convert the data.

3. Strong Ecosystem Support. Firms can turn to the experts and create trusted partnerships with counterparties and consultants who have worked with similar client types (which will allow for them to understand the products being provided).

4. Ease of Use. This is not as important as the above three because most systems have the same functionality. A firm must survey the big picture when it comes to choosing a provider.

When it comes to evaluating which application vendor is right for your business, here are five key questions to ask:

• Does your software work in hosted environment?
• How is the application deployed? (e.g. via the Internet, Citrix, etc.)
• Are there any limitations?
• Do you have recommended hosting partners?
• Will there be any changes to my Service Level Agreement?

If you would like to speak to an Eze Castle representative about application hosting at your firm, please contact us today!

Service Provider Reports: Balancing Bias with Value

First up are free reports from hedge fund service providers such as Eze Castle Integration. Each year we publish a benchmark study that outlines top applications used in select front, middle and back office categories by hedge funds. This report will provide a baseline of the top three application vendors used in each category, but doesn’t dive into specific feature sets. The report can be downloaded HERE.

Vendor reports can be helpful in getting an initial understanding of the most frequently used applications and top features used by firms. You should always consider the source, as some vendor reports or whitepapers will be biased.

Industry Analyst Reports: Balancing Cost with Real Life

Next up are analyst groups, such as Aite Group, Celent and CEB TowerGroup, who regularly publish reports looking at hedge fund applications. Aite Group, for example, published a report titled “Buy-Side OMS Market Update 2013: Calm Before the Storm?” in March 2013. These reports can provide insight into the top application players in each market. It should be noted that some reports must be purchased, and free ones may be slightly biased if they are funded by an application vendor.

Here is a handy list of where to find reports published by these firms:

• Aite Group: HERE

• CEB TowerGroup: HERE

• Celent: HERE

• IDC Financial Insights: HERE

• Tabb Group: HERE

Phone a Friend

Finally, talking to hedge fund peers is extremely valuable in understanding the strengths and weaknesses of various applications. In addition to calling the references provided by the vendors (who you can assume are happy), try and find a few other users to speak with. Here are some questions to ask:

• How long have you been using the application?
• Did you receive any incentive for being a customer reference?
• Why did you select this application?
• Has the application met your expectations?
• What are the most important features to your firm?
• Did your firm customize the application? If so, what was that process like?
• What features do you wish they would add to the application? Areas for improvement?
• How responsive is customer support?
• Is there anything you would have done differently as part of the selection or implementation process?

Happy App Searching!

P.S. Here is another link to our 2012 Hedge Fund Technology Benchmark Study.

Human Resources

• Essential components of a human resources infrastructure
• Front and back office staffing requirements
• Employee benefits typically provided by hedge funds

Compensation

• Typical compensation structures for front, middle and back office
• Compensation trends in financial services
• ‘Hot’ functions in terms of recruiting and compensation

Insurance

• The types of insurance needed for a business, including professional liability, employment practices liability, and property & casualty
• The right time to investigate insurance options for your hedge fund
• The effect of the Affordable Care Act/Healthcare Reform on hedge fund insurance decision-making

Real Estate

• The real estate options available to new startup funds, including hedge fund hotels, commercial space and subleases
• The state of real estate in New York City
• Considerations for evaluating office space

Be sure to come back to the Hedge IT on Thursday for a recap of our Hedge Fund Launch 2.0 event! In the meantime, download our brand new Manager’s Guide to Establishing a Hedge Fund.

• First and foremost, they allow data collection for intelligence and computer network attack purposes.

• Second, they can be employed to constrain an adversary’s actions or slow response time by targeting network-based logistics, communications, and commercial activities.

• Third, they can serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict.

In other cyber security news, the UK is setting up a new £7.5 million government fund as part of the National Cyber-Security Strategy to create two research centers to combat the increasing threat of cyber-attacks.

And finally, this week Japan and the US held the first bilateral comprehensive dialogue on cyber security with the goal of establishing international rule and discussing countermeasures to cyber-attacks.

Here is a snapshot to recap this week in Cyber Security.

Be sure to check out these helpful security articles:

• Best Practices for Managing Security Risks (Webinar Recap)

• Hackers are Watching: New security threats facing investment firms

• Sneak Peak: Hedge Fund Manager's Guide to IT Security

The Questions

• Provide an overview of your IT and telecom infrastructure. Please specify whether this solution is hosted onsite, outsourced to a cloud/hosting provider or whether you use a variety of approaches.

• Where are your primary, secondary, business continuity and disaster recovery data centers located and what technology is located in each?

• Who is responsible for IT support? Describe the service they provide.

• Please list any outsourced technology service providers. Please give an overview of the providers and their credentials, as well as background of the relationship.

• Describe your physical and application security protocols to protect building, office, hardware, and data accessibility.

• Detail user login and password requirements for staff accessing systems while in the office as well as remotely.

• Describe your process for application/system change management, including:
  • Who is responsible for authorizing changes,
  • Who has access to the development and production environments, and
  • The process to release code/changes into the production environment.

• Describe the organization’s Business Continuity and Disaster Recovery philosophy and provisions, including any relationships with third-party providers.

• Describe your provisions for data back-up, including the frequencies and methods of the back-up. How would data be restored in the event of a loss, and how long would this take? How would you operate in the meantime?

• What would happen in the event that a key decision maker became incapacitated, for example the chief investment officer or portfolio management staff?

• How often is the BCP/DR plan tested? What was the last test date and describe the results.

In addition to downloading our complete IT DDQ list, you can also check out these articles:

• What are Investors Thinking...When it Comes to Hedge Fund IT?

• I’m Launching a Hedge Fund. What Tech Questions Do I Ask?

• Taking the Cloud Security Exam (aka Hedge Fund Checklist)

Social Media Trends

In recent years, social media usage has expanded rapidly in the business sector. Of the various social media offerings currently available, Twitter, Facebook and LinkedIn tend to be the most widely utilized within business settings. Reasons for connecting through various social networking websites range from a desire to keep in touch with friends and family to researching products and services and keeping up with news. Social networking comprises a huge portion of the time spent online, with 25% of all time on the Internet spent on these websites. Furthermore, not only do social media users access these platforms via their computers, but 40% also visit social media sites via mobile devices. Additionally, social media applications are now the third most utilized by smartphone owners, an essential statistic for companies to keep in mind when crafting their social media policies.

Social Media and the Investment Industry

In the past, the investment industry largely avoided social media. However, more recently, many firms have begun to embrace the various social media platforms. Earlier this year, the SEC released a guidance update on social media usage, as well as a statement indicating that social media platforms are acceptable vehicles for investment firms to use for communications with the public. Leading this move towards social media is Goldman Sachs, who created a Twitter page in 2012 which now has 44,000 followers. Today, up to 50% of financial advisors now use social media to communicate with clients and other stakeholders. However, the rules and regulations regarding social media usage by investment firms continue to be highly complex, causing some hedge funds to continue steering clear of these sites.

Currently, only 1% of hedge funds are actively taking advantage of Twitter’s offerings. Despite this, firms' employees are increasingly using social media platforms on their own, which is why it's becoming more and more important for firms to develop a social media usage policy to govern these online communciations.

Here at Eze Castle, we're seeing hedge funds handling the changing regulatory landscape regarding social media in the following ways:

1. A small percentage of firms take the approach of completely blocking all social media use by employees.
2. Some firms take the approach of blocking just the communications side of social media sites in the workplace.
3. A large number of firms do not limit social media usage at all.

How do regulators view social media?

In the eyes of regulators, social media is viewed in the same regard as other forms of electronic communication. The SEC has deemed social media a suitable platform for distributing public information, as long as the public is directed where to look for it. Specifically, social media falls under the existing “media-neutral” requirements, including the following:

• Record Keeping. Firms must be able to capture and preserve all electronic business records.

• Supervision. Firms must supervise and enforce supervisory policies.

• Audit Readiness. Firms must consider their preparation for an audit when producing data for auditors.

• Social Media Specific. Before engaging with social media, firms must be certain that they have the technology required to record and retain their communications.

However, there are also some key differences to be aware of when it comes to social media communications. These include:

• Static Content. Static content is content that remains posted until changed by the firm or individual, and is accessible to all website visitors. This type of content -- including initial tweets, Facebook wall posts and LinkedIn network updates -- necessitates principal pre-approval.

• Interactive Content. Interactive content is considered real-time communication and requires supervision after the fact, on a risk basis. This type of content ranges from emails, IMs and Facebook wall comments to LinkedIn network comments and retweets.

• Linking to Third-Party Content. When linking to third-party content, firms are responsible for the content of linked sites and what reps endorse. It is vital to be aware of the fact that “linking” or endorsing can trigger entanglement principles. Examples of this include Facebook “likes,” Twitter “retweets” and LinkedIn “recommendations.”

Personal vs. Corporate Information

Even as some investment firms are still steering clear of social media, there is an increasingly indistinct boundary between the personal and professional realms of social media usage, especially with the rise of LinkedIn. Social media platforms such as LinkedIn also pose further challenges to firms because, unlike email, employees own and control most social media accounts. One way to handle this challenge is to require employees to opt in for social media archiving. To protect employee privacy, firms must ensure that employee passwords will not be shared. Also, firms must ensure that their social media compliance solution covers content originating from mobile devices, home computers and public computers.

Best Practices for Creating a Social Media Policy

When crafting a social media policy, investment firms should use the following three questions to frame their approach:

1. Is it appropriate or necessary for employees to visit social media sites such as Facebook, LinkedIn or Twitter during the work day?
2. Are employees considered to be representatives of the company in their online interactions?
3. Is it the firm’s responsibility to limit or control what employees are able to access on the Internet while at work?

There are also a variety of other considerations that go into drafting a successful social media policy. These include:

• Representation. Employees must not represent their opinions published through social media channels as those of the company. If an employee has chosen to document his or her relationship with the firm, he or she must take care to guarantee all online actions and opinions reflect those of the firm.

• Defamation. Employees must not defame or post any type of abusive content online, under any circumstances. The firm policy should clarify that any such actions will result in disciplinary action for the offending employee.

• Responsibility. Employees must exercise strong judgment whenever using the Internet, and should expect to be responsible for any liabilities that arise from their online interactions.

• Time. Employees should be sure that their social media interactions do not become so time consuming that their work performance is negatively impacted.

• Record Keeping. If employees choose to communicate through social networking sites, firms should implement social media archiving technology such as the solutions provided by Global Relay to ensure compliance.

• Regulations. A company’s social media policy should reflect the current regulatory requirements.

For more information on social media compliance for investment firms, contact an Eze Castle Integration representative. In the meantime, check out the full replay from our webinar, “Going Social: What Investment Firms Need to Know about Social Media Compliance” featuring Global Relay.

Our Favorite Topics

The A-List Speakers

The Best (and most fun!) Networking Opportunities

On Wednesday, May 8 and Thursday, May 9, Eze Castle Integration is teaming up with Eze Software Group to host a Cabana Party at the Bellagio Pool! Stop by to meet our team members, talk tech, have a cocktail and enjoy the beautiful Las Vegas weather!

Here are a few other SALT-sponsored events we'd highly recommend checking out:

• Fiesta Latina: A Poolside Party of Food, Drink & Entertainment (Wednesday, 8:00pm, Bellagio Pool)
• Starry Night: A Night of Cocktails & Entertainment Featuring Grammy Award-Winning Band TRAIN (Thursday, 8:30pm Bellagio Ballroom)

For more information on next week’s SALT Conference, visit http://www.saltconference.com/. If you’re planning to attend this event, be sure to let us know, and stop by the Eze Cabana Party!

For more information, or to speak with a liquidity management expert, contact an Eze Castle Integration representative, or visit the Ledgex Systems website.

Image credits: Google, Sungard

Business Continuity Planning

Although many companies recognize the importance of crafting an effective business continuity plan, few actually feel that they have prepared one adequately. According to Continuity Compliance, while 70% of businesses have created a robust business continuity and emergency response plan, only 25% have also accounted for human resiliency. Furthermore, a recent survey commissioned by the Ad Council found that only 17% of the 60% of Americans that feel preparation for natural or manmade disasters is essential consider themselves to be very prepared for an emergency situation.

Business Impact Analysis

There are several areas companies should cover when developing a business continuity plan. The first step for putting together your plan is developing the Business Impact Analysis. This is the foundation of the business continuity plan and determines what the firm needs to focus on protecting. An essential component of the firm that needs to be protected is its employees. When looking at employees, consider:

• How they are going to recover;

• Where they are going to go; and

• What resources they will need (applications, data, and what resources they can access at home).

Strategies

The second step is to analyze the strategies used by the company and its employees in order to identify the company’s risks and exposures. The plan must examine potential scenarios and decide the most effective way to react to them.

Communications

The third step is to identify the most effective way to provide information about particular scenarios to employees, internally and externally.

Employee Resources

In order to efficiently deal with a potential emergency incident, specific steps must be taken in order to ensure the safety of each employee. These include:

• Ensuring employee specific documentation: Information contained in the business continuity plan is contained on Quick Reference Cards, Wallet Cards, or Regional Reference Guides.

• Mapping out employee locations: It is essential to map out where employees are located in regards to the office, in order to recover most effectively during an emergency incident.

• Developing manager guides: Develop manager guides in order to validate employee remote connectivity, redirect incoming calls, and secure contact information in case of an emergency.

Testing

One of the most important aspects of developing a successful business continuity plan is undergoing testing (we recommend at least twice per year). Every aspect of the plan needs to be tested, although it is not necessary for them all to be tested at once. Here are some tips to keep in mind when developing the plan:

• Make the scenario real

• Test it bi-annually

• Ensure participation from all business units

• Test on a slow day

• Test each component of the plan

• Document all issues, resolutions, and results

Preparing Your Employees

• Critical Contacts: Ensure that critical contacts are available outside of the office. These include both critical people and businesses such as members of the household, insurance agents, schools, places of employment for family members, local hotels, and healthcare providers.

• Build your Emergency Kit: Make sure that employees take care to build emergency kits and know where to access them inside and outside of the office. Suggested resources include a first aid kit, photo ID, cash, aspirin or tylenol, blankets, clothes, water, canned food, maps, battery-powered radio, pocket knife, flashlight, matches, and candles.

• Considerations: Employees should take care to prepare for an emergecy if time allows, and consider if they have enough of the above resources to be prepared for an emergency. Preparing in advance will also alleviate stress during the incident. Other items to stock up on include gas for the car and fully charged electronic equipment. Employees may also want to consider investing in a Power Dome, which allows electronics to be charged even if there is a lack of power.

• Recommendations: Employees should make sure that they are aware of where they can receive vital information at the time of an incident. Some of these places include emergency management agencies, local news, local hospitals, emergency radio stations and social media outlets.

To watch the complete replay of our BCP Tips webinar, click here or click the video below.

• VMware Horizon View

• VMware Horizon Mirage

• VMware Horizon Workspace

• VMware Horizon Suite

Here’s a quick video to hear VMware’s strategy straight from the proverbial horse’s mouth:

Wait One Second!

While people are rushing out to purchase the new device, it is important to understand that the new device is quite different from previous versions, and I don’t mean from a look and feel perspective (well, that too.) The BlackBerry 10 operating system uses ActiveSync (think Android, iPhones and Windows Phones), which means that they cannot be managed from an existing Blackberry Enterprise Server (BES).

This has implications for corporate users and IT departments. Chances are your IT department already has a plan in place to support the new device, but it is important to check before purchasing the BlackBerry 10.

How is it Different?

Let’s get semi-technical here. The BlackBerry Z10 devices need to be managed from a BlackBerry Enterprise Service 10 server, which is an upgrade from BES 5. BlackBerry is allowing customers to trade up their existing licenses for the new BES 10 for free (learn how here).

However, this new software cannot be installed on the same server as an existing BES version. Previous BlackBerry devices (software running 7, 6, 5) cannot be managed directly by BES 10, which means that an additional server may be required if there are users with new and old BlackBerry devices.

Now if your firm has already embraced the bring your own device (BYOD) trend and is using Androids/iPhones/Windows phones with a TMG/NetScaler, there is a good chance the BlackBerry 10 devices can be configured to send and receive email easily. To receive added functionality and security (like that of BES 5) a Blackberry Enterprise Service 10 – Enterprise Mobility Management is needed.

What Now?

Check with IT or your trusty service provider (Eze Castle Integration!) to discuss how you can start using the BlackBerry Z10.

The Legal Perspective of Retaining Social Messages

According to the SEC’s Rule 17a-4(b), registered investment advisers and broker-dealers should archive (think Eze Archiving!) all business communications on social media for a minimum of three years. As the frequency of discovery audits continues to rise, firms should ensure these communications are easily searchable and can be recovered quickly in the event of an SEC inquiry.

Additionally, Section 24(b) of the Investment Company Act of 1940 requires investment firms to file all advertisements or other promotional materials to investors within 10 days of their release. A 2010 update to this regulation issued by FINRA declared that interactive content on social media platforms qualifies as advertising, and therefore falls under Section 24(b). The FINRA update also states that social media content falls under the jurisdiction of Rule 482 which requires firms to file registered investment company performance ads and promotional content.

New Guidance from the SEC

Since these FINRA updates were announced in 2010, little advancement has been made in the regulation of social media correspondence by investment organizations – until about two weeks ago.

On March 15^th the SEC issued its first “Guidance Update,” which – according to the Commission’s press release – will be the first in a series of upcoming guidances designed to express its views on emerging technologies and issues. The goal is to “increase transparency and enhance compliance with the federal securities laws and regulations.” And then today, the SEC officially stated that social media is okay for company announcements as long as investors have been alerted about which social media will be used to disseminate such information.

This first SEC Guidance Update addresses the requirement of investment firms to archive content that is posted on real-time social media sites such as Facebook and Twitter. The SEC notes that many firms have been extremely thorough in their compliance efforts, and have been filing nearly all of their social media correspondences (well done, fund managers!) regardless of content or context.

The new Guidance Update indicates that investment companies can now relax this practice somewhat, and need not file ALL social media content. Instead, consider the content, context and presentation of the communications in order to determine whether they are within the jurisdiction of the pertinent SEC rules and regulations. For instance, firms do not need to file social media correspondence that is simply a response to a question or sharing of existing content from another source.

According to the legal experts at Bingham, the following types of online communications are examples of those which do not need to be filed according to the most recent guidance:

• Content which only contains incidental mention of the fund’s name

• Incidental use of the word “performance”

• A factual statement including a hyperlink to a fund prospectus or to information already filed in accordance with SEC regulations

• A factual statement not related to a discussion of the investment merits of a fund which includes a hyperlink to general financial information

• Responses to another social media user’s inquiry in which “discrete factual information” is conveyed, and/or a hyperlink to sales literature is shared

Key Takeaways

This new SEC update is a sign that regulators are aware of the importance of social media communication in today’s business world. By clarifying the types of content that do and do not need to be filed, they’re paving the way for more real-time interaction between investment organizations and their online communities.

As your firm moves forward with incorporating social media into its business strategy, it’s important to develop a written social media usage policy to outline acceptable and unacceptable use of social media for employees. This is a highly recommended best practice for managing effective social media campaigns, especially given the uptick in discovery audits administered by the SEC.

Additionally, firms should utilize social media archiving tools such as Eze Archiving to ensure compliance with SEC regulations. As Twitter and Facebook become mainstream platforms for communication in the financial services industry, you’ll want to ensure your firm is always putting its best foot forward on all interactive social media sites.

To learn more about social media compliance for investment management firms, be sure to check out these helpful articles:

• What's Hot: Social Media Compliance and Archiving for Investment Advisers

• How To Implement A Social Media Policy For Your Firm

• Hedge Fund Tech Compliance: Archiving, Security & Mobile Device Management

• The business case for moving apps to the cloud
• What applications are ideally suited for a cloud environment?
• Evaluating providers and putting SLAs in place

Cloud Security: The last and most talked about topic was cloud security. Security still remains a top concern for firms when evaluating moving into the cloud.

Last year, Eze Castle Integration conducted a survey of 125 financial services firms to learn how hedge funds and investments firms are currently using cloud services, as well as to provide insight into the factors influencing this growing trend and the barriers to adopting the cloud. According to the survey, concerns about security was top followed by concerns about meeting regulatory or compliance requirements.

Find out more about the cloud! Check out the useful resources below:

Cloud Forum - 100% dedicated to the topic of cloud computing for hedge funds and investment firms, the Cloud Forum has a wealth of information available via articles, videos, whitepapers and much more.

Also, be sure to download our 2013 Guide to Cloud Computing in the Hedge Fund Industry. This comprehensive guidebook examines:

• Why Are Firms Going to the Cloud?
• Public and Private Clouds: Why Private?
• What Are the Use Cases for the Cloud?
• Secure Computing in the Cloud
• Checklist Questions to Ask Cloud Providers

The Current Scope of Cyber Threats

In his March 12^th address to congress, Director of National Intelligence James R. Clapper identified cyber attacks as the most immediate threat to global security. Clapper’s remarks emphasize the importance taking measures to prevent cyber attacks today. These intrusions can originate from a variety of sources, including:

• criminal organizations
• nation states
• insiders
• “hacktivist” groups such as Anonymous

It is widely believed that government support is making hacker groups more powerful than ever. Currently, one of the largest threats to cyber-security originates from a China-based group known as Unit 61389 of the People’s Liberation Army. According to a report produced by Mandiant, an information security company, the group is comprised of up to a thousand members, and has been responsible for stealing hundreds of terabytes of data from 141 companies in 20 industries. Groups similar to Unit 61389 have cropped up in other countries as well.

According to the 2012 Verizon Data Breach Investigations Report, an international study of cyber-security violations:

• 70% of cyber attacks target large organizations (over 1,000 employees)
• 50% of intrusions take several months or even years to be recognized by the victim organization
• 75% of the time it takes several days to steal data from larger companies

So, what should you be aware of to help protect your firm from an intrusion? There are a variety of sources from which cyber attacks can originate, including:

• Phishing scams: In these scenarios, a member of the organization receives a socially engineered email attempting to steal information. Upon opening the email, the employee allows the malware to infiltrate the network.

• USB media devices: This is a very common source of attack that has been widely improved over the years. In this case, an infected USB drive is dropped or left unattended in a public space, intending to be picked by a well-meaning employee who will plug it into his or her computer to see who the device belongs to. Once plugged in, the device emits malware into the network.

• Universal Plug & Play (UPnP): UPnP allows computers and other network-enabled devices to efficiently communicate with one another. Recently, however, these devices have come under harsh criticism due to a variety of security weaknesses such as programming flaws and a lack of required authentication, making the devices easy targets for viral attacks.

• Malware via Drive-by Download: Drive-by downloads occur when a person downloads an infection, either knowingly or without understanding the consequences. The infection typically takes the form of a computer virus, spyware, malware or crimeware.

The Future of Cyber Security

Increasingly, security threats threatening the investment management industry are low volume, high value (aka targeted) in nature. In these cases, the attacker possesses a great deal of knowledge regarding the value of the victimized company’s assets, and wants to steal this information for his or her own benefit. These attackers will employ intricate plots to gain access to the information. The problem with typical security protection programs such as anti-virus software and firewalls is that they are not preventative, and can only identify threats that have already occurred.The industry has been shifting from the use of managed security service provider (MSSP) to continuous monitoring as a service (CMaaS). The primary components of CMaaS are:

• Sensor on the Network: Network sensors gather data.

• Risk-Status Displays: Data is gathered from the sensors and used to develop reports.

• Security Consulting: Security experts analyze the reports so that they can develop appropriate security measures.

• Real-time Detection and Mitigation: Security firms such as eSentire have added this step due to the belief that security concerns need to be resolved immediately rather than after they have occurred.

Tips to Protect Your Firm Against Malware and Hacking

eSentire has developed a list of steps hedge funds should follow to protect themselves against security threats. The steps are based off the concept of the cyber kill chain, which states that the earlier a threat is recognized, the better.

• Perform a vulnerability assessment. It is essential that companies authenticate firewall configuration and anti-virus patching, network device security and evidence of criminal activity. You'll want to know where vulnerabilities exist before implementing additional security measures.

• Establish privileged access to core data. Companies should only designate access to necessary employees and place private data on password-backed servers.

• Develop an Acceptable Usage Policy. Firms should ensure that their Acceptable Usage Policy provides guidelines for software downloads, personal mobile devices, cloud-based email and storage services as well as the access and distribution of privileged data.

• Engage real-time intrusion detection/mitigation solutions. Be sure to track and observe all network actions to be aware of breaches, attacks or the access of sensitive information.

• Establish legal safeguards. Companies should ensure that they utilize confidentiality, non-disclosure, non-competition and non-solicitation arrangements to protect intellectual property.

• Know who you're hiring. Employers should screen employees pre-hire and conduct trainings to make all employees aware of appropriate and inappropriate conduct, contractual arrangements and firm policies and procedures.

• Monitor and log network activity. Restrict electronic transfers, enforce password protection, encrypt computer systems, limit accessibility to core assets, and observe and track all network and email actions.

Policies & Procedures

Here at Eze Castle, we recommend that all hedge funds employ multiple layers of security to reduce the amount of undesired traffic on the network, and thereby reduce the opportunities for a security breach. This is often called the Principle of Defense in Depth. Examples of defense layers may include having Windows protected by anti-virus software with up-to-date virus definitions and all Internet and DMZ facing hosts protected by OSSEC host-based intrusion detection.

In addition to these layers, we also recommend that investment firms employ the following policies and procedures to ensure their critical systems and data do not fall into the wrong hands.

• Principle of Least Privilege: This involves restricting access to only those employees who need it. Keep access control lists on all applications and data and inbound/outbound internet access to keep track of who can gain access to what. Also, log the use of audited one-time passwords and minimum privilege shared accounts.

• Secure User Authentication Protocols: Secure user authentication protocols include:
  • Assigning unique domain user IDs to each employee
  • Implementing strong domain password policies
  • Monitoring data security passwords and ensuring that they are kept in a secure location
  • Limiting access to only active users and active user accounts

• Information Management Security Policy: Develop a plan that details how the firm will handle a security incident. The plan should outline who is in charge of managing a security incident, the required reporting and investigation procedures, communications policies for contacting clients and the post-incident remediation procedures.

• Visitor/Contractor Premise Access Policy: It is essential that firms keep track of all people who have visited the site through the use of physical security checkpoints and surveillance.

• Mobile Device Policy: Develop guidelines for use of personal mobile devices in the workplace, and train staff on mobile device security. Firms should employ security measures such as requiring passwords, having the ability to remotely wipe devices and employing encryption tools.

Having a high level of security in place at your investment firm helps to restore faith in investors who are undoubtedly hearing about cyber attacks regularly in the media. Following industry best practices and implementing the appropriate tools and policies demonstrates that the firm has planned in advance instead of scrambling to handle a security breach after it has occurred. This also ensures that costly disasters are averted and normal business operations can be restored efficiently in the event of a security breach.

Click here to watch a full replay of our recent webinar, "Best Practices for Managing Security Risks."

• Investor Expectations of IT

• On-premise & Cloud solutions: Which is right?

• Security Risks & Best Practices

• Disaster Recovery How-Tos

You can watch the 30-minute webinar now or keep reading below.

What are Investors Thinking?

Today’s investors grew up with technology and as a result are asking much more detailed questions (here is a handy list). Also, just having an answer is no longer enough. So what is the perfect answer? The reality is that there isn’t one perfect answer that is right for every firm. More than looking for a specific answer, investors want to see that your answer is well thought out and logically addresses your specific fund operations.

Take security, for example. Not every firm needs every layer of security, but you do need to be able to discuss why you made the security decisions you did when it comes to protecting the fund from threats.

Here are the key areas investors are asking about:

• Annual assessment and audits

• Access control policies

• Network security policies

• Physical security policies

• Disaster recovery and business continuity plans

Going to the Clouds or Staying Firmly Planted on the Ground?

The question start up hedge funds regularly ask is, “should we go with on premise or in a private cloud?” Increasingly, the answer for new firms is the cloud. And when it comes to public versus private, we see very little adoption of public clouds in the hedge fund space for a number of reasons (service, integration with third-party applications, disaster recovery, etc).

Established hedge funds typically first enter the cloud through hosting of applications including, OMS, Risk and Accounting, or when it is time for a technology refresh. Additionally, we are increasingly seeing that hedge fund teams are small and looking for ways to leverage third-party services, such as the cloud, to streamline operations and outsource non-critical business functions.

A final note on selecting a cloud provider – be sure to have a conversation to understand how you can move your data off a cloud. With a reputable provider, migrating off a cloud should not be an arduous process (here are some handy cloud provider questions).

2013’s Hot Topic – Cyber Security

Just this week the US director of national intelligence, James Clapper, identified cyber security as the top global threat – even more treacherous than terrorism. So what is the anatomy of a cyber attack?

Many of the most successful attacks today are through malware that is delivered via email, drive-by or USB to an unsuspecting user. In the case of email malware, a user typically receives a message with a link to something that appears legitimate, such as an ADP paycheck. Clicking the link then infects the computer.

A high number of viruses are looking to take information. They want to get at financial information and other information they can sell. Basic security components that every hedge fund should already have in place include:

• Anti-virus protection

• Network firewall

• Web filtering

• Strong password policy

When it comes to passwords it is important to note that changing passwords is essential. The longer a password is out there the more damage can occur. Some hackers may just watch your email to gather information and get ahead of you in trades, for example.

More advanced security components firms should consider are:

• Intrusion detection

• Advanced Password Policy

• Multi-factor authentication

• Policies & Procedures for Security Management

Four Steps to Disaster Recovery and Business Continuity Planning

There are many steps to creating a DR and BCP, however, here are four considerations to help frame your planning.

1. Identify critical systems

2. Identify design requirements

• Look at all your systems and determine how old the data can be in the event of a disaster – this is your Recover Point Objective. When does a system need to be up and running? – this is your Recovery Time Objective.

3. Choose your DR method

• This is a discussion of on-premise versus a cloud solution. With Cloud DR, the responsibility to manage everything is removed from the hedge fund. There can be trade-offs. For example, if your trades are based on proprietary algorithms you may prefer to own the physical servers. Also, if you have in-house IT, they may prefer to manage in-house.

4. Choose a data center location/facility

• Investors are going to want to know about access controls and security at the data center.

• Half the data centers in NY lost power during Sandy. Not all of them were able to get fuel. All Eze Castle Integration data centers stayed up because we conduct extensive due diligence on all our data centers before selecting one. Be sure to do thorough due diligence on your service providers.

Want to discuss technology further? Contact us or subscribe to our Hedge IT blog.

The Good News? It has historically been that the anti-malware developers have deeper pockets than hacker groups. However, it appears that this is beginning to change. One troubling new trend that has emerged recently is state-sponsored hacking. According to a recent New York Times report, the Chinese government has been accused of fostering the efforts of hackers targeting organizations in the US and around the world to gain access to sensitive information. Similar stories have begun to surface from Russia and other nations as well. With sponsorship from national governments or other large resource pools, hackers are going to get more sophisticated and more difficult to detect.

So, what should you do to protect your fund? First, be sure to have all of the defense layers in place that we mentioned earlier, such as antivirus and antimalware tools and firewalls. You may also want to consider a more robust, comprehensive intrusion detection systems such as the one provided by our friends at eSentire, which can mitigate a potential threat before irreparable damage is done.

Once these tools are in place, fund managers should educate their employees on potential security risks and train them on best practices for mitigating those threats. Policies should be in place around:

• Access Control

• Acceptable Use

• Information Security Incident Management

• Personal Communications/Mobile Device Management

Often times, staff members don’t realize the extent of the risk to the organization if a cybersecurity attack occurs or sensitive company data is compromised. Employees who understand security threats and how to thwart them will serve as your fund’s best asset for keeping systems and information secure. Read more about Security Policies in this article.

Get even more hedge fund security tips directly from the experts! Register for our complimentary webinar “Best Practices for Managing Security Risks” taking place this Thursday, March 14th at 11:00am ET. Mark Sangster of eSentire and Steve Schoener of Eze Castle will be discussing current data protection trends in the alternative investment industry as well as best practices for ensuring your firm is secure.

What is the current state of the hedge fund industry in Asia?

Singapore and Hong Kong are the hedge fund capitals in Asia. We have seen a contrast between the status of large and small hedge funds in Asia. Many larger funds are struggling, with some shutting down, while smaller funds are increasingly doing well and delivering positive results to their investors. Both groups, however, are looking for ways to increase efficiencies and reduce costs.

Has Asia adopted the cloud?

There is a tremendous opportunity for private cloud services in Asia, however, cloud adoption in the region has yet to reach its full potential. The regulatory landscape in the UK and US, and the varying market maturity levels have fragmented the adoption of cloud computing. Many hedge funds and the alternative investment industry are still taking a measured approach to cloud computing, as the industry awaits further clarity on cloud computing regulations and better articulation of business benefits by IT vendors.

What are the barriers to cloud adoption?

Asia is a tough market to tap into, especially with increasing regulations both in the UK and US. The Alternative Investment Fund Directive (AIFMD), for example, can be one of the reasons why it could be difficult for many hedge fund managers to attract investor capital. Many managers in Asia are less inclined than their US or UK peers to make significant capital expenditures in technology on day one. Data privacy and lack of knowledge and understanding of the cloud are some of the obstacles preventing firms from benefiting from this technology.

The attitudes in Asia towards cloud computing are similar to those we had seen in the UK a few years back when cloud computing was the buzz word, but no-one really knew what the cloud was and the benefits it could bring.

What is the future for cloud computing in Asia?

There is a future for hedge funds and investment firms to adopt cloud computing in Asia. Asia offers the tallest buildings, which do not have air conditioning 24/7, so it is very difficult for firms to build out their own communications rooms on premise, and the cost of real estate, especially in Hong Kong is expensive, so the alternative for hedge fund managers is to host their infrastructure with a trusted private cloud service provider.

The cloud provides many benefits such as:

• To increase the speed of technology deployment
• To simplify IT management and support
• To improve IT flexibility and scalability of on-demand resources
• To take advantage of built-in disaster recovery and business continuity features and functionality

View our market survey on hedge funds and investment firms’ adopting the cloud. The 18-page report includes details on:

• Current & Future Adoption of Cloud Services
• Investment Firms' First Cloud Initiatives
• Cloud Deployment Models (Public vs. Private vs. Hybrid)
• Factors Influencing the Decision to Use the Cloud
• Barriers to Cloud Adoption
• Evaluation of Cloud Services Providers

• An AIF is broadly defined as any non UCITS vehicle that raises capital from a variety of investors. The majority of hedge funds, fund of hedge funds, private equity funds, real estate funds, infrastructure funds, and commodity funds will be considered AIFs.

• There will be exemptions for certain funds, such as single investor funds or managed accounts (both subject to certain conditions), as well as family offices.

• The majority of Cayman Island hedge funds, whether master or feeder or in corporate or limited partnership form will be designated as AIF. This is important to consider because several US managers manage Cayman funds in order to target their marketing efforts towards European investors.

• Each AIF must be assigned an individual alternative investment fund manager (AIFM). An AIFM is considered any business that delivers portfolio management and risk management services to one or more AIFs. The designation stands regardless of where the business is located.

• AIFMs do not have to be EU managers to be considered AIFMs. If a US manager is providing an AIF with portfolio management services or risk management services, they will be considered a non-EU AIFM. Every AIF must possess a single AIFM.

• US based firms that are only engaging in US business will be designated as non-EU AIFMs under the AIFMD.

• It is essential that US entities with EU affiliates examine which entity will be considered the AIFM, due to the fact that the regulations governing EU AIFMs are significantly more burdensome.

• The decision regarding which entity will be considered the AIFM should largely be founded on the degree to which investment management functions (defined by the directive as being portfolio management and risk management) are performed in either the US or by an EU affiliate.

• US firms managing an EU-based AIF or marketing a non-EU based AIF to EU investors will be caught by AIFMD.

Which US Managers are within Scope?
The level to which US managers are impacted depends on whether they manage EU AIFs or market non-EU AIFs to European investors. If US managers are not marketing their funds to EU investors, then they should fall outside the scope of AIFMD and will not be impacted by the regulations. When determining whether your firm and funds are within scope, keep the following in mind:

• According to the AIFMD, marketing is defined as a “direct or indirect offering or placement at the initiative of the AIFM, or by another firm acting on behalf of the AIFM.

