When it comes to your hedge fund, ensuring that you maintain the perfect blend of productivity and security for your workforce is imperative. And in today’s technology landscape, many workers are using a variety of devices to work on files, including tablets, desktops, laptops, and smartphones. Many firms are investing in cloud based file sync and share solutions to enable users to access all of their files on any device, but it is important to keep in mind that not all of these services are created equally from a security perspective. Consumer-grade file sync solutions (referred to as CGFS solutions) pose many challenges to businesses, especially hedge funds that place a strong emphasis on control and visibility over company data. Read on to learn six of the biggest risks to hedge funds that come from using consumer grade-file sync services.
The Security Risks of Consumer Grade File Sync Services for Hedge Funds:
Data theft: Most of the problems with CGFS solutions emanate from a lack of oversight. Hedge funds employing these solutions do not have visibility into when an instance is installed, and are unable to control which employee devices can or cannot sync with a corporate PC. Use of CFGS solutions can open the door to company data being synced (without approval) across personal devices. These personal devices, which accompany employees on public transit, at coffee shops, and with friends, exponentially increase the chance of data being stolen or shared with the wrong parties.
Data loss: Lacking visibility over the movement of files or file versions across end-points, CFGS solutions improperly backup (or do not backup at all) files that were modified on an employee device. If an end-point is compromised or lost, this lack of visibility can result in the inability to restore the most current version of a file, in addition to any version.
Corrupted data: Silent data corruption continues to be a threat for hedge funds. While many businesses trust their cloud solution providers to make sure that stored data maintains its integrity year after year, most CGFS solutions don’t implement data integrity assurance systems to ensure that any bit-rot or corrupted data is replaced with a redundant copy of the original.
Compliance violations: Since CGFS solutions have lenient file retention and file access controls, you could be setting yourself up for a compliance violation. Strict regulations within the alternative asset industry require that files be held for a specific duration and only be accessed by certain people; in these cases, it is imperative to employ strict controls over how long files are kept and who can access them.
Loss of accountability: Without detailed reports and alerts over system-level activity, CGFS solutions can result in loss of accountability over changes to user accounts, organizations, passwords, and other entities. If a malicious administrator gains access to the system, hundreds of hours of configuration time can be undone if no alerting system is in place to notify other administrators of these changes.
Loss of file access: Consumer-grade solutions don’t track which users and machines touched a file and at which times. This can be a big problem if you’re trying to determine the events leading up to a file’s creation, modification, or deletion. Additionally, many solutions track and associate a small set of file events which can result in a broken access trail if a file is renamed, for example.
Consumer-grade file sync solutions pose many challenges to hedge funds that care about control and visibility over company data. It’s important to keep in mind that by allowing employees to utilize CFGS solutions, you open the door for massive data leaks and security breaches at your hedge fund. To deal with this issue, many hedge funds discourage employees from using their own personal accounts for sharing files across multiple devices. But while blacklisting common CFGS solutions may curtail the security risks in the short term, employees will ultimately find ways to get around company firewalls. The best way for your firm to handle this issue is to deploy a company-approved application that will allow IT to control the data, yet grants employees the access and functionality they feel they need to be productive.