Hedge Funds & the Cloud: The Pros, Cons and Considerations



Similar documents
Cloud Computing in the Hedge Fund Industry

penelope athena software SOFTWARE AS A SERVICE INFORMATION PACKAGE case management software

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

NCR CLOUD SERVICES OVERVIEW. An NCR Brochure

custom hosting for how you do business

Security Threat Risk Assessment: the final key piece of the PIA puzzle

Building Secure Cloud Applications. On the Microsoft Windows Azure platform

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

Understanding Financial Cloud Services

Cloud models and compliance requirements which is right for you?

Whitepaper: Cloud Computing for Credit Unions

SaaS or On-Premise Monitoring: 9 Reasons SaaS Makes More Sense

CLOUD SERVICES FOR EMS

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

Is it Time to Trust the Cloud? Unpacking the Notorious Nine

How To Choose A Cloud Computing Solution

7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS

DISASTER RECOVERY WITH AWS

1.1.1 Introduction to Cloud Computing

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

Blue Jeans Network Security Features

Cloud Security Who do you trust?

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

NCTA Cloud Architecture

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Security Issues in Cloud Computing

John Essner, CISO Office of Information Technology State of New Jersey

Implementing Microsoft Azure Infrastructure Solutions

Security from a customer s perspective. Halogen s approach to security

Five keys to a more secure data environment

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

The Cloud Revolution - A Case Study

Perceptive Software Platform Services

How To Run A Modern Business With Microsoft Arknow

Examining Cloud Usage within the Investment Management Industry. Presented by Eze Castle Integration

Enterprise level security, the Huddle way.

HIPAA Compliant Infrastructure Services. Real Security Outcomes. Delivered.

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

What you need to know about cloud backup: your guide to cost, security and flexibility.

Connecting to the Cloud

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing

Hosted SharePoint: Questions every provider should answer

EXECUTIVE REPORT: 2014 CLOUD TECHNOLOGY & IT OUTSOURCING TRENDS

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

Hosting Services VITA Contract VA AISN (Statewide contract available to any public entity in the Commonwealth)

Top 10 Risks in the Cloud

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations

Credit Unions and The Cloud. By: Chris Sachse

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

TOP SECRETS OF CLOUD SECURITY

security in the cloud White Paper Series

Cloud Security: An Independent Assessent

How to ensure control and security when moving to SaaS/cloud applications

The Protection Mission a constant endeavor

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

Managed & Professional Services

Your guide to hosted data centres: How to evaluate potential providers

Proactive. Professional. IT Support and Remote Network Monitoring.

The EVault Portfolio

Cloud Computing Safe Harbor or Wild West?

The Key Components of a Cloud-Based UC Offering

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

Moving Network Management from OnSite to SaaS. Key Challenges and How NMSaaS Helps Solve Them

The Key Components of a Cloud-Based Unified Communications Offering

Pharma CloudAdoption. and Qualification Trends

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Nine Steps to Smart Security for Small Businesses

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Addressing Cloud Computing Security Considerations

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

Availability of Services in the Era of Cloud Computing

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

CAPABILITY STATEMENT

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Defining Data Security in 2015 and Beyond

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

THE BLUENOSE SECURITY FRAMEWORK

All Clouds Are Not Created Equal THE NEED FOR HIGH AVAILABILITY AND UPTIME

Cloud Security Who do you trust?

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

FACING SECURITY CHALLENGES

THOUGHT LEADERSHIP. Journey to Cloud 9. Navigating a path to secure cloud computing. Alastair Broom Solutions Director, Integralis

White Paper. Make the Upgrade: From Backup Vendor to Data Protection Platform. nfrascaletm. Infrascale Phone: Web:

20 th Year of Publication. A monthly publication from South Indian Bank.

