Hedge fund moving to the cloud? Read our blog post for the four questions you must ask your IT provider when moving to the cloud.
In recent years, cloud technology has received attention due to many hedge funds and investment management firms moving to the cloud. Depending on particular business needs, cloud technology can offer hedge funds several benefits that traditional on premise IT systems do not, including reduced capital expenditures and increased flexibility and scalability to meet changing business needs. When it comes to evaluating a move to the cloud, however, it’s important to remember that not all clouds are created equally. There are several questions you should ask to ensure that your cloud environment will be adequately protected and operate at peak efficiency. Read on for the top four questions you should ask your IT provider when evaluating a move to the cloud.
Built-in Value: Which features are built into your cloud provider’s offering?
Understanding exactly which features are built into your provider’s cloud will enable to you to comprehend not only the value that your firm will gain from a cloud move, but also the types of security features that will be used to protect your hedge fund’s private data. Security features that should be included within the cloud range from intrusion detection to multi-factor authentication. These features are a necessary part of maintaining a secure environment, but purchased separately can be costly. Make sure that your cloud provider includes these features as part of their standard cloud offering:
Web filtering: allows firms to implement comprehensive web access policies and granular permissions for specific groups and users
Intrusion detection and prevention: allows for real-time monitoring of networking and prevents system attacks
Data encryption: enables protection of a firm’s most confidential assets by encrypting network files and email traffic
Multi-factor authentication: allows for additional security when accessing cloud resources, and is more secure than simply using passwords
Data Segregation: How is your data separated from that of other users on your provider’s cloud?
Not all clouds are created equally. When evaluating a provider’s cloud, ensure that you understand exactly how your data is separated from other users’ information. In a public cloud environment, data sits in a shared environment alongside that of other firms. In comparison, private clouds can be architected as single or multi-tenant, with multi-tenant environments being segregated by different methods, including physical separation, logical separation, data separation, network separation or performance separation. It is important to establish upfront with your cloud provider the model that will suit your firm’s requirements. Based on enhanced security and data protection needs, the private cloud is often a better fit for hedge funds.
Private Cloud Infrastructure: Where does your cloud provider’s infrastructure reside, and what type of hardware is used?
In a cloud model a hedge fund’s data is typically housed in a data center. Ensure that you know where it is located, as well as the security and compliance designations that accompany that data center. FHedge funds should make sure that their cloud provider’s data center is designated as SAS70/SSAE16 Type II and that it adheres to SEC/FINRA/FCA standards in order to ensure maximum reliability and regulatory compliance. In some countries there are additional regulations around the geographical location of data, so ensure your cloud provider isn’t storing your data overseas.
Employees: Who has access to your cloud provider’s infrastructure, and how are these individuals screened?
While it is impossible to completely eradicate human error, cloud providers can take specific steps to ensure that security incidents are minimized. Employees of the technology provider that are able to access the cloud environment should pass through a rigorous screening process that ensures security for your firm. Your cloud provider should also have policies and procedures in place to educate staff and prevent human factor data leaks.