Understanding Financial Cloud Services A Complete Guide for Hedge Funds
About RFA RFA (Richard Fleischman & Associates) has been a Financial Cloud and trusted technology partner to our financial services clients for over twenty years. Offering a full range of technology solutions with global data center operations, RFA serves the IT needs of businesses including hedge funds, private equity funds, fund of funds, private wealth management and alternative asset management firms. RFA offers a full range of technology solutions supported by our industry-leading service. Whether clients require on-site or cloud-based solutions, telephony or data systems, fully-managed IT or project management, RFA has the expertise to meet the industry-specific needs of our clients. RFA is headquartered in New York City with operations in New York, Connecticut, Boston, MA, and London. Bringing together the combined resources of a seasoned executive team, over 175 carefullyselected technicians and a trusted group of partner companies, RFA delivers scalable, reliable and secure technology infrastructure to our clients. Over 520 firms rely on RFA to provide enterprise-grade technology solutions and support to keep their businesses running smoothly. Introduction There is no question that the cloud has gained massive popularity when it comes to the world of hedge fund technology. For many hedge funds, cloud technology offers several benefits that traditional on-premise infrastructure systems do not, such as reduced capital expenditures, increased flexibility and scalability to meet changing business needs, and even enhanced security features. The shift from up-front capital expenditure associated with software licenses and hardware costs to the more controllable operational expenditures of monthly and annual contracts provides predictability from a financial perspective. It is important to remember, however, that not all clouds are created equally. When evaluating a move to the cloud, there are still several misconceptions, which can hold firms back from pursuing a cloud strategy, or cause them to select the wrong cloud model. When beginning an evaluation of cloud services, it is imperative to understand the distinctions between the different types of cloud, as these can impact how your data is segregated, where
and what type of infrastructure is used, and built-in features, such as disaster recovery, backup, and intrusion detection. As a hedge fund, it is even more important to remain conscious of these factors due to enhanced security and regulatory requirements relating to the data generated and handled by alternative investment firms. Deployment Options: Public Cloud vs. Private Cloud Before beginning an evaluation of the cloud, it is important to understand what is meant by the term cloud. Cloud computing refers to a virtual network of servers that are used to fulfill various functions, including applications, infrastructure, and data storage. The phrase as a service is frequently appended to cloud products because cloud providers offer cloud services on a contract, where firms are charged recurring fees to host their data in the cloud. There are two main categories of cloud: public cloud and private cloud. Public clouds are provided through an outsourced provider and enable firms to pay a low monthly fee to access a shared hosting environment, making it more scalable and cost effective. Public clouds offer services at a lower rate, but, by offering less customization, users have less control over their data, and can feel that security is compromised. Public clouds also offer far less insight into where and how data is segregated and stored. In comparison, the private cloud is a technology environment that can be built by an outsourced provider or internally, and enables firms to access their own private virtual data center. Private clouds can be designed as single or multi-tenant. The multi-tenant approach utilizes shared infrastructure between multiple firms or departments, but with segregation within the infrastructure components through a variety of methods, such as physical, logical, data, network, or performance segregation. This model offers an enhanced level of security as compared with a public cloud model.