KeyLock Solutions Security and Privacy Protection Practices

50x Zettabytes*

Cloud Computing for SCADA

The evolution of data connectivity

joining the cloud revolution

Things You Need to Know About Cloud Backup

Managing Cloud Computing Risk

Transcription:

Hedge Funds & the Cloud: The Pros, Cons and Considerations By Mary Beth Hamilton, Director of Marketing, Eze Castle Integration

The increased use of cloud-based services is undeniable. Analyst firm Forrester forecasts that the global market for cloud computing will grow from $40.7 billion in 2011 to more than $241 billion in 2020. Within the hedge fund industry, many startup funds, in particular, are leveraging this technology platform for a variety of reasons. But even some larger, more established funds are transitioning to the cloud to capitalize on its advantages. Clouds: Advantages, Types & Services Delivered The advantages of using the cloud include the ability to: Quickly implement and use enterprise-grade technology systems and applications without employing a dedicated IT team; Outsource management and maintenance of technology to third-party experts responsible for ensuring continuous availability and high performance levels; Transition technology spending from capital expenditures to operating expenditures; and Easily scale technology environments to match business needs eliminating the need to over or under buy when forecasting business growth. Regardless of your firm s size, assets or history, when weighing adoption of cloud services, it is important to understand the difference between cloud deployment models, namely public and private clouds. Public clouds are owned and operated by third-party service providers and benefit customers by delivering cost-savings derived from economies of scale. While competitively priced, public clouds aren t always the best option for firms that require custom configurations and applications or desire hightouch service from support staff that understand the financial services market and associated technology. Private clouds are those that are built exclusively for an individual enterprise and can minimize concern around resource availability, security and resiliency. In the private cloud category, there are two flavors on-premise and externally hosted. An on-premise private cloud is generally known as an internal cloud that is hosted within an organization s own data center. An externally hosted private cloud is, just as the name indicates, hosted and managed by an external cloud computing provider. Externally hosted private clouds are a popular choice for hedge funds as they allow for greater customization and flexibility while still providing compelling cost-savings. Beyond the types of clouds, the cloud services market is frequently divided into three subcategories based on the services delivered. These categories are: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Of these, IaaS and SaaS are gaining the greatest traction and interest within the hedge fund market.

In the SaaS model, an application is hosted and managed by a vendor or service provider and made available to users via the Internet. Customers share all or part of an application but do not control the underlying platform or infrastructure. PaaS is the delivery of a computing platform via the cloud. The PaaS model enables hedge funds to build and test applications without incurring the cost and complexity of buying and managing the underlying software/hardware. IaaS provides computing resources without requiring a firm to purchase physical hardware such as storage, servers and networking equipment. Many IaaS providers bundle the infrastructure services with business applications, such as Microsoft Exchange and Office, to deliver a complete solution. With IaaS, customers can control processing power, networking components, the operating system, storage and deployed applications, but do not control the underlying physical infrastructure. Cloud-based services aren t right for every hedge fund, but the potential value delivered via the cloud makes it essential that firms become knowledgeable about their technology options. But in addition to knowing everything you can about the cloud services themselves, you also want to familiarize yourself with different cloud services providers and what they have to offer. Questioning Cloud Providers before Signing the Dotted Line Evaluating a cloud services provider is a task that should not be taken lightly. You are turning over control and entrusting your IT operations to the service provider; downtime is not an option, and a proven track record is vital. During the vendor evaluation process it is necessary to ask tough questions and evaluate the service provider in a number of areas including the cloud architecture, security policies, data protection safeguards and support delivery. The following questions provide a starting point. Cloud Architecture, Experience & Support Does the service provider deliver dedicated or shared resources within the cloud? Will a client s data be isolated from other clients who reside in the same cloud? Does the cloud provider own their own equipment? Is the cloud data center SAS 70 compliant? Which technology vendors have applications operating within the service provider s cloud? What certification levels does the provider have with these application vendors? How are support requests handled, and what is the expected response time? What Service Level Agreements are in place for the cloud infrastructure?