• Another key area to look out for is passive marketing, also known as reverse solicitation. In this case, investors contact the manager directly to express interest in the AIF. Reverse solicitation is considered outside of the scope of AIFMD. Managers who engage in this type of marketing should have clear practices and controls in place to ensure their efforts are not viewed as active marketing.

• US managers not marketing their non-EU or EU funds to EU investors should not be subject to the AIFMD regulations even if EU investors occupy the funds.

• EU countries employ different laws governing direct marketing to professional investors through national private placement regimes (NPPR). This will be the only route to actively market to EU investors, at least until 2015. Also, in many European countries private placement is not allowed, so it’s essential that managers are familiar with the rules of the particular EU country in which they intend to market.

What Will Change?
With the onset of AIFMD, managers can anticipate a variety of changes that will characterize the alternative investment industry. Beginning on July 22nd, 2013, US managers marketing an EU AIF or a non-EU AIF in an EU state under NPPR must satisfy certain transparency and reporting requirements. These include:

• Making disclosures to their investors pre investment;

• Publishing an annual report for the pertinent AIF and;

• Reporting to national regulators in the countries that AIF is being marketed into.

The Future

• From July 2015, there is a possibility that EU managers will be able to access the pan-European marketing passport subject to becoming authorized under the AIFMD and complying with the full requirements of the directive.

• From 2015 onwards, non-EU AIFMs managing EU AIFs may also be required by the AIFMD to become authorized. In this case, they would also be able to access the EU marketing passport.

• From July 2018 onwards, there is the potential that the existing NPPR may cease altogether. In this case, managers with the desire to market an AIF within the EU would need to be authorized under AIFMD in order to access the EU marketing passport.

The AIFMD is a complex regulation and US managers should consult their professional advisors for further specific advice as to how it will impact their business.

For more on hedge fund regulations and AIFMD, check out these articles:

• A Snapshot of US Financial Regulation in 2013

• The SEC Wants to Know How Your BCP Fared During Hurricane Sandy

• Hedge Fund Form PF: Getting the compliance basics right

Enjoy! (And be sure to click into the presentation to experince our winners.)

Managing Security Threats Facing Hedge Funds

Most successful cybersecurity attacks in today’s environment occur via three different methods: malware via email, malware via a website download (drive-by download or man-in-the-middle) and transfer via USB. In most cases, an employee will download an unsuspecting virus or open an unsuspecting email, triggering a malware attack that could open the door for further intrusion. Alternatively, a trend becoming more common is the threat of employees transferring information onto USB drives (whether knowingly or unknowingly), resulting in an internal security breach. Externally –and regardless of the intrusion method – attacks typically follow a similar path from start to finish. Global security firm Lockheed Martin has identified steps to what they call the “cyber kill chain.”

• Reconnaissance: Collecting information and learning about the internal structure of the host organization
• Weaponization: How the attacker packages the threat for delivery
• Delivery: The actual delivery of the threat (via email, web, USB, etc.)
• Exploitation: Once the host is compromised, the attacker can take advantage and conduct further attacks
• Installation: Installing the actual malware, for example
• Command & Control: Setting up controls so the attacker can have future access to the host’s network
• Actions or Objections: The attacker meets his/her goal (e.g. stealing information, gaining elevated privileges or damaging the host completely)

While these steps may seem well thought-out and can be easily executed by an attacker, the benefit to understanding the cyber kill chain is that it gives the host a chance to counteract. The sooner into the cyber kill chain the host can identify the threat, the better chance it has of thwarting it. And there are several options for thwarting attacks, depending on the stage in which the attack is identified.

Mitigation activities on the host’s part can include: detection, denial, disruption, degradation, deception and destruction. Creating a course of action based on various scenarios and a firm’s current abilities to thwart attacks can gauge effectiveness against such intrusions and provide areas for improvement in a firm’s defense strategy. As part of an overall strategy, firms should also look to implement the following simple best practices to help prevent costly attacks:

• Enforce strong passwords and (at least) two-factor authentication
• Remove local administrative privileges when possible
• Keep patches up-to-date for Microsoft, Adobe, Java Runtime and browsers (the most common threats originate here)
• Restrict executable downloads and installations

In addition to implementing technical measures to protect their infrastructures, firms must also employ operational policies and procedures to document incidents and provide transparency to investors and auditors.

Mobile Device Security: Navigating the BYOD Trend

By allowing employees to supply their own devices, an organization inherently loses control over the hardware, how it is used and must ask the question how the company can be affected. Governing the fine line between personal and professional use on the same device can be challenging. But without clearly defined policies in place companies are making themselves vulnerable to a number of security risks.

For instance, 48% of respondents in a recent InformationWeek survey indicated that employees within their organizations had their mobile devices lost or stolen in the past year, with 12% of those cases requiring public disclosure, causing inevitable harm to the business. If proper security measures are not in place, the information contained on that device could become accessible to unauthorized parties and the company's reputation may suffer irreparable damage.

Additionally, there are many security risks involved in using one’s personal device for business purposes that most users may not even be aware of. Many popular smartphone apps, such as public file transfer services, could allow sensitive information to be easily intercepted. Other common activities that could result in leakage of sensitive data include using personal devices to automatically forward work emails to public webmail services and using smartphones to create open Wi-Fi hotspots. Both of these practices make a company’s data extremely vulnerable to hackers.

But there are steps you can take to protect your firm from BYOD security threats – we outline these in our Best Practices for Managing IT Security Risks Guide.

Additional topics covered in the Guide include:

• Working with Service Providers
• Hedge Fund Cloud Security Checklist (See how Eze Castle Integration fared on this test HERE)
• Looking Ahead

• Every child deserves the right to a quality education.
• Education is the key to unlocking a brighter future and breaking the cycle of homelessness.
• Community support is vital in helping achieve the goal of providing academic stability and hope for all children who have no permanent home.

School on Wheels achieves these goals through a variety of programs, most notably its volunteer tutor program, which trains and matches tutors to homeless students in the community. Tutors are trained and paired with one student in order to ensure a sense of stability, and assist students with not only school related projects but also confidence building exercises. Volunteers also work with the students to help them stay on track in school and reach their educational goals, which include attending college. Through its High School Plus Program, School on Wheels of MA has already helped 15 homeless students reach college.

To support this worthy organization, Eze Castle is hosting a social media fundraiser during which we pledge to donate $1.00 to School on Wheels (up to $1,000) for every new “like” we receive on our Facebook page and every new Twitter follower obtained between February 14, 2013 and March 14, 2013.

Please take a moment and “like” us on Facebook or follow us on Twitter to help us support this amazing cause. In addition to the good karma you’ll earn, you’ll also have the added benefit of enjoying innovative hedge fund technology insights and news directly on your Facebook and Twitter feeds!

With the new Z10, BlackBerry has moved away from their traditional screen and keyboard approach to a total touch screen experience. The new device is bigger and thicker at 130mm x 65.6mm x 9mm than an iPhone but has almost everything diehard BlackBerry fans have been waiting for: a sleek, modern, and professional touch-screen with an up-to-date OS to match and 4G LTE support. But what else is new? Here at Eze Castle we have done our research and bring you all the information you need.

Interface

BlackBerry has merged home-screens, widgets, app lists and a unified inbox into one slick interface, offering up an easy-to-navigate user experience. The main home-screen comprises of 'Active Frames' (mini-applications), which gives you an overview of information from a particular app and launch the full version when tapped. Users can select up to eight of these active frames, which arrange themselves in order of most recently used, with the latest app appearing in the top left position.

BlackBerry Hub, Flow and Peek

The new operating system features a string of new additions to the BlackBerry to equip it to compete with modern smartphones. The new system will have features called the BlackBerry Hub, Flow, and Peek, which make it easier for users to move between apps, emails and social media platforms.

Keyboard

The BlackBerry Z10 has a touch screen keyboard, which includes a ‘gesture typing’ feature that allows users to ping predicated words into their messages. The new touchscreen keyboard aims to provides an effortless typing experience. It learns your writing style and suggests words to help you type faster, more accurately and with the least amount of effort.

BlackBerry Messenger (BBM)

The popular BlackBerry Messenger app has also been updated to include a video facility allowing users to chat face-to-face as well as a picture editing feature. This new picture editing feature allows the user to pinpoint and adjust elements of their picture to get the photo they want.

Camera

The new ‘Time Shift’ feature captures milliseconds before and after your photo—so you can scroll back on the dial to open and create the perfect picture. For example; open one friend’s eyes and then forward to catch your other friend smiling, before combining it all to create that picture perfect moment.

Applications

More than 70,000 apps will be available to download, including Skype, Kindle, WhatsApp and Angry Birds, however, this is still a far cry from the iPhone's nearly 750,000 apps.

Pre-loaded Apps: BlackBerry Hub, Contacts, Browser, Calendar, BBM, Text Messages, BlackBerry World, BlackBerry Remember, Docs To Go, Pictures, Music, Videos, Story Maker, Facebook^, Twitter, LinkedIn, Foursquare, BlackBerry Maps, Games, YouTube , BlackBerry Newsstand, Voice Control, Weather, Clock, Calculator, Compass, File Manager, Box, BlackBerry Connect for Dropbox, Print To Go, Smart Tags, Settings, Adobe^® Reader, Phone, Camera/Video Camera/Time Shift, Setup, Help, SIM Toolkit and Search.

Our Assessment?

Overall the BlackBerry Z10 delivers the must have features that will allow it to compete with the iPhone, however, many are wondering if it is too little to late to effectively capture market share from its strong competitors. We'll just have to wait and see user reactions. It is now available for sale in the UK, however, US users will have to wait unti March 2013 to give it a test spin.

Check out a Product Demo HERE and decide for yourself.

Subscribe to the Hedge IT Blog to stay up-to-date with the latest trends in technology.

Photo credit: http://uk.blackberry.com/

There are conflicting opinions as to whether the JOBS Act will actually increase the number of companies seeking IPOs. One point of contention is the newly permitted confidential filing process, which allows new companies to privately submit draft registration statements to the SEC. Arguments focus on whether the confidential filing process will, in fact, result in a lack of transparency for investors when advising clients.

Although the JOBS Act was signed into law in April, some tenants of the bill have yet to go into effect, including the lift of the solicitation ban that prohibits hedge funds from advertising to potential individual investors. The ban was intended to be lifted in August, but the rule was not finalized because the SEC missed the July 4 deadline, in part due to former SEC Chairwoman Mary Schapiro’s departure and alleged opposition to lifting the ban. While there is no clear date set for when the JOBS Act will take full effect, there is discussion that more investor protections need to be added.

SEC’s Asset Management Unit Directives
In 2013, hedge funds can also expect continued vigilance by the SEC through several initiatives imposed by the Asset Management Unit (AMU) of its Division of Enforcement. The AMU is tasked specifically with preventing fraud in the hedge fund industry. The hedge fund managers and private equity analysts who comprise this unit help provide a more transparent overview of the inner workings of these firms, and aid in developing policies, investigations, exams and trainings. Although in the past, hedge funds and private equity firms were lightly regulated by the SEC, in 2013 managers can expect to see a much stronger SEC presence and a higher level of regulation within their firms. Additionally, expect a higher level of in-person investigations focused on specific workings of the firm. The AMU’s new focus will center on investor/client relationships and aim to prevent hedge fund managers from giving out any recommendations to potential clients that are not well intentioned.

The Dodd-Frank Act
In 2013, hedge fund managers can expect to see the SEC advance with the rulemaking required by the Dodd-Frank Act. Although the Dodd-Frank Act has been passed for some time, there are aspects of this legislation that will be taking effect this year. For instance, there will be a much higher level of onsite risk-based presence exams, during which SEC staff will investigate high risk areas of the fund. The SEC’s continued emphasis on hedge fund regulations requires that a high level of detail and focus is placed on risk and compliance initiatives within these firms.

Some of the Dodd-Frank updates that will be occurring this year include finalizing the Volcker Rule, which bans proprietary trading by banks (expected in early 2013) as well as the development of a new regulation that will allow for greater supervision of foreign banks’ US operations. The rule will require foreign banks with substantial US operations to uphold stronger capital and liquidity positions in the US as well as create an intermediary holding company over its US subsidiaries. In 2013, the Consumer Financial Protection Bureau (CFPB) will also examine crucial issues surrounding fair lending. Reports indicate that the CFPB is developing new rules in order to reinforce regulation surrounding fair lending practices. These rules are connected to the Truth in Lending Act, Equal Credit Opportunity Act and Home Mortgage Disclosure Act.

For more information, be sure to check out our collection of complimentary resources on helping your firm navigate the complex regulatory environment, or contact an Eze Castle Integration representative.

Application Providers: Here's what the Eze App Cloud has for you.

Combine your proven software with our premier cloud infrastructure to give clients a complete, cost-effective package that speeds time to value. A few benefits of using our Eze App Cloud are:

• Meet the market’s growing preference for cloud

• Use our Private Network which serves as the communications gateway to more than 400 buy-side firms and offers direct connectivity to key trading counterparties

• Breakdown international deployment barriers – the Eze Private Cloud spans three continents

Client (i.e. the VIPs) Benefits

• Gain cost-effective access to an enterprise-grade infrastructure that is highly available and professionally managed and monitored

• Focus on business priorities and core competencies rather than application and IT management

• Transfer technology costs from capital expenditures to operating expenses, and eliminate the need to purchase, maintain and refresh equipment

Watch & Learn: Eze Private Cloud Overview

We asked our Business Continuity Planning experts to give 10 tips on keeping your firm up and operational during flu season. Watch and learn or download our handy 10 Tips Article.

You can also download our Preparing Your Firm for Flu Season article, which outlines tips for keeping your hedge fund up and running during Flu season and advice on pandemic planning.

Our BCP experts are also always available to assist with planning.

Jason Nolan, Product Manager: Perform comprehensive evaluations before selecting a cloud service provider.

Last year at this time, we were encouraging our clients to learn more about the cloud and consider moving to a cloud-based IT infrastructure to take advantage of cost benefits and increased operational efficiencies. Today, the hedge fund industry has a much deeper understanding of this technology and is ready to take the cloud discussion to a deeper level. Our big push for 2013 is to encourage investment firms to thoroughly vet potential cloud providers on a number of key areas including backup and retention procedures, security and monitoring practices in place at data centers, Service Level Agreements (SLAs), SSAE 16 certifications and more. Also, be sure to gain an understanding of the service provider’s internal policies as they relate to data access and security procedures.

Lisa Smith, Business Continuity & Data Privacy Manager: Review and enhance your BCP and communicate it well.

If there is one thing we learned from Hurricane Sandy, it’s that, for alternative investment firms, having a comprehensive and robust business continuity plan in place is crucial to achieving success. Of course, this is not new information, and most firms already have plans in place to protect their businesses from these types of events. However, simply having a plan in place is not enough. We encourage our clients to review and discuss their BCPs on an ongoing, regular basis to ensure they continue to evolve as business needs, key personnel and other factors change over time. In addition, it’s important to effectively communicate these plans to all employees within the organization, as well as any pertinent third parties (clients, vendors, investors, etc.), so that everyone understands what to do in the event of a disaster or outage. Keep in mind communicating the details of your company’s BCP can be done through training sessions, information sessions and testing. These are the most effective ways to ensure your employees know what to do during a disaster.

Bob Guilbert, Managing Director: Don’t overlook the importance of security.

In 2013, security will be one of the most discussed topics in the world of hedge fund technology. While we’ve been preaching strong security practices for quite some time, this year will bring a host of new challenges in this arena, especially in the areas of mobility, cyber-attacks and internal breaches. Firms should develop a strategy to combat these security threats, including implementing best practices such as enforcing strong passwords and multi-factor authentication, keeping patches up-to-date for Microsoft, Adobe and the like, restricting executable downloads and creating a mobile computing policy that addresses both company-issued devices and BYOD management.

Marc Gold, Director of New York Client Service: Be prepared for an operational due diligence questionnaire.

It’s no surprise that the hedge fund industry has become increasingly competitive. Investors’ expectations are on the rise, and they’re looking for funds that display the highest levels in operational excellence. At the same time, new regulations are aimed at increasing transparency. As a result, operational due diligence has become a hot topic amongst alternative investment firms. Now, more than ever, it’s critical to ensure your firm meets these high standards by preparing for – or completing in advance – a due diligence questionnaire (DDQ). Operational DDQs cover a wide range of topics, including the fund’s IT infrastructure and the accompanying security procedures. At Eze Castle, our client service team regularly assists funds in completing DDQs. Be sure to download our sample DDQ for hedge funds to help you get started.

Photo credit: gotgame.com

Cloud Adoption Survey Results Revealed: Part 1

This year, we undertook a research study surveying 130 hedge funds and alternative investment firms in regards to their adoption of cloud technology. The results revealed that more than eight out of ten investment firms are either currently using or planning to use cloud computing services in the near future. This shift towards the cloud signifies a major trend in the financial services space as firms look to move away from costly on-premise technology infrastructures. You can download the complete survey report here.

Hedge Fund Cybersecurity: Preparing Your Firm For an Intrusion

In 2012, we announced a strategic partnership with eSentire, a leader in managed security services for hedge funds. The partnership comes at a time when firms are on high alert regarding security concerns and are shoring up their businesses to mitigate future threats. In a live webinar, eSentire’s CTO reviewed internal and external security threats to hedge funds and strategies for thwarting such attacks.

Operational Due Diligence: Common DDQ Questions

As competition for investors continues to increase, firms are looking for ways to stay ahead of the crowd. The investor due diligence process has become much more thorough as investors have become savvier about operations and technology matters. Here is a list of common due diligence questions your firm may be asked as part of the DDQ process.

Examining the Changing Role of the Hedge Fund CTO

One of the panels at our first annual Hedge Fund Cloud Summit this year took a look at how the role of the head of technology at an investment firm is changing, particularly with increasing regulatory demands and reporting requirements from investors. Find out more about the new responsibilities hedge fund CTOs are undertaking and where the future of the role is headed.

Why Outsource? The Advantages of Using a Third-Party Help Desk

Earlier in 2012, Eze Castle was awarded with the prestigious Help Desk Institute (HDI) Team Excellence Award. Go, Eze! The win was great validation for our 24x7x365 outsourced help desk, which works with our clients day in and day out to resolve their issues and meet their immediate technology needs. This article takes you through some of the key advantages of using a help desk service like ours.

Take a Tour of Eze Castle's Data Centers (New Video!)

One of our favorite videos of the year was an inside look at our colocation facilities. Take a tour with this short video to see where our data centers are located worldwide and how our technology team works to keep your data and infrastructure safe and sound.

Hedge Fund Tech Compliance: Archiving, Security & Mobile Device Management

Our most popular webinar of the year focused on hedge fund compliance directives and covered everything from Form PF to message archiving and mobile device management. The regulatory requirements for hedge funds continue to mount, so read on to find out which directives your firm needs to comply with.

What Hedge Funds Can Learn from Hurricane Sandy

One of the most significant and devastating events of 2012 was Hurricane Sandy. The superstorm affected countless businesses and residences up and down the East Coast. Many of our clients were directly affected, and hence, we learned a lot through the course of the storm and in the aftermath. Disaster recovery and business continuity planning are essential to all firms, and Hurricane Sandy was another reason why firms should work diligently to prepare for unexpected events like these in the future.

From all of us here at Eze Castle Integration, we wish you a Happy New Year and look forward to seeing you in 2013!

Click here to view our 2012 Holiday e-Card!

What’s New?

The Windows operating system has been around for years, but there are now new players within the computing industry. Competitive offerings such as the Android and iOS platforms are rapidly gaining popularity as iPhones, iPads and Droid phones become more common. As a result, Microsoft is introducing significant changes with this new release, primarily aimed at enhancing users' experience when accessing the platform on tablets and mobile devices and taking advantage of new and emerging technologies.

Compatibility with Mobile Devices
Windows 8 is optimized for use on touch screens as well as traditional mouse-and-keyboard systems. Microsoft has also improved the start screen, now called the “Modern UI,” featuring a full-screen tile display of real time, customizable information. Users can install apps from the new Windows Store in order to quickly access news, weather updates, tweets and other timely information in a single tap. Additionally, a new function allows users to multitask by grabbing and swiping several apps at a time – a feature we haven’t yet seen perfected by competing operating systems.

Here is an example of what the Windows 8 start screen looks like:

Note: You may be hearing references to Windows RT in addition to Windows 8. To clarify, these two platforms are virtually the same, however RT refers to the version which runs on tablets. It contains nearly all of the same features, and users can navigate it the same way they would operate its counterpart on a desktop PC.

Increased Security
One important change in Windows 8 is a significant improvement in security features. Users can lock their devices and choose to protect them with either a traditional password or a “picture password” which involves drawing gestures on the screen with a finger (for touchscreens) or a mouse. Also, only the first account that is created on each device has administrative privileges. This means that only one person is able to install/remove most programs and access is limited for secondary users.

Windows 8 also boasts better malware protection than previous versions, increased protection for core files and a new system for memory management that is much more robust. Most individual apps are isolated, and can only access information from one another if you choose to allow it. This helps to quarantine malware and prevent it from spreading from one app to the next. For added security, users can add the Microsoft Defender app which decreases the chances of acquiring a virus.

Improved Searching and Navigation
Another new feature of note is the Charms bar. This appears when a user swipes his or her finger from the right edge of the screen or hovers the cursor over either the top or bottom corners on the right side of the screen. When the Charms bar is activated, it provides easy access to buttons that allow users to search, return to the home screen, switch to the most recent app that was used or adjust settings. You can also swipe up from the bottom of the screen to quickly reveal a list of all apps installed on the device.

Mousing Around Windows 8
So you may be wondering what it is like to navigate Windows 8 with a mouse. We've heard mixed reviews, but here are some handy shortcuts The Verge magazine recently published:

• Windows + H = Opens the Share charm
• Windows + I = Opens the Settings charm
• Windows + K = Opens the Devices charm
• Windows + Q = Search for apps
• Windows + F = Search for files
• Windows + W = Search for Windows settings
• Windows + X = Access common admin tools
• Windows + E = Launches File Explorer in the desktop environment
• Windows + O = lock screen orientation
• Windows + R = Opens a Run dialog
• Windows + L = Lock the computer
• Windows + Print Screen = Saves a screenshot to your Pictures > Screenshots folder
• Windows + any of 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 = Launches the corresponding program pinned to the taskbar
• Ctrl + Shift + Esc = Open Task Manager

Conclusion

Many analysts are calling Windows 8 the most drastically different operating system Microsoft has developed since Windows 95. For those of you who are used to the older platforms, this may require some getting used to. However, as we all know the world is moving away from the desktop and onto the touchscreen, and Windows 8 has the makings of a very solid operating system for this new age of computing. Keep an eye on this product – we expect to see a number of enhancements and add-ons in the coming year that could be very useful for business users.

Looking for more information on current trends in technology? Don't miss our recent article on what to look for in 2013. And of course subscribe to the Hedge IT blog!

Photo Credits: thetechstuff.com & PC Advisor

• Where will your fund be based? Are there tax implications based on which geography you select?
• Will you be required to register on a state and/or federal level?
• What type of governance model should you employ?
• What are your investors’ expectations? (re: compliance, infrastructure, reporting, etc.)

The decision to outsource or take internal control over certain functions will also weigh heavily on your business. The functionality of a CCO or CFO is one that is often up for debate, and there are firms who will provide staff to fill these roles and assist with SEC and CFTC compliance requirements, registration forms and other needs. Be sure to consider what your investors’ perceptions of an outsourced CCO/CFO would be, though. Do they expect you to have someone on staff full-time? If the idea of outsourcing such an important role makes them uncomfortable, you may want to retain someone in-house.

For services and functions you do choose to outsource, it’s important to remember that managing those relationships is essential to success. The one function you cannot outsource is vendor relationship management, so taking the time to properly vet and communicate with your service providers will serve you well as you launch your business. Some vendors you will likely work with during the course of your launch include a fund administrator, attorney, audit or tax firm, prime broker and technology provider.

The Technology Shift
Fifteen years ago, hedge fund firms followed a “traditional” path, managing their IT in-house and making significant investments in technology infrastructure. They likely had Comm. Rooms directly in their office space and rarely relied on outsourced service providers. Fast forward to present day, and you’ll see that times have changed dramatically.

Disaster situations such as Hurricane Sandy and the global adoption of new technologies (read: cloud computing) have prompted hedge funds, particularly startups, to re-evaluate their technology strategies and leverage outsourcing.

On the cloud front, most firms seems to understand what it is and how it works. But the reality is that every cloud is not created equal, and all hedge funds should do their due diligence before settling on a cloud platform. Performing a SWOT analysis should give you a good indication of how cloud providers stack up against one another. One area to examine closely is cloud security. Again, not every cloud is secured in the same way or employs the same security measures. A reputable cloud vendor should provide you with clear documentation defining the technology infrastructure and security layers as well as the policies and procedures in place to manage the security of the cloud (and of your data). Security is one area where you don’t want to take shortcuts, so be thorough in your evaluation and selection process.

The technology infrastructure you choose (cloud computing vs. on-premise hardware) may very well be influenced by your real estate situation. Are you working from a home office? Sub-leasing a space in the city? Operating out of a hedge fund hotel? Your situation may affect if you have the ability to manage IT in-house or build out a Comm. Room, or perhaps it makes more sense to utilize the cloud. As you investigate real estate options, be sure to consider your location and accessibility to clients, any future expansion of your firm and, of course, economics.

A few other technology areas you’ll want to put some thought into:

• Disaster Recovery & Business Continuity Planning
• Message Archiving and Compliance
• Technology Budgeting

Eze Castle Integration has helped over 2,000 hedge funds launch and is adept at working with firms throughout the entire launch process and beyond. If you’d like to speak with one of our experts to talk through your options, please contact us.

Which of these trends do you think will be the hottest in 2013?

Read our complete announcement here.

The award-winning Eze Private Cloud provides hedge funds with seamless access to the technology and applications they require to effectively and efficiently run their businesses. With the Eze Private Cloud, hedge funds simplify operations, minimize upfront capital costs and gain a highly resilient, enterprise-grade IT infrastructure on par with billion-dollar funds. To learn more, click here.

Respondent Profile

Within the financial services industry, Eze Castle surveyed 320 firms including hedge funds (61%), investment managers or investment banks (12%), private equity firms (7%), fund of hedge funds (4%), broker/dealers (2%), and venture capital firms (1%). Additional firms included in an ‘Other’ category include family office, legal, real estate, endowment, quant, biotech and insurance brokerage.

Firms surveyed fell into three asset classes: 30 percent reported their AUM as $100 million and under; 32 percent fell between $101 and $500 million; and 38 percent reported over $500 million in assets under management.

The most popular investment strategy among firms is Equity Long/Short (37%); multi-strategy approaches are also common and employed by 23 percent of firms. The top five prime brokers employed by firms are Goldman Sachs, Morgan Stanley, JP Morgan, Credit Suisse and UBS.

Front Office

• OMS: Firms use order and execution management systems to support trading, operations, compliance and portfolio management; therefore, they require a robust and efficient solution to meet their growing needs. Our survey found that the majority of firms rely on ConvergEx Group’s Eze OMS solution (32%) or Bloomberg’s AIM (23%). Other market OMS systems include Advent’s Moxy, RediPlus, and Charles River.

• Market Data: Bloomberg is, by far, the leading provider of market data services in the financial industry, as evidenced by its use by 90 percent of survey respondents. Thomson Reuters is the second most commonly used solution; however, 80 percent of firms using Thomson Reuters are also using Bloomberg.

• Market Analytics: This year’s survey showed respondents’ inclination for bundled solutions, which makes it understandable that Bloomberg is also the leader in market analytics (73%). Other market analytic solutions in the marketplace include Thomson Reuters, Capital IQ, and Factset.

• Research & Document Management: Most firms are not currently using research management systems (54%) to manage the influx of data and information flowing into their firms. For those who are, popular systems include Advent’s Tamale (22%), Code Red (14%) and Microsoft SharePoint (12%).

Middle Office

• Portfolio Accounting: With the ability to automate trade capture, allocation and lifecycle management, a portfolio accounting platform is essential to any investment firm. Advent holds the market share, according to our survey, with their APX (20%) and Geneva (17%) products used by many of our respondents.

• Risk Management: As hedge fund investors demand greater transparency, firms are implementing strategic risk management systems to mitigate threats. Adoption is slow – 60 percent of firms are not using risk management systems currently – but market solutions in use include Advent, SunGard, RiskMetrics and Calypso. We expect many firms are outsourcing risk management functions to third-party administrators.

• Outsourced Administration: Speaking of administrators, the most common admins according to our survey include Citco, Goldman Sachs, SS&C GlobeOp and State Street. State Street recently purchases Goldman’s administration practice, and we expect them to play a larger role next year.

• CRM Solution: Of firms currently using customer relationship management tools, most are using Petrac (17%), Salesforce (17%), Backstop (13%) or Netage (13%). CRM tools may gain traction in the near future as firms look to do more advertising as a result of the JOBS Act.

• Message Archiving: Email and IM communications are required to be archived under Dodd-Frank. Global Relay and Eze Archive are the most popular solutions for investment managers, with 50 percent of respondents using one or the other. Less frequently used vendors include Smarsh, FrontBridge, Postini and Rackspace.

• Mobile Technology: While many firms are still using BlackBerry to support their operations, the adoption of the BYOD trend has shifted companies toward Apple devices. Last year, only 10 percent of firms were using iPhones and iPads; in 2012, approximately 30 percent of firms are using Apple-powered devices for business.
  

Looking Forward

We expect to see continued adoption of crucial applications, including OMS and PMS systems, particularly as these applications can easily be supported in the cloud. Beyond cloud computing, there is sure to be an increased focus on hedge fund regulation in the future, and this will affect the systems and vendors firms choose. Investors, also, are becoming more technologically savvy and therefore require that investment firms do their due diligence and implement robust and secure infrastructures to support operations and mitigate risk. These trends will continue to play important roles that shape the technology and operational choices investment firms make. We hope our Benchmark Study will serve as a guide and assist firms in making these critical decisions.

Eze Castle Integration is well-versed in the understandings of the alternative investment market and provides consultation to hedge funds looking for advice on various hardware and software platforms. For more information on how we can help your firm make critical operations and technology decisions, please contact us.

Here are the big ones:

The new new iPad. In what might have been the biggest surprise, Apple announced it is phasing out the new iPad (released only a few months ago) and replacing it with a newer one (due out next month). Same look. Same price. Less issues. In simplest terms, they fixed all the complaints. There is now more LTE support (including Sprint in the US and local providers in the UK), a faster processor, faster WiFi and some better camera features. Oh and with the help of a new power adapter, quicker charging too. No major changes, but it does help to know you are getting your money’s worth and that the company you are buying from really listens to users’ input.

The iPad mini. Users want small. Technology has always been about making devices smaller; even the iPhone 5, with its bigger screen, has smaller components and a smaller weight. And now your iPad can be smaller too. Just as powerful as the current $399 model, the iPad mini has more features (Siri and LTE just to list a few) and a lower price (starts at $329). At over $250, many users might not make the jump away from their Kindle Fire HD or Nexus 7, but for users considering Apple and for users who want small, I wish them short lines in the store and quick initial shipments.

13" MacBook Pro with Retina Display. Powerful. Beautiful. Small. Expensive. Four words to perfectly describe the newest addition to Apple's killer line of laptops. It perfectly complements its 15" big brother. With a screen that dominates every other laptop (except for the 15” version released a few months ago) this machine is beautiful. And with specs that are great for any laptop, it'll be great for anyone who wants to multitask, edit pictures or play video games all night. If I could afford it, it would already be in my shopping cart.

Mac mini. In keeping with Apple's theme of minis, they upgraded their everyday desktop computer. It's not their most well known product, but anybody trying to replace an older computer who wants to switch to a Mac, here is their gateway drug. It's just as powerful as any of the other entry-level machines out there, and it has an adapter that can be used with any nice monitor (or TV) you might already own. Plug in a keyboard and mouse (or buy them from Apple), and you are good to go. It’s simple, small and just as powerful as any of their laptops available at twice the price.

And my favorite announcement...

The 27" (and 21") iMac. Ultrasleek and ultrapowerful. And at points only 5mm thick (and at others over 20" long). This machine is ridiculous. Shipping in December (November for the 21"), this machine has already made it to the top of my holiday list. And I have a version that's only two years old! Apple took their last model (which was very powerful for an all-in-one computer), cut the size and upped the specs. Simply put, it’s an ideal announcement. How exactly the edges are 5mm is beyond me (and don't worry -as soon as they are on display in Grand Central, ill find out), but until then just "wow". For those intensive users (and big time gamers), here’s a machine capable of it all. I bet it even runs Windows smoothly.

Finally, the Fusion Drive. Available as an upgrade on the Mac mini and iMac, this is Apple's take on a hybrid drive, but bigger in specs, not physical size. Although details are still slim, the Fusion Drive has 128GB of solid state storage and up to 3TB of typical hard drive storage. Coming from someone who made the switch to solid state drive (SSD) a few months ago and has only looked back to wonder why it took so long to do so, this sounds like exactly what I want in my computer: storage space to make my apps run fast and tons of space to store my music and files. But Apple says they've taken it one step further.

In a typical hybrid drive, the solid state storage is used as a cache - a temporary quick-to-access spot to store copies of what you are running/accessing often. Apple's software beyond their hybrid drive eliminates this need for redundancy. The files and applications you need and access a lot are automatically shifted in the background to solid state. And this will dynamically change over time. Promises of boot speeds and access speeds that near that of full SSD solutions means the potential for what will seem like over 3TB of solid state storage. This will either be one big gimmick or one huge spec jump. We all know what I'm hoping for when I put one in my iMac configuration on my holiday list.

To read more about Apple technology innovations, check out these blog posts:

• iPhone 5: New Features Review
• iPhone 5 and iOS 6: First Impressions
• Tech Talk: Should I Trade My Blackberry for an iPhone? (Video)

Photo Credits: Apple, PC Mag

Audit Terminology Defined

You’ve probably heard several different audit-related terms being used to assess service organizations and data center quality. Here are some of the most important terms to be familiar with:

SAS 70
This stands for the Statement on Auditing Standards No. 70, which was developed over 20 years ago by the American Institute of CPAs (AICPA) primarily to report on the financial controls of service organizations. It was later adapted (inconsistently – more on that later) in an attempt to report on non-financial controls. Clients and end users often request to see the results of a provider’s SAS 70 audit, as this was believed to demonstrate that the provider has undergone a comprehensive examination of its financial controls and related processes.

The issue with a SAS 70 audit is that it simply verifies that a data center manager has certain controls and processes in place. There’s no benchmark to which providers are held accountable. Therefore, a data center with very robust data protection measures could achieve the same level of audit as one with relatively weak controls in place. The only true way these differences are expressed is within the lengthy SAS 70 audit report which is time consuming to read and complex to decipher.

Last year, the AICPA acknowledged the deficiencies of the SAS 70 standard in its abilities to provide in-depth information on a service organization’s non-financial controls or enable user organizations to effectively compare service providers. As a result, the group elected to replace SAS 70 with new standards which better reflect the quality of these providers.

SSAE 16
As of June 15, 2011, SSAE 16 (Statement on Standards for Attestation Engagements No. 16) effectively replaced SAS 70 as the authoritative guidance for reporting on controls at a service organization. According to CPA firm Feeley & Driscoll, this new audit standard better accommodates international businesses, as it is on par with similar global standards such as ISAE 3402. Additionally, a SSAE 16 audit provides much more detailed and accurate information for all stakeholders of service organizations.

SOC 1
According to the updated standards, an audit that is conducted under SSAE 16 results in a SOC 1, or Service Organization Control No. 1 report. This report is focused on the internal financial controls of the service provider. SOC 1 reports are intended for use only by existing data center clients and are not recommended for prospective customers or the general public.

SOC 2
SOC 2 provides much more stringent guidelines than SAS 70 or SSAE 16, and is specifically designed to assess the quality of data centers and service organizations. SOC 2 and SOC 3 combined provide a benchmark against which two data center audits can be compared using the same set of relevant criteria – a major enhancement to previous audit standards.

Specifically, SOC 2 reports focus on the service provider’s non-financial controls which are referred to as Trust Service Principles: Security, Availability, Processing Integrity, Confidentiality and Privacy. An organization is not required to meet all five of these principles in a SOC 2 engagement, but they do provide a more comprehensive evaluation of the provider and its data centers.