In a single-tenant private cloud, the client is designed a separate, private piece of custom designed infrastructure where all the data will sit and not be shared by other firms. The downside of this, of course, is a more expensive solution, as additional dedicated hardware is required for each new customer. Software upgrades are more complex to deploy and scalability is limited by the hardware available. X-as-a-Service Within the realm of cloud computing there are a number of different options, mainly separated into Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) which can be further split into Desktop-as-a-Service (DaaS), Storage-as-a-Service and Network-as-a-Service. In fact there are so many options that it is now widely referred to XaaS, or Anything-as-a-Service. SaaS is widely used and allows firms to subscribe to a service where they access software that is centrally hosted and managed, via the internet. Popular software applications include CRM solutions like Salesforce, but many niche software vendors now offer a SaaS delivery model for their compliance solutions, order and execution systems, research tools and risk management software. PaaS can be utilized effectively by firms with in-house developers who may be looking to build or trial new software applications, without building a test environment in-house. IaaS allows firms to completely outsource their IT environment to a data center that is owned and managed by an outsourced provider, such as RFA. In this case, clients are usually billed by the amount of resources allocated and utilized. If a completely outsourced model isn t suitable, firms can take DaaS facilities, using desktop virtualization, which allows users to access their desktop by logging into the corporate network via a web browser. In the event of a user s machine being lost, stolen or broken, a replacement
machine can be up and running immediately with no loss of secure data. RFA Private Cloud: A True IaaS Model With a true infrastructure as a service model (IaaS) model such as the RFA Private Cloud, firms are able to move all applications and data from on-site servers to a hosted model, resulting in predictable costs and a reduction in capital expenditure related to the management and maintenance of on-site network hardware. Cloud Security Achieving security in the cloud is imperative, but doesn t need to be challenging. Although many people remain concerned about maintaining appropriate cloud security measures, in recent years, cloud security solutions have become advanced to the point that pursuing a cloud strategy can be even more secure than utilizing on premise IT. The best way to mitigate cloud security threats is to be aware of them and to prepare for them appropriately. The most common cloud security risks include data privacy issues, such as data location and segregation, and privileged access control. However, by selecting the right cloud model for your business and by working with a reputable and trusted technology partner, you can ensure that you know where and how your data is stored, as well as the types of security measures that are in place. A top rate technology partner will help ensure maximum reliability and regulatory compliance by completely managing all maintenance and monitoring of the cloud infrastructure. With cloud management provided through a trusted technology partner, security patching can be automated, and all applications, such as email, CRM systems, trading platforms, and accounting systems, are kept up to date and running on secure systems within the service provider s infrastructure. In terms of cloud security, many hedge funds choose to move to a private cloud model to reduce the risks that can arise from the lack of transparency and customization associated with the
public cloud. Additionally, within the cloud there is the ability to control user privileges. Many cloud platforms allow administrators to monitor and review employee actions on the network, as well as block or make updates to control usage based on employee status. This helps mitigate the risk associated with data privacy, location, and segregation. When moving to the cloud, hedge funds should focus on four key areas to understand the level of security: the features that are built into the cloud provider s offering; how data is segregated from that of other users on the cloud; where the cloud provider s infrastructure resides and what type of hardware is used; and finally, who has access to the cloud provider s infrastructure and how these individuals are screened. Understanding which services are bundled into the provider s cloud will clarify the level of security that will be used to protect private data. Security features that are necessary for maintaining a secure cloud environment include web filtering, intrusion detection and prevention, data encryption, and multifactor authentication. standards to ensure compliance with regulations. When it comes to infrastructure, data should be housed in data centers that are designated as SAS70/SSAE16 Type II and SOC 1/2, as well as ISO 27001 certified. The data center should also adhere to all SEC/FINRA/FCA Disaster recovery (DR) and managed backup services are becoming an increasingly important part of cloud security. DR replicates data and technology functions in real time to an offsite location, and enables firms to restore operations to an offsite location quickly, preventing interruption to the workday if the event renders the primary worksite unusable. Managed backup services copy and archive files and folders in the case that the data is lost in the case of an incident, and is best utilized as a component of a DR strategy rather than as a standalone solution. Clouds that are built with security in mind using these enhanced features reduce the chance of many types of attacks, such as spear phishing attacks or advanced persistent threats, by allowing administrators to quickly identify and mitigate network abnormalities.
Why Choose RFA s Private Cloud? RFA s private cloud model offers convenience to hedge funds by providing a completely outsourced solution, including 24/7/365 technology and service support. There are several advantages to this type of setup for hedge funds, due to the inclusion of enhanced security features, such multifactor authentication and intrusion detection, disaster recovery to a geographically-diverse secondary data center, nightly data backups in which data is archived in the private data center environment, and consistent systems monitoring and reporting. RFA retains complete control over the RFA private cloud platform and managed services from end to end. The sensitive financial and customer data that hedge funds generate is also bound by data protection and regulatory compliance restrictions which dictate that the data be stored on-shore. RFA s private cloud uses local data centers, both primary and secondary, to ensure that all data is stored and processed locally, meeting the strictest country specific regulations, such as SAS70/SSAE1, SOC 1/2, and ISO certification. From a customization perspective, RFA s private cloud offers a variety of capabilities, including on demand server deployment, burstable computing, and the integration of custom and vendor applications. It can be completely built and modified to meet individual firm needs.