Security Policies & Procedures What is your information security policy and how often is it reviewed? What security standards are used to ensure data and application integrity? Have you ever experienced a security breach? If so, how was it resolved and what safeguards were implemented to prevent a repeat experience? Is data encrypted at rest as well as in transit? What physical security elements are in place at the data center (i.e. locked cages and cabinets, cameras, access points, etc.)? When was your last network penetration test conducted and what did it involve? Business Continuity & Disaster Recovery Does the cloud infrastructure feature an N+1 configuration to enable high availability? What are your backup and retention procedures? How long is data retained? What is your disaster recovery strategy and how frequently is it tested? What does the test encompass? Is there a plan for pandemic or mass absentee (up to 40%) situations? Are there provisions in place to recover work in progress at the time of an interruption? How much downtime (planned and unplanned) has your cloud experienced over the past 12, 24 and 36 months? How did the downtime impact clients? Hedge Fund Cloud Security: Let s get physical (and virtual too) The transition to cloud computing services is at a high in the hedge fund industry and will continue to increase throughout 2012 and beyond. And while the advantages outlined earlier, including increased efficiencies, scalability and costsavings, are significant, concerns around security remain and have given some firms pause before moving to the cloud. The reality is that cloud security is a real consideration across all industries not just financial services and must be a critical focus area when conducting due diligence on cloud infrastructures and cloud providers. The Cloud Security Alliance recently released the third version of its Security Guidance for Critical Areas of Focus in Cloud Computing report, which delivers actionable best practices around cloud security. The report is 177 pages, so consider this article a much abbreviated Cliffs Notes version to help frame your questions on cloud security for hedge fund environments. Defense in depth is a security methodology long followed for on-premise infrastructures where layers of security (office building to desktop to server to firewall to router) help ward off threats and provide redundancy should one layer of protection fail or become compromised. This strategy is also applicable to cloud

infrastructures, with a key difference being the cloud includes virtual assets along with physical assets. Physical Security Physical security includes the data center facilities that house the cloud infrastructure as well as the physical network components. The cloud should reside in a Tier III (or greater) class data center that is composed of multiple active power and cooling distribution paths as well as redundant components throughout. Be sure to ask the cloud provider if the data center is in a region that could experience seismic activity, natural disasters (i.e. flooding) or other environmental threats that could disrupt service. Beyond location, the cloud data center should be secured with practices including: 24x7x365 manned lobby with visual verification of identity Two-phase (card and biometric) authentication of visitors Secured entry points (doors and elevator banks), including sensors and cameras Monitored security cameras Visitor logs for cages, which are periodically reviewed and cross-checked Key-locked cages and cabinets Isolation & Security Virtualization is a core element of a cloud infrastructure and brings unique security considerations as traffic travels differently over virtual machines than it does with a traditional network. A cloud provider should combine traditional network-based security controls alongside virtual machine security tools for an added layer of security. In addition to security protocols, all network interfaces within the virtualized environment should be configured in a redundant manner, and the infrastructure should be backed up and replicated to multiple data centers to ensure resiliency and uptime. Another often-voiced cloud security concern is that of data co-mingling across different clients. A cloud must be architected in such a way that clients have secure, isolated environments for their data, resources and applications to reside. It is critical that data be securely separated to eliminate the risk for cross-contamination of data or access to other client environments. Consider asking a provider to explain their reporting mechanism for ensuring evidence of isolation and identifying a breach of isolation. Finally, cloud providers should follow best practices for securing cloud inter-site transmissions and offer clients the option to encrypt sensitive messages in accordance with regulatory legislation including SOX, GLBA, PIPEDA and the European Union Data Directive.

Policies, Policies, Policies As part of your due diligence, ask for specifics on your service provider s security policies including: Access Control Policy: How is access to and control of the storage, virtualization and network infrastructures managed? What protocols are in place for monitoring, granting access and logging changes to client information systems? Information Security Management Policy: What physical and virtual security safeguards does the provider have in place to protect against breaches? How does the provider manage information security violations and incidents? What are the procedures for incident reporting, resolution and corrective action? Employee, Visitor and Contractor Physical Security Policy: What practices are in place for monitoring employees, visitors and contractors while on premise (office or data center)? What background verification, screening agreements and employment agreements are established? Beyond reviewing the policies, inquire about how employees are trained on the policies and when the company last tested its internal policies. It is worthwhile to request a summary of results to ensure a passing score was achieved and any identified vulnerabilities were addressed. The Reality Security threats exist in both traditional networks and cloud environments. The reality is that either deployment scenario is only as strong as its weakest link. The key is working with a provider that understands the unique security threats, looks at the infrastructure holistically and implements the appropriate safeguards to mitigate risks. Despite security remaining a lingering concern in the industry, the expectation still remains that alternative investment firms will continue to adopt this technology at a rapid rate due to its overwhelming advantages. About the Author Mary Beth Hamilton is director of marketing for Eze Castle Integration (www.eci.com), a leading provider of IT and cloud computing services, technology and consulting to hedge funds and alternative investment firms. She has over a decade of technology and marketing experience and holds an MBA from Boston College.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information