SOC 3
SOC 3 is similar to SOC 2 in that it provides a similar level of assurance regarding the five Trust Service Principles. The primary difference is that a SOC 3 report is intended to be released publicly. As such, it contains a less detailed summary opinion provided by the auditor which gives an overview of the effectiveness of the controls that the data center or service organization has deployed.

Conclusion

The transition from SAS 70 to new audit standards is a welcome change for the outsourced technology industry. SOC reports provide data center operators and service organizations with a more comprehensive set of guidelines on which to base their controls and policies. They also benefit clients and end users, as they provide better assurance that providers are meeting high standards when it comes to security, availability, processing integrity, confidentiality and data privacy. Essentially, these new audit standards have raised the bar, leading to what is sure to be a more effective and efficient future for data center technologies.

For more information on data centers and outsourced technology options, be sure to check out these articles and resources, or explore Eze Castle's cloud computing services:

• Cloud Forum
• A Refresher on Data Center Tiers
• Data Center Design Philosophy

Image Credit: http://www.probenefits.com/About_ProBenefits/SSAE-16.html

Service & Support

Investment firms demand uptime to ensure operational efficiency and profitability. Public cloud providers, however, do not offer hedge fund-specific IT support and rather have limited customer service representatives troubleshooting the most basic of email and desktop support issues. In the event of a crisis situation or an outage, hundreds of thousands of users will be trying to reach a limited number of support personnel, creating additional problems and highlighting a severe lack of customer support. As we’ve seen in recent years, many public cloud providers (such as Google and Amazon) have had outages last hours or even days at a time – situations that prove costly to any investment firm. With a hedge fund-specific private cloud platform, funds often have access to 24x7x365 engineering support that is tailored to meet the demands of their unique business.

Edge: Private Cloud

Scalability & Application Integration

While a public cloud offering may entice small start-up firms in particular, it is likely these firms will soon outgrow these services and be forced to migrate their data and infrastructure to a larger, more tailored platform. For example, traditional public cloud services do not offer or support vertical-specific application integration; as a firm grows to require a portfolio accounting platform or order management system, they will find that these applications are incompatible with their current cloud offering. On top of that, currently no public cloud providers will support any form of custom application integration or hosting of any hardware dedicated specifically to the fund.

With a private cloud solution, firms can easily grow and scale upwards as well as incorporate financial-specific and custom applications. Hedge fund private clouds are building up their lists of hosted applications (Eze Castle’s cloud currently hosts over 65 applications), allowing firms to reduce hardware costs and scale upwards by adding new users.

Edge: Private Cloud

Testing & Development

One area where the public cloud shines for many is for purposes of testing and development. Traditionally, test and dev environments have required dedicated infrastructures and significant resources, putting pressure on firms to invest in additional costly hardware. Unfortunately, testing environments can also fall by the wayside, deeming these investments wasteful. According to a report from Cognizant in March 2011, “test labs in companies typically sit idle for longer periods of time, consuming capital, power and space. Approximately 50% to 70% of the technology infrastructure earmarked for testing is underutilized.” With the public cloud, firms can easily and cost-effectively set up testing and development environments without the fear of overspending or underutilization.

Edge: Public Cloud

Security & Compliance

From a security perspective, a lot remains unknown. Public cloud security likely varies from provider to provider, but overall, is limited in its scope. Additionally, there is less transparency on the security front, and firms using the public cloud are less likely to be provided with deep knowledge around the infrastructure and security controls maintaining their data and assets.

Larger, public sites such as the Googles and Amazons of the world are inherently more susceptible to viruses, cybersecurity attacks and intrusions. Experienced hackers are much more likely to target a large, public enterprise that has greater potential for a breach – and greater potential for headlines. Private cloud providers are much more likely to employ strict access controls and implement security practices that will prevent and detect intrusions and maintain the safety of firms’ data and infrastructure.

On the compliance front, there are a number of demands placed on hedge funds and investment firms. Currently, the SEC advises funds to retain all internal and external email and instant message communications that are business-related. Many private cloud solutions offer firms message archiving services, which will allow firms to store communications for the designated period of time and recover any necessary communications in the event of an SEC inquiry. Some public clouds, however, are unclear on whether they offer such a service.

Edge: Private Cloud

Cost

The low-cost option of public cloud computing platforms is seriously appealing to many firms; who wouldn’t want a service priced at $20-$30 per user? Behind the low cost, however, remain a lot of questions. The amenities and services included with a public cloud platform can be limited (see previous sections above), and therefore, warrant a closer look by investment firms. While cost is and should be a significant factor in the decision-making process, it should not be the only factor and should be weighed in accordance with other considerations, many of which we’ve highlighted in this article.

Edge: There’s no real winner here. The reality is you get what you pay for regardless of which option you choose.

To dig a little deeper into public vs. private clouds, check out our other Hedge IT articles:

• Understanding Public, Private, and Hybrid Cloud Infrastructures
• There are Private Clouds (mine) and there are Private Clouds (yours)
• Why Should I Choose Private Cloud Services Over Free File Sharing Services or Public Cloud Tools?

1. One composed of IT experts to address the technical issues; and


2. Another made up of senior management (that includes compliance) to guide the overall process and address internal and external communications, including contact with regulators and investors.

In addition, participants discussed how clarity about underlying business processes and related documentation set the stage for more effective and efficient system design, the creation of targeted testing protocols and highly effective crisis planning and management. The topic of kill switches received extensive attention. Many participants expressed skepticism about a fully automated kill switch mechanism that takes too much control away from a trading firm and various exchanges.

Roundtable participants concurred that this objection can be mitigated by setting warning thresholds prior to triggering a kill switch in order to give market participants the opportunity to have human consultation and intervention before an automated kill switch would be activated.

Key Meeting Theme

Technology is great, and robust technological solutions are needed for trading systems. But in the end, an experienced and trained staff is both the first and the last line of defense.

If you are interested in learning more about the SEC Roundtable on Technology and Trading, please send a request to: information@RFG.com.

Also, for more information on regulations affecting the investment management industry, check out the Hedge Fund Regulations Knowledge Center and don't miss these recent Hedge IT articles:

• Hedge Fund Tech Compliance: Archiving, Security & Mobile Device Management


• Hedge Fund Form PF: Getting the compliance basics right


• Data Jurisdiction in the Cloud: The Patriot Act Fear Factor

Mail

• First up, users now have the ability to ignore a call and auto-reply with a text. This is a great feature. With just two clicks, I can ignore a call and let the caller know I’ll call back later. Brilliant!

• Call reminders are another cool way to deny incoming calls. Click the button, and the phone will remind you later, at a more convenient time, that your mom called so you don't forget and make her angry by not calling back.

• You can also put your phone in “do not disturb mode” at night so it doesn't wake you. Simple. Smart. But there's more, of course. What if you want the ability to answer important calls only? Set certain contacts to bypass this feature. What if work calls me? Do I want my boss to wake me up? I can tell my phone that if it's important and he calls me twice, my phone should ring the second time. That's spectacular.

Miscellaneous
Like I said, there are over 200 new iPhone 5 features, and I know I haven't begun to scratch the service. From more Facebook integration for the addicts like myself to the new camera features, there are plenty more for you to love. So ignore the bad press and remember: nothing’s perfect. With millions of owners, you need to expect a few unhappy ones out there.

*Image credit: Bloomberg Tech Blog

1. Reconnaissance: Collecting information and learning about the internal structure of the host organization
2. Weaponization: How the attacker packages the threat for delivery
3. Delivery: The actual delivery of the threat (via email, web, USB, etc.)
4. Exploitation: Once the host is compromised, the attacker can take advantage and conduct further attacks
5. Installation: Installing the actual malware, for example
6. Command & Control: Setting up controls so the attacker can have future access to the host’s network
7. Actions or Objections: The attacker meets his/her goal (e.g. stealing information, gaining elevated privileges or damaging the host completely)

While the steps may seem well thought-out and can be easily executed by an attacker, the benefit to understanding the cyber kill chain is that it gives the host a chance to counteract. The sooner into the cyber kill chain the host can identify the threat, the better chance it has of thwarting it.

And there are several options for thwarting attacks, depending on the stage in which the attack is identified. Mitigation activities on the host’s part can include: detection, denial, disruption, degradation, deception and destruction. Creating a course of action based on various scenarios and a firm’s current abilities to thwart attacks can gauge effectiveness against such intrusions and provide areas for improvement in a firm’s defense strategy.

As part of an overall strategy, firms should also look to implement the following simple best practices to help prevent costly attacks:

• Enforce strong passwords and (at least) two-factor authentication
• Remove local admin privileges when possible
• Keep patches up-to-date for Microsoft, Adobe, Java Runtime and browsers (the most common threats originate here)
• Restrict executable downloads and installations

Watch below for a full replay of the webinar: Turning Hedge Fund Security Inside-Out!

Be sure to come back to Hedge IT on Thursday for Part 2 of our webinar recap featuring an overview of essential policies and procedures to support technology and operations management as well as a look at mobile device management!

Photo Credit: eSentire

The iPhone 5 is bigger and faster. The screen is bigger, yet the entire phone weighs less - big perk. And its tech specs, for my fellow geeks out there, are faster across the board. Everything from the processor to memory to cellular connection is a step up. Pretty much the same phone we've all come to love but faster. No down side there!

But specs alone aren't enough to impress people, and that's where the Apple Operating System, iOS, comes in to play. Every year Apple releases a new iOS with 200+ new features. This go-around is no different. From the little things (like new emoticons or a new share menu) to the big things (a revamped Mail app and better Facebook integration), Apple has kept the feel and made it better in iOS 6.

As has become custom with each new iOS announcement, Apple is getting a lot of backlash. With all the lawsuits going on and fighting between companies, Apple has been cutting ties with a lot of partners. Because of this, Apple has removed both the original YouTube and Maps apps from iOS 6 and the new iPhone 5. Many users are unhappy with the changes. Apple has developed its own Maps app for the new iOS, but according to many, it is subpar to Google’s. There is no replacement for the YouTube app, but Google has released one which users can download. Change is good, but too much appears to be a bad thing.

So what’s the verdict? I haven't had enough time to play around just yet, but I look forward to updating you soon after I review these new features and apps. Stay tuned for future posts to hear more about the good, the bad and the iMazing.

Photo Source: PC Mag

Social media, in the mainstream, may be a tool for chatting, researching or staying up-to-date on current events. But for investment firms, social media can be a great marketing opportunity and a way to spread their message. It must also be closely monitored, though, particularly as regulators seek to address its prevalence with archiving requirements.

A History of Social Media in the Financial World

Earlier this year, Goldman Sachs – one of the largest investment banks in the world – joined Twitter. It was a remarkable day, and with 132 characters (barely within the 140-character limit!), Goldman announced that it would be posting updates in the future about its work and its employees. You’re probably thinking “why so remarkable?” The reality is that the financial services industry has traditionally steered clear of social media, worried that it would only pose problems and concerned about bodies such as the SEC reacting in an unfavorable way.

In 2011, MHP Communications surveyed 77 hedge fund managers about their social media activity and found that only 1 percent of firms were actively on Twitter and none were active on Facebook. According to MHP, “the findings did not surprise us. Historically, hedge fund managers have deliberately kept a low profile and managed their reputations accordingly. They are also concerned about the regulatory implications of social media. As such, adoption of social media is extremely low.”

The Legal Requirements

We all know that emails and instant messages are required by the SEC to be archived for five to seven years. But where do they stand on social media content? According to SEC Rule 17a-4(b), registered investment advisers and broker-dealers should archive all business communications on social media for at least three years. With discovery audits on the rise, firms should ensure these communications can be easily searched and recovered in the event of an SEC inquiry.

Despite the requirements, social media is still a hot topic among registered investment advisers. According to the seventh annual Investment Management Compliance Testing Survey, released earlier this year, social media was the “hottest” compliance topic for firms, with 80 percent of RIAs stating they have adopted formal social media policies (up from 64 percent in 2011 and 43% in 2010). However, 54 percent of firms reported that their firms have prohibited the use of social media – another indication that full-scale adoption and acceptance has not yet arrived.

What’s Next for Social Media Compliance?

As investment firms continue to introduce social media into their business strategies, they must also develop written social media policies to ensure proper procedures are outlined for employees relative to acceptable and unacceptable use of social media. This will be a firm’s best defense for managing an effective social media campaign. Firms will also continue to implement social media archiving tools – such as those from Global Relay, Smarsh and Hootsuite – to comply with SEC regulations, particularly as the SEC begins to administer discovery audits. The reality is that social media sites such as Twitter, Facebook and LinkedIn have become mainstream avenues for business communication (even in financial services), and therefore, firms must work diligently and carefully to ensure they put their best foot forward whether it be via status update or tweet.

Learn more about social media and compliance:

• How to Implement a Social Media Policy at Your Firm
• Hedge Fund Tech Compliance: Archiving, Security & Mobile Device Management
• Best Practices for Email Archiving

Photo Credit: Global Relay

• Complexity. Data is no longer just about text and numbers; it's about real-time events and shared infrastructure. The information is now linked; it is high fidelity, and it consists of multiple data types. Applying normal algorithms for search, storage, and categorization is becoming much more complex and inefficient.

• Speed. How fast is the data coming in? High-definition video, streaming media over the Internet to player devices, slow-motion video for surveillance – all of these have very high ingestion rates. Businesses have to keep up with the data flow to make the information useful. They also have to keep up with ingestion rates to drive faster business outcomes – or in the military, to save lives.

• Volume. All collected data must be stored in a location that is secure and always available. With such high volumes of data, IT teams have to make decisions about what is “too much data.” For example, they might flush all data each week and start all over the following week. But for many applications this is not an option, so more data must be stored for longer periods of time – without increasing the operational complexity. This can cause the infrastructure to quickly break on the axis of volume.

The Solution?

Not surprisingly, NetApp also has a solution to the hurdles big data is creating for companies. Coined the ‘ABCs’ of big data solutions, it focuses on addressing challenges in three key areas – analytics, bandwidth and content.

• Analytics. Analytics is about gaining insight, taking advantage of the data explosion, and turning data into high-quality information that allows for deeper business insights and better decision-making. In order to do this, companies should look for storage solutions that improve response times for ad-hoc and real-time inquiries as well as deliver overall storage performance increases.

• Bandwidth. To leverage big data, companies need to obtain better performance for very fast workloads and high-bandwidth financial applications. Large financial database applications process and analyze large amounts of data in real-time. In order to execute these real-time, intense processes, high-bandwidth storage must be available.

• Content. This focuses on the need to provide boundless, secure, scalable data storage. Content solutions must enable the storage of virtually unlimited amounts of data, so that companies can store as much data as necessary and have the ability to find it when they need it.

To hear more about what is driving big data, check out this Forbes interview with NetApp President and CEO Tom Georgens.

Recently more software developers have gone beyond using the cloud just for business purposes to create more entertaining experiences, ensuring cloud services rule the personal lives of consumers too.

The Evolution of Consumption

In our daily business and leisure activities we utilize multiple devices to consume and produce data that go from PCs and laptops to smartphones and tablets. The main function of cloud services is to allow us to centralize and sync our content across those devices.

Consumer cloud apps provide functions that go over and above simple storage or sharing, and do not need to be installed on a PC or smartphone. It offers the best of both worlds - applications for both personal and professional use.

The Battle of the Clouds

You’ve probably heard or even currently utilize some of the market’s most popular consumer cloud apps: Apple’s iCloud, Google’s Docs and Calendar applications, Microsoft’s SkyDrive and its Windows Live products, as well as Amazon’s Cloud Drive. A very recognized cloud service for Apple customers is CloudApp, powered by Heroku, which is available to Mac OS and iOS users. This application has built its own ecosystem around it. Users can easily store files and objects within the app and, in exchange, it produces a Uniform Resource Identifier (URI), which is copied to the clipboard for the user to share and have future instant access.

What is the Significance of Big Data?

If big data can be harnessed, it provides the opportunity to spot trends, find new insights or trading ideas and answer questions that were previously considered outside of reach.

Signaling the importance of big data, the World Economic Forum released a report earlier this year outlining the significant impact big data will have on international development. According to the report, “researchers and policymakers are beginning to realize the potential for channeling these torrents of data into actionable information that can be used to identify needs and provide services for the benefit of low-income populations.”

But harnessing the data is easier said than done. A report last year by the McKinsey Global Institute, the research arm of the consulting firm, projected that to capitalize on big data the United States needs 140,000 to 190,000 more workers with “deep analytical” expertise and 1.5 million more data-literate managers, whether retrained or hired.

Big Data and Wall Street

Quantitative hedge funds and investment strategies are the most obvious application for big data. In a recent Forbes.com article, David Leinweber explains that “many of the ideas from quant investing make sense in [big data] context; histories are huge, and experimentation is easy. There’s an underlying behavioral model, plus, you know your counter-parties. The large volume and variety of data allows use of new “data voracious” statistical and machine learning methods that, in finance, are useful for high-frequency trading, but are worthless on daily or monthly market data.”

Most large Wall Street banks are also looking at better ways to capitalize on large datasets. Bank of America Merrill Lynch, for example, is using Hadoop, which is an open source framework that allows for the distributed processing of large data sets. With Hadoop, Bank of America Merrill Lynch is applying big data strategies to manage petabytes of data for regulatory compliance and advanced analytics.

Bigger and Bigger and Bigger

We can expect both the amount of data as well as the market touting big data solutions to just keep increasing. Just as cloud computing has gone mainstream, so too will big data. The question is how long will it take for the solutions to become viable options for traditional hedge funds.

But we always have more to share, and that’s why we’ve dubbed September Hedge Fund Security Awareness Month – to bring you more content, reveal more expert advice and generate more education on the importance of keeping your business safe.

Here’s a look at what’s coming up during Security Awareness Month:

September 13, Live Seminar (New York)
It’s no secret that security and data protection are hot topics for hedge funds and investment firms, but how does your firm know where to start when it comes to protecting your assets? Our panel of experts will examine the ins and outs of security and data protection and provide knowledge to attendees around:

• The legal ramifications of cloud computing and data protection strategies;
• Security best practices for maintaining a protected environment; and
• Disaster recovery and data protection how-tos and technology recommendations.

If you’re a hedge fund in the New York area and would like to register for this event, click here.

September 25, Live Webinar
In addition to proactively preparing for external breaches and security threats, firms must also realize that there’s a chance their businesses are already compromised. “How did we not notice?” you might ask. “And what do we do about it?” Our experts will share their guidance for treating these sensitive situations.

To pre-register for this live webinar, contact Kaleigh Alessandro at kalessandro@eci.com.

As always, we’ll be recapping these events here on the Hedge IT blog so even if you can’t attend, you won’t miss a thing!

In the meantime, read up on some of our other great security-related content:

• Video: Cloud Security Mythbusters (World Premiere)

• Article: The Biggest Security Threat to Your Firm Might Be Sitting Next to You

• Tips: Five Simple Security Best Practices to Keep Your Hedge Fund Safe

What’s changed?

You are likely very familiar with earlier versions of the Microsoft Office package, so the basics of each program won’t be a major surprise. However, there are some changes and new features that are being incorporated into this new release.

• Embracing the mobile and tablet computing trend: Office 2013 is designed to be touchscreen-friendly in order to create a more seamless computing experience for mobile device and tablet users. Many of the same touch features that Apple users are accustomed to will be applied, including swiping a finger to scroll or turn pages, pinching to zoom and writing with a finger or stylus. The goal here is to ultimately smooth out the user experience by unifying the desktop applications with the Windows Phone 8 smartphones and Microsoft Surface tablets.

• Incorporating cloud capabilities: In order to capitalize on the unification of these various computing platforms, Office 2013 is cloud-ready, so that users can easily synch their PCs, laptops, smartphones and tablets in order to access documents on any of these devices. This new capability signifies Microsoft’s move into the cloud services arena. Office 2013 will be deeply integrated with the company’s SkyDrive cloud platform, enabling easy collaboration via Skype (a recent Microsoft acquisition). Documents can now be saved to SkyDrive by default, making the collaboration process even smoother.

• A new user interface: The Office 2013 user interface isn't drastically different from Office 2010, but some minor updates have been made. The “ribbon” toolbar design remains, but the icons inside it are slightly larger and more spread apart to take advantage of large monitors. This design is carried across Word, Excel, PowerPoint and all other applications within the suite. Another minor change to look for is the addition of your name and Microsoft account photo in the upper-right-hand corner of the screen in all Office programs, a reminder that the cloud now permeates the entire package.

• Going social: While social connectors are not new to the Office programs, they will become a focus area within the new suite. Users can now link their Facebook and LinkedIn accounts just as they can on Windows Phone 8 with feeds streaming in. Microsoft also plans to open up the API for developers so that they can incorporate other social network content in as well.

So far, no official launch date for the full version of Office 2013 has been set. Industry experts believe Microsoft will make it available in time for the launch of Windows 8, which Steve Ballmer has indicated will take place later this year.

Here is a CNET video so you can see Office 2013 in action.

Stay tuned to the Hedge IT blog for the latest tech industry news and updates!

Well-established investment firms are in a better position to move away from Mayfair right now, since they have an existing base of investors and other stakeholders that are familiar with them and willing to venture outside of this core real estate area in order to meet with them. That said, there are still many firms who are willing to pay top dollar for this premier location in the heart of London’s most sought after area for the hedge fund industry. Despite these costs, most start-up funds also prefer to be located in or near Mayfair to give them a better opportunity to create awareness amongst time-pressed investors who are unlikely to travel far between meetings, especially for firms with whom they are not yet very familiar.

To learn more about real estate options for hedge funds and alternative investment firms, don't miss these Hedge IT articles:

• The Hedge Fund Real Estate Landscape: What's right for your fund?
• Hedge Fund Hotels: Advantages for Startups and Established Firms
• Expanding Your Hedge Fund Operations Internationally

Photo Credits: Google

Sources: Crain’s New York, Newmark Grubb Knight Frank, and Bloomberg

Photo Credit: Flickr

Record Retention & Message Archiving

The SEC currently requires investment advisers to retain all internal and external electronic business communications. Rule 204-2 mentions the following specific measures:

• In order to meet the requirements of the SEC, firms must retain and archive more than just email. Instant messages, Bloomberg and Thomson Reuters messages and other electronic communications are also considered required archival material.

• Messages typically need to be archived for 5 to 7 years.

• The regulation is very specific in stating that archived data cannot be modified, for obvious reasons. Common practice is to store your archived data in a WORM (Write Once, Read Many) format.

• Data should be backed up to a remote off-site location to safeguard against local disaster scenarios.

• One important aspect of the regulation stipulates that investment firms must be able to ‘promptly’ respond to an SEC request for information. This means firms must have the ability to efficiently search and index their data to access records in a timely manner.

Email Security

Email security is an often overlooked area of important for hedge funds and investment firms, particularly as most assume that standard security practices are in place with any given solution. And while that may be the case oftentimes, it should not be assumed. Four key features to look for in an email security solution are:

• Outbound Email Encryption: This encryption ensures that every outbound email message that contains sensitive or confidential information is encrypted. The technology behind this service scans messages for pre-defined filters or compliance rules and will encrypt the appropriate messages before delivering to the recipient.

• Spam Filtering & Anti-virus Protection: Inbound email messages are inspected for unwanted junk email and viruses. These solutions are often referred to as inbound email protection solutions and are typically standard deployments across an organization.

• Data Loss Prevention: The goal of DLP is to interrogate outgoing email for confidential information that should not leave the company’s network. Some DLP solutions may leverage similar logic to that of outbound encryption solutions, however the goal is different. Rather than encrypting data to be sent, DLP solutions actually prevent outgoing messages from being sent if they are shown to contain sensitive material.

Mobile Device Management

In addition to protecting and archiving your hedge fund's emails and other electronic messages, you should also take a look at solutions for mobile device management to protect your data. As enterprise data moves to smartphones and tablets and companies continue to support BYOD practices, extra care must be taken to ensure sensitive company information is protected while on mobile devices.

Look for a mobile device management solution with the following:

• Support of various devices, including Apple, Android and BlackBerry;

• Ability to restrict and monitor application downloads;

• Content management, including encryption and password protection for company-sensitive materials; and

• Analysis of user activity including behavioral patterns.

Here are a few more resources on technology compliance to keep you up-to-speed:

• Questions to Ask Your Solutions Provider(s) about Technology Compliance

• Best Practices for Email Archiving

• Mobile Voice Recording: Meeting US Hedge Fund Regulations
  

Photo Credit: iStock

Form PF: Requirements & Recommendations

Depending on your firm’s fund type and assets under management (AUM), the deadline for your Form PF filing may be sooner rather than later. Larger funds - including hedge fund managers, liquidity managers and private equity managers - will need to file sooner, while the majority of registered investment advisers won’t need to file until early next year [see chart]. All filers are required to complete Section 1 of Form PF, and additional sections may be required for those larger funds with assets upwards of $1.5 billion. Looking ahead, the large hedge fund and liquidity managers will be required to file their reports quarterly; all others will file on an annual basis.

The challenge with Form PF lies in the fact that firms must aggregate a wide array of data to complete the filing properly. So in addition to being able to successfully interpret the form, these investment firms must also work to meet the inherent information technology challenges – particularly for firms required to file Sections 2, 3 and 4.

Preparing a test filing is a great way to properly ready your firm for the time when the deadline approaches. For Section 1 only filers – whose deadline is not until April 2013 – there is plenty of time to test their internal systems and processes and determine the best method for collecting data and completing Form PF. This is going to give your firm the best indication of how prepared it is to meet these SEC demands and how long the process is going to take.

Instead of relying on strictly internal personnel to complete Form PF, you should also reach out to your service providers to determine if they can help you in any way. Many prime brokers and fund administrators are working with their clients to assist them with the filing process.

It’s important to point out that the SEC will likely use Form PF as a first step in visits with registered investment advisers. Submissions will undoubtedly drive the examination process down the road.

Maintaining an Effective Compliance Program

While Form PF encompasses an essential set of requirements for SEC registered investment firms, your firm should also look to maintain an internal compliance program to effectively and efficiently maintain your business and reputation.

Consider reviewing emails sent and received by internal parties for suspicious correspondence with competitors, government agents, or other conflicts of interest. Keep an eye out for emails sent with attachments to personal email accounts and other outbound messages of a suspicious nature.

Document your firm’s email reviews and decide in advance how to respond to findings that appear serious. Hopefully, as words spreads throughout your firm that you’re investigating, changes in appropriate email behavior will take place.

Finally, be mindful of your firm’s requirements from a record retention perspective. Under a variety of regulations, many firms are required to retain and archive email and other electronic communications for up to seven years.

Record retention is an important topic all on its own, so we’re going to take a closer look at message archiving and other technology compliance requirements in Part 2 of our webinar recap coming up on Thursday. Be sure to check it out!

In the meantime, here are some other helpful resources:

• Preparing for an SEC Examination: Requested Information Part One

• Hedge Fund SEC Examination Preparation: Part Two

• Hedge Fund Due Diligence Resource Center

New platforms: Foursquare, Pinterest, Tumblr

• FourSquare: This is an app which allows users to “check-in” at various locations via a smartphone or tablet. This tool, as with other location-based apps, lets users share their current location with their followers. For example, if I were to check-in here at the Eze Castle Boston office, I could share that with my Twitter followers and Facebook friends. If a coworker and I check-in here together we can share this experience with both of our sets of followers. This is where FourSquare and similar apps are gaining popularity – the social aspect of visiting a new or interesting place with friends and being able to share that information instantly with one’s online community.

  Another aspect of location-based services that is rapidly gaining popularity is the ability to discover nearby locations via your smartphone’s GPS system. What is perhaps even more valuable is the incorporation of personalized recommendations which are made based off of a user’s recent check-ins and preferences, as well as those of his or her followers.

• Pinterest: This site is best described as an online pinboard, where users can “pin” content from any Internet site onto boards which they create, title and categorize themselves. Users pin everything from recipes and quotes to personal photos and art. Upon signing into his or her account, a user can view everything that has recently been pinned by everyone he or she follows. Additionally, users can “re-pin” content they find interesting onto their own boards, which are then likewise shared with their followers. Pinterest is currently one of the fastest-growing online social networks. Earlier this year, it crossed the 10 million unique monthly visitors mark and is now the third most visited social networking site behind Facebook and Twitter.

• Tumblr: This is a social networking site on which users can create a page to share just about any form of content that is available on the Internet. Tumblrs share everything from text and photos to videos and links with their followers in a format that is often described as a cross between Twitter and a blog. While posts are not limited in terms of characters like tweets are, Tumblr posts tend to be brief and include a combination of different types of media. When a user signs on, he or she can view posts from all followers in a feed that looks similar to a Twitter stream. Tumblr is more customizable than traditional blog platforms, which is a major factor contributing to its popularity. The site has nearly tripled its unique visitors in the US over the course of the past year. It currently gets about 16.5 million page views per month and is the eighth largest site in the US social networks and blogging arena.

What’s next in the world of social media?

So, we’ve taken you through the current state of social media, as well as a look at some hot topics and trends we see unfolding as we speak. Let’s now discuss what’s coming next in the ever-changing world of social networking.

• Social media becomes mass media. A few years ago, experts questioned the relevancy of blogging and social platforms. They were often considered too informal to be taken seriously. Now the importance of these sites has become evident, and their relevance is only gaining momentum. More and more people are turning to blogs, Facebook newsfeeds, and Twitter streams as their primary sources for news and other content. However, as social networking transitions to mainstream media, it’s becoming increasingly important to recognize what is quality content and what is not. For businesses, this means using social media as a means of engaging in conversations, as opposed to pushing products through a megaphone. For individuals, this means seeking out quality sources of information and not believing everything you read online.

• Mobile gains traction. Today, more than half of Facebook's 900 million users access the site through mobile devices. Globally, mobile Internet users are set to overtake desktop users by 2015. But despite this growth, social media on mobile devices remains in its early stages. Just migrating desktop features onto phones and tablets isn’t enough. What's coming is improved location-awareness, better video and audio, and integration with third-party apps. Look for these improvements in the near future as mobile social networking begins to take off.

• Social media embraces the open platform format. Why has Facebook seen so much continued success, while Google+ has struggled to compete for our time? The answer lies in the way Facebook has been established as an open platform, in which outside vendors can contribute to the user’s online experience. Third-party apps, such as the popular Zynga games, enhance a Facebooker’s experience, causing them to remain on the site longer and feel a greater sense of engagement. Similarly, companies such as TweetDeck and HootSuite have benefitted from Twitter’s open layout. Sites that are closed to outside vendors do not have this added layer of entertainment, and therefore lose the interest of their users much more quickly.

• Crowdsourcing takes over. Crowdsourcing refers to outsourcing the creation of content and ideas to groups of people, instead of tackling these tasks in-house. The most well-known example of this is Wikipedia, which is an encyclopedia developed entirely by contributions from the online masses. Since people tend to trust their friends and other people they know more than corporations, everything from how to bake a cake to which store to shop at for a new pair of jeans will be determined through crowdsourcing. Sites such as Pinterest, Tumblr, Wikipedia and virtual message boards are leading the way in this arena.

• The personalization vs. privacy debate heats up. Online retailers and social media sites are constantly collecting information about us. They log our likes and dislikes, our interests and the interests of the people with whom we interact online. Soon, users will no longer need to search for information, as the majority of information we seek will find us based on the virtual profiles that are being created as we speak. The negative side of this is the potential invasion of privacy which is already becoming an issue. Not only have government regulators begun to increase scrutiny, but users themselves are becoming more sensitive to how their personal information is being shared. With Facebook going public and shareholders demanding results, the pressure to mine user information will only continue grow. Walking this fine line between personalization and individual privacy is going to be an interesting trend to follow going forward.

For more information on the world of social media, don't miss these Hedge IT articles:

• How To Implement A Social Media Policy For Your Firm
• Leveraging LinkedIn: Tips to Help You Boost Your Brand
• Brand Equity: What Is It and Why Does It Matter?

1. Patch applications such as Adobe PDF viewer, Adobe Flash Player, Microsoft Office and Java. Using the latest versions of these applications – and patching within two days – will help to prevent high-risk vulnerabilities. The same goes for your operating system.

2. Minimize the number of users with domain or local administrative privileges. Such users should use a separate unprivileged account for email and web browsing.

3. Employ application white-listing to help prevent malicious software and other unapproved programs from running. Examples are Microsoft Software Restriction Policies or AppLocker.

4. Use a host-based intrusion detection/prevention system to identify anomalous behavior, such as process injection, keystroke logging, driver loading and call hooking.

5. Provide user education regarding Internet threats and spear phishing socially engineered emails. Avoid using weak passwords, password re-use, exposing email addresses, and use of unapproved USB devices.

To learn more about cloud security, revisit these Hedge IT articles:

• The Biggest Security Threat to Your Firm Might Be Sitting Next to You
• Doing Your Cloud Homework: Answering Legal, Tech & Security Qs
• Extra, Extra! Cloud Security Alliance Releases New Guidance

Brand equity is commonly defined as "a set of assets linked to a brand’s name and symbol that adds to the value provided by a product or service to a firm and/or its customers¹." Traditionally, branding elements include a company’s name, logo, images and perceptions.

For example, Eze Castle’s brand can be seen throughout our corporate website (pictured here) in the logo, colors and fonts we use.

So why does brand equity matter? We’ve narrowed it down to 8 key reasons.

1. Drives buying decisions
2. Builds customer loyalty
3. Grows market share
4. Defends market share
5. Supports pricing premiums
6. Creates a halo effect
7. Helps business expansion
8. Increases market value

In addition to understanding the importance of your company’s brand, you should also be thinking about your personal brand. Particularly as social networking sites become such important parts of our daily lives, our personal branding becomes even more important.

Photos

First impressions are important, in real life and also on social networking sites. Our eyes are naturally drawn to someone’s photo before their posts and ‘about me’ information. But what does your online headshot or profile picture say about you? Best practice here suggests you should be mindful of who you’re connected to on various sites (your Facebook friends likely differ from your LinkedIn connections), and use a photo that best represents the message you want to send to that audience.

Social Content

After someone notices your profile photo, they are going to start taking in the rest of your content. Status updates, photos, personal information, what groups you’re in or pages you like. All of this information is readily accessible to your profile viewers.

Consider your online profiles like marketing pieces. Even if you aren’t trying to sell yourself or look for a new job, you still want to ensure you are giving off the right impression about yourself. Your status updates, tweets, online reviews, LinkedIn recommendations and comments all contribute to your online personal brand. Having a positive online presence can influence how others think of you. But having a negative online presence can also do the same.

Important Tip: Stay in control of your online privacy settings. You have the ability to control who sees what information about you, but you have to actively take steps to ensure your content is protected if you want it to be.

For more tips on managing your social media profiles, check out our presentation on Leveraging LinkedIn.

Not to be outdone, Microsoft introduced its first tablet this week – the Surface – but more on that later.

Here is a snapshot of Apple’s AWDC news:

A Preview of iOS 6: Available this fall for the iPhone, iPad and iPod touch, iOS 6 brings 200+ new features including:

• A new Maps app with Apple-designed cartography, turn-by-turn navigation and an amazing new Flyover view;
  
• New Siri features, including support for more languages, easy access to sports scores, restaurant recommendations and movie listings;
  
• Facebook integration for Contacts and Calendar, with the ability to post directly from Notification Center, Siri and Facebook-enabled apps like Photos, Safari and Maps; and
  
• Shared Photo Streams via iCloud.

New MacBook Pro with Retina Display: The all-new 15-inch MacBook® Pro features Retina™ display, all flash storage and quad-core processors in a radically thin and light design – it measures a mere 0.71 inches and weighs only 4.46 pounds.

Updates to MacBook Air & Existing MacBook Pro: Not overly exciting but the MacBook Air is now available with the latest Intel Core processors, faster graphics and flash storage that is up to twice as fast as the previous generation. The current generation 13-inch and 15-inch MacBook Pro – not to be confused with the Retina display unit – have also been updated with the latest Intel Core processors and powerful discrete graphics from NVIDIA.

Mountain Lion July Availability: Mountain Lion – not the animal, the ninth release of Apple’s OS X – introduces more than 200 features including the all new Messages app, Notification Center, system-wide Sharing, Facebook integration, Dictation, Power Nap, AirPlay Mirroring, Game Center and the enhanced security of Gatekeeper.

Microsoft Enters the Party

In other tablet-maker news, Microsoft this week revealed its own Windows 8 tablet – the Surface. The impressive new device appears to target the iPad head on, but we are still awaiting more details including the official cost, availability and distribution channels.

What we do know is that the smallest Surface tablet is 9.3 millimeters thick and weighs 1.5 pounds, which is similar to Apple's iPad, at 9.4 millimeters thick and 1.44 pounds. The Surface has a 10.6-inch screen while the iPad's screen is 9.7 inches.

Uniquely, the Surface has a built-in kickstand, full-size USB port and cover that also serves as a touch keyboard, which could potentially win over folks afraid to go completely keyboard-less. Two models of Surface will be available: one running an ARM processor featuring Windows RT, and one with a third-generation Intel Core processor featuring Windows 8 Pro.

You can learn more about the Microsoft Surface here.

All this news leaves one final question -- Are you Team iPad or Team Surface?

Just as times and technologies have changed, Eze Castle has continuously evolved over the years. We've certainly come a long way from our founding in 1995, when childhood friends John Cahaly (our current CEO) and Sean McLaughlin pitched their first trading solution to Fleet Investment Advisors - a product they developed in a small apartment above Sean's father's dental practice. Today, we have 12 offices across the US, Europe and Asia with a staff of almost 400 employees supporting over 600 hedge fund and investment firm clients.

Our first 17 years have certainly been an exciting ride! Check out our "History of Eze Castle Integration" timeline and some fun facts about our company below. Also, be sure to stop by our new Wikipedia page, which provides more color on the Eze Castle story.

Fun Facts about Eze Castle

• The company was named after Eze, a village in the French Riviera.
• The organization was originally incorporated under the name "Eze Castle Consulting," and was later split into two entities: Eze Castle Software and Eze Castle Integration.
• Despite personnel changes, reorganization and rapid growth, our headquarters has always remained in Boston, Massachusetts.
• We were voted one of Crain's Best Places to Work in 2009, 2010 and 2011.
• We pride ourselves on our commitment to the community. Eze Castle contributes regularly to several nonprofit organizations and matches employee donations to all reputable charities.

Some additional data points we learned as a result of this survey include the driving factors influencing firms’ decisions to use the cloud, potential barriers to cloud adoption and the key evaluation criteria for cloud services providers. Let’s take a closer look at what survey respondents had to say relative to these categories.

Factors Influencing the Decision to Use the Cloud

There are a multitude of factors that alternative investment firms need to take into consideration as they evaluate cloud offerings. Survey respondents were asked to rank the importance of several factors related to their cloud decision-making, including cost, flexibility, functionality and speed.

The majority of respondents interestingly noted that all factors provided were either important or extremely important to their organization’s decision to use the cloud now or in the future. Overwhelmingly, 86 percent of respondents ranked the use of the cloud for reducing IT infrastructure investments as important or extremely important.

Increasing the speed of technology deployment was a close second when it comes to factors influencing cloud purchases. 83 percent of respondents ranked it as important or extremely important, and, like cost, only 6 percent consider it an insignificant factor. Particularly for startup firms, the appeal of getting up and running quickly is a great one. Traditional, on-premise infrastructure solutions can take six to 10 weeks to design and implement. Cloud solutions, on the other hand, can take a fraction of that time, with some smaller implementations requiring only days for deployment.

In addition to cost and speed of deployment, another important factor ranked as significant by respondents was the ability to simplify IT management and support. While some alternative investment firms like the ability to control IT in-house and manage the infrastructure from within, the appeal of outsourcing day-to-day functions and support to a third-party cloud provider is a hard one to pass up. Particularly as roles and responsibilities change to increase operational efficiencies, professionals at many firms who were previously responsible for technology are juggling a variety of new tasks.

As firms grapple with increased regulatory requirements and oversight as well as compliance issues and investor demands, they may choose to utilize the cloud as a means to delegate their traditional IT responsibilities and focus on their core competencies. Within this survey, 82 percent of respondents said simplified IT management and support was an important or extremely important factor; 5 percent responded that it was not very or not important at all.

Barriers to Cloud Deployment

While the cloud does hold distinct advantages for alternative investment firms, it should not be a decision that is taken lightly for any firm. Just as significant as the factors influencing the move to the cloud, we also asked respondents to rank the significance of certain barriers or concerns with cloud computing.

As you might expect, respondents ranked concerns about cloud computing security (i.e. risk of unauthorized access, data integrity, etc.) as significant or extremely significant 86 percent of the time.

Second to cloud security, concerns about information governance or meeting regulatory or compliance requirements were also seen as significant or extremely significant barriers to cloud adoption. 71 percent of respondents ranked this factor as significant to them. Regulatory pressures have increased exponentially in recent years, particularly with the introduction of the Dodd-Frank Wall Street Reform and Consumer Protection Act.

Additional “barriers” ranked significant or extremely significant by respondents include:

• Investors/clients are not receptive to cloud computing (62%)
• Concern about lack of custom application availability or integration (61%)
• Fear of outgrowing or overpaying in the cloud (59%)
• Fear of vendor lock-in (54%)

Evaluating Cloud Services Providers

Finally, we asked respondents to provide guidance on what they use for evaluation criteria of cloud services providers. Cost continues to be a significant factor for nearly all firms currently using or considering using the cloud, as evidenced by 84 percent of firms ranking it as important or extremely important to their cloud provider evaluation process. Only 4 percent of firms ranked this factor as not very or not at all important.

Secondary to cost, alternative investment firms also find value in cloud services providers who have knowledge of and expertise within their specific vertical. Eighty-one percent (81%) of firms reported this as an important or extremely important factor, and just 6 percent ranked it as not very or not at all important.

Other factors ranked as important or extremely important by firms surveyed included experience in establishing security procedures (82%), proven post-sales support and service (82%), the cloud provider’s technology infrastructure (81%), certified application availability (80%), innovative ideas and expertise regarding cloud trends (78%), prior experience with the vendor (74%) and geographic reach and global support (70%).

To download the complete 18-page survey report, Cloud Adoption Trends within the Investment Management Industry, click here.

If you missed it yesterday, we officially announced the results of our “Cloud Adoption Trends within the Investment Management Industry” survey during a live webinar. You can listen to the webinar recording here.

Our cloud survey set out to investigate how hedge funds and investment management firms are using cloud services today, as well as to provide insight into the factors influencing this trend and also the barriers to adoption. Here’s a look at some of the findings:

Respondent Profile

Our online survey, which was conducted between March and May of 2012, surveyed 125 financial services firms in the United States. Of those 125 firms, 65 percent identified as investment management firms. Additional firm types represented included hedge funds (16%), private equity firms (16%) and fund-of-funds (4%).

The majority of respondent were large firms, with 34 percent reporting they currently manage over $1 billion in assets. Twenty-one percent (21%) of firms are managing assets between $500 and $999 million, and 25 percent between $100 and $499 million. The smallest assets under management (AUM) class represented was firms with less than $100 million in assets – a total of just 15 percent.

Current & Future Use of the Cloud

Of the 125 firms surveyed, 79 percent responded that they were currently using the cloud. When asked how they were currently utilizing cloud services (multiple responses were accepted), 65 percent indicated they were using the cloud for basic business/office functionality. This is a popular trend for investment firms of all kinds, particularly as they get started. Basic office functions that can be leveraged via the cloud include email, file services, storage and mobility functions.

The second most popular use of the cloud for current users was financial application hosting, with 50 percent of firms reporting use of this practice. Financial application hosting in the cloud offers financial firms several advantages to the traditional practice of running and managing an application on an in-house server. With the cloud, firms can leverage the enterprise-grade infrastructure of a third-party provider who is also responsible for the management and monitoring of that application within the cloud environment. Scalability is a factor as well. A hosted platform can provide virtually unlimited computing resources and easy expandability to support a firm’s need to add users or increase resources on-the-fly.

Firms are also using the cloud for complete IT outsourcing (22%) and other infrastructure and application services (35%).

First Cloud Initiative

As we’ve seen, financial firms are utilizing the cloud in a variety of ways. But what was their first cloud initiative? Similar to how firms are currently using the cloud, the first cloud initiative for 57 percent of firms was basic business and office functionality. Thirty-four percent (34%) of respondents said they first used the cloud to host their key financial applications, and only nine percent (9%) opted for complete IT outsourcing to the cloud on their first try.

Cloud Deployment Models

When it comes to cloud deployment models, investment firms continue to rely on a variety of models. The most common choice, however, is a private cloud. While not all private clouds are alike, they are often better suited for hedge funds and investment firms who require a great deal of sophistication, application integration and support.

Of current cloud users, the overwhelming majority (71%) indicated they were using a private cloud solution. Hybrid clouds are the second most popular choice at 37 percent, while public cloud users totaled 33 percent. Additionally, 7 percent of respondents were unsure of their current cloud deployment model.

For those who are not yet using the cloud but are planning to, the responses tended to mirror those of current users. Forty-six percent (46%) of prospective cloud users anticipated using a private cloud solution, while only 23 percent said they would likely use a public cloud. Thirty-one percent (31%) will opt for a hybrid solution when they make the move to the cloud.

Read Part Two of our survey results to learn more about factors influencing cloud decisions, barriers to cloud adoption and top evaluation criteria for cloud services providers. You can also download our full survey report here.

Well actually tomorrow, June 6 2012, it (aka IPv6) will officially be alive, but that doesn’t work with our Hedge IT blog calendar so today we look at IPv6.

As a refresher, since the inception of the Internet, we have been using IPv4, which totals about 4.3 billion Internet addresses. But with the increasing number of wireless technologies that support the Internet (smart phones, tablet, etc.), these addresses are depleting.

Enter IPv6. The new IPv6 protocol uses 128-bit addresses and allows for substantially more IP addresses – trillions upon trillions of new addresses. The World IPv6 Launch Day marks a key milestone as companies shift their infrastructures to the new protocol, which will eventually completely replace IPv4.

What Happens on World IPv6 Launch Day?

World IPv6 Launch signifies the largest industry movement towards and deployment of IPv6 in the history of the Internet. The goal of the Launch Day is to motivate organizations to permanently enable IPv6 and begin the transition before IPv4 addresses officially run out.

On June 6, participating ISPs will enable IPv6 so that at least one percent of their residential wireline subscribers visit participating websites via IPv6. Participating home networking equipment makers will enable IPv6 by default on their home router products. And participating companies, such as Eze Castle Integration, will enable IPv6 on their main websites permanently (check!).

Potential Hiccups?

According to the Internet Society, “most Internet users will not be affected. Internet users should enjoy uninterrupted service. In rare cases, users may still experience connectivity issues when visiting participating Websites. As ISPs enable IPv6, and home gateway products support it, users at home with modern operating systems and devices will start using IPv6 automatically. In particular, Windows Vista, Windows 7, and Mac OS X 10.7 support IPv6.”

Bye, Bye IPv4

IPv4 still has some life left in it and won’t be fading into oblivion just yet. World IPv6 Launch Day merely introduces IPv6 in parallel to IPv4. It is worth noting that participating websites (like ours!) will still support IPv4 and provide access.

Got Questions?

Our team is happy to answer your IPv6 questions. Just ask.

When the Queen began her reign back in 1952, the world looked a lot different. Her primary mode of communication with her constituents was the radio during her first few years on the throne. According to a recent article that appeared in the Telegraph, "in 1953, after television cameras were allowed into Westminster Abbey to record the coronation – the popularity of the young queen prompted sales of half a million extra TV sets in the weeks running up to the ceremony."

Through the years, as technology has changed, the Queen's methods of communication and outreach have significantly changed. Today, Her Majesty has her own Facebook and Twitter accounts (not surprisingly, with a team of social media experts making updates on her behalf), and is able to reach a much broader audience and provide information on a near real-time basis.

Let's take a look at exactly how much technology has changed while the Queen has been in the office (and well before then, too!):

Technology Through the Years

The future of technology is sure to be exciting. What will the next 60 years bring? Only time will tell.

In the meantime, want to hear why our London office loves technology? Watch this video!

Source: The Telegraph

But what effect do these changes have for the person responsible for technology at a hedge fund or investment firm? As a Chief Technology Officer (or comparable role: Director of IT, Chief Information Officer, etc.), one has historically been responsible for day-to-day IT functions and routine technology refreshes. But as the industry has experienced rapid change over the last several years, so too have the CTOs and their responsibilities.

A CTO in today’s world must wear many hats. In addition to needing knowledge on a variety of technical skills such as networking, storage, virtualization, telecommunications and resource management, a CTO must also possess a variety of business and non-technical skills to support the organization. These include:

• Regulatory Requirements: With the Dodd-Frank Act now in effect, investment management firms have a whole new host of requirements to meet. CTOs have to run daily or intraday reports to satisfy new legal requirements, store and archive emails and other messages, and work with regulators on a regular basis to ensure their firms are complying with all necessary directives.
  
• Compliance: In addition to complying with the regulatory requirements above, there are also new internal compliance procedures hedge fund CTOs have to grapple with. Particularly in the post-Madoff era, firms are implementing policies to combat insider trading and other securities risks. Mobile security and BYOD issues are another area for technology directors to focus their attention.
  
• Communication Skills: Despite the fact that they are forced to work with inanimate objects all day, technologists must also maintain good communication skills to support their technical operations. The increased focus on transparency and due diligence has led to many CTOs interacting directly with investors on a daily basis, educating them on how technology is supporting and protecting their assets. Working more frequently with investors and regulators means CTOs need to work on their interpersonal communication and ensure they are properly representing their organizations.
  
• Security: Okay, so this one is still partially technical, but security has become one of the most important – if not the most important – aspect of a hedge fund’s technical operations. In addition to managing the back end infrastructure, a firm’s technologist may also be responsible for or involved in drafting policies and procedures to support security operations within the firm.

While dealing with increased focus and responsibilities relative to regulations, compliance, and due diligence have added to the plates of hedge fund CTOs, another phenomenon has also contributed to this change in role. The popularity of cloud computing (and outsourcing in general) has prompted many hedge funds and investment firms to reevaluate their technical strategies and reallocate their technical resources.

While some firms have opted to reduce or eliminate their IT staffs and outsource all technology, others have opted to maintain internal technology resources while also utilizing the cloud. It can be done effectively and efficiently, and many larger firms, in particular, find it beneficial to use the cloud and also have internal staff dedicated to other technical projects.

Regardless of the approach, the prevalence of cloud computing in the hedge fund industry is driving technologists to evolve their technical and non-technical skills. The cloud means IT roles shift from hands-on work with hardware and installations to resource management, integration, capacity planning, and technical architecture.

For each firm, the dynamic is different. While many of the traditional roles of the hedge fund CTO are changing, others remain the same. Many firms still maintain that they need an internal resource for troubleshooting and other projects. Others prefer to focus their attention on the newer aspects of “technology” (i.e. compliance, due diligence, etc.) and leave the day-to-day IT functions to an outsourced third party. The role of the hedge fund CTO has certainly changed in recent years, and like the technology these professionals support, it’s safe to say their job functions may be markedly different in the years to come.

Photo credit: iStock Photo

With the rapidly growing popularity of this so-called BYOD trend, one might assume that IT departments across the country would be tightening up mobile device security policies to keep pace. Unfortunately, this does not appear to be the case. According to the InformationWeek survey, an alarming number of companies are simply making minor adjustments to their policies as opposed to implementing new ground rules that better reflect the capabilities of the smartphones, tablets and laptops their employees are using.

Why is this such an important issue?

By allowing employees to supply their own devices, an organization inherently loses control over the hardware and how it is used. Governing the fine line between personal and professional use on the same device can be challenging. But without clearly defined policies in place companies are making themselves vulnerable to a number of security risks.

For instance, 48% of respondents in the InformationWeek survey indicated that employees within their organizations had their mobile devices lost or stolen in the past year, with 12% of those cases requiring public disclosure, causing inevitable harm to the business. If proper security measures are not in place, the information contained on that device could become accessible to unauthorized parties and the company's reputation may suffer irreparable damage.

Additionally, there are many security risks involved in using one’s personal device for business purposes that most users may not even be aware of. Many popular smartphone apps, such as Dropbox – a public file-transfer service – could allow sensitive information to be easily intercepted. In a recent interview with MIT’s Technology Review, Jeanette Horan, chief information officer at IBM, shared that many IBM employees who use personal devices in the workplace were found to be automatically forwarding their work email to public webmail services. Others were using their smartphones to create open Wi-Fi hotspots. Both of these (not uncommon) practices make a company’s data extremely vulnerable to hackers.

What can your firm do to protect itself from BYOD security threats?

Today, nearly all employees have personal smartphones, tablets and laptops, and it is becoming more convenient to handle both personal and business tasks on those devices. Whether your firm chooses to adopt a formal BYOD program or not, it is crucial to have clearly defined policies in place to govern what is acceptable, and what measures must be in place before using personal devices in a professional manner. Here are some tips for tightening up your firm’s mobile security:

• Educate employees about mobile device security, as they may not be aware of the vulnerabilities that exist on their personal devices.
• Remind users to employ many of the same cautions they would when working on company-owned devices. For example, use discretion when opening email or text message attachments or clicking on links - especially when they are received from an unsolicited sender.
• Ensure appropriate physical security measures are in place to prevent theft of mobile devices and enable data recovery. Users should lock their devices and use secure passwords. Additionally, firms can install software on the devices such that, if they are lost or stolen, their contents can be erased remotely.
• Employ encryption tools to ensure all emails and text messages are sent securely and cannot be easily intercepted.
• Only connect devices to secure Wi-Fi networks.
• Be careful with downloads. Only download apps from reputable developers. It may be useful to develop a list of unacceptable apps or vendors so that employees understand which ones to avoid.
• Update devices regularly, or set up automatic updates where applicable.

To learn more, don’t miss our article on “The BYOD Trend: What is it and how could your company be affected?” or contact an Eze Castle Integration representative.

Why Funds Are Moving

Following are some of the key reasons hedge funds are considering using the cloud for application hosting.

• 

  Enterprise-grade Infrastructure: Cloud provider delivers a resilient and robust infrastructure that includes best practices around N+1 configurations to ensure the application is highly available.

• Cost-Effectiveness: By hosting an application with a cloud provider, hedge funds can reduce costs and minimize capital expenditure outlays on new equipment. Ongoing maintenance, monitoring and upgrades are all handled by the provider and should be included in the monthly cost.

• Scalability: A hosted platform can provide virtually unlimited computing resources, a redundant infrastructure and easy expandability to support a firm's needs. In many cases, allocation of CPU, memory, storage resources and Internet bandwidth can be increased on-the-fly.

• Management: The cloud provider is responsible for monitoring and maintaining the platform to ensure Service Level Agreements are met.

Questioning a Cloud Provider

Asking the right questions is essential to vendor evaluation. Here are some of the must-ask questions when considering moving your application to a cloud provider:

• Which application vendors have systems operating in the cloud?
  
• Does the application vendor confirm their product works in a hosted environment?
  
• Are there any issues associated with virtualizing the applications?
  
• How is the application deployed? Does the software run native over the Internet, or does it require a delivery mechanism such as Citrix?
  
• Are there any limitations with this type of deployment? Are there certain pieces of functionality that will not work if remotely deployed? Are there display limitations?
  
• How many clients for the specific application have a hosted implementation?
  
• What certification levels does the cloud provider have with these application vendors?
  
• Will the application vendor help with a “proof of concept”?
  
• Will there be any changes to the level of service if the application is deployed in a hosted environment?

Read the full list of Service Provider Questions HERE.

Check out our Cloud Forum or contact us for further information.

It was mentioned by both eSentire’s Steve McGeown and Eze Castle’s Steve Schoener during our recent webinar that internal threats to security are just as likely to occur when it comes to cybercrime and security breaches.

A recent Wall Street Journal article, IT Protects the Company, Who Protects IT, included statistics from a PricewaterhouseCoopers survey of executives about economic crimes. Several jarring statistics were provided, including:

• 56 percent of respondents who said they had experienced economic crime in the past 12 months said the main perpetrator of the most serious fraud was someone inside the organization;
  
• 53 percent of respondents who saw a risk of cybercrime within their organization said there was a risk of it coming from the IT department – the highest percentage from any department; and
  
• 18 percent of frauds reported by respondents in 2011 were detected by electronic monitoring of suspicious activity and transactions, up from 5% in 2009.

But it’s not just a firm’s IT department that could pose a risk. Anyone at the company with a certain level of access could gain control of sensitive information. This is why we recommend firms employ the principle of least privilege. In its simplest terms, this means only allowing access to data, documents and resources to personnel who need it. Members of the IT staff likely need more access than employees in the Human Resources or Marketing departments, for example.

We’ve talked about these before, but here are a few internal security best practices to keep in mind:

• Maintain a strong password policy. In addition to creating a strong password and changing it frequently, be sure not to write it down or give it out. Creating a tough password means nothing if it can be easily discovered by a coworker. And remember, "password" is not a good password.
  
• Use multi-factor authentication. In order to access certain systems or data, your firm should employ at least two-factor authentication practices. This means that in addition to providing a password for access, employees would also need to provide a separate PIN number, for example. For access to a data center, firms may want to use biometric screening as a second authenticator.
  
• Take control of company-sanctioned mobile devices. What about when an employee leaves the firm? Can he/she still access company data and information from their mobile device? It’s important to remember that even if an employee leaves, access may not be automatically terminated. Firms should ensure they restrict access when employees leave and are also able to wipe devices remotely if necessary.

Just remember: when it comes to protecting your company’s sensitive information, don’t just train your eyes outward. Look inside too.

Want More on Hedge Fund Security?

• Hedge Fund Security Part 1: Six Basic but Overlooked Security Practices
  
• Malware Definitions & Security Tips: Hedge Fund Security Part 2
  
• Hedge Fund Security Part 3: How secure are your iPhone and iPad?

Source: Wall Street Journal
Photo Credit: eHow

Scalable, Flexible and Available

The cloud offers firms the option of scalability without the serious financial commitments required for infrastructure purchase and maintenance. With cloud services there is no vendor lock-in or implied commitment beyond duration so firms have the flexibility to easily evolve their IT environment.

Another benefit is the ability to seamlessly add more users and/or computing resources to match the firm’s requirements. A hedge fund private cloud can deliver the infrastructure, bandwidth and network resiliency to accommodate business requirements for high speed access, storage and applications.

Finally, a cloud solution offers advantages around time to deployment since the timely element of a custom build-out is eliminated.

Cost Containment

Through cloud services firms gain the opportunity to convert from Capex to Opex. While building out a comm room or data center requires capital expenditures, using an external cloud service that offers a pay-as-you-go service falls into ongoing operating expenditures. The transition to a cloud service provides many cost-savings beyond just eliminating the need to purchase and refresh equipment.

When weighing the costs associated with maintaining a server and other data center equipment in-house it is important to consider:

• Direct costs including power, real estate/floor space, storage, and IT staff to manage the resources
  
• Indirect costs including network and storage infrastructure and IT staff to manage the environment
  
• Overhead costs including procurement, accounting and IT

When added to the cost of an internal server, these factors significantly raise the monthly overall cost to host a server and make cloud services more attractive.

Increased Operational Efficiencies

The cloud delivery model also offers many benefits around increasing operational efficiencies at hedge funds that translate into streamlined technology oversight and potential cost savings. These include:

• Eliminating server technology refreshes in-house while also ensuring a firm has the latest technology powering it
  
• Reducing IT overhead by using a third party, such as Eze Castle Integration, to handle all infrastructure maintenance, monitoring and management
  
• Decreasing the cost of designing and deploying new applications due to the standardized infrastructure that is fully managed

For more on how your hedge fund can benefit from cloud computing contact us or visit our Cloud Forum.

Speaking on the webinar were two great security experts: Steve McGeown, VP of Marketing and Product Management at eSentire, and Steve Schoener, VP of Client Technology here at Eze Castle Integration.

Below is a short summary of the key points addressed by our expert speakers.

Why are Hedge Funds at Risk?

The truth is that there is a lot of animosity towards firms on Wall Street, and this distaste has spurred the increase in potential threats to hedge funds and investment firms. Since the US recession began in 2008, people have been looking for someone to blame, and oftentimes that blame has been placed on hedge funds. In some cases, hackers or “hactivists” are merely looking to steal information, and in other cases, they may be looking to tarnish and take down funds that they believe are responsible for our current economic state. Hackers have stepped up their games and even made a point to target specific firms in order to seek revenge.

In addition to external threats, some of the biggest risks to your company may be located internally. One example that eSentire's Steve McGeown provided of this was an instance in which a company’s employee was caught downloading an entire CRM database onto her personal Gmail account. Instances like this are prime examples of how important it is to maintain strict internal policies and procedures to keep your firm’s information safe at all times. (We’ll be dedicating an entire blog article to this topic next Thursday, 5/17, so be sure to come back then!).

Hedge Fund Security Best Practices

Hedge funds and investment firms may be easy targets for hactivists, but with proper policies and procedures in place, firms can ensure their sensitive data and information doesn’t fall into the wrong hands. On the most basic level, firms should employ anti-virus software and network firewalls to minimize the amount of traffic into the firm’s network. To take things a step further, firms can utilize systems like intrusion detection to more accurately and aggressively monitor inbound threats.

Having the right systems in place can only get you so far. Your firm also needs to underscore the importance of security by maintaining strict policies that outline acceptable behavior and security best practices.

Following are a few policies we recommend your firm employ:

• Access Control Policy: Provides direction for managing and granting access to information systems
  
• Acceptable Use Policy: Outlines acceptable use of Internet/Extranet/Social Media/etc.
  
• Incident Response Management Policy: Outlines the requirements and procedures for dealing with an information security breach or incident
  
• Personal Communications Device Policy: Describes requirements for use of personal communication devices

To hear more from our expert speakers, Steve McGeown and Steve Schoener, listen to the complete webinar recording here: Network Security Threats Exposed: How to Keep Your Firm’s Data and Infrastructure Safe.

Also, be sure to check out these articles:

• Cyber Security Threats: Is Your Fund Protected?

• Hedge Fund Security Part 1: Six Basic but Overlooked Security Practices

• Malware Definitions & Security Tips: Hedge Fund Security Part 2

Not only was the Cloud Summit the first event of its kind, but it was also where we debuted Eze Castle TV! Some of our attendees were brave enough to face the camera and tell us what they thought of our event. Watch the video below to see what they had to say!

To watch more of our videos, visit www.YouTube.com/EzeCastleECI.

So…drumroll please… We are excited to unveil the newest member of the Eze Castle Integration thought leadership family – Cloud Forum!

On the Cloud Forum you will find rich information:

• 

  What is Cloud Computing
  • History of Cloud Computing
    
• Cloud Architecture
  • Types of Cloud Computing Models
  • Unified Cloud Architecture Overview
    
• Operating in the Cloud
  • Application Hosting
    
• Cloud Security
  • Top Threats
  • Best Practices
  • Questions to Ask Cloud Providers
    
• Cloud Computing Dictionary A-Z
  
• Cloud Resources: Articles, Videos and Events

Here is a snapshot of our newest family member:

Visit Cloud Forum Now

We hosted our first-ever Hedge Fund Cloud Summit earlier this week at the Sofitel New York, bringing together over 100 operational and technology professionals from the investment industry for what truly was an exciting day.

Event hosts Bob Guilbert and Vinod Paul kicked off the afternoon by offering their perspective on the changes within the hedge fund market relative to cloud computing and why it has steadily become a reliable technology option for firms of all sizes and strategies. Five years ago, most hedge funds were involuntarily relying on traditional on-premise infrastructures marked by intricate Comm. Room build-outs and heavy upfront capital expenditures. The average cost for servers, storage, networking and other equipment? Two hundred to five hundred THOUSAND dollars.

As the industry has changed and technology has evolved, the cloud has emerged as a beneficial solution for firms looking to increase their efficiencies and reduce their CapEx. Hedge funds and investment firms are using the cloud in a multitude of ways and for a variety of reasons. We’ve come a long way from back in 2008 when respondents of an InformationWeek survey said that “cloud” was just a carelessly used marketing term.

But times have changed. And the Cloud Summit was the perfect opportunity for fund professionals on both the operations and technology levels to gather together and gain insight into some of the key cloud-related discussion point being heard throughout the industry. And, as expected, the most popular panel of the day was focused on cloud security.

We hope you share more insights from the Cloud Summit with you soon, but in the meantime, check out some of our expert panelists on display! Also, be sure to visit our new Cloud Forum website that answers (almost) every question you could have about cloud computing for hedge funds.

Examining the changing role of the hedge fund CTO/CIO are Moderator Bob Guilbert (Eze Castle Integration)
and panelists Chris Turek (Evercore Partners), Doug Kline (Deutsche Bank) and Perry Vais (BlueMountain Capital Partners)

Discussing cloud security before the panel starts are Moderator Mike Abbey (Eze Castle Integration)
and panelists Eldon Sprickerhoff (eSentire), Steve Schoener (Eze Castle Integration),
Tom Smykowski (Goldman Sachs) and Elad Yoran (Vaultive/Cloud Security Alliance)

The report found a 27% rise in cyber security vulnerabilities between 2009 and 2010 and noted that “early in 2011 officials at the International Monetary Fund revealed that it had been targeted by a sophisticated cyber attack – a threat that was considered so serious, the World Bank severed the computer ties through which the two organisations shared information.”

Another example cited was that “in June 2011 a black-hat hacker group known as LulzSec (or “Lulz Security”) targeted the website of the CIA in the US using a denial-of-service attack. This was the latest in a string of similar attacks against a range of government and public sector bodies.”

While these two examples occurred at large organizations, the risks facing smaller firms (read: hedge funds) are just as real. To that end, we recently had eSentire into our Boston office to speak with a group of hedge fund CTOs about the security landscape and their managed security technology. Feedback on eSentire’s offering and approach was positive and the spark for this tech spotlight article.

The Spotlight

Eze Castle Integration and eSentire are working together to give hedge funds using the Eze Private Cloud or on-premise IT complete protection from security risks that could jeopardize operations and threaten proprietary information.

eSentire’s core solutions combine advanced security technology with highly trained security experts to proactively identify potential vulnerabilities, detect and prevent intrusion, and conduct forensic traffic analysis for predictive threat profiling. Core components of eSentire’s eSentinel managed security services are network interceptor and Security Operations Center (SOC). These deliver:

Network Interceptor

• Intrusion Detection / Intrusion Prevention
• Bandwidth Tools
• EXE Blocking / Quarantine / DPI
• DNS Interception
• SSL Interception/Proxying
• Attachments and End-of-Day Reports
• Forensic Traffic and Incident Analysis

Security Operations Center

• Service Level Objectives
• Change/Release Control
• Operational Reporting/Relationship
• SOC Escalation/Resolution Mechanisms
• Root Cause Analysis Functions
• Systems Group Maintenance

Up Next

This coming Thursday (April 18, 2012) we are hosting a webinar with eSentire titled “Network Security Threats Exposed: How to Keep Your Fund's Data & Infrastructure Safe.” The webinar will provide attendees details on:

• Specific network security threats, including data leakage and network intrusion;
  
• Understanding of security threat management practices such as intrusion detection and prevention, forensic traffic analysis and web and application assessments; and
  
• Specific policies and procedures to employ for optimal security management.

Register for the webinar HERE.

Want More on Hedge Fund Security?

• Hedge Fund Security Part 1: Six Basic but Overlooked Security Practices
  
• Malware Definitions & Security Tips: Hedge Fund Security Part 2
  
• Hedge Fund Security Part 3: How secure are your iPhone and iPad?
  
  

Today is the second birthday for Hedge IT, our sweet, informative blog. So I know exactly what I was doing two years ago – I was writing and posting our first Hedge IT article, aptly titled “Welcome to Hedge IT.”

Sticking with the theme of ‘welcome to…’ and giving a nod to our upcoming Hedge Fund Cloud Summit, today’s post is a welcome to the changing world of IT – now that the business world is going to the cloud.

Paradigm shifts are commonplace in the IT world. When talking to an IT veteran about cloud, he/she will likely reflect on the move from centralized computing (mainframes/mini-computers) to decentralized computing (Windows NT/Novell) and now back to centralized computing with the cloud.

The prevalence of the cloud means IT will shift from hands-on work with hardware and installations to resource management, integration, capacity planning, and technical architecture. IT roles will evolve from “Systems Admins” and “Systems Architects” to “Cloud Admins” and “Cloud Architects.” This evolution is exciting and likely scary all at once. The well-known book, “Who Moved My Cheese?,” provides the following insights for coping with and preparing for change:

• Change Happens. They Keep Moving the Cheese.
  
• Anticipate Change. Get Ready For The Cheese To Move.
  
• Monitor Change. Smell the Cheese Often So You Know When It Is Getting Old.
  
• Adapt To Change Quickly. The Quicker You Let Go Of Old Cheese, the Sooner You Can Enjoy New Cheese.
  
• Change. Move with the Cheese.
  
• Enjoy Change! Savor The Adventure And Enjoy the Taste Of New Cheese!
  
• Be Ready To Change Quickly and Enjoy It Again. They Keep Moving The Cheese.

To support your expedition to enjoy the big cheese in the sky, here is a snapshot of the technical and non-technical skills that make a knowledgeable Cloud Admin or Cloud Architect.

Technical Must-Have Skills

Non-Technical Must-Have Skills

We'll explore this topic futher at our Hedge Fund Cloud Summit in NYC, and be sure to write a follow up article for those of you unable to attend.

Enjoy the tides of change!

Photo credits: Smabs Sputzer, Will Clayton

But with so much buzz in the industry about the cloud, it seemed fitting to organize an event dedicated solely to this topic. Alas, it’s finally here.

In just two short weeks, Eze Castle Integration will be honored to host the 2012 Hedge Fund Cloud Summit – a half-day conference in New York City designed to dive deep into the critical areas of cloud computing that hedge funds and investment firms are compelled to think about on a daily basis.

The Cloud Summit will bring together more than 100 of the investment industry’s best and brightest technology and operations professionals and will feature expert speakers from some of the leading hedge funds, prime brokers and technology application vendors in the industry.

Below is a sneak peek at the four panel sessions that will highlight the Hedge Fund Cloud Summit in its inaugural year. For a full agenda or to register for the conference, click here.

Making the Business (and Financial) Case for the Cloud

In addition to the technology specifics involved in leveraging cloud computing, there are also important operational considerations to think about. What is the business proposition for hedge funds moving to the cloud? Is the cloud really more cost-effective? How do investors feel about the cloud? Our expert panelists will answer these questions and more as they examine the business case for the cloud.

Examining the Changing Role of the Hedge Fund CTO/CIO in the Cloud Era

The role and responsibilities of the hedge fund CTO has evolved in recent years. With the emergence of cloud computing, as well as increased focused on compliance, regulations, reporting and transparency, individuals responsible for technology are juggling more than ever before. Hear directly from current and former hedge fund CTOs as they examine how the role has changed so far and what else to expect in the future.

Hosting Your Applications in the Cloud: What You Need to Know

Your fund uses a host of different financial, trading and risk applications on a daily basis. And many of these can now be supported in a cloud environment. But how do you know when the cloud is a good fit for your applications? This panel includes experts from companies that taut some of the leading hedge fund applications on the market and will examine the pros and cons of hosting your key hedge fund applications in the cloud.

Practicing Safe Security in the Cloud

It’s the question that has lingered in the industry for years – is the cloud secure enough to store sensitive data? With fears of data mingling and cyber attacks, investment firms need to be sure their information lies in a safe place. This panel will explore possible security risks that exist in the cloud and provide best practices for maintaining a safe and secure virtual environment.

Click here for more information on the 2012 Hedge Fund Cloud Summit.

NOTE: The Hedge Fund Cloud Summit is open to hedge fund and investment firm professionals only. Space is limited, and service providers will not be permitted to attend.

• Public vs. Private vs. Hybrid Clouds
• The Migration from Traditional IT to the Cloud
• Impact of Reduced Costs in the Cloud
• Real-world Examples of Cloud Utilization
• Examining the Technology Environment for Startups
• Scalability with the Cloud
• Cloud Security Best Practices
• The Future of the Cloud

Here is the interview for your viewing pleasure!

I recently sat down with Chris to pick his brain on the importance of continued international expansion, as well as to get his thoughts on some important lessons that he’d like to share with other CFOs and organizations that may be undertaking similar growth strategies.

Q. Congratulations on your recent promotion! Could you tell our readers a little about yourself and your background in the industry?
A. Thanks! As you mentioned, I have been with Eze Castle for almost nine years now. I manage our financial operations and spearhead the establishment of international operations. Most recently, I helped facilitate our expansion into London, Geneva, Singapore and Hong Kong. As part of this process, I oversee the company’s global finances, as well as the accounting, insurance, legal and real estate functions.

Prior to joining the Eze Castle team, I worked as a principal at The Parthenon Group, which is a global strategic advisory firm. While at Parthenon, I enjoyed the data-driven, financial aspects of the consulting engagements I worked on. This led me to pursue a finance position at a privately held company, thus bringing me to Eze Castle. I am a graduate of Dartmouth College, where I received a Bachelor of Arts degree in mathematics.

Q. Great! Could you tell us a little more about the company’s international growth? What were the driving factors behind the decision to expand beyond the United States?
A. Most of our growth is driven by the needs of our clients and the size of the market opportunity in a particular country or region. Our first international office, in London, was established as a result of the fact that we had a large client in New York who also had a significant presence in the UK. They were pleased with our level of service in New York and asked if we’d consider supporting them in London as well. The support from our client base, coupled with the size of the hedge fund market in London, made this an easy decision.

When we first opened in London, we focused our support on existing US clients that have London offices. Once we were comfortable that we were maintaining a consistently high level of support, we then looked to scale our efforts. We began selling our solutions and services to the local UK hedge fund market and adding new clientele. Subsequently, we have started the process of replicating this strategy as we expand into Asia. Our geographic breadth has since opened us up to opportunities with global financial institutions to which we would not have otherwise been exposed.

Q. Since some of our readers may be considering growing their own firms into new territories, can you walk us through the major steps involved in establishing a new office overseas?
A. A good place to start is often the inward investment branch of the government in the country or city to which you are looking to expand. They often have offices in the US and are eager to discuss expansion opportunities. They are a great (free!) resource and can provide contacts for everything from talent recruiters to tax advisors. They will also make you aware of any special tax incentives available for hitting certain revenue and/or job creation milestones.

From an operational standpoint, it’s important to choose the appropriate entity type to ensure it will fit into your overall corporate structure from both a tax and legal perspective. Once the entity choice is made you can focus on establishing how you will handle accounting, tax, audit, banking/foreign currency and legal/contracts.

It’s important to have all of the tactical aspects of running the business in place before supporting clients and selling products and services. Certainly, the sales and support strategy should be tackled in parallel so that client work can begin once the compliance initiatives are complete. If you have a realistic timeline and budget and partner with the right people, the process is not as daunting as it might seem.

Q. I understand you will be making a trip over to Europe soon. What will be your top priorities for this visit?
A. Yes, I will be in both the UK and Switzerland. I have three main objectives for the trip. The first is to handle all of the compliance requirements that need to be addressed in person. The second is to meet with all of our tactical partners in both locations. I have meetings set up with bankers, lawyers, tax advisors, auditors and regulatory agencies. My third goal is to spend time with the employees in our London office. That office has grown substantially since we opened it in 2007, and has recently moved to a new location so I’m looking forward to seeing that.

In today’s highly connected world there is so much that can be done over the phone and via email, but there still is no substitute for a face-to-face meeting. I see real value in that and plan to take full advantage of this upcoming opportunity.

Q. What are some important lessons that you have learned throughout this process that you feel are important to share with other CFOs or anyone leading a company through a similar undertaking?
A. One of the major lessons I’ve learned is that there is so much that can be discovered on the job. If you have an interest in what you are working on, an aptitude for learning and a logical thought process you can accomplish anything. Five years ago we didn’t have any foreign offices or anyone with experience opening or operating a foreign office. As a team we figured out what we needed to do, developed a plan and executed on that plan. We certainly made some mistakes along the way, but we have learned from them and have been able to refine the process in order to become more efficient with each subsequent expansion. This knowledge, constantly evolving over time, will certainly serve us well in the future.

Considering expanding your organization to a new city or region? Be sure to check out our “Expanding Your Hedge Fund Internationally” Knowledge Center, or contact an Eze Castle Integration representative.

The number of people for the Olympic Games is expected to rise by 300,000 with the number using public transport increasing by over 80,000. Transport networks will be stretched as hundreds of thousands of people use public transport, which means staff may not be able to get to work as easily as usual.

When preparing for any major events, many hedge funds and investment firms will focus on preparing their technology: making sure data is backed up, files are secure, and access to market data remains intact. But often firms forget about the business and operations aspect that is equally as important to keeping a hedge fund's technology operational through a disaster.

In any type of disaster situation, it becomes a necessity to have a business continuity plan in place. Firms will need to ensure their employees know how to access their technology and how to communicate with each other if they are unable to get to the office during the Olympics.

There are certain business continuity best practices that firms should follow in order to ensure their business processes are not interrupted:

The Importance of Communication

The reality is, you can have all the processes and procedures in place to prepare for a disaster, but if they are not properly communicated to your employees and external parties, then their effect with be minimal. Consider creating a call tree or implement an Automated Messaging System that can be configured to send notifications to all employees simultaneously. Using the automated messaging system ensures all employees receive the same message immediately via email, phone call and/or text message.

Remote Access Technologies

Employees will be forced to work from home or an alternative work location if they are unable to get into the office. But ensuring your employees actually know how to work remotely will go a long way in validating the effectiveness of your BCP plan.

There are a few different options for remote access, notably Virtual Private Network (VPN), Citrix, and Outlook Web Access (OWA).

• VPN: IPSec or SSL VPN technologies work by connecting your home computer to that which resides in your office. You are able to “remote desktop” and run all of the applications which live on your work computer’s server.
  
• Citrix: With a Citrix server, you are able to log into a website via any computer and get access to the applications that live on the Citrix server in your office. When you click any application icon, it will appear as if it is running locally despite being housed on your office server.
  
• OWA: For those companies who use Microsoft Outlook for email, you can log into OWA to access your email account from an external computer.

Whichever technology or combination of technologies your firm decides to employ for remote access, the key is ensuring your employees know how to properly use them and test them prior to a disaster.

Employee Remote Access Test

Testing remote access beforehand will make employees more comfortable with the process and ensure that any unexpected challenges are addressed before an incident impacts your office. Here are some recommended steps to have your employees follow as part of the testing process:

• Validate successful communication to internal and external dependencies
  
• Confirm full functionality of required applications
  
• Perform all high level business functions
  
• Confirm access to vital records
  
• Redirect office phones to home/mobile phone

With 127 days until the Olympic Games 2012 begins, it is essential for firms and their employees stay safe and productive, organisations must have a fully planned, well-tested business continuity plan and methods to ensure your workforce can work from any location at any time.

Additional Resources:

• London 2012 Games Planning Information for Business
  
• Business Continuity Planning: The Importance of Table Top Exercises
  
• Blog Article: What is involved in a DR test?
  
• Five steps to Business Continuity Planning

However, the Dodd-Frank Act continues to spark change and much debate throughout the financial services industry. Just today the U.S. Commodity Futures Trading Commission (CFTC) “completed Dodd-Frank Act rules requiring swaps brokers to decide within minutes whether to clear a trade in an effort to reduce risk in the $708 trillion global swaps market,” according to Bloomberg news.

Dodd-Frank also requires that swap entities establish and maintain written business continuity and disaster recovery plans designed to enable them to resume operations with minimal disturbance to counterparties and to recover all required documentation and data.

Not every deadline has been met. Law firm Davis Polk publishes a monthly Dodd-Frank Rulemaking Progress Report “to help market participants and policymakers assess the progress of the rulemaking and other work that has been done by regulators under the Dodd-Frank Act.” Following is a peek at the findings from the March 2012 report:

• As of March 1, 2012, a total of 225 Dodd-Frank rulemaking requirement deadlines have passed. This is 56.3% of the 400 total rulemaking requirements, and 78.7% of the 286 rulemaking requirements with specified deadlines.
  
• Of these 225 passed deadlines, 158 (70.2%) have been missed and 67 (29.8%) have been met with finalized rules. Regulators have not yet released proposals for 24 of the 158 missed rules.
  
• Of the 400 total rulemaking requirements, 99 (24.75%) have been finalized and 154 (38.5%) have been proposed. 147 (36.75%) rulemaking requirements have not yet been proposed.

The following graphic shows the progress by agency:

The exact impact of Dodd-Frank will not be known for a while, but speculation is sure to continue. At Eze Castle Integration we are focused on helping hedge funds and alternative investment firms cope with the technology requirements, including disaster recovery plans and systems, that come with Dodd-Frank.

Visit our Dodd-Frank Knowledge Center for resources on ensuring your IT systems meet the new regulations.

Companies whose power came back Wednesday morning experienced minor inconveniences, such as having employees who worked late Tuesday night have to travel down 46 flights of stairs since the elevators weren’t working. Other companies who were without power all day Wednesday weren’t so lucky. As of 3:00 p.m. today (Thursday) power is still out at Boston’s Prudential Center.

This unfortunate incident is precisely why disaster recovery and business continuity planning are so important. So important in fact that we are going to re-run an oldie but goodie from our interview last year with Lisa Smith, a Certified Business Continuity Planner at Eze Castle Integration.

Here it goes…ASSUMPTION: Your office building is inaccessible.

How will employees be notified of the building closure?

Calling all employees through a manual phone tree can be very time-intensive. Some may not receive the message in time to avoid reporting to an inaccessible office, which could cause confusion and further time loss. Also, if managers and employees are busy calling one another to spread the message, this prevents them from performing more productive work-related activities.

One way to avoid this challenge is to implement an Automated Messaging System that can be configured to deploy a notification to all employees simultaneously. Using this system ensures that all employees receive a consistent message immediately via email, phone call, and/or text message. These systems tend to vary in terms of cost but a base level system can be installed for as low as $8.50 per employee per year.

Where will employees work from?

In advance of the inclement weather let employees know whether they will report to an alternate site or begin conducting their work from a home office. If using an alternate site, be sure it has the capacity to accommodate all critical employees that may need to work from there in the case of an office closure (i.e. extra desks or tables, adequate number of Citrix licenses, phone lines, etc.).

If the plan is to have employees work from home, steps should be taken to ensure that they will have access to all resources necessary for performing their daily tasks. In either case, the alternate work location procedures should be clearly communicated to all employees, and regular testing should be conducted in advance to ensure that any unexpected challenges are dealt with before a major storm shuts down your office space.

How will employees communicate with each other and with external contacts?

Before inclement weather strikes, each employee should compile a list of the phone numbers and other contact information for all individuals on whom their jobs are dependent. For example, it is common among hedge fund firms for people in the trading and operations departments to be highly dependent on one another. Employees in both functional areas should have the home and cell phone numbers of each of their counterparts to avoid a loss of communication when your office is inaccessible.

Additionally, employees should save the contact information of all external parties, such as vendors, investors, and broker-dealers with whom they need to regularly communicate in order to do business. This information should be stored in a location that is accessible from both the office and the employees’ alternate work locations.

Other considerations

There will undoubtedly be some unforeseen challenges associated with the closure of your office building. For example, what should an employee do if he needs a signature from another employee or a manager and both individuals are working from home? How should an employee go about wiring money or carrying out similar transactions from her home office?

The best way to address these issues in advance of inclement weather is to conduct business continuity plan testing days in which employees work from their designated alternate locations and report back on any challenges they faced. This will allow you to make your business continuity plan even more comprehensive, while forcing employees to think about how they will continue doing their jobs effectively if they do not have access to their regular offices.

Want some more? Check out:

• ASSUMPTION: Your office building IS able to remain open.
  
• A Hedge Fund's Guide to Disaster Recovery Planning
  
• Business Continuity Planning: The Importance of Table Top Exercises
  
• Preparing for Winter Weather: Remote Access & Business Continuity Strategies

Eze Castle Integration’s Business Continuity Planning services (Eze BCP) focus on the critical operations and processes that a hedge fund or investment firm must have available if a disruption occurs. Our experienced team of certified business continuity professionals work with clients to address the full-spectrum of BCP. To learn more, visit our Disaster Recovery & Business Continuity Knowledge Center, or contact an Eze Castle representative.

Photo credit: Tayloraldredge

Enjoy!

UPDATE: We've now surpassed the 300 post mark! Don't miss the 2013 Hedge IT Awards honoring the best content and most popular topics from the past year!

Eze Castle's "Best of Hedge IT Awards"

Increased Adoption of the Cloud

According to our managing director, Vinod Paul, over 80 percent of the new clients we brought on board last year are utilizing the cloud in some way, shape or form. As hedge funds continue to battle for institutional dollars, the smaller firms, in particular, are able to leverage the cloud for enterprise-level technology at an often reduced cost.

Speaking of cost, it’s one of the main drivers for firms moving to the cloud. Three to five years ago, hedge funds typically had to pay $300-500K dollars to set up an initial IT environment. In today’s rapidly changing landscape, firms are looking to pay less money out-of-pocket, as well as decrease their initial deployment times.

With the cloud, resource deployment and allocation only take days or weeks instead of months. The increased flexibility with the cloud is an enormous driver, allowing firms to customize how they use this technology platform. The cloud can easily work on a different scale for small and large firms, with smaller startups outsourcing their entire IT landscape and larger firms having the flexibility to use a hybrid model and determine which aspects of their environment they want to manage in-house or outsource.

Is the Cloud Regulated?

To regulators such as the SEC and FINRA, the term “cloud computing” doesn’t really resonate. They tend to use the word “outsourcing” when defining rules for investment advisers and broker-dealers. Broker-dealer rules, in particular, have become more specific in recent years, and there is currently a proposed rule which would prevent BDs from outsourcing arrangements that involve moving cash or securities. Additionally, BDs are required to provide advanced notice to FINRA and the SEC about outsourcing their recordkeeping.

Under the Dodd-Frank Act, investment advisers (including most hedge funds) are required to maintain records of all activites related to their business, but the rules are not as specific in regards to if those records are outsourced. Firms must also complete Form ADV, which requires the disclosure of firms’ service providers and their level of involvement. In the coming years, we may see changes in regards to how regulatory bodies govern the cloud, but for now, there is a lot of ambiguity.

Cloud Security Best Practices & Evaluating Your Service Provider

The threat of a cyber attack is a reality for all organizations, whether they are using the cloud or not. Regardless of a firm’s IT infrastructure, it should take all measures to protect the firm and its sensitive information. For both on-premise and cloud technology, where data is stored in a colocation facility somewhere, you’ll want to ensure that proper physical security procedures are in place, including biometric screening and authentication, monitored cabinets and cages and 24x7x365 surveillance. On the cloud level, you’ll also need to ensure your service uses proper virtualization security, meaning your data needs to be isolated from that of other firms using the same cloud.

It’s also important to consider the type of cloud you are leveraging. Security practices and principles may differ between public and private clouds. Consider the following:

• Who can access your data and at what level? Not every employee needs access to everything on the network.
  
• Can your service provider share an audit trail which logs who has accessed what?
  
• What is the viability of your firm’s cloud service provider? Can they provide audited financials? Can they sustain business in the long run?
  
• Does your provider offer a Service Level Agreement (SLA) and what is the agreed upon uptime? In the hedge fund industry, in particular, downtime is not an option.

To listen to the complete replay of our Feb 28^th webinar, Doing Your Cloud Homework: Legal, Tech & Security Questions Answered for Investment Firms, click here.

Ready for the cloud? Check out the Eze Private Cloud or contact us.

We have again signed on as a Hedge Funds Care global sponsor and are looking forward to attending this week’s Open Your Heart to the Children Benefit in NYC. This year the New York Committee of Hearts is awarding the HFC Founder's Award to former Yankees manager Joe Torre for his accomplishments with the Joe Torre Safe at Home Foundation, which is dedicated to ending the cycle of domestic violence.

Here is a video of Joe Torro talking about his experiences and foundation.

At the end of the month (March 23 to be exact), Eze Castle Integration has the honor of sponsoring the 100 Women in Hedge Funds –Stanford PACs Conference, which is the first hedge fund conference to donate all net proceeds to philanthropy and focus on a double bottom line -- how investors can innovate both absolute and social returns.

Momentum around the conference is building and, as a committee member and Bostonian, I’m proud to see this one-of-a-kind conference being held in Boston. All conference proceeds will support The Alliance for a Healthier Generation organization, which was founded by President Clinton’s foundation and the American Heart Association. Plus, Seth Klarman, president of The Baupost Group, is the keynote speaker.

To whet your appetite, here is a great video of Seth Klarman discussing investing and philanthropy.

Last but not least, in preparation for this great event, Eze Castle Integration has committed to donate $1 to The Alliance for a Healthier Generation for every new ‘Like’ we receive on Facebook in March 2012. Like us now!

We hope you’ll consider supporting these worthy organizations as well.

Virtualization is more than just server consolidation and resource utilization. Yes, there is an inherent benefit in consolidating servers to reduce the instance of unused resources by allowing multiple operating systems and applications to run on one server.

But the business value of virtualization far exceeds simply reducing your firm’s physical footprint and the number of servers you maintain in your Comm. Room or data center.

Following are some key virtualization features that can allow your firm to operate on an enterprise level without the traditional enterprise investment.

• Resilient, High Availability (HA) Infrastructure

o Virtualization can significantly reduce downtime associated with hardware maintenance.

o Inherent high availability into servers means less hardware purchases and reduced power and cooling costs in the long run.

o Despite multiple virtual machines operating on a single piece of hardware through virtualization, the underlying components provide the option for isolation and dedicated resources to applications.

• Portability to Disaster Recovery (DR)

o Virtual servers are easily portable between physical host servers for flexibility.

o In the event of a disaster or hardware failure, data and applications would remain intact as the virtual machine can be easily started on another server.

• Backup and Restoration

o With virtualization, firms can use snapshots to take images of their servers and desktops and store that information on a storage platform, such as a storage area network (SAN). In a disaster situation, these snapshots can be restored to another server located away from the disaster area if replicated via a SAN, for instance.

o Production snapshots can also be easily taken for debugging or patch testing purposes.

• Ease of Maintenance and Monitoring

o The level of maintenance required to troubleshoot virtualization issues is far less than with traditional server-based infrastructures. Maintenance can be coordinated in a more timely and efficient manner because IT can troubleshoot via remote access.

o Because multiple virtual machines operate on the same piece of hardware, there is a unified approach to monitoring.

To learn more about virtualization and cloud computing, visit our Hedge Fund Cloud Computing Knowledge Center.

Photo Credit: VMware

Forbes, Forbes and more Forbes

First up is the article on How To Start, And Run, A Hedge Fund. This article looks at the ins and outs of starting a hedge fund, as traders leave the prop trading desks of large investment banks due to the Volcker Rule.

Next, up is an article on Reporting Values and Risks In Private Equity Funds And Funds Of Funds that looks at the “development of new tools for tracking private equity, venture capital and funds of funds” and includes quotes from Mark Coriaty, who heads Eze Castle Integration’s sister company, Ledgex.

Closing out our Forbes streak, Mark Coriaty is also quoted in an article on Market Data Sales Drop In Market Slowdown; Thomson Reuters Off.

We love the others too

As any good Hedge IT subscriber likely knows, one topic we love is cloud computing and its use within the hedge fund industry. So it should be no surprise that we were thrilled to be included in Wall Street & Technology’s cloud computing article titled, The Rise of Cloud Computing on Wall Street.

In the article, Managing Director Bob Guilbert talks about the benefits of the cloud and the wider availability of applications specifically targeted to the financial markets. He also points to Eze Castle's New York hedge fund hotel as an example of how hedge funds may become operational quickly and efficiently with the use of cloud computing.

Not to play favorites, we also enjoyed HFMWeek’s article on Cloud Control that explores the potential benefits and costs of cloud computing by hedge funds. Our Managing Director Vinod Paul is quoted saying that “nearly all of the 44 launches the company worked with last year adopted [cloud] technology, while five clients worth more than $5bn made the switch towards the end of the year.”

And the winner is…

Since we can’t play favorites, which is your favorite article about your favorite hedge fund technology provider (that’s us!)?

According to Search Cloud Computing, a private cloud (also called internal cloud or corporate cloud) is a term for a proprietary computing architecture that provides hosted services to a limited number of people behind a firewall.

Attributes of a private cloud, versus a public cloud, include providing a hedge fund more control over their data, excellent client service/response times, and greater integration with hedge fund vertical-specific applications such as order management or portfolio management systems.

Now for the segmentation -- a private cloud can be:

1. Deployed on-site by an enterprise IT department and used only by the enterprise. This approach of an internal private cloud is typically used by large enterprises looking to expand or enhance the existing infrastructure and services delivered to users.
   
   OR
   
2. Managed and delivered by a third-party private cloud service provider, such as Eze Castle Integration. This option is ideal for hedge funds and other firms drawn to the simplification and economic benefits derived from fully managed hosted IT solutions.

Analyst Thomas Bittman at Gartner helps provide greater color by saying, [a private cloud is a] “form of cloud computing where service access is limited or the customer has some control/ownership of the service implementation.”

“Graphically, that means that either the provider tunnels through that opaque boundary and limits service access (e.g., to a specific set of people, enterprise or enterprises), or the customer tunnels through that opaque boundary through ownership or control of the implementation (e.g., specifying implementation details, limiting hardware/software sharing). Note that control/ownership is not the same as setting service levels – these are specific to the implementation, and not even visible through the service.”

The following graphic shows the difference between customer private clouds and provider private clouds.

At Eze Castle Integration, our Eze Private Cloud Services are designed to provide hedge funds and investment firms seamless access to the technology and business applications they require to effectively and efficiently run their businesses.

To learn more about cloud computing at hedge funds, DOWNLOAD our eBook or check out our other HedgeIT articles HERE on the topic.

Photo credits: Gartner

While there are countless applications in the marketplace designed to meet the unique needs of investment management firms, we thought we’d highlight a few here that our hedge fund clients use regularly to support their trading operations.

Order/Execution Management

Via an OMS solution, hedge fund firms have the ability to review performance, exposure and risk profiles in real time, monitor pre- and post- trade compliance results and enhance audit trails on a daily basis.

Eze OMS

Respondents from our 2011 Hedge Fund Operations & Technology Benchmark Study overwhelmingly named Eze OMS as their order management system of choice. Part of the ConvergEx Group, Eze Castle Software’s Eze OMS is used by more than 400 buy-side firms worldwide and “provides functionality to support portfolio management, compliance, trading and operations in a single platform.”

Portfolio Management/Accounting

A hedge fund’s portfolio management system is arguably its most critical daily application. With a PMS, investment firms can make real-time trading decisions as well as capture daily trading activity via an integrated technology platform.

Tradar’s Insight

Tradar’s Insight platform is available for the front, middle and back office and offers “improved efficiency by reducing costs, mitigating operational risk and by providing full portfolio transparency.” More than 200 global firms with assets ranging from $10mm to $10bn use Insight on a daily basis to control their trade processing and reporting.

Advent’s Geneva

Geneva – once considered solely a back office accounting platform – has evolved into a fully integrated portfolio management tool for hedge funds, asset managers, family offices, and fund administrators, and is currently supported by more than 250 firms worldwide. Geneva’s features include real-time, out-of-the-box dashboards for accurate P&L, general ledger and NAV calculation, and middle-office functionality such as trade capture and allocation.

If you’re a fund-of-fund, family office or pension/endowment fund, be sure to read up on Ledgex – a comprehensive platform that delivers portfolio management and monitoring, investor relations, reporting, security and compliance.

Click here to learn more about the benefits of hosting your hedge fund applications in the cloud.

Additional Resources:

• Cloud Computing: Application Hosting Considerations, Part One
• Cloud Computing Part Two: Eight Questions to Ask Application Hosting Vendors

Mobile Hotspot
The ability to turn my BlackBerry into a mobile hotspot got my attention after some recent trips to NYC where I enjoyed the snail-pace of Acela’s free Wi-Fi. The Mobile Hotspot feature is found under ‘managed connections’ and allows you to connect up to five Wi-Fi devices at once.

BlackBerry warns that additional charges might apply for Mobile Hotspot use and tha,t during phone calls, Internet traffic to and from connected devices will be suspended until the call ends.

For reference, it was $20/month to add the Mobile Hotspot data service to my Verizon BlackBerry. The package includes 2GB of data, which the Verizon rep said even heavy users typically never reach.

While Wi-Fi hot spots are pervasive, the Mobile Hotspot capability may come in handy for frequent travelers.

BlackBerry Tag
Full-disclosure, I haven’t tried this new feature yet but can see the value, especially when I don’t have a business card handy or want to quickly share a photo or document.

With BlackBerry Tag, users can tap their NFC (Near Field Communications) BlackBerry (i.e. Bold 9900/ 9930 and Curve 9350/9360/9370) against another NFC enabled BlackBerry and easily share information. The uses BlackBerry mentions in their press release include “invite a friend to BBM, exchange contact information, documents, URLs, photos and other multimedia content.”

Looking ahead, BlackBerry may use this NFC capability to create apps that turn the device into a virtual wallet, but, for now, we can more easily share information and invite a friend to BBM.

Wi-Fi Calling
Available for a more limited audience, BlackBerry 7.1 OS also supports carrier implemented Wi-Fi calling services (aka UMA or GAN where available), allowing users to make Wi-Fi calls from their BlackBerry smartphone that don’t eat into their airtime minutes. Not all carriers offer such a service – Verizon is one that does not.

FM Radio (Bold users need not apply)
Only for BlackBerry Curve 9360 or 9380 users, the device can now serve as an FM radio so users can enjoy local FM radio stations while on the go.

All-in-all BlackBerry 7.1 OS has some nice add-ons, but in reality most only have applicability to a subset of BlackBerry users.

Photo credits: BlackBerry

Following are five key cloud computing trends to look for in 2012:

1. Education will remain important.

The industry came a long way in 2011 in terms of learning about the cloud – what it is, how it works and more. But believe it or not, there is more to be learned. In 2012, we expect conversations to go to a deeper level and focus on topics such as cloud security, operational best practices within the cloud and cloud technology specifics.

2. Cloud security practices will expand.

According to a 2011 cloud computing survey by VMware, fifty-one percent of IT executives named security as their top cloud computing concern. As security standards evolve and come to fruition, organizations such as the Cloud Security Alliance (CSA) will continue to put forth best practices for maintaining secure cloud environments – whether public, private or hybrid. You can read more about the latest version of the CSA’s “Security Guidance for Critical Areas of Focus on Cloud Computing” here.

The type of cloud environment does still play a role in security (or at least concerns about security). According to VMware’s “Global Cloud Computing Adoption: Transformation Is in the Air,” more companies are leveraging hybrid enterprise clouds that combine the best of both public and private cloud environments.

“Public clouds without transparent security controls, that can’t be audited against security standards organizations demand today, are unlikely to support their business or IT transformation. This makes them less appropriate for hosting data that is mission-critical or subject to compliance requirements.”

3. Cloud technology will evolve.

The foundation technology the supports cloud computing will continue to evolve as more and more enterprises adopt this platform. At Eze Castle, we rely on technology hardware and software experts such as VMware, NetApp, Cisco and Microsoft to provide our clients with best-in-breed technologies and platforms. As cloud traffic continues to increase, these vendors will need to expand and evolve their product sets to meet the growing demand and maintain the speed, reliability and predictability that come with the cloud.

4. IT staffing requirements will change.

One question on a lot of minds is what the effect of increased cloud adoption means for IT staffing. And while the first thought is to assume staffing needs will be cut due to the cloud, it is not necessarily the case. The cloud does change requirements for IT professionals, however.

In 2012, we expect to see demand for new IT skill sets, particularly as they relate to the cloud. “Cloud credentials” will come into play and may give a boost to both current employees and new applicants. As the cloud continues to evolve, so too must the knowledge and understanding of those IT professionals who manage it.

5. Service Level Agreements will be top of mind.

Like with any other technology, end users and technology providers will need to work together to create and maintain comprehensive Service Level Agreements (SLA) to protect both sides. SLAs relative to the cloud should include key criteria not limited to:

• Availability and performance requirements
• Security and privacy controls
• Disaster recovery expectations
• Escalation and troubleshooting processes and procedures
• Change management procedures

Be sure to subscribe to Hedge IT to stay up-to-date on everything you need to know about cloud computing; or contact us to discuss the Eze Private Cloud.

Source: VMware
Photo Credit: Flickr

Titled ‘Disaster Recovery: An ounce of prevention is worth a pound of cure,’ we covered a range of topics with the overarching theme being that there is no excuse for a hedge fund not to have disaster recovery in place. To quote one panelist, “Nobody Gets a Pass” – including service providers.

Here are some of the highlights from the panel:

The difference between DR and BCP?

• BCP focuses on the people, processes and operations while DR looks at the IT systems necessary to maintain business as usual should an incident occur.

How has the DR and BCP landscape changed over the last five years?

• From a regulatory perspective, more is expected from hedge funds, and regulators are more knowledgeable about what IT systems and safeguards should be in place.
  
• Beyond regulators, investors not only expect hedge funds (regardless of AUM) to have DR and BCP in place, but they want proof the systems accurately reflect the business processes and risk landscape. A simple ‘check the box’ approach to DR is no longer enough to satisfy investors.
  
• The IT landscape for DR has changed as well. The prevalence of cloud-based DR services has driven down the cost of DR substantially making it economical for funds of all sizes. Additionally, the cloud has lifted the technology management burden off many hedge fund managers.

360-degree due diligence emerging as the new norm

• Investors are scrutinizing hedge funds and, in turn, hedge funds must scrutinize their service providers. To quote one panelist, “Trust but verify. No one gets a free pass in this day and age.”
  
• Conducting due diligence on your service providers is essential to drive out unknown risks and protect your firm. A DR system becomes valueless if your IT provider is unable to fulfill their role of activating the system. Ask your provider how they would handle a multi-client activation scenario – do they have the staff to activate 30 clients simultaneously? What is the provider’s plan if their primary office becomes unavailable?

Are DR hot seats necessary anymore?

• The resounding answer from the panel was “no,” with the caveat that it is a personal choice that really comes down to a team’s dynamics and how they work together. If a portfolio manager is most comfortable having his team together should an incident occur than securing hot seats is the ‘right’ choice. However, today’s technology makes it unnecessary for hot seats to continue operations.

Electricity and Internet connectivity are the oxygen for any DR system. What happens if these items aren’t available?

• This is where planning comes into play. As part of the BCP and DR planning process firms must run through a thorough Risk Assessment and Business Impact Analysis to understand the most likely threats/risks and associated business impact.
  
• One panelist (a West Point grad) referenced the concept of P-A-C-E followed in the US military, which he uses to guide his hedge fund’s business continuity planning. P-A-C-E (Primary, Alternate, Contingency, and Emergency) is used by operational planners to ensure that they have a minimum of four different ways to accomplish a critical task.

Planning is great, but how do you ensure accountability?

• The importance of DR testing and preparation must be set at the top of the organization. At Eze Castle Integration we advise clients to test their DR systems quarterly to help ensure users are comfortable logging in and that the DR environment matches the primary location files and applications. Read our article HERE on what is included within a DR test.

For more information download our 18-page Guidebook on Business Continuity Planning and Disaster Recovery for Hedge Funds or contact us.

BYOD refers to the so-called “consumerization of IT” trend that has emerged, in which the culture of enterprise IT is shifting such that the end user is now the one who has cutting-edge technologies first, as opposed to the organization. As a result of this trend (which is frequently attributed to the advent of such Apple products as the iPhone and iPad), individuals are now starting to prefer using their personal devices in place of company-issued products.

Some organizations have begun to embrace these preferences and have implemented BYOD programs to facilitate the use of employees’ personal mobile devices for business use. So far, many of these firms have reported positive results, although lingering concerns remain. Let’s take a look at some of the pros and cons of introducing a BYOD program at your organization.

Advantages

1. Cost Savings – Companies with BYOD programs in place frequently report significant cost reductions in IT. This is the result of a reduction in the volume of desktop support requests from employees to internal IT departments. Additionally, when employees supply their own mobile devices they typically absorb hardware costs and, at least, a portion of the accompanying voice and data service fees. In fact, according to the Good Technology State of BYOD Report, about 50% of companies with BYOD models in place require that their employees cover all costs associated with their mobile devices – and most are more than happy to do so.
   
2. Employee Satisfaction – People buy and use the cell phones, laptops and tablets they have for a reason: they have done research and determined that those devices are the best for them. They quickly become accustomed to the intricacies of those specific devices and are able to efficiently maneuver them to perform daily tasks. Given the opportunity, many employees would prefer to use these devices in the workplace in lieu of company-issued hardware.
   
3. Flexibility – Today, employees do not want to be constantly tethered to a desktop PC. They want the freedom to work remotely if necessary, especially if travel is a major aspect of their jobs. In order to do so, they need mobile computing devices that can maintain the speed and efficiency of in-office equipment. There are now several devices available in the marketplace which make this possible.
   

4. Green/Sustainability Benefits – Employees who use only desktop PCs tend to leave them on all night. Although computers are much more energy efficient than they once were, they still require far more energy to operate than laptops, cell phones or tablets. Also, these mobile devices are generally more likely to be turned on and off between uses, thereby reducing the company’s environmental impact even further.

Concerns

1. Loss of Control – When an organization agrees to allow employees to supply their own devices, it inherently loses control over the hardware and how it is used. When employees use the same device for both personal and professional use, governing where the line between the two should be becomes difficult.
   
2. Security Risks – Mobile devices that are provided by a company’s IT department are usually equipped with enterprise-level security tools to prevent a potentially costly breach. The IT team then has the ability to continuously upgrade and enhance these tools over time to ensure ongoing protection. The same cannot be said for an employee’s personal device, so the risks are much greater.
   
3. Compliance Risks – Many industry regulators require specific data protection measures that may be difficult to maintain with a BYOD model.
   
4. Handling Employee Departures – When an employee leaves the organization, there must be a way for the company to retrieve any proprietary or sensitive information from the individual’s mobile device and sever future access to the network.

As the BYOD trend continues to grow, it will become increasingly difficult for organizations to ignore. Nearly all employees now have personal mobile devices, and it will become continuously more convenient to handle both personal and business tasks on them. Whether your firm chooses to adopt a BYOD program or not, be sure you have a clearly defined policy in place that outlines what is and is not acceptable and clearly states what the expectations are.

For more information, contact an Eze Castle Integration representative today!

In this spirit, I spoke with some internal experts here at Eze Castle Integration to gain their thoughts on a few areas in which hedge funds could consider making enhancements in 2012. Check out our list of the top five resolutions every hedge fund should make:

Resolution #1: Investigate the Cloud.
Cloud computing was certainly a hot topic in the investment industry in 2011. This year, the conversation is getting deeper and more technical as hedge fund managers seek to gain a more thorough understanding of this technology and consider implementing it within their firms. Whether you are a startup fund preparing to launch this year, or an established firm looking to improve efficiencies and reduce costs, the cloud provides real opportunities for improvements in 2012. Advantages include increased flexibility and scalability, less required maintenance and reduced expenditures. There are also potential challenges associated with cloud computing, such as privacy and data security concerns. Resolve to learn more about the cloud in 2012, as many of your competitors are likely doing the same.

Resolution #2: Test Your Disaster Recovery (DR) Systems Regularly.
We frequently talk about the importance of disaster recovery for investment firms, but many fund managers lack a strong understanding of the importance of testing DR systems on a regular basis. Routine tests can help your firm ensure that its DR site meets all current business needs. Since these needs are likely to evolve and grow as your organization does, changes will be made to the production environment to reflect these ongoing developments. Likewise, the DR site should be adapted in order to continuously mirror the changing business requirements. By engaging in regular disaster recovery system tests, firms can ensure they will be fully prepared to continue operations in the event that a disaster knocks out the production environment.

Resolution #3: Locate, Review and Evaluate All Current Telecom Contracts.
Telecom contracts that you signed 1-3 years ago are probably coming due in the near future. To assess, begin by locating any contracts that are currently in place. Be aware of the re-term dates, as some contracts may have automatic renewal features which could lock you into the same terms without renegotiating. Make note of the contract expiration dates and plan to renegotiate or research better options before renewing for 2012 and beyond.

Additionally, stop assuming that carrier bills are accurate, and double-check to make sure you are not being overcharged and that no billing errors have occurred. Many organizations are not as automated as you may think. Be sure you can validate all costs and taxes on your invoices. If missed, these can be repetitive errors that you pay excessively for over time.

Finally, ask an Eze Castle telecom expert about making technology upgrades. For example, is making the switch from a land line or PRI over to VoIP right for your company? Can your phones or voicemail systems be upgraded? Does your firm require more bandwidth? Once you have spoken to an Eze Castle representative about your current setup, an audit can be performed to determine how your current environment runs and whether any other options exist to enhance it.

Resolution #4: Ensure Your Business Continuity Plan (BCP) is SEC/Dodd-Frank Compliant.
With increasingly stringent guidelines coming down from the SEC in recent years (including the implementation of the Dodd-Frank Act, part of which goes into effect in 2012) it is crucial to examine your firm’s business continuity plan to ensure compliance. Be sure to keep these important considerations in mind when determining whether your firm’s BCP is compliant:

• Do you have a designated evacuation site?
• Do you have all of the resources necessary to ensure your business can continue operations during a disaster?
• Do your employees know how to access all crucial applications if your office becomes inaccessible?
• Do you have accurate contact information for all employees?
• Does building management know who to contact from your organization in the event of a disaster or building closure?

Resolution #5: Perform a Comprehensive IT Systems Audit.
At Eze Castle, we recommend that our clients perform an annual IT systems audit and “checkup” under the guidance of a senior systems engineer. For fund managers whose primary focus is making sound investment decisions, making the time to thoroughly assess the firm’s IT environment is a task that can easily be overlooked.

However, this process is extremely important, as it provides perspective on the health of the firm’s current technology and can bring to light any areas where changes or enhancements should be made. Performing an annual IT audit is also helpful for management when outlining roadmaps and budgets for the new year. In an age when technology is quickly becoming a competitive differentiator in the investment industry, firms cannot afford to let inefficiencies persist in their IT systems.

Photo Credits: New Year's Resolutions Generator

Your First IT Decision of 2012? On-premise or Cloud

One of your first technology decisions of the year is your most important one: do you want your fund to operate on a traditional, on-premise technology infrastructure or utilize private cloud services? This decision will affect many of your other technology choices, notably the type of office hardware and connectivity you will require, so we urge you to do your due diligence and select the option that best suits your firm’s needs.

Once you’ve made your infrastructure selection, there is a seemingly endless list of additional technology requirements for your firm. Luckily, I’ve whittled them down here to focus on some top technology priorities for you to focus on as you enter 2012.

Infrastructure/Hardware

• Desktop computers, monitors, laptops, servers and printers
• Network connectivity featuring N+1 redundancy
• Wireless and Local Area Network (LAN) capabilities
• Physical and technical infrastructure security for Comm. Room and/or colocation facility (wherever your firm’s infrastructure is stored)

Software/Hedge Fund Applications

• Trading and order management system
• Accounting and/or portfolio management system
• Market data and analytics tool(s)
• Installation, maintenance and upgrades for all software

Telecommunications/Mobility

• Internet connectivity
• Voice systems (traditional or VoIP)
• FIX connectivity to brokers
• Mobile devices

Business Resiliency & Protection

• Disaster Recovery system, including remote/hot site
• Business Continuity Plan, including written processes and procedures
• Email Archiving solution to meet investor/legal requirements (e.g. Dodd-Frank)

As a follow up to this checklist, on Thursday we’ll offer our New Year’s resolutions that every hedge fund and investment firm should make in 2012. Stay tuned!

Want more now? Download our Guide to Technology Outsourcing.

Photo Credit: Google

We expect these trends to continue to permeate the blog through 2012, and we’ll continue to expand our reach by bringing you relevant and interesting content to read (and watch) come next year. If you have suggestions or feedback on the Hedge IT blog, please feel free to contact us.

Alas, here are our most popular hedge fund technology blog posts from 2011:

Dodd-Frank IT Implications for Hedge Funds: Disaster Recovery, Archiving

We provided a snapshot of the Dodd-Frank Wall Street Reform Act as it relates to hedge fund technology, notably system safeguards and record keeping. Non-exempt firms must comply by March 30, 2012.

State of the Hedge Fund Industry in 2011

Following a panel seminar we hosted in New York, we outlined the key market trends for 2011 in the hedge fund industry, including new fund launches, regulations and cloud computing. Presentation included!

Top Ten Questions to Ask a Cloud Services Provider

One of the most popular topics on Hedge IT is cloud computing, and this article breaks down our own Bob Guilbert’s top ten questions to ask a cloud services provider during the evaluation process.

Trends in Hedge Fund Technology Outsourcing

In accordance with the release of our newest guidebook, A Guide to Technology Outsourcing for Hedge Funds, we provided an overview of the key trends in technology outsourcing, including cloud computing, outsourced staffing and colocation services.

We’ve Got MORE Questions: RFP Questions on Business and Data Protection

Our most popular blog article in 2011 on the topic of business resiliency was this one, which outlines sample RFP (Request for Proposal) questions relative to disaster recovery, BCP, security, backup and more.

Hard Drive Shortage in Thailand Affecting Supply Chain for Resellers, Consumers

One of the biggest technology stories in late 2011 was (and still is) the hard drive disk shortage that transpired in the aftermath of flooding in Thailand. Read more about the situation and how it could continue to affect the technology industry in 2012.

Eze Castle Speaks: What We’re Thankful For (Video!)

A personal favorite of mine, we asked our Boston employees what they were thankful for this year. Watch our video to find out!

On behalf of everyone at Eze Castle Integration, we wish you a safe and happy New Year! See you in 2012!

So, we took a look into our technology crystal ball and pulled together a list of some exciting trends to look for in 2012. Enjoy!

The “BYOD” Trend

The BYOD (“Bring Your Own Device”) movement started to gain traction in some organizations in 2011 and seems to be catching on. This trend, in which employees bring their personal smartphones or tablets into the workplace for business use, is gaining popularity as companies begin to adopt Apple and Android products more widely. In 2012, expect more discussions about how to best manage business applications and data on employees' personal mobile devices.

Cloud Discussions Focused on Security

Cloud computing was a leading topic of discussion in the investment technology world in 2011. As more and more firms become interested in reducing costs and reaping the other benefits associated with the cloud, adoption will surely continue to increase throughout the industry.

Now that most fund managers are familiar with the cloud at a high level, 2012 will be the year of diving deeper into this type of infrastructure, focusing in large part on cloud security and data protection. The Security Guidance for Critical Areas of Focus in Cloud Computing Guide, which was recently released by the Cloud Security Alliance (CSA), serves as a roadmap for managers seeking to gain a better understanding of the security considerations associated with the cloud paradigm.

The Tablet Takeover

While Apple’s iPad certainly paved the way for the rapidly growing tablet market, a number of other industry players have developed rival devices with comparable capabilities and features. Samsung’s Galaxy Tab, Amazon’s Kindle Fire, Sony’s Tablet S and Motorola’s Xoom are just a few of the recent market entrants who have helped to spur the tablet movement. With skyrocketing adoption rates, look for this technology to grow in popularity throughout 2012.

Mobile Payment

Smartphones have saturated the enterprise market over the past few years. In 2012, look for Near Field Communication (NFC) technology to enable smartphone users to make payments by simply waving their phones near a credit card reader at checkout stations in stores or taxis. By the end of the year, it is expected that one out of every five smartphones will be equipped with this technology.

Voice Control

When Apple introduced Siri on its iPhone 4S device earlier this year, it was the first tool of its kind to accurately understand human voice controls and take corresponding actions, such as sending an email, responding to a text message or creating calendar alerts. Expect several Apple competitors to come out with similar voice control applications in 2012. An important factor driving this trend: many city and state governments are implementing laws against texting while driving. Voice-controlled devices may prove even more valuable for users who spend a lot of time behind the wheel.

2012 will certainly be an exciting year in the world of enterprise technology. We look forward to sharing more innovative industry trends with you next year!

Which of the above trends do you think will be the hottest in 2012?

With over 135 million members, LinkedIn has grown exponentially since its inception in 2003 and is the most respected “professional” social networking site in the industry. And regardless of what your reason is for using LinkedIn (recruiting, prospecting, job searching, etc.), it is essential that you put your best foot forward through your personal profile and activity.

The presentation below outlines a few tips to help you get the most out of LinkedIn, including:

• Building Your Personal Profile
• Customizing & Organizing Your Profile
• Making & Soliciting Recommendations
• Adding Applications
• Joining & Participating in Groups

In any type of disaster situation, it becomes a necessity to have a business continuity plan in place. You’ll need to ensure your employees know how to access their technology and how to communicate with each other if they are unable to get to the office during bad weather. There are a variety of potential scenarios that could ensue with the winter season approaching. You can learn more about these scenarios and how to respond to them here (when your hedge fund office is not accessible) and here (when your office is accessible).

Regardless of the specific scenario, there are certain business continuity best practices that your firm should follow in order to ensure your business processes are not interrupted when the first snowstorm hits.

The Importance of Communication

The reality is, you can have all the processes and procedures in place to prepare for a disaster, but if they are not properly communicated to your employees and external parties, then their effect will be minimal.

Start by determining who needs to be notified during a disaster, both internally and externally. In addition to employees and their families, you’ll want to consider the third-parties you work with regularly including investors, fund administrators, and other vendors. Once you know who to identify, the question is how to identify them. Consider using an automated messaging system that will send SMS (text) messages to all identified parties. Another good strategy is the use of wallet cards, which can be distributed to all internal parties and include information on alternate work locations and other business continuity instructions.

The key is remembering to start the communication process before you actually need to – while your technology is still available. Create a calling tree in advance of a disaster so each person understands who is responsible for notifying whom.

Finally, in order to ensure these messages are properly communicated, consider holding employee information sessions and conducting tabletop exercises internally to walk through formal processes and ensure everyone is on the same page.

Remote Access Technologies

When a winter disaster strikes, it’s very possible that employees will be forced to work from home or an alternative work location if they are unable to get into the office or the building is closed to tenants. But ensuring your employees actually know how to work remotely will go a long way in validating the effectiveness of your BCP plan.

There are a few different options for remote access, notably Virtual Private Network (VPN), Citrix, and Outlook Web Access (OWA).

• VPN: IPSec or SSL VPN technologies work by connecting your home computer to that which resides in your office. You are able to “remote desktop” and run all of the applications which live on your work computer’s server.
  
• Citrix: With a Citrix server, you are able to log into a website via any computer and get access to the applications that live on the Citrix server in your office. When you click any application icon, it will appear as if it is running locally despite being housed on your office server.
  
• OWA: For those companies who use Microsoft Outlook for email, you can log into OWA to access your email account from an external computer.

Whichever technology or combination of technologies your firm decides to employ for remote access, the key is ensuring your employees know how to properly use them and test them prior to a disaster.

When talking about remote access, another consideration to keep in mind is licensing. SSL VPN and Citrix are both licensed by concurrent users, meaning the number of users accessing the technology at any given moment. As your firm adds new employees and users, remember to add licenses according. Unfortunately, you won’t realize you have fewer licenses than you need until a potential disaster hits.

Remote Test Plans

A remote test plan is an effective means of ensuring your employees can remain functional during a disaster and that your business will not be negatively affected. Following are steps your employees should take to ensure they can use remote access technology successfully during a winter disaster:

• Validate successful communication to internal and external dependencies
• Confirm full functionality of required applications
• Perform all business functions
• Confirm access to vital records
• Redirect phones to home/mobile phone

You can also read our article on what is involved in a DR test.

Ultimately, your business will remain operational and successful during any winter weather disaster that strikes if you ensure you have the proper processes and procedures in place, you communicate those procedures thoroughly to your employees and you encourage all personnel to test their remote access capabilities.

If you would like to learn more about the BCP process or to speak with an Eze Castle Certified Business Continuity Professional, please contact us.

Our training and corporate development program is one of the many reasons our employees think Eze Castle is a great place to work. But enough from me! You want to hear straight from our New York employees about why they love Eze Castle, right?

It’s your lucky day. Check out our newest video and see what these Eze Castle employees love about their Best Place company!

Ledgex Systems is a software provider targeting the alternative asset management industry – primarily multi-fund managers and private equity firms. Since officially launching in 2010, Ledgex Systems has signed many new clients and invested greatly in expanding the functionality of its flagship product, Ledgex. Today they released Ledgex 4.0.

The Ledgex platform gives alternative asset managers the ability to systematically manage their portfolios, perform complex liquidity scenarios, and provide robust reporting, both internal and external to the firm.

Version 4.0 introduces Ledgex Reconciliation, a new module that provides an automated method for users to systematically import data from their administrators and compare it with existing portfolio data. Ledgex Reconciliation greatly simplifies the manual reconciliation process that various functional groups within a firm are tasked with performing on a daily, weekly, and monthly basis.

The new version also includes enhancements that private equity firms should appreciate including advancements in the ability to track in–depth account level details and provide a quick analysis and calculations of account assets and returns.

In case you aren’t well versed in all Ledgex has to offer, here is a recap of the other platform components:

• Ledgex Workbench, a streamlined portfolio planning module which consolidates portfolio management activity into a central workspace. Ledgex Workbench allows users to perform complex scenario-based trade planning, customized ‘what if’ analysis, and complex liquidity modeling for all future portfolio activity.
  
• Ledgex Manager, a comprehensive portfolio management system for fund of funds, private equity firms, endowments, family offices and fund administrators. Ledgex Manager solves the need for advanced portfolio management and administration and provides the ability to manage the investment pipeline, perform due diligence, track fund estimates and manage the final valuation processes.
  
• Ledgex Monitor, a fully customizable investment monitoring system. Ledgex Monitor provides the tools necessary to monitor and track firm-defined fund attributes for detailed analysis, fund attribution, and transparency reporting.
  
• Ledgex Investor Relationship Management (IRM) for managing quantitative and qualitative data for a firm’s investors and hedge fund or private equity interests.
  
• Ledgex Alerts enables individuals or groups at a firm to monitor internal and external activity, content, business data, and relevant industry information.

Want to learn more? Contact Ken Kilduff at 617-439-7340 or kkilduff@ledgex.com. Be sure to tell him your good friends at Eze Castle Integration sent ya!

• Cloud Computing – You probably knew this would top our list. Adoption of cloud technology continues to grow, especially as concerns around cloud security ease thanks to technology advances and education. Eze Castle Integration has invested millions in our Eze Private Cloud and today has nearly 160 clients utilising our cloud services.

• Virtualisation – This technology is becoming commonplace in both on-premise and hosted IT environments and we expect that trend to continue through 2012.
  
• Social Media – Business communications have evolved from purely email-based to now include social media platforms from Facebook and LinkedIn to Twitter, Google+ and YouTube. As such, hedge funds are challenged to create social media policies (or not) that guide users' actions in these communities. Participation in social media forums will surely continue to increase in 2012 so firms should consider how a social enterprise will impact their firm (either positively or negatively).
  
• Smart Phones and Mobile Applications – Apple has changed the game with its mobile devices, and today iPhones and iPads are becoming the norm, rather than the exception, for hedge fund professionals. The growing array of mobile devices and applications challenges IT to protect company data while fulfilling user demands for device autonomy.

Beyond technology discussions, part of Vinod's trip included attending the London Hedge Funds Care Open Your Heart Benefit. Vinod is a member of the New York City Committee of Hearts for HFC. Here is a picture of our team before they headed out for the benefit.

Useful Resources

• Exploring Cloud Services for Hedge Funds Resource Page
  
• Trends in Hedge Fund Technology Outsourcing
  
• A Guide to Technology Outsourcing for Hedge Funds

·

This year, we thought we’d ask our employees what they’re thankful for this holiday season. Check out the video below to hear their answers!

What are you thankful for this year?

Matt and I discussed how WAN optimization technology providers offer solutions that enable large volumes of data to be transmitted across telecommunication lines with minimal bandwidth. Through new products that are entering the marketplace, such as Riverbed’s Steelhead Mobile technology, employees can have LAN-like access to all of their important files and documents – just as they would if they were seated at their desks in the office – without incurring the steep costs involved with increasing bandwidth.

Why should my firm use this technology?

In an age where mobile computing has become commonplace, the ability to seamlessly complete one’s daily activities via a laptop, tablet or smartphone from anywhere in the world is crucial to maintaining operational efficiency. Issues such as bandwidth constraints, high-latency environments and application protocol inefficiencies often plague mobile users and hinder productivity and collaboration. WAN optimization eliminates these challenges by moving data rapidly without adding costly bandwidth. This results in many advantages for remote users, including:

• Web-based applications can be run 20-60 times faster
  
• Rapid document downloading and transfers for speedy collaboration
  
• Streamlined communication between employees regardless of physical location
  
• Significant reduction in bandwidth utilization levels
  
• Quick and easy deployment
  
• Decreased costs resulting from reduced data charges

How does it work?

Technology such as the Steelhead Mobile product is installed on an employee’s laptop or desktop PC and connects via the Internet to his or her mobile devices. Its activity is completely transparent to the user, so he or she does is not burdened with having to learn a new tool or change any existing processes. With this technology running in the background, the only difference the individual will notice is an enhanced mobile computing experience.

Looking for more information on WAN optimization for mobile users? Interested in whether this technology might be beneficial for your hedge fund or investment firm? Contact the Eze Castle Communications Team, or learn more about this technology on our website.

The Situation

In recent years, Thailand has emerged as one of the major manufacturing hubs around the world and is responsible for supplying a significant percentage (some argue as much as 70%) of the world’s demand for hard disk drives (HDD). As far as the technology industry is concerned, the current shortage of these hard drives has left major manufacturers crippled and hardware resellers concerned for the future. Notably, the shortage is affecting several of the top HDD producers, including Western Digital, Toshiba and Seagate Technology. And while these producers attempt to shift production to factories in other locations until the water recedes and factories can be rebuilt, the effects of the shortage are already being felt worldwide.

The Impact

The reality is that while we are already starting the see the short-term impact of this devastation, no one can know for sure what the long-term effects will be. Currently, manufacturer hard drive prices are already starting to rise. While some distributors are holding on onto their inventory as they play a “wait and see” game and attempt to determine next steps, others are already increasing prices by 10 to 20 percent, and the expectation is that that figure will continue to steadily increase over the next quarter, potentially upwards of 30 to 50 percent.

In the short term, expectations are that many distributors and resellers will (hopefully) have enough inventory to meet demand through the end of the year. Come 2012, however, no one truly knows. Much of the long term outlook will depend on when the floods finally recede in Thailand and manufacturers can begin to assess the damage and take measures to renovate and rebuild.

For distributors who may be faced with a shortage of inventory, the challenge becomes more difficult. Existing manufacturers’ hard drives will likely be distributed first to the government and secondarily to larger distributors. This leaves smaller value-added resellers (VARs) to fight their way up the food chain and hope they win the lottery, so to speak.

As we get closer to Q1 and the realization that many distributors and resellers will not have stock to meet their clients’ demands, we will start to see more significant effects coming into play. Lead times for new hard drives could reach upwards of 2 to 3 months. Servers, workstations, and other hardware could start to experience delays and price increases (Extended lead times on servers are already being pushed, with a normal 5-7 day lead time stretching to 20 days). Some analysts are predicting the consumer PC market will be hit hard in Q1 and Q2, with a potential reduction in sales by as much as $7 million.

And while the first thought may be to move infrastructures to the cloud, cloud providers may also be affected and become unable to meet the demand for space. Resolve is unlikely to come until well into 2012, and indications are that manufacturers like Western Digital and Toshiba won’t operate at pre-flood levels for 9-12 months.

Consumers and business who rely on distributors and resellers for hardware should speak directly to their vendors about preparations for the remainder of the year as well as for early 2012.

At Eze Castle Integration we are monitoring this situation closely and have contingency plans in place to support our clients. If you are an Eze Castle Integration client and have questions about inventory and hardware accessibility, please contact your Client Relationship Manager.

Photo Credit: Thomas Fuller, New York Times

Since the financial crisis in 2008, more and more hedge funds are considering outsourcing their middle and back office functions in an effort to reduce costs and gain a competitive advantage. Let's have a look at some of the questions raised at the seminar:

What are the catalysts for hedge fund managers to outsource their middle and back office operations?

• Desire to reduce operational risk by performing tasks that were not performed previously (i.e. daily cash reconciliation, collateral management, etc.)
• Inability to consistently align operations and accounting personnel with levels of trading activity
• Technology infrastructure and/or personnel that are insufficient to handle current or proposed strategies (i.e. new asset classes or increased trading volume)
• Opening overseas offices or taking on a global mandate which requires after-hours support
• Failure or serious questions arising from Investor operational due diligence (ODD) audits that need to be resolved
• Change in human resources (i.e. departure of personnel), which forces a firm to rethink its model

What trends are investors seeing in middle and back office outsourcing?

As investors become more demanding from an ODD perspective, the bar has been raised for hedge funds to run an institutional-grade post-trade infrastructure. This fact, coupled with a firm's desire to keep costs down, forces them to reassess their model and makes outsourcing an attractive proposition.

As firms look to outsource all or part of their operations and accounting functions, they are becoming more creative in the model they select. While the "lift out" model, whereby firms outsource all processes, has historically been popular, they now have more options availalble with compelling ROI metrics.

Tactical outsourcing has therefore been of greater interest. Along these lines, there have also been "hybrid" or "co-sourcing" models in which the organisation has the service provider hire and use some of the their employees to supplement the service provider's team of operations and/or accounting personnel.

What are the benefits that managers have derived from outsourcing their middle and back office operations?

• Cost reduction is a key benefit. Many hedge funds migrating to the cloud model from traditional in-house IT services can significantly reduce costs, as firms’ can outsource the infrastructure (processing power, storage, networking or number of users) to a third-party provider rather than purchase a costly in-house infrastructure.
• Firms have greater flexibility to scale up or down the IT infrastructure depending on the business needs.
• Expertise delivered by a third party service provider.
• The robustness of their operations can be used as a marketing tool and help reduce/eliminate ODD-related issues. Outsourcing can also provide better operational workflow documentation and assistance with ODD audits.
• Depending upon the service provider chosen, firms can keep their existing IT infrastructure and just use the personnel of the outsource provider to act as an extension of the firms staff either remotely or on-site.
• Outsourcing consolidates the firm’s infrastructure relationships to a single vendor, allowing them to focus on day-to-day business needs.

What are some of the concerns that hedge fund managers have expressed with regard to middle and back office outsourcing?

• Competence
• Disempowerment
• Language barrier (depending on where the outsourced provider's staff is located)
• Concerns that it would be very difficult to bring back in-house services if the firm is not satisfied
• Concerns over the ongoing viability of their service provider, which would put them in a precarious position if the service provider were to close its doors
• Investor perception
• Service level degradation

Be sure to come back on Tuesday for the third and final installment of our seminar recap on exploring cloud services!

Additional Resources:

• Trends in Hedge Fund Technology Outsourcing
• A Guide to Technology Outsourcing for Hedge Funds
• eBook: Examining Cloud Computing for Investment Firms
• 8 Considerations for Evaluating Outsourced IT Providers
• Exploring Cloud Services for Hedge Funds Resource Page

• Simon Eyre, Service Director at Eze Castle Integration
• Andrew Kaufmann, European Business Development Manager at Viteos
• Christian Nilsson, Head of Investment Solutions - Practice Lead EMEA at Thomson Reuters

So much information was covered at this event that we’ll be publishing three articles on what was discussed. First up (in this article!), we’ll look at IT outsourcing with hosted services. Next, we will cover outsourcing middle and back office operations.

What are the technical advantages of hosted services over on-premise solutions?

For smaller funds, advantages include:

• Gaining access to enterprise level technologies that improve resiliency and disaster recovery options
• Reducing internal IT staffing requirements

Larger funds receive the above benefits as well as:

• Expanded remote connectivity options that are delivered with hosted offerings
• Rapid scalability and flexibility, which allow faster implementations when compared with physical hardware
• Reduced requirements on the IT team to maintain renewals, licensing and warranties
• Allowing internal IT resources to be focused on strategic technology initiatives

What are the cost advantages achieved with hosted services?

• Significantly less equipment to be purchased, which delivers numerous benefits including reducing initial capital expenditures
• Reduced Comm Room or Data Room requirements within the office, which means expensive office space and resources (i.e. HVAC) can be allocated to revenue producing functions
• Hardware refreshes are handled by the service provider behind the scenes and costs are built into the service agreement so the client pays little to nothing for the tech refresh
• Firms gain instant access to the latest technology solutions

What is the impact of hosted services on an internal IT department?

• Dependencies on specialist IT staff (Networking, SAN Engineer, Virtualisation) are reduced
• Current staff can focus on solutions and applications that add value to the business rather than hardware support and maintenance
• Ownership of software upgrades and maintenance is the responsibility of the hosting provider and built into the monthly costs

Be sure to come back Thursday for part two on Exploring Cloud Services for Hedge Funds, where we will dive further and provide useful tips and resources.

Additional Resources:

• Trends in Hedge Fund Technology Outsourcing
  
• A Guide to Technology Outsourcing for Hedge Funds
  
• eBook: Examining Cloud Computing for Investment Firms
  
• 8 Considerations for Evaluating Outsourced IT Providers
  
• Exploring Cloud Services for Hedge Funds Resource Page

In talking with our Help Desk leaders, specifically Dan Kummer (our Director of Help Desk Services) and Andre Chinkan (Associate Director of Help Desk Services), we identified a number of questions they hear repeatedly from our clients regarding what to expect when working with the Help Desk. So, to help clear some of these up, we’ve put together a set of Help Desk FAQs.

Q: What types of support does the Help Desk provide to clients?

A: The Eze Castle Help Desk (aka "the Desk") provides outsourced IT support for all clients across all regions. Specifically, the team provides technical support, including both server/client and desktop support. Help Desk analysts handle incoming calls and emails, and use all resources necessary to help resolve issues.

In addition to the basic support that is provided via telephone, the Help Desk Resource Coordination team (a sub-group of the Desk) assists clients by providing access to on-site support. These individuals coordinate field engineer visits to clients' offices if an issue calls for that level of support.

The Help Desk Client Maintenance team (another sub-group) provides proactive maintenance to each of our clients across all regions on a quarterly basis. This helps to detect and address any potential technical issues before they arise or are brought to the attention of the client.

Q: What do I do if I am faced with a technical issue late at night or on the weekends?

A: The Eze Castle Help Desk team services all clients in every region on a 24x7x365 basis. The Desk is staffed around the clock with knowledgeable and experienced IT support analysts, and a manager is always either seated at the Desk or on call for assistance if needed.

Q. How can I be sure the analyst who takes my call will be knowledgeable enough to handle my issue?

A: The Eze Castle Help Desk leaders make it a top priority to hire only the best and brightest team members, and ensure that each employee is equipped with the necessary training and resources to provide top quality service to our clients. They work closely with our internal professional development team to provide both technical training and soft skill development to the Help Desk staff. The team frequently takes online courses and watches educational videos on various technologies in order to advance their skills on an ongoing basis.

Additionally, Help Desk analysts sit on an open trade desk, as opposed to segregated cubicles, so that knowledge sharing is both easy and encouraged. So if one analyst does not know the answer to a client’s question, he or she can speak directly with nearby colleagues to help resolve the issue. All analysts also have access to a vast array of resources housed on our internal Wiki, which serve as helpful reference materials for challenging questions.

Q: If the Help Desk analyst who answers my call does not know the answer to my question, how will it get resolved?

A: If leveraging the knowledge of fellow analysts on the Desk and online reference materials are not enough to fully resolve the issue, or if it requires onsite field support, Help Desk analysts will escalate the query via a formalized escalation procedure. Specific processes are in place for both normal business hours as well as nights and weekends, so clients can be assured that any resources necessary to resolve their problem will be employed to do so regardless of day or time.

Q: What if my problem persists or recurs?

A: Following any interaction with the Help Desk, clients receive a follow-up email or call from the analyst to ensure that the issue has been completely resolved. If for any reason the problem still persists, the analyst will then re-examine it and bring in other resources if necessary.

If the problem recurs again in the future and the client needs to place another call to the Desk, analysts can quickly review the original issue as well as what steps were taken in attempts to resolve it, so that the same tactics are not repeated and the client does not have to provide the same information over and over again.

Q: How can I provide feedback to Help Desk management on my experience?

A: Each member of the Help Desk team has a link to our client feedback survey in his or her email signature. When a client receives a follow-up email post-interaction, which is standard, the client can click on this link and provide feedback directly to the leaders of the Help Desk team. Also, when a new client is brought onboard, they are supplied with direct telephone numbers and email addresses of each of our Help Desk leaders, so that they can contact them directly at any time if they so choose.

Want to learn more about our awesome Help Desk? Check out our video from last year’s Help Desk Institute Awards, or read these great Hedge IT articles:

• An Award Winning Help Desk in Action: Eze Castle’s!
• What Makes a Great Help Desk? Part 1: The People Aspect
• The Technology Behind a Great Outsourced Help Desk: Part 2

To talk through some of these issues, we recently held a webinar featuring experts from Ridgefield Capital, Morgan Stanley and Eze Castle Integration. Take a look at our recap below. To listen to the full event recording, click here.

Disaster Recovery & Business Continuity Drivers

In today’s environment, hedge funds and alternative investment firms are looking for seamless operational connectivity as a means to attract investors, meet changing regulatory requirements and gain competitive advantages in the marketplace. Particularly since the credit crisis of 2008, firms are placing a stronger emphasis on risk mitigation. It is realistic to assume that there can be significant capital losses associated with downtime, and this fact highlights a greater need for technology systems and processes to mitigate risk and maximize operational efficiencies.

The focus on hedge fund technology has increased dramatically over the past several years, particularly around a hedge fund's disaster recovery and business continuity planning. Some investors, as we heard directly from one of our panelists, are requesting two Due Diligence Questionnaires from firms – one specifically designed for technology systems.

A Recent Reminder: Hurricane Irene

2011’s Hurricane Irene, which struck the East Coast of the United States back in August, was a reminder to all hedge funds and investment firms to prepare for anything. Firms like Ridgefield Capital were left with no power after Irene touched down on a Sunday, and, therefore, opted to move trading operations to their disaster recovery (DR) site Monday morning. Non-traders were able to get remote access via Citrix and work from their homes. Luckily, the firm had undergone a recent DR test, and employees were well-briefed on the proper processes for such a situation.

For firms who may not have undergone recent testing, however, circumstances could have been different (Read our DR testing FAQ). Even scarier, what about firms without DR in place?

Defining your Disaster Recovery Objectives

The first step in finding the right type of DR for your fund is identifying your mission-critical systems and applications. With this knowledge, you can easily calculate your firm’s Recovery Point Objective (RPO) and Recovery Time Objective (RTO) – which will help you determine the frequency of backups you require and the least amount of downtime your firm can endure. Read more about RPO and RTO here.

Once your firm’s RPO and RTO are defined, be sure to use an infrastructure checklist as you engage with DR providers. Look for physical and virtual security processes, significant power and cooling resources, and N+1 redundancy to prevent single points of failure.

How does Business Continuity Planning fit in?

In addition to a sound DR system, hedge funds and investment firms should also maintain comprehensive business continuity plans (BCP). BCP extends beyond technology to focus on the critical operations and processes that firms must have available if a disruption occurs. Once a plan is in place, firms must properly communicate that plan to employees to ensure its effectiveness. Here are a few suggestions:

1. Identify a predetermined rally point for employees to meet in the event of an unexpected disruption. A great way to make sure employees remember this location as well as other important information, such as phone numbers, is via a wallet card.
   
2. Identify and outline all essential employee processes and procedures in writing. Who is responsible for what tasks? Be sure to give someone the task of notifying third parties including prime brokers, fund administrators and trading counterparties.
   
3. Create a calling tree to ensure communication remains fluid and all personnel is promptly notified of the situation.
   
4. Utilize table top exercises on a regular basis to practice BCP scenarios.

Final Thoughts

Times have changed. Technology is no longer an afterthought, but an essential part of the investor due diligence process and a key differentiator for firms looking for capital allocations. Disaster recovery and business continuity solutions are prerequisites for hedge funds in today’s industry and should be frequently tested and updated to ensure they are remain aligned with changing businesses.

Quiz: How often should a disaster recovery (DR) solution be tested?

In preparation for the seminar, let's review the current trends in the UK hedge fund market as they relate to managed services.

In a tough economic climate with tighter budgets and stricter regulations, more and more hedge funds are looking to managed services to help align their IT and business needs.

Let’s have a look at some of the current trends that are influencing hedge funds to explore managed services:

• Running a hedge fund is more complex than ever due to changing regulations, shifting investor demands and rapidly evolving technologies.
  
• Rising overhead costs have made it prohibitively expensive to build and maintain an enterprise-calibre hedge fund infrastructure in-house, driving the demand for outsourced solutions.
  
• The financial crisis added impetus to the technology outsourcing movement, as cautious investors focused on operational risks and reliable, transparent reporting and accountability systems.
  
• The emphasis on outsourcing has shifted from permanent onsite data centres to offsite solutions, such as Software-as-a-Service, colocation and cloud computing.
  
• Hedge funds today can choose from a range of outsourcing solutions, including help desks, document management, virtual Chief Technology Officers, disaster recovery plans, Financial Information eXchange (FIX) connectivity and more.

Based on these market trends, hedge funds are increasingly turning to managed services because of the vast benefits they offer, including:

• Lower cost - Hedge funds are able to reduce their IT cost while gaining access to innovative network technologies that can offer a competitive edge in the market.
• Align IT with business needs
• Access to latest technology
• Built-in disaster recovery
• Increased level of support and network availability without additional staff and cost
• Adaptability to changing business needs

We hope you can join our London event on 26 October 2011 where we'll explore this topic in more detail.

Be sure to come back for part two on Trends in Managed Services in the Hedge Fund Industry, where we will dive further and provide useful tips and resources from our breakfast seminar.

Additional Resources

• Is Your Hedge Fund Stuck on the Technology Treadmill?
• Trends in Hedge Fund Technology Outsourcing
• A Guide to Technology Outsourcing for Hedge Funds
• eBook: Examining Cloud Computing for Investment Firms
• Selecting a Technology Service Provider: Why Experience Matters
• 8 Considerations for Evaluating Outsourced IT Providers

• Cards is a new app for creating and sending greeting cards via the mail.
  
• Find My Friends is a cool service that allows you to see the location of your friends, if they choose to share such information via their iPhone. This app will be great for those of us with kids who want to know where they are and keep a close eye on them. An added benefit is that it has enough parental controls to prevent iStalking.

From there, Apple announced iOS 5, which will be available for the iPhone, iPad and iPod touch on Wednesday, October 12. Some of the more noteworthy new features coming from iOS 5 include Reminders and the updated Safari and Mail apps.

• The new Safari version allows users to keep a reading list and, if you have an iPad, gain tabbed browsing. The reader feature also allows you to download an article in advance without the ads, which is not only cool but also enhances user productivity by giving them access to articles even when Internet service isn’t available.
  
• The new Mail app offers encrypted message support and improved mail formatting, reminder flags and reply/forward indicators. It’s not quite Blackberry-level yet, but it is getting there.
  
• The new Reminders feature makes your Outlook task list syncable with your iDevice.

The other big feature discussed (which we already knew about and will also be available on October 12th) was the iCloud. The iCloud allows for syncing devices registered with the same Apple ID over the air providing a new way of automated backups. If it works, it’ll be genius. But be warned – it is NO exception for manual backups. You should always backup! The iCloud is just a supplement.

And the part we’ve all been waiting for… the iPhone 4S (no iPhone 5 yet).

iPhone 4S has a faster processor, superior graphics, a much better camera, and looks just like the current iPhone 4. Additional features - the ones that matter - are the new components. They allow for faster speeds (not quite LTE, but still fast) and connections to both GSM and CDMA, which make this a “World Phone.” For those of you that like Verizon and like to travel, you can now do it and stay connected. Checkout our handy comparison chart on iPhone 4S versus iPhone 4.

These enhancements alone make the iPhone 4S just a toy and not the new device we all need and hoped for. Luckily, Apple added one more big feature – Siri, a “voice assistant.” If the claims are true, in my opinion, the iPhone goes from another high-tech gadget to a must-have. Being able to ask my phone any question and get an accurate answer is like having a personal assistant with me at all times. (Check out: "Tech Talk: Should I trade my BlackBerry for an iPhone)

With Siri, you can ask a question based on info you have on your phone, such as your calendar, or dictate a reply to a text message. You can even ask about the weather, stocks or restaurants – and it replies accurately. That’s pretty awesome – if it works.

And the conclusion…I view the new features as a definite win. I’ve been using the beta developer releases of iOS 5 for a few months now on my iPad and, although definitely buggy at first, iOS 5 has made the iPad much more useful. As for iPhone 4S, while certainly faster and more visually pleasing, I’m holding my opinion until I can play with the voice assistant.

What are your thoughts on Apple’s announcements today?

Comparing iPhone 4S and iPhone 4

When Irene struck New York on Sunday, August 28, most people were fortunate enough to find shelter in their homes. And while financial markets were closed, many businesses were still concerned about the technology infrastructure in their offices and the potential loss of power and/or data as a result of the storm.

This particular firm, based in midtown Manhattan, had a primary Internet line that ran through its building’s basement level. Several telephony circuits also ran through this space. Due to the heavy rains from Irene, this basement quickly flooded, damaging Internet service and creating packet loss and uneven traffic.

Upon notification of the situation, this firm chose to run their traffic over their wireless Internet 10 megabit (mbps) circuit, which operates via a point-to-point microwave connection to a fiber-connected building located in the heart of the city. While other businesses were scrambling to deal with the repurcussions of Irene come Monday morning, this firm was able to operate seamlessly knowing they would have network availability in their office.

The wireless connection had been previously tested and proven to withstand disruption from all elements – even those as vicious as Irene’s. Understanding the severity of risk involved in a primary, landline connection going out of service, the firm chose to purchase a wireless Internet connection as well to maximize network availability and minimize downtime. And it’s a good thing they did!

Following the success of the wireless Internet, the firm has also opted to purchase a hosted voice solution as a backup to their telephony circuits, which were also damaged during Hurricane Irene.

It just goes to show – even the Internet is susceptible to inclement weather! To learn more about how your firm can prepare for inclement weather, view our presentation or download our ECINet Wireless Datasheet:

Eze Castle Integration’s ECINet Wireless service provides more than 100 times the bandwidth than a conventional T1 line and offers increased redundancy by avoiding contact with landline-based infrastructure. It offers up to 100 megabits per second (mbps) by using the rooftops of a number of strategically-placed hubs to beam bandwidth to clients. ECINet Wireless is currently available to firms in the New York City and Stamford, CT regions. Please contact us directly for more information.

Photo Credit: Flickr

The tablet computing industry is growing at an exponential rate with no signs of slowing down. More and more hedge funds and alternative investment organisations are considering moving away from laptops and notebook computers as the popularity of the tablet continues to grow. Many hedge funds are becoming attracted to the tablet more than ever, as this new technology allows them to track down market intelligence and stay abreast of changes more efficiently via apps, as opposed to trawling through the web via laptops or desktops.

Tablet apps provide hedge fund users with a tailored computing experience, as they are now able to dive right in and get the information they require instead of having to take time searching for it. This is a major advantage for hedge funds because it allows managers to focus on returns and keep a closer eye on risk and exposure.

There is certainly no shortage when it comes to innovation and advancements in the world of tablets and technology. Thus far, Apple's iPad has established and dominated this industry. But as time passes, we are seeing new competitors entering the marketplace. Today, some of other the key players in the tablet industry include:

• Google Android
• Motorola Xoom
• BlackBerry PlayBook
• Samsung Sliding Series 7 PC
• Lenovo IdeaPad U1 Hybrid
• LG G-Slate

At the moment, the Apple iPad 2 still ranks as the most widely used tablet among hedge funds and other alternative investment organizations. However, as these new competitors continue to improve their offerings, they are beginning to steal a greater share of the tablet market.

Need help choosing the right tablet? Click here for some reviews and additional information on the key players in the tablet market.

Also, be sure to check out these other useful resources on mobile and tablet computing:

• Tech Talk: Should I trade my Blackberry for an iPhone?
• Apple for Enterprise: A Few Key Facts
• iPad and iPhone Apps of Note for Business and Entertainment
  

Image source: Computerworld

• The changing economic environment as a result of the financial crisis and increased investor focus on transparency and operational risk
• Rising overheard costs relative to owning, maintaining and monitoring one’s own technology infrastructure

Hedge funds and investment firms can leverage outsourcing in a variety of ways – everything from help desks to document management, virtual Chief Technology Officers and other staff to disaster recovery plans, FIX connectivity and more. But regardless of the specific elements being outsourced, funds should look for a few baseline requirements as part of an outsourcing solution:

• A secure physical infrastructure;
• Efficient and reliable communications;
• Data protection; and
• Vendor strength and stability.

Outsourcing options have evolved in recent years to support the growing needs of hedge funds and alternative investment firms.

Cloud Computing
Through the cloud, funds can leverage outsourcing options such as software-as-a-service, infrastructure-as-a-service, disaster recovery solutions and more.

Staffing
Sometimes funds need personnel more than technology or infrastructure services. Outsourcing offers firms a variety of staffing options: for larger firms with in-house technology employees, they can leverage the expertise of a virtual Chief Technology Officer or supplemental and support staff for special projects. Smaller firms that do not employ their own IT staff may choose to outsource that department in its entirely so they can focus on doing what they do best – making investment decisions.

Colocation
For funds not quite ready to outsourcing their technology solely to the cloud, colocation offers an alternative which allows for increased availability and redundancy without the needs to maintain infrastructure on-site.

FIX
Outsourcing FIX connectivity helps funds reduce costs and time commitments for installing, testing and maintaining connections to brokers.

Be sure to reach Part 2 of our Technology Outsourcing series, where we take a deeper dive into Software-as-a-Service and Infrastructure-as-a-Service and the role they play in technology outsourcing!

Photo Source: iStock

Following are a few of the top industry events coming up this fall for your consideration.

FINforums Annual Hedge Fund Summit

Wednesday, September 14
The Princeton Club of New York, NYC
http://www.finalternatives.com/node/16258

Join FINforums and a group of distinguished industry experts as they discuss the most important and pertinent issues that are currently affecting hedge fund managers and other industry players. Topics covered throughout the Summit include:

• The global macro outlook for Q4 and beyond
• Techniques for successful capital-raising
• Regulatory and compliance issues
• Alternative hedge fund structures

This event is open to fund managers from hedge funds, private equity firms, commodity trading advisors, real estate funds and traditional asset management organizations. Investors and asset allocators are also invited to attend the Summit, as are service providers such as lawyers, fund administrators, technology companies, prime brokers and accountants.

Don’t Miss:
The Business of Running a Hedge Fund
10:20am – 11:05am
Speakers: Ibrahim Gharghour (Pulse Capital Partners), Michael Alexander (Smarsh, Inc.) and Vinod Paul (Eze Castle Integration)
Moderator: Simon Fludgate (Aksia)

Rosenblatt Securities 3rd Annual Financial Technologies Summit

Wednesday, September 28
The New York Helmsley, NYC
http://rblt.com/2011ConferenceDay2/overview.aspx

Join Rosenblatt Securities for a breakfast presentation and interactive discussion led by Rosenblatt’s Director of Market Structure Analysis, Justin Schack, and President, Joe Gawronski. The primary topic of discussion will be an update on global market structure developments as they relate to trends in trading and regulations. Following that, Rosenblatt’s Managing Director and Partner, Scott Burrill, will give a short presentation on the latest technology trends in capital markets.

The objective of this Summit is to help private equity investors, corporate strategy executives and other industry players to gain a better understanding of the latest innovations in trading technologies, especially managed services, big data & cloud computing and data & analytics. The event is also an outstanding networking opportunity for all attendees.

Don’t Miss:
Build or Buy? Managing Your Infrastructure in the Age of Managed Services
Speakers: Theodore Lardos (Raptor Trading Systems), Bob Guilbert (Eze Castle Integration), Nigel Kneafsey (OptionsIT), Steffen Gemuenden (RTS Realtime) and Philippe Thomas (Ullink)

TradeTech Architecture 2011

Tuesday, October 4 – Wednesday, October 5
Hilton, Tower Bridge, London
http://www.wbresearch.com/tradetecharchitecture/

TradeTech Architecture will be returning for the fourth consecutive year on October 4-5 in London. This event is open to CIOs, CTOs, chief architects, heads of storage, security experts, application developers and infrastructure managers from throughout the investment industry. The event will provide insight into strategies for reducing costs and secure state-of-the-art technology to expand your business and compete more effectively on a global scale. Discussion topics include:

• Future trends in cloud computing
• Cross-asset trading
• Increasing market data volumes
• Infrastructure options

Don’t Miss:
The exhibit hall floor!
Be sure to stop by Eze Castle Integration's booth (Booth #14) for some great information.

FinCLOUD 2011

Thursday, October 6
Bayard’s Conference Center, NYC
http://www.fmwonline.com/fincloud-2011

The 2nd Annual FinCLOUD conference is focused on cloud computing in the financial services industry. This cutting-edge training and networking event is aimed at providing information on a variety of topics related to cloud computing to representatives from investment firms across the global financial markets. Topics to be covered include:

• Understanding public, private and hybrid cloud infrastructures
• Understanding regulatory and compliance burdens with the cloud
• Cloud security

Don’t Miss:
Cloud Computing on Wall Street: Making the Business Case
A panel discussion featuring Vinod Paul (Eze Castle Integration)

For more information on investment industry events,
be sure to check out our News & Events page!

But the technology treadmill is not a firm’s only option anymore. Costly in-house, traditional IT services are giving way to more cost-effective outsourced IT and managed services that get firms off the treadmill and on a path to success.

Let’s have a look at some of the key reasons why firms are moving from traditional, on-premise IT services to managed services.

What are the keys factors driving hedge funds to managed services?

With hedge funds still feeling the effects of the financial meltdown, including tighter control on budgets and staff, many firms are turning to managed IT services, allowing them to align their IT requirements with their business needs.

Moving to managed services provided by an outsourced IT provider not only makes it easier to deploy technologies, but they are also designed to meet the constraints of limited IT resources and budgets in downtime.

Two of the most important factors driving firms to switch from traditional IT services to managed services are lower costs and lower risk.

Lower costs
Moving to managed services is one of the most effective methods for hedge funds to reduce IT costs while gaining access to innovative network technologies that can provide a competitive advantage.

Lower Risk
Managed services also eliminate the risk that the company will need to make a large capital expenditure to accommodate unplanned business changes.

Some other benefits include:

• The ability to focus on core business competencies and save time
• Increased levels of support and network availability, without the requirement of additional staff
• Instant access to the latest technology solutions
• Easier adaptation to changing business conditions

Managed IT services can help firms to evolve in the midst of difficult economic conditions, giving them access to cutting-edge technologies and management expertise – without ongoing investments and technology upgrades.

By turning to managed services providers, hedge funds can save both time and money.

The biggest trend in the hedge fund technology is cloud computing. This trend looks to continue to gain popularity throughout the hedge fund industry, particularly given its cost benefits and flexibility.

What are the benefits of switching to managed services?
Managed services offer firms access to affordable, best-of-breed technologies, which can be deployed quickly and cost-effectively and can solve staff recruitment and retention issues.

Managed services have become a cost-effective way to manage the IT infrastructure of a firm. With so many reasons to move to a managed services platform, the technology treadmill shows no signs of slowing down.

Additonal Resources:

• eBook: Examining Cloud Computing for Investment Firms
• Guidebook: A Guide to Technology Outsourcing for Hedge Funds
• Video: Hedge Funds & the Cloud

Photo Source: Flickr

This was an important question on our survey, particularly in light of changing requirements under the Dodd-Frank Wall Street Reform and Consumer Protection Act. Dodd-Frank now requires registered investment advisers to retain email records for between five and seven years. In addition to regulatory requirements, investors are also looking for firms to have email and IM archiving in place as part of a complete technology infrastructure.

A comprehensive archiving solution will assist investment firms in responding to any audits or litigation discovery requests in a timely manner. An ideal solution, for example, should be able to effectively handle electronic discovery requests under the Federal Rules of Civil Procedure (FRCP) by ensuring quick access to relevant data and avoiding disclosure of irrelevant, sensitive or proprietary information.

Another key requirement of an archival solution is the use of a dedicated server for storage. The use of an off-site, dedicated server aligns with regulators’ preferred archival method because it virtually eliminates concerns surrounding the potential intermingling of customer data.

Following are some additional best practices for email and instant message archiving for investor and regulatory compliance:

• Retain emails and IMs for the prescribed amount of time by law (Dodd-Frank indicated firms should retain records for a minimum of five years)
• Don’t (only) use tape backups – in the event of a disruption or disaster, you should be prepared with another method of retention
• Store your data in a Write Once Read Many (WORM) format that preserves message integrity and prevents alterations
• Allow for easy indexing and searching of files
• Keep archived data on your own server and make sure it can be accessed quickly if need be

Finally, below are a few questions to keep in mind as you determine which email archiving solution is best for your firm.

For more information on Eze Castle Integration’s email archiving solution, Eze Archiving, click here.

Advantages of Working with Experienced Providers

Well-established outsourced IT firms typically boast a more seasoned and reputable management team than young, inexperienced companies. These individuals are more familiar with the nuances of the industry and are in a better position to understand your firm’s unique business needs. Equally as important, having an experienced management team typically helps a provider attract, develop and retain the best and brightest technical staff, including highly skilled engineers and analysts.

In addition to having a top quality team, established providers are much more likely to have a greater depth of staff available to service their clients. Look for a company that can provide a dedicated project manager and an accompanying team that is responsible for ensuring that your firm’s projects and initiatives are designed, managed and implemented to meet your exact requirements.

Another advantage of working with an established technology service provider is that they have extensive client and partner networks already in place. This means that your firm will likely have the opportunity to speak with peer organizations that are working with the provider to understand their experiences and the benefits of using that provider’s solutions and services. Additionally, with vast partner networks in place, established IT organizations are able to leverage best-of-breed technologies from leading vendors to benefit their clientele.

Disadvantages of Working with Inexperienced Providers

At start-up IT companies, it is common for management to adopt overly aggressive pricing strategies aimed solely at undercutting competitive offerings. While low pricing might initially seem appealing, there are certainly some significant trade-offs involved. By slashing prices on solutions and services, young firms are forced to sacrifice value in the technologies they provide to clients in order to maintain margins. If not, they will be unable to operate profitably, which leads to financial instability and can be extremely risky for the clients who rely on them.

Start-up IT firms are also more likely to agree to terms within client deals that a more established firm would not accept. With much less to lose, these small, new companies are willing to take much greater risks in order to win new business. Larger, more established organizations do not need to win every contract in order to survive as a business, thereby putting them in a better position to thoroughly review all client deals for the benefit of both parties before reaching a mutually beneficial agreement.

For more on what to look for when selecting an outsourced technology provider, be sure to read our article on “8 Considerations for Evaluating Outsourced IT Providers.”

Eze Castle Integration is a leading provider of outsourced IT solutions and services to the hedge fund and investment management industry. To learn more, visit our Outsourced IT page, or contact an Eze Castle representative today.

The reality is that there are security concerns with any type of technology infrastructure. Doing comprehensive due diligence around cloud architecture, management, security policies and service providers will go a long way in satisfying those concerns.

Threats in the Cloud

The Cloud Security Alliance had identified some key threats for both infrastructure and application services in the cloud. They include:

• Shared technology issues: At the heart of cloud computing is the premise of sharing underlying infrastructure components. If security requirements and protocols are not integrated into the shared infrastructure at multiple levels (i.e. computing resources, storage, and networking) then vulnerabilities could exist. This is particularly crucial to keep in mind when evaluating public cloud environments, through which there can be limited isolation.
  
• Data loss or leakage: This is a real, yet unacceptable risk for any investment management firm, and the impact is far-reaching. Just as with traditional on-premise environments, threats in the cloud can include accidental deletion of data, unauthorized access or database corruption. It is essential to have strong controls in place, as well as data encryption and data protection processes.
  
• Unknown risk profile: Another threat, which may cause a firm to accept unknown risks, is lack of knowledge of a cloud provider’s security protocols and policies. It is important to inquire about a cloud service provider’s security software, update and patch procedures, intrusion detection and alerting and overall security design.

Next week, we’ll take a closer look at some specific security considerations for evaluating a cloud services provider, including multi-tenancy concerns, physical security, and virtualization and server security. In the meantime, click here for more information on Eze Private Cloud Services.

Photo Credit: Flickr

Leasing is one of the most flexible and cost-effective financing tools available. Through technology leasing, businesses can easily make changes to their IT environment without worrying about accounting concerns such as write-offs, depreciation or disposal costs. Leasing is particularly popular among firms seeking to maximize corporate finance efficiency while using their world-class technology infrastructure as a key competitive differentiator. Leasing offers an efficient and effective strategy for organizations looking for maximum return from their IT investments with minimal risk.

I recently sat down with Pam Corrigan, Eze Castle Integration’s Lease & Maintenance Specialist, to discuss why leasing makes sense for hedge funds and other financial organizations:

• It helps free up capital. Leasing helps firms conserve capital. The ability to keep and use cash for other investments is extremely attractive, especially when considering that the alternative is tying up those same funds on depreciating expenses. Additionally, there are sizable tax savings that can be realized through leasing.
  
• It allows for simplified budgeting. Simple monthly payments, which can be tailored to meet your unique business needs, replace large cash or credit outlays.
  
• It results in increased flexibility and scalability. Leasing allows firms to expand or renew their IT infrastructures independent of budget cycles. IT budgets can be stretched by paying only for the use of the equipment, as opposed to investing heavily in the equipment itself up-front. Leasing allows funds to align the monthly cost of IT assets with the benefits they provide.
  
• It can reduce total cost of ownership. Effective leasing strategies can reduce total cost of ownership. Terms are typically customizable to match your specific financial and technological needs. Maintenance licensing and support can be added to ensure coverage over the useful life. Leasing also eliminates the costs of equipment disposal.
  
• It helps to protect against risk. Older technology can be expensive to operate and maintain and is often less efficient. Leasing establishes a schedule for equipment renewal that can protect against obsolescence. Leasing gives you the ability to upgrade and refresh as your technology needs evolve, often with little or no change to your monthly budget.
  
• It’s a competitive differentiator. Investors are likely to place their trust in a firm with a top quality IT infrastructure that is highly flexible and efficient yet requires minimal capital investment or risk.

Eze Castle Integration recognizes the value leasing can provide firms. We offer a variety of leasing options to ensure clients receive an attractive leasing package every time. Our dedicated, in-house leasing and maintenance specialist is available to help with all questions regarding leasing. Contact Eze Castle today for more information.

To listen to a replay of the event, click here.

What’s driving the move to the cloud?

There is little doubt that the movement to the cloud within the hedge fund industry is significant. For startup firms, especially, cloud adoption is becoming nearly universal. In addition to cloud adoption, the general trend toward outsourcing continues to grow, as investment firms realize that multiple aspects of their business can be outsourced (human resources, accounting, etc.).

There are a number of factors responsible for driving the cloud computing trend, including investor acceptance, the increased need for disaster recovery, staffing considerations, and, of course, cost.

Years ago, hedge funds and investment firms had to spend a lot of capital building their own infrastructure. Post 2008 economic crisis, however, there is wide-scale acceptance of the cloud, even from investors. Accordingly, the quality of cloud offerings by service providers has increased to meet the growing demand. Additionally, both investors and new regulations are driving the need for robust and redundant disaster recovery and business continuity plans, which are easily deployable via the cloud.

Staffing is also a consideration for firms thinking about moving to the cloud. Especially for smaller startup funds who have limited means, the reality of hiring and training an internal IT staff is often impossible. Expertise in-house can be hard to find as well as costly.

Speaking of cost, it is also a significant driver in the move to the cloud. Again, for startup funds in particular who have limited capital to devote to technology, the cloud offers an alternative that requires minimal to no upfront capital expenditures on day one.

Technology Drivers

In the past, hedge fund technology literally meant having an IT footprint and personnel in-house. Funds often had limited space and limited power/heating/cooling resources, primarily due to expensive real estate costs. With technology on a refresh cycle of about three years, also, on-premise hardware costs continued to elevate.

In the last five years, however, there has been a major shift in the industry to new and evolving technologies. This transition can be attributed to three primary factors:

1. Cost: Virtualization and storage technology has evolved and can now be deployed at much lower costs. Private cloud solutions are based at redundant data centers, and the cost of dedicated connectivity to these facilities has also decreased.
2. Risks: The investor due diligence process is more extensive than ever, and investors want to understand the risks that come with managing your own technology infrastructure in-house.
3. Redundancy: Hedge funds (and their investors) want to see that their data exists in an environment that has physical redundancies, including multiple power grids, cooling units, access to many lines of connectivity, as well as an easy path to switch to disaster recovery. One of the greatest benefits to cloud computing is that with the right provider, a hedge fund can have their data and applications reside in a redundant environment and easily deploy their disaster recovery at another physical location in the event of a disruption.

How to Determine if the Cloud is Right for Your Firm

There are a host of factors that go into determining if cloud computing is the right technology solution for your investment firm. Look for the following 5 characteristics when evaluating the cloud:

• Dedicated vs. Shared Resources: You want to ensure that your data and applications are isolated from those of other firms.
• Disaster Recovery: Having an easily deployable DR system as part of a cloud services package is a must-have, particularly as the investor due diligence process heats up and new regulations go into effect.
• Ownership: Ensure your cloud services provider owns their own equipment and is not outsourcing key functions, such as email.
• Security: Ask about what type of security and monitoring practices (physical and electronic) are in place at your provider’s data center(s).
• Service Level Agreements: You want your cloud infrastructure to be backed by a comprehensive SLA that ensures top performance and uptime.

Selecting the Right Cloud Services Provider

The factor that may ultimately be your most important during the evaluation process is finding the right service provider. It is essential that you feel comfortable and secure with whichever service provider you choose to utilize. Before you even get to evaluating their technical abilities, look at the following:

• Does the provider have an established client base?
• How many years have they been in business? Do they have sound financials?
• Do they have a global footprint to support multiple office locations?

From a technical perspective, also ensure that your provider had a 24x7x365 Help Desk as well as monitoring capabilities to keep your data and applications secure at all hours of the day and night.

If you would like to learn more about cloud services, check out our resources:

• eBook: Examining Cloud Computing for Investment Firms
• Blog: Top Ten Questions to Ask a Cloud Services Provider
• Datasheet: Eze Private Cloud Services Overview

Photo Source: iStock

1. Breadth of Solutions

Does the IT provider offer all of the solutions and services necessary to encompass all aspects of the technology foundation required to help your firm operate effectively and efficiently? These can vary depending on your firm’s specific business requirements, but may include such solutions as backup & recovery services, business continuity planning, disaster recovery, email & IM archiving, telcom services, cloud services, application hosting, consulting and project management.

2. Depth & Quality of Staff

When selecting an outsourced IT provider, it is crucial to understand who you will potentially be working with. Is the organization led by a seasoned, reputable management team? Do they employ a skilled technical staff of engineers and analysts to assist with all stages of your infrastructure build-out and maintenance? What pertinent technical certifications do they hold?

In addition to ensuring that the provider has a top quality team, it is also important to note the depth of that staff. In other words, do they have a team of engineers and analysts that is large enough to ensure that someone will be available to assist you 24x7x365 if necessary?

3. Experience in Deployment

Does the service provider have deep experience in deploying these types of solutions and services in an investment management environment? Do they have experience working with funds of all sizes, from small start-ups to large, well-established firms? There are numerous outsourced IT providers out there, but be sure to select one that is experienced in deploying systems that are specific to your industry and has a solid understanding of your business environment.

4. Project Management Experience

Will your firm receive the benefits of a dedicated project manager and accompanying staff to ensure that your initiatives are coordinated, designed, and implemented to your exact unique requirements? For instance, if you choose to relocate offices, does the provider have the expertise and experience to facilitate this process?

5. Hosted/Private Cloud Infrastructure Options

Cloud computing has emerged as the prominent trend in investment technology this year. Look for a provider that offers a robust, scalable and secure cloud infrastructure model. Also, ensure that the infrastructure is maintained by a team of highly trained and certified professionals with experience in financial services operations. Tier III data centers (or higher) that are SAS70 certified should be used to host your firm’s critical data.

6. Disaster Recovery Policies & Procedures

Does the provider maintain contingency plans or disaster recovery plans with proper risk controls designed to allow continued performance and availability at all times? How will the provider ensure that your data is secure, protected, and accessible even in the event of a disaster?

7. Vendor Relationships

Does the organization have strong vendor relationships in place that will allow them to leverage the benefits of best-in-class third party providers on your behalf? Strategic partnerships with top-tier technology companies are crucial to maintaining a world-class IT environment for your firm.

8. Geographic Reach

Does the provider have offices dispersed in different areas of the country and around the world? Do they employ staff in different time zones to ensure that assistance is available to you 24x7x365? If your firm has multiple offices, or is considering opening more in the future, ensure that you will be able to use that provider to service all regions, thereby streamlining costs and increasing efficiency.

Eze Castle Integration is a leading provider of outsourced IT solutions and services to the hedge fund and investment management industry. To learn more, visit our Outsourced IT page, or contact an Eze Castle representative today.

Also, be sure to check out our new SlideShare presentation outlining our
8 Considerations for Evaluating Outsourced IT providers!

8 Considerations for Evaluating Outsourced IT Providers

View more presentations from Eze Castle Integration.

What is the most significant technology trend you’ve seen in the hedge fund industry in 2011?

Find out what our experts had to say! And stay tuned because next month we’ll be back with another hot topic as part of our Roundtable Series.

--------------------------------------------------------------

“Cloud computing is the biggest trend in the industry right now. Nearly 90 percent of firms we have engaged with year-to-date are interested in the cloud on some level. With cloud services, firms have increased flexibility and scalability and often lower costs, so it’s no surprise that it’s become such a growing trend.”

- Vinod Paul, Managing Director of Service & Business Development, New York (NY)

--------------------------------------------------------------

“By far, the biggest technology trend in the hedge fund industry right now is the private cloud. We have seen a great increase in interest in private cloud services over the past two years, and we expect that trend to continue for the foreseeable future.

Unfortunately, along with the increased interest in the cloud, there is also increased confusion. It remains a priority for us as a cloud provider to focus on educating our clients and partners about the private cloud, as well as its benefits and challenges.”

- Bob Guilbert, Managing Director of Marketing & Products, Boston (MA)

--------------------------------------------------------------

“From the various meetings I’ve had with clients, the two things that come to mind are compliance and cloud computing. With the passage of Dodd-Frank, many long-time clients who have never had disaster recovery and email archiving have sought out our counsel on these issues.

Cloud Computing is obviously the other trend. Clients are seeking our advice on how their firms can take advantage of this platform. Whether as a fully hosted infrastructure or a means to host certain applications, clients are very interested in learning about ways to utilize the cloud.”

- Abraham Thomas, Director of Service, Stamford (CT)

If you would like to learn more about these technology trends, visit our dedicated knowledge centers:

• Dodd-Frank/Hedge Fund Regulations
• Cloud Computing for Hedge Funds

What is WAN Optimization?

A company’s wide-area network (WAN) encompasses all aspects of its global enterprise. This network connects all offices and individuals who are a part of the organization across all physical locations. Traditionally, connectivity between workstations is faster and more efficient when both are located within the same office space. When sharing information between PCs, laptops or mobile devices that are in different geographic locations, the lag time is often greater.

Ideally, firms would, of course, prefer to have rapid information sharing capabilities between all points on their WANs. However, the costs involved in implementing telecommunication lines with enough bandwidth to accommodate this type of connectivity are typically very high. Since telcom charges are incurred on a recurring monthly basis, this could result in an astronomical investment over the long run.

WAN optimization provides an alternative way to rapidly transmit data between disparate points on a WAN without the excessive long term investment. Providers such as Eze Castle’s partner Riverbed offer solutions that can enable the transmission of large volumes of data across relatively small telcom lines. These solutions condense and encrypt the data at the point from which it is sent out (so that it requires only a fraction of the bandwidth) and then reverse this process at the other end, thus enabling the rapid and secure transmission of data.

What are the benefits of this technology?

WAN optimization allows firms to reduce their long term telecommunication costs significantly. While there are initial set-up and installation expenses to consider, monthly charges will remain low as large volumes of data will be transmitted using minimal bandwidth. Over the long term, this becomes a very cost-effective solution.

In addition to cost savings, there are a number of other advantages associated with WAN optimization that hedge funds can take advantage of, including:

• increased application acceleration up to 50x;
• IT consolidation across several office locations;
• enterprise-wide network and application visibility to facilitate efficient teamwork;
• improved data back-up capabilities (condensed information can be sent to data center facilities faster) for better disaster recovery planning;
• optimized, LAN-like performance for all mobile devices and laptops for remote employees;
• streamlined communications between all employees regardless of physical location;
• enhanced cloud computing utilization; and
• increased operational agility and reduced upgrade costs (respond to changing business needs rapidly by adding information or even entire data centers without requiring additional bandwidth for communications).

Is it a good fit for all firms?

While WAN optimization solutions can be very beneficial for hedge funds and investment firms, they do not make sense for every organization. This technology is best suited for medium-sized and large funds with multiple office locations, data centers and mobile employees who need all of these points on the network to communicate securely in real-time.

Looking for more information on WAN optimization? Interested in whether this technology might be beneficial for your hedge fund or investment firm? Contact the Eze Castle Communications Team today, or learn more about this technology here.

We asked Jason Lisnak, one of Eze Castle's Apple experts to talk us through some of the key considerations. Here's what Jason had to say:

*Special thanks to Eze Castle's Rachael Schwartz for showing off her awesome interviewing skills!

If you would like to learn more about the key considerations for switching from a Blackberry to an iPhone or other mobile device, please contact us.

Panelists included: Vinod Paul, Managing Director at Eze Castle Integration, Anurag Bhardwaj, Head of Strategic Consulting at Barclays Capital, and Vishnu Varma, Chief Technology Officer at Tiger Global Management.

Below is a summary of some of the key topics discussed at our recent seminar:

Hedge Fund Market Trends & Challenges

It’s been an interesting year thus far for hedge funds and other alternative investment firms, as inflows have been high but performance low. In addition to performance challenges, hedge funds continue to deal with increased competition for investments, and thus asset-raising remains a hurdle for many funds – regardless of their size or strategy.

Similar to 2010, this year has brought an influx of new hedge fund start-ups, though many are smaller than typically seen in previous years. Managed account structures are gaining popularity. New strategies are being utilized, such as emerging markets or quant funds, but long/short equity remains the most popular strategy among new launches.

Hedge Fund Regulations/Dodd-Frank

One of the biggest challenges facing hedge funds today is the uncertainty surrounding regulations such as Dodd-Frank. The SEC has extended the deadline for hedge fund registration until March 30, 2012, but many firms are unsure of the specific requirements they must meet.

In addition to increasing legal requirements, investors are also demanding a lot from hedge fund managers today. In terms of technology, investors want to see disaster recovery and business continuity plans in place in order to ensure there are adequate back-up plans if something goes wrong.

The role of the technology service provider is changing accordingly with these new investor requirements. IT providers are not just keeping the lights on anymore. Drawings and spreadsheets are no longer sufficient to present to investors. These days, service providers are being pulled directly into investor due diligence meetings to explain the intricacies of a hedge fund’s technology infrastructure.

Cloud Computing & Hedge Fund Technology Trends

By far the biggest trend in the hedge fund technology space today is cloud computing. Although the technology itself has been around for some time, hedge fund managers and investors alike are now embracing the cloud, and its prevalence is being seen throughout the industry. Education is the key when it comes to the cloud. Fund managers should educate themselves about the benefits and challenges – even something as seemingly simple as the distinction between public and private clouds.

Expectations are that the cloud is not just a passing trend but a significant wave that will continue to gain popularity throughout the hedge fund industry, particularly given its cost benefits and proclivity for flexibility and scalability.

For a complete recap of our State of the Hedge Fund Industry seminar, check out our SlideShare Presentation!

Our panel of experts included: Simon Eyre, Service Director at Eze Castle Integration, Robert Powell, Director of Compliance at Global Relay, and Phillip Chapple, Executive Director at KB Associates.

The removal of the current exception (COBS 11.86R (1)) to mobile phones and other handheld electronic communications devices comes into effect November 14 after concerns were raised by stakeholders over the difficulties they face in recording communication on private mobile devices.

Effective from November 14, the FSA will require all regulated firms to meet the following mobile recording requirements:

• Record all ‘relevant’ conversations on firm- issued mobiles;
• Store mobile recording for 6 months;
• Take ‘reasonable steps’ to prevent ‘relevant’ conversations on unrecorded private mobiles;
• Comply with local recording regulations when users are oversea;
• Take ‘reasonable steps’ to record when staff are overseas; and
• Record all mobile communication methods.

You can read the FSA’s official statement on taping of mobile phones here.

Let’s have a look at the hot topics discussed at our recent breakfast seminar:

Given the fast approaching deadline of November for PS10/17, what technologies are people in the industry beginning to use for mobile voice recording?

Technologies seem to be prevailing; there are three main technologies many firms are using for mobile voice recording:

• Cloud based redirect;
• Carrier based recording; and
• Network carrier conferencing (SIP/ISDN) - The network conferencing approach allows a mobile solution to a mobile problem, with minimal impact in call or data costs and no requirement to purchase new, unaudited hardware.

What features should a firm look for in a disaster recovery system?

There are six key features every firm should look for in a disaster recovery system:

• Prioritisation of Systems;
• Dedicated Resources;
• Cost vs. Functionality;
• Managed Solutions with 24x7x365 support;
• Quarterly Testing; and
• Proven Technology.

How do investors view disaster recovery and business continuity planning as part of their due diligence process?

• Investors are looking for “appropriate” solutions for each firm.
• The two main angles are solutions which work for the type of firm and leave no “gaps,” plus appropriate in terms of cost to ensure business is viable.
• Security of solutions is key (i.e. shared clouds and wireless solutions an issue).
• Investors have done their homework on solutions and expect managers to have done the same.
• Lack of appropriate BCP is a very real business risk many funds do fail on this, although due to lack of investor feedback it is not always obvious.

Learn more about Eze Castle’s services on: Archiving, Disaster Recovery, Business Continuity Planning and Privacy Compliance.

For further information and useful resources, please visit:

• Hedge Fund Technology: A Look at Archiving, Mobile Voice Recording and Disaster Recovery resource page
• Article by Travers Smith LLP looking at “Telephone taping: removal of the mobile phone exemption”
  

Also, don't forget to come back on Thursday, July 21, for Part 2 of our series on PS10/17.

Photo Source: iStock

We get a lot of questions from hedge fund managers about using cloud services for their business. To help sift through the fog, Eze Castle’s Managing Director Bob Guilbert has created a short video and answered three key questions about hedge funds and the cloud:

1. What exactly is cloud computing?
2. What are some of the key benefits to using cloud services?
3. Are you seeing more confidence from hedge fund managers in deciding to utilize the cloud?

Check out Bob’s answers here:

For more information on cloud computing for hedge funds, download our eBook today!

Following are Bob’s Top Ten Questions:

1. Does the vendor’s service allow for easy scalability and the quick addition of resources, including CPU, memory, storage and bandwidth?
   
2. Does the cloud infrastructure feature an N+1 configuration to tolerate any single equipment failure and ensure high availability?
   
   
3. Does the vendor provide dedicated or shared resources within the cloud? Will a client’s data be isolated from that of other clients who reside in the same cloud?
   
4. Does the cloud provider offer disaster recovery services as part of their offering? If so, how often are those DR systems tested?
   
5. Which technology vendors have applications operating within the cloud? What certification levels does the cloud provider have with these technology partners?
   
6. Does the cloud provider own their own equipment?
   
7. Is the data center SAS70 certified?
   
8. What type of security and monitoring practices are in place at the data center?
   
9. Is the data center located far enough away (geographically) from the production environment to ensure there will be minimal impact in a disaster situation, but close enough to maintain a high speed connection?
   
10. Is the cloud infrastructure backed by a Service Level Agreement (SLA) that ensures top performance and uptime?

For more information on Cloud Computing, download our eBook!

Also, don’t miss these interesting and informative articles on cloud computing for hedge funds:

• Going to the London Cloud: Security, Virtualisation and Disaster Recovery
• Virtual Desktop Infrastructure for Hedge Funds: The Pros and Cons
• Data Center Design Philosophy

Here are six techniques that may help in the development of emotional intelligence:

1) Identify a role model.
One of the best means of achieving emotional intelligence is by identifying a role model – someone you admire. Pattern your activities after the successful person whose character and traits are those you wish to possess.

2) Develop rules to live by, and live by them.
Emotional intelligence is a planned process of development. Choose the code of ethics and rules you wish to live by, and direct your behavior toward sticking to them in everything you do. If you fall off the horse, identify the cause, get back on and keep practicing.

3) Develop a system of reducing stress.
High stress levels overwhelm the mind and body, severely degrading our ability to rationalize and make decisions. The key is realizing you are stressed, identifying your response, and countering it by using your senses in a way that helps you find things that are soothing.

4) Watch your communication signs.
Great communicators are typically great listeners. In order to hold the attention of others and build connection and trust, be aware of (and in control of) your nonverbal cues. The way you listen, look, move and react tells your audience a lot about how well you are listening and caring about what is being said.

5) Have emotional awareness.
Be aware of your emotions and how they influence your thoughts and actions. Observe the effect they have on the environment around you. This will help you understand your motivations and help you align them with the rules you want to live by. If at all possible, avoid making decisions when you are either too frustrated or too happy.

6) Learn to stay positive.
If you always see your glass as half-empty, so will everyone else you are leading. Know that conflicts are inevitable, but that doesn’t mean they are a bad thing. Foster a healthy environment of discussion by encouraging constructive feedback and laying out the pros and cons of each potential conflict resolution. When you are in emotionally charged situations, stay focused on the goal and consider what is worth arguing about and what is not. Most important, learn to forgive and end arguments that can’t be resolved (it takes two to keep an argument going, choose to disengage if necessary, even if you still disagree).

-------------------

Interested in learning more about project management? Don't miss these great Hedge IT articles by Demetrios Gianniris:

• Developing a Project Structure for Your Hedge Fund Project
• Obstacles of Project Management
• What Project Management is Not

Demetrios Gianniris is Director of Project & Technology Management (PTM) at Eze Castle Integration. He is responsible for overseeing the daily administration and operations of the Project Management team, including project design development, construction management, professional services and information technology consulting. Follow Demetrios on Twitter at www.twitter.com/dgianniris.

The event was attended by 24 exhibiting vendors and 110 delegates from 59 companies, including Senior Executives, Investor Relations, COO/CFOs, FDs, Portfolio Analysts, IT Directors and other appointed representatives for a day of presentations, information sharing and networking.

Let’s have a look at some of the hot topics that were discussed, and links to some useful resources:

Private equity efficiency: responding to new economic realities facing the private equity industry

Industry experts are driving big changes to their private equity portfolios in response to new economic realities and dramatic falls. As recent events have shown the sufficient impact on the financial services industry, firms are preparing themselves for the ever-changing economic environment, which demands streamlined processes, increased transparency and a heightened need for improved reporting.

SunGard – one of the sponsors of this year’s PESS Conference - recently published a whitepaper looking at “Doing More with Less – The Keys to Private Equity Efficiency.”

The report looks at:

• Technologies that Address Inefficiencies; and
• Efficiency Boosts the Bottom Line

How private firms can benefit from the Cloud and Managed Services

As technology becomes more widely available, fund managers need to understand how to leverage the tools available to drive improvements in operational efficiency and better align IT services to business requirements, enabling them to focus on the key aspect of their job -- maximising their return on investment. At Eze Castle, we have prepared a 21 page eBook, which looks at Cloud Computing for Hedge Funds.

Our Hedge Fund Cloud eBook looks at:

• The basics of cloud computing;
• Key considerations for hedge funds;
• The benefits of cloud computing for hedge funds;
• Cloud computing concerns and challenges; and
• Considerations when selecting a hosted business application.

To learn more, visit our Cloud Computing Knowledge Centre and PESS.

Technology & Compliance for Investment Advisers

The first step in creating a comprehensive compliance program is to identify the various factors that prompt the need for compliance. Examples of these factors include legislation (Dodd-Frank), risk assessments, external advisory from legal or compliance consultants, expected practices, and a firm’s culture or products. These contributing factors will help define your firm’s compliance policies and procedures and may also help shed light on the technology required to meet these expectations.

Within an investment firm’s compliance program, a variety of elements should be evaluated. By determining what your firm’s specific needs are, you’ll be able to better understand which elements you require. Examples include:

• Personal Trade Monitoring
• Calendar and Activity Management
• Document Management
• Case Management
• Trade and Fund Surveillance
• Business Continuity Planning

Ultimately, the use of Word and Excel documents is no longer an acceptable formula for compliance. Hedge funds and investment firms need to increase their investment in comprehensive compliance programs in order to meet the growing demands of regulators and the industry as a whole.

Hedge Fund Technology Best Practice Guidelines

While the Dodd-Frank Act states that registered investment advisers will need to employ specific technology safeguards, unfortunately it does not explicitly define what those safeguards are. Regardless, industry best practices and investor expectations continue to dictate hedge fund technology requirements, including disaster recovery systems, business continuity plans, and email archiving practices.

For more insight into the specific wording within the Dodd-Frank Act about technology, read our previous blog post on the topic.

Disaster Recovery

Disaster recovery planning has quickly gained popularity in the wake of the economic crisis, and investors will oftentimes choose not to allocate to certain funds who cannot demonstrate that they have DR systems and processes in place.

As a starting point, hedge funds should identify these two critical factors:

• Recovery Point Objective (RPO): The point in time to which you must recover data as defined by your organization (e.g. If your RPO equals 0, you’ll need to employ continuous replication to ensure no data is lost).
• Recovery Time Objective (RTO): The duration of time within which a business process must be restored after a disaster. (e.g. If your RTO is 1 hour, you will require higher availability than a fund with an RTO of 24 hours, who can restore data from backups).

Business Continuity Planning

Using the five basic steps of business continuity planning, firms should prepare to:

1. Perform a Risk Assessment.
2. Perform a Business Impact Analysis.
3. Create a BCP Plan.
4. Implement said BCP plan.
5. Test and maintain the BCP plan.

You can read more about the in-depth steps associated with this process here.

Data Retention & Archiving

As you probably know, the SEC currently requires registered advisers to retain all internal and external email and instant messages pertinent to business communications, some for up to five years. Firms must also take precautions to ensure electronic records are secure from unauthorized access and theft or unintended destruction.

Take the following questions into consideration when evaluating an archiving vendor:

• Will you have a dedicated server or shared server?
• Does the provider utilize Natural Language Processing?
• Is the service compliant with Bloomberg, Thomson Reuters and Blackberry messaging outlets?
• Does the vendor use WORM storage to maintain message integrity?
• Does the service allow for single-search of all information?
• Can end users see and search their own electronic records without seeing those of other users?

To listen to a complete replay of our June 9 webinar, Dodd-Frank Update, click here.

Earlier this week, we looked at such hot topics as Dodd-Frank compliance and cloud computing. For today’s post, we have compiled some interesting and informative SIFMA seminars on technology trends and the impact of social media that are sure to be a hit at SIFMA.

Technology Trends

Here at Eze Castle, we love technology. We are always on the lookout for new and interesting trends and developments. At SIFMA, technology trends such as mobile computing, the growing use of tablets, and cloud computing are recurring themes that permeate several of the conference seminars. To help you stay ahead of the curve, here are our top picks for seminars on new and future technology trends to check out at SIFMA:

• Get Smart
  
  • Featuring speakers from the SIFMA Foundation
• Smart Devices – The New Business Tool
  • Featuring speakers from Keefe, Bruyette & Woods, Leerink Swann, and TheStreet
• Future Technology Trends in the Financial Services Arena
  • Featuring speakers from Burrus Research, IBM Software Group, and Stevens Institute of Technology

The Impact of Social Media

While social media may not yet be a top priority for most hedge fund managers, it is undoubtedly one of the hottest topics of discussion, and is rapidly gaining influence within the industry. We have spoken with several hedge fund CTOs and IT managers who have expressed interest in learning more about the various social media outlets and how they can be used to accelerate the growth of the firm. Additionally, top industry vendors are starting to incorporate social media into their products, such as the Microsoft Office Social Media Connector.

Don’t miss these great SIFMA seminars on the impact of social media on the financial services industry:

• Achieving Compliance and Creating Value on Social Media
  • Featuring speakers from Hearsay Social, Bank of America, and LinkedIn
• Social Media and the Client
  • Featuring speakers from The STREET.com, Hearsay Social, and Gartner Research

------------------

Stop by for some fun and tech talk at Booth #1861!

Our booth is located in the same place as last year, #1861. We will be giving away free stuff, raffling off tickets to a New York Yankees game, and talking with attendees about our comprehensive IT services and solutions.

Also, be sure to visit our partners at their SIFMA booths and attendee reception events. Don’t forget to mention Eze Castle Integration!

• Speakerbus – Reception at Rosie O’Grady’s (Wednesday, 6/15, 5:00pm-8:00pm, 800 7th Avenue)
• Tradar –Booth #1846
• Convergex Group –Booth #1815
• Cisco –Booth #2515; hosting a Vendor Solution Center (Tuesday 6/14, 1:30pm-2:30pm)
• Global Relay –Booth #1100
• Citrix – Booth #2105
• Xand –Booth #1505
• Advent Software –Booth #1764

SIFMA Financial Services Technology Expo
June 14-16, 2011
Hilton New York
http://www.sifma.org/FSTE2011/

In preparation for this event, we have been reviewing the conference agenda. This year’s program will highlight several key issues including adapting to the industry’s new regulatory environment that exists as a result of the Dodd-Frank legislation, as well as other important technology-related hot topics.

To help you get a jump start on the event, we have compiled a list of the most pertinent and interesting discussion topics that will be covered at this year’s SIFMA conference:

Dodd-Frank Compliance

With key Dodd-Frank deadlines looming for investment firms, and the SEC considering whether to implement extensions, the financial industry is buzzing over this influential piece of legislation. As firms work to ensure that they are compliant with these new regulations, we can’t help but be excited to hear from leading industry experts on the latest updates and helpful hints for meeting Dodd-Frank standards. Here are our top picks for Dodd-Frank seminars to check out at SIFMA:

• Key Data Elements to Achieve Dodd Frank Compliance - A Practical Approach
  • Featuring speakers from Ernst & Young, Morgan Stanley, J.P. Morgan Chase, and Bank of Tokyo-Mitsubishi UFJ Ltd.
• Dodd-Frank Impact On The Financial Services Industry
  • Featuring speakers from Davis Polk, Oliver Wyman, Promontory Financial Group, Senate Committee on Banking, Housing & Urban Affairs, and Harvard Law School

Cloud Computing

Over the past year, cloud computing has emerged as one of the most popular buzz terms in the financial services industry. As more and more hedge funds are becoming interested in hosted infrastructures, we have been working with clients to both educate them on cloud computing and help them migrate to this type of environment in applicable cases.

To learn more, check out our top picks for cloud computing seminars coming up at SIFMA or visit our Cloud Computing Knowledge Center:

• DTCC 3.0 -- The Infrastructure as "Cloud" -- How Managing Risk, Meeting Regulatory Demands and Evolving 21st Century Financial Markets Will Reshape the Industry's Relationship With Core Infrastructures
  • Featuring speakers from the Depository Trust and Clearing Corporation and IBM
• The New Cloud Paradigm for Financial Applications
  • Featuring speakers from Xignite, Inc., NYSE Technologies, and Pico Quantitative Trading

-------------------------------

Be sure to stop by for some fun and tech talk at Booth #1861!

Our booth is located in the same place as last year, #1861. We will be giving away free stuff, raffling off tickets to a New York Yankees game, and talking with attendees about our comprehensive IT services and solutions.

Exhibit Hall admission is FREE for all conference registrants and for those who register for the EXHIBIT ONLY passes online. Free admission registration expires on Monday, June 13, 2011 at 12:00pm EST. To learn more, visit http://www.sifma.org/FSTE2011/register/.

SIFMA Financial Services Technology Expo
June 14-16, 2011
Hilton New York
http://www.sifma.org/FSTE2011/

Also, don't forget check back on Thursday, June 9th, for more hot topics and seminars to look for at the SIFMA Financial Services Tech Expo!

It has been a historic season for tornadoes. The recent twister that ripped through Joplin, Missouri killed more than 130 people, making it the deadliest storm in nearly 60 years.¹ And just last night, seven tornadoes touched down in western Massachusetts, creating panic and wreaking havoc in a state that rarely sees that type of weather.

This year’s tornado season proves that even when the circumstances seem unreal and impossible, the worst can still happen, therefore your hedge fund or investment management firm needs to be prepared.

Here are a few reminders about how to prepare your hedge fund for a disaster situation:

• Establish a BCP. First step’s first. You have to have a business continuity plan in place before you can execute it. Work with internal executives or a third-party service provider to craft a BCP plan that best suits your firm.
  
• Identify Key Decision Makers. You’ll need to know which individuals will be responsible for activating the business continuity plan and communicating with employees.
  
• Establish Communication Procedures. How will you notify employees? Examples include a call tree or an automated notification system.
  
• Determine Remote Capabilities. Will there be a central meeting location? Can employees work from home? Do you have enough Citrix licenses to support an increase in remote users?
  
• Consider Providing Employee Assistance. Depending on the scope of the disaster, you may want to consider offering employees some type of assistance to cope with the aftermath.

The most important factor in hedge fund business continuity planning is communication. If you are upfront about assigning communication responsibilities, it will ensure that employees are properly notified of business continuity procedures and will make for a smoother transition back to normalcy.

Does your hedge fund have a business continuity plan in place?

Download our presentation for more BCP tips.

Weather Related Business Continuity Planning

1, ABC News
Photo Credit: Flickr (Ryan-o)

I am a big proponent of transparency. Project structure serves as a base for the assignment of project tasks to team members because it greatly increases transparency across all levels. When done effectively, it helps control costs, analyze risks, measure performance and break project complexities into manageable parts (building blocks). Breaking a project down into applicable building blocks of structure (called “work packages”) is most effective because it forces the project manager to know something about the essential aspects of project planning.

Using Building Blocks to Form Project Structure

In project management, work packages are the smallest dividable subtasks of a project. They are the basic building blocks of the project itself, and subsequently the smallest resource-assignable, enclosed work units.

Project work packages must have five requirements:

1. Specific
2. Measurable
3. Attainable
4. Realistic
5. Timely

And in order for work packages to be established, a project manager is called to answer the six “W” questions:

• Who: Who is involved?
• What: What do I want to accomplish?
• Where: Identify a location.
• When: Establish a time frame.
• Which: Identify requirements and constraints.
• Why: Specific reasons, purpose or benefits of accomplishing the goal.

When these work packages are established, the project manager can then move on to strategize the project plan. Projects are typically strategized in two ways:

Top-down (or step-wise)

Top-down planning is focused on keeping the decision making process at the senior level. Goals and quotas are established at the highest level, and project resources are not included in any of the decision-making process. With top-down planning, the project resources assume the project manager knows best how to plan and carry out a project.

Although this method of planning does not take advantage of the input talented project resources may bring to the table, its benefit is that it concentrates on promoting the concept of making a plan (as opposed to “who” develops the plan). It allows the project manager to divide a project into steps, and then into smaller steps. This continues until the steps can be studied and the due-dates and tasks can be assigned to resources.

Bottom-up (or tactics)

Bottom-up planning gives projects a deeper focus because a larger number of resources are involved in the decision-making process, each with their own area of expertise. Team members work side-by-side and have input during each part of the project process. Plans are developed at the lowest levels and are then passed on to each next higher level, before ultimately reaching the project manager for approval.

How do you typically develop your project structure?

For more project management tips, read some of Demetrios Gianniris' other blog articles:

• Obstacles of Project Management
  
• What Project Management Is Not
  
• Multitasking Tips: Part I and Part II

Demetrios Gianniris is Director of Project & Technology Management (PTM) at Eze Castle Integration. He is responsible for overseeing the daily administration and operations of the Project Management team, including project design development, construction management, professional services and information technology consulting. Follow Demetrios on Twitter at www.twitter.com/dgianniris.

Photo Credit: Flickr (lobo235)

On May 12, 2011, SEC Chairman Mary Schapiro stated in a testimony before the U.S. Senate Committee on Banking, Housing and Urban Affairs that "Under Title IV of the Dodd-Frank Act, hedge fund advisers and private equity fund advisers will be required to register with the Commission, which is expected to occur in the first quarter of 2012." While the extension has yet to be made official, it is expected.

Without the extension, the current 2011 Dodd-Frank Act deadlines for investment adviser filings are:

• May 30, 2011 for Part 2A delivery to existing clients;
  
• July 31, 2011 for delivery of Part 2B to new/prospective clients;
  
• August 20, 2011 to file an amendment to ADV regarding AUM;
  
• September 30, 2011 for delivery of Part 2B to existing clients; and
  
• October 19, 2011 to file ADV-W if an investment adviser is no longer eligible to remain registered with the SEC.

To help provide clarity on Dodd-Frank, Eze Castle Integration is holding a webinar on June 9, 2011 along with Bingham McCutchen and MyComplianceOffice. The topics we’ll be covering include:

• An overview of Dodd-Frank as it relates to hedge fund and private equity firms;
  
• How to build an ongoing compliance program; and
  
• Key Dodd-Frank technology requirements, including disaster recovery, data protection, and email & IM archiving.

Additional Articles on the Dodd-Frank Act & SEC Examinations

• Dodd-Frank IT Implications for Hedge Funds: Disaster Recovery, Archiving
  
• Preparing for an SEC Examination: Requested Information Part One
  
• Hedge Fund SEC Examination Preparation: Part Two
  
• Headline Risk, Employee Trading, Dodd-Frank: Hot Topics at Hedge Fund Conference

The seminar featured a panel of Eze Castle Integration experts and covered a variety of topics including security, virtualisation and disaster recovery. Below are some of the key points that were touched upon at the London cloud computing event.

Security: Understanding Multi-tenancy
Multi-tenancy is fundamental to cloud computing and a key component of cloud services including Infrastructure as a Service (IaaS) or Software as a Service (SaaS). The Whatis.com IT encyclopedia defines multi-tenancy as “an architecture in which a single instance of a software application serves multiple customers.”

As discussed in our application security in the cloud article, when looking at Infrastructure as a Service multi-tenancy means customers can control processing power, networking components, the operating system, storage and deployed applications, but do not control the underlying physical infrastructure. In the Software as a Service model, customers share all or part of an application but do not control the underlying platform or infrastructure.

These two approaches can deliver security on-par with in-house services, but firms should thoroughly evaluate a cloud service provider and ask detailed questions about their provider’s practices as part of the appraisal process.

Virtualisation and Disaster Recovery in the Cloud
Today, virtualisation is a mainstream technology that has numerous uses and delivers many benefits to firms. One advantage of virtualisation is that it can help drive costs down considerably in disaster recovery environments. The reason for this is that traditionally companies have procured a second set of equipment – that was a mirror image of the production environment – and set it up in an off-site disaster recovery location. They would then replicate data from a production environment to the data recovery environment. Needless to say, buying a second set of equipment can be costly and time-consuming to maintain.

With the advent of virtualisation and cloud computing, firms no longer need to purchase an exact replica of their production environment. They now have new options for setting up a cost-effective disaster recovery site that addresses their recovery and security requirements while leveraging economies of scale.

One option is to work with a managed cloud service provider to “rent” disaster recovery space in their cloud. Another option for a firm is to procure and virtualize their own secondary hardware, which can also be managed by a third-party, and house it in an off-site co-location facility.

These are just two examples of how cloud computing is altering the way firms build their technology infrastructures. The possibilities are great in the cloud.

Eze Castle Integration’s Cloud Services
Our expansive portfolio of cloud services is ideal for hedge funds and investment management firms seeking flexible, secure and reliable solutions. With the launch of our London cloud, hedge funds worldwide may now take advantage of the wide range of offerings from the Eze Cloud, including:

• Eze Virtual Office (EVO)

• Hosted Applications

• Virtual Disaster Recovery Services

• Custom cloud infrastructure solutions for production

• Extension/augmentation of production private cloud (Hybrid)

• SAN-SAN replication for Disaster Recovery

Contact Eze Castle Integration to learn more.

According to Gartner, the market for VDI is expected to grow to 49 million units by 2013, up from just 500,000 in 2009. With such an enormous jump in virtual desktop infrastructure users, it’s important that hedge funds and investment management firms who are thinking about adopting this technology understand both the potential benefits as well as the potential concerns of VDI. We’ve outlined some of them here:

The Pros

Recoverability & Disaster Recovery

• With VDI, there is the option for local recovery if a desktop fails; you can easily swap out the thin client with little to no disruption and significantly less downtime than if desktops were not virtualized.
• Many internal and custom applications may be updated frequently, so replicating your virtual desktop will ensure that the disaster recovery version is identical to the user's desktop.

Green Benefits

• Without additional physical desktops utilizing resources, firms can leave a smaller carbon footprint by using less power and cooling.
• Physical PCs only last so long. Refreshes are needed every 2-3 years. Virtual machines allow for a longer refresh cycle for technology hardware, which has green benefits in more ways than one.

Cost-Effectiveness

• Speaking of green benefits, VDI can save hedge funds money in the long run, but it is typically only a cost-saving practice if it’s a large-scale deployment. Smaller firms with few users may have a harder time justifying the cost, since the break-even level will be much higher.
• In many cases, good candidates for VDI are hedge funds and investment firms that have already invested in virtualization technology as they have the foundation already in place, which means no building from scratch, and their team is comfortable with the "virtual world."

Application Performance

• When a hedge fund runs their production infrastructure off-site (either in a cloud or in a data center), many applications require the use of Citrix to utilize land-based speed. With VDI, users can run their desktop out of the same physical location, therefore performance issues are typically mitigated.

Data Security

• With VDI, data and applications are stored separately from the physical device, adding an additional layer of protection during a time when data security concerns are at an all-time high.

The Cons

Upfront Costs Can Be High

• While VDI can offer great cost-savings to firms looking to complete large-scale deployments, on the flip side, it is not necessarily cost-effective to transition to VDI on a smaller scale. Thin clients can get expensive, particularly as you expect more functionality (e.g. four monitors on the client side).
• In accordance with costs, deployment and management of VDI can be complex for smaller firms.

User Experience is Tricky

• Currently, VDI users sometimes experience poor quality, particularly from an audio and video perspective. If your firm doesn’t require much in the way of A/V needs or graphic design capabilities, this may not be a significant factor for you.
• One interesting fact: Bloomberg Fingerprint can be challenging to set up through VDI. You may need to utilize an expert service provider who understands how to set up this technology. Once it’s been set up, deployment for other users is significantly easier to manage.

So do the pros outweigh the cons? Or vice versa? There is no one-size-fits-all answer, unfortunately. You’ll need to work with your internal IT department or your outsourced IT provider to determine if VDI is a good fit for your hedge fund or investment firm.

If you’d like to speak with an expert at Eze Castle about VDI, please contact us -- we've helped numerous clients evaluate and design virtual desktop infrastructures.

Gartner: http://www.gartner.com/it/page.jsp?id=920814
Photo Source: GetElastic

This said, “smaller” organizations certainly don’t have it easy either, but in the past VDI was often an overly complex solution for smaller firms. Today, VDI is increasingly moving into the conversations of mid-size financial services firms, including hedge funds and other alternative investment firms.

In this article we’ll help define Virtual Desktop Infrastructure and explore, at a high level, how it works. Next week we’ll look at the pros and cons of VDI focusing on use at hedge fund and investment firms.

How VDI Works

Virtual Desktop Infrastructure works by decoupling user data, applications and the operating system (OS) from the end-point device (i.e. laptop, desktop or thin client). This decoupling allows for the centralization of user data, settings and applications in the datacenter where they can be centrally managed and accessed by end-users from virtually anywhere.

Having everything within the datacenter provides considerable benefits around disaster recovery, but we’ll cover that next week in our pros and cons article!

The user experience starts by accessing user virtual desktops via an end-point device that runs special software. The software interfaces with the virtual desktop by delivering screen updates, keystrokes and mouse movements to the virtual desktop in the datacenter – these transfers are unnoticeable to the end-user. VMware’s View and Citrix’s XenDesktop are two commonly used VDI products.

Below is an image (compliments of VMware) of how VDI works:

The Experts

Eze Castle Integration has deep experience in implementing Virtual Desktop Infrastructures for hedge funds and alternative investment firms. Contact us if you’d like to learn more about this topic.

Alternatively, come back next week for our VDI pros and cons article.

I recently attended an Apple demonstration led by a senior Eze Castle Integration engineer. Here are a few interesting facts I learned:

• Microsoft Office Suite for Mac is similar to Windows; however, you will see significant differences in Microsoft Excel due to coding variations.
• Microsoft Outlook only comes with Microsoft Office 2011. Earlier versions will have Entourage as the primary email platform.
• Student versions of Microsoft Office do not work on Exchange.
• There are two different ways to access Windows on a Mac: via virtualization or through a dual boot.
• Data is encrypted when using a Citrix Receiver on any platform, including a Mac.
• Neither Apple Mail nor Entourage support PST files (Outlook does).

If the tablet is more your style and you’re curious to see how Apple’s iPad 2 and BlackBerry’s Playbook match up side-by-side, here’s your chance:

*Source: Tech Republic

Eze Castle Integration is adept at working with both Apple and BlackBerry technology. If you would like more information, please contact us.

One social media tool that just about every professional has is Microsoft Outlook – yes, that email application that most people view as “strictly business” has some nice features that enhance the utility of social media. I started using the Microsoft Outlook Social Connector when I upgraded to Outlook 2010 (plug-ins for Outlook 2007 and 2003 are available) and find it’s a great tool for gaining a consolidated view of the various ways I've interacted with a contact. I’ve connected my LinkedIn account, but you can also connect to Facebook, Sharepoint and Windows Live.

Here is a snapshot of how your interaction with a contact is consolidated in Microsoft Office via the Social Connector:

According to Microsoft, the Outlook Social Connector provides:

• A People Pane with the name, picture, and title for your colleagues whenever reading a message from them
  
• One-click Access to the most recent messages and attachments from a contact
  
• Activities Snapshot of your contacts
  
• Consolidated Contact Directory by adding the business cards of your LinkedIn contacts into your contacts directory

You can download the Microsoft Social Connector here, but before getting started, check out Microsoft’s nifty video on how to install the Social Connector.

One last item to note about the Outlook Social Connector is that the privacy settings you have set in LinkedIn, Facebook and other social media sites are recognized by Microsoft Outlook and the basis for what information is shown. Read more about Outlook Social Connector and privacy here.

Image & Video Credits: Microsoft

So far this season, we’re proud to announce we’ve been nominated for four separate hedge fund awards, each of which speaks to our continued commitment to providing our investment firm clients with services and solutions to meet their daily business needs.

We were recently named a finalist for HFMWeek’s European Service Provider Awards in the “Best Advisory Firm” category. As hedge fund technology consultants, we work closely with firms to assist them in determining what operational and technology systems and processes are best fits for their hedge fund, and this nomination is a testament to the hard work our international service team has put into working with our clients to meet their technology requirements.

Additionally, we were recently nominated for the FTF News Technology Innovation Awards, which were announced in April. Up for both “Most Effective Use of Social Media” (Are you following us on Twitter and Facebook?) and “Service Provider of the Year,” we were nominated alongside some great hedge fund technology companies, but unfortunately we did not come out on top. Though, as the movie stars say, it was an honor and privilege just to be nominated!

Earlier this year, we were honored as a member of the MSP Mentor 100 – a list that recognizes the top managed service providers in the United States. Ranking number 17 out of 100, our listing was based on the level of client service and experience we’re offering to hedge funds and investment firms – and our increased commitment to providing cost-effective and flexible managed services to hedge funds and investment firms.

Okay, enough tooting of our own horn! We’re looking forward to the rest of the hedge fund awards season and continuing to gain recognition for the hard work our client service team and hedge fund technology consultants do on a day-to-day basis.

If you’d like to learn more about how Eze Castle Integration can serve as your hedge fund's technology consultant and virtual chief technology officer (CTO), please contact us.

To break down the key considerations for hosting your Microsoft Exchange, our product managers, Jason Nolan and Steve Banda, have created this short video:

If you would like to speak with Jason or Steve about Hosted Exchange or to learn more about how Eze Castle Integration can assist your firm with your technology needs, please contact us. Or visit our webpage on Eze Virtual Office.

The seminar featured a panel of experts: Simon Eyre, Director at Eze Castle Integration, Doug Bendle, Senior Manager at PricewaterhouseCoopers, Paul Chain, President at AIS Fund Administration, and Ian Howard, Operations Analyst at Mediobanca.

In today’s market, investors’ expectations are at an all-time high, making the Hedge Fund Due Diligence Process a critical area of importance to raise new capital. I sat down with Simon Eyre to discuss some of the questions covered at the seminar.

As a technology provider how does Eze Castle participate or provide documentation to the due diligence process?

At Eze Castle we believe documentation is absolutely critical to a successful Due Diligence Questionnaire (DDQ) and regularly assist clients with completing the technology portion of a DDQ. A technology blueprint of the environment is an excellent tool for leading a client through the technology section, as the blueprint provides a clear visual aid to assist in clarifying technical questions.

To ensure all answers are addressed accurately and thoroughly, we may gather information from various teams within Eze Castle, including our networking specialist, storage specialist as well as our traditional server team. All of this has to be managed and compiled is such a way that no question is left with ambiguity.

Business Continuity and Disaster Recovery have become extremely important for funds. What lessons has Eze Castle learned over the years?

Financial services firms must react swiftly, methodically and successfully when confronted with unexpected business disruptions or risk highly significant financial loss.

At Eze Castle we help clients fully prepare for unexpected situations which may arise by putting in place disaster recovery systems that minimise concerns such as revenue loss, damaged client relationships and reduced productivity. Thorough disaster recovery planning allows firms to resume business operations seamlessly when they are faced with unexpected issues.

A solid disaster recovery plan forms a platform for a successful business continuity plan.

In the event of a disaster or outage, firms will need to ensure that their data and applications are protected and remain operational. How does Eze recommend funds back up their data?

We recommend the following steps to back up and protect business data:

• Firms should begin by identifying the most critical data and systems and making sure they are well documented in any disaster recovery plan. For example: restoration of gigabytes of a user’s iTunes folder, which likely should be there in the first place, must not be prioritised the same as a portfolio manager's mailbox.
  
• Data should be backed up via a digital archiving service. Digital archiving involves using digital storage to take snapshots or copies of your data, which is either stored locally or in a remote location. This allows for rapid access to critical files in the event of an outage.
  
• Retain backup logs. This can be in the form of off-site back-ups or tapes.
  
• Test your disaster recovery system frequently (at least quarterly), and show the results to investors

Are investors more IT savvy in their due diligence with investment managers than in the past?

Larger investors are starting to use technology specialists within their Operational Due Diligence teams to fully inspect a hedge fund's technology operations. This focus on technology as part of the due diligence process was not something favoured in the past. As a result of this increased scrutiny, hedge funds should bring in their service providers, such as Eze Castle Integration, to assist with the DDQ and help answer investor’s questions.

For those of you who couldn’t attend, we’ll do a two-part recap of the event. This article will cover panelists' comments around headline risk, data management and Dodd-Frank. Next Tuesday we’ll cover insights from the hedge fund disaster recovery and business continuity planning panel our own Vinod Paul moderated.

Headline Risk (a topic that came up on multiple panels): Headline risk goes against the old adage that “there is no such thing as bad publicity.” This risk is tied to the possibility that negative news could spook the market and investors. Across the board, hedge fund COOs indicated that headline risk is something that keeps them up at night and drives spikes in investors’ calls.

The hedge fund industry is reactive, so panelists advised attendees to be proactive in monitoring news coverage and communicating to investors. Be ready when the investor calls to answer whether your hedge fund was invested in a certain asset.

Also, use high-profile cases (i.e. fraud, insider trading) to test a firm's internal safeguards to determine if you would have fallen prey to the fraud. For example, ask yourself if you would have invested in Madoff – be truthful and mindful that hindsight is always 20/20. One panelist said his firm did an all-day roundtable exercise where they used public cases to determine if their internal controls would have caught the fraud.

Employee Trading: Panelists agreed that a standard practice is to either have restricted lists, which employees can reference, or require certain trades to be pre-approved by the firm’s managing directors. One key process element is to ensure that the restricted list is reviewed and updated regularly. Some firms were also looking at using technology to automate monitoring of employee trading.

From the fund-of-fund perspective, it can be harder to monitor so the policies tend to vary more across firms.

The Data is Exploding! To appease investors and regulators, hedge funds are creating more and more data that must be managed and quickly accessible. Investors today expect rapid responses to questions making the ability to pull reports in real-time essential to operations. One COO commented that while a hedge fund’s investment returns can be great, it is operations that can be the straw that breaks the camel’s back.

Another panelist commented that technology doesn’t stand by itself. It is not uncommon for users to only know how to use 20% of the functionality offered by an application. This lack of training and knowledge can result in a hedge fund professional being unable to pull a report or execute a request from an investor or SEC auditor. Firms must wrap procedures, controls, training and internal testing around hedge fund technology systems.

Dodd-Frank & The SEC: While the registration deadline may be pushed back, panelists agreed that hedge funds should start the prep work now. SEC registration is “easy” some panelists said referring to the paperwork – it is the internal processes and safeguards that must be in place to be compliant that are hard. Give yourself at least 6 – 8 weeks to get internal systems compliant.

Another reoccurring theme was that you never want to give the SEC a reason to do a second probe as they only get deeper, harder and more time intensive. When the SEC comes calling be prepared to answer all of their questions thoroughly and if you say you’ll do something, do it. The SEC can throw a vast amount of resources into examining your hedge fund deeper if they don’t like what they see on the first pass. Read our articles on preparing for an SEC audit.

Come back next Tuesday, April 26th for more on the hedge fund disaster recovery panel. Or, just subscribe to our blog and the article will come to you!

• Transparency and Risk: Changing expectations and how firms can adapt
• Operational Risk Assessment: Why it is important for multi-manager funds
• Portfolio Management: The technical hurdles of managing a fund
• Managing Liquidity: The keys to managing both investor and investment liquidity

Throughout the webinar, experts from Ledgex Systems and Rothstein Kass Business Advisory Services provided great information about the fund of hedge funds industry. The speakers for the event were Brian Macallister, Managing Director at Ledgex, and Andrew de Montille, Senior Manager at Rothstein Kass.

Below is a summary of the key topics discussed during the “Operational and Technical Challenges of Multi-Manager Funds” event:

Alternative Industry Trends

Overall, the outlook for the alternative investment industry in 2011 is promising. More funds are expected to launch, and fewer closures are anticipated compared to recent years’ statistics.

Institutional investment capital is gaining in influence, primarily because it remained a stable source of capital throughout the financial crisis, so investors are more inclined to continuing trusting it in 2011. Additionally, although institutional investors have exhibited a preference for allocations to larger funds, it is expected that they will begin to diversify to smaller managers in the coming year.

As a result of tightening regulations, funds are starting to implement improvements within their organizations. Operational upgrades include enhancing investor transparency and outsourcing functions that are not directly related to investment. Also, consolidations are expected to become more common throughout the industry, allowing firms to lower overhead costs by achieving the benefits of scale.

Operational Risk

The U.S. Treasury defines operational risk as “the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.” Regardless of the state of the market, operational risks remain a constant threat, even for the strongest investment managers.

To assess these risks, firms and investors should perform operational due diligence to ensure that best practices are being observed. Following are the primary areas that are covered in the assessment:

• Organization
• Internal Controls and Compliance
• Valuation Methods and Investor Reporting
• Trading and Operational Processes
• Service Providers and Counterparties

New Technical Challenges Facing Multi-Manager Funds

As the business and technology landscapes continue to change, investment firms are facing more pressure both from a regulatory perspective and from investors. Changing regulations have resulted in longer fundraising cycles, enhanced due diligence processes, and increased transparency requirements.

What does this mean for firms in terms of new technology challenges?

Legacy technology and business processes will no longer support the rapid pace of change that is seen throughout the industry. For instance, firms should not rely on Excel spreadsheets as central repositories for their data. To overcome this issue, funds should assess their current technology infrastructure to get an accurate estimation of their dependencies and begin planning for the future.

One major technological consideration is data management. Managing data throughout an organization can be complex, as it is typically coming and going from many different counterparties and in a variety of formats. Systems such as those provided by Ledgex, can help your firm standardize and streamline data management when it comes to the following aspects:

• Enterprise Platform
• Document Management
• Business Tools
• Collaboration Tools
• Centralized Data Source
• Portfolio Management
• Portfolio Monitoring
• Compliance & Risk Management