Risk Guide Snapshot
This spring, we published an updated risk management guide for alternative investment sector firms following our ever successful lunch series at Claridge’s. There are several internal and external threats you should be aware of as a hedge fund, ranging from which technology provider you enlist to which type of technology infrastructure you select. One of the first decisions a hedge fund will need to make is what type of technology environment they’d like to pursue. Typically, the choice comes down to choosing between an onsite technology environment and a cloud environment. In today’s post, I am highlighting a little preview of our guide’s section on cloud security.
For many hedge funds, cloud technology offers several benefits that traditional on premise infrastructure systems do not, such as reduced capital expenditures, increased flexibility and scalability to meet changing business needs, and even enhanced security features. The shift from up-front capital expenditure associated with software licenses and hardware costs to the more controllable operational expenditures of monthly and annual contracts provides predictability from a financial perspective. It is important to remember, however, that not all clouds are created equally. When evaluating a move to the cloud, there are still several misconceptions around the cloud, which can hold firms back from pursuing a cloud strategy, or cause them to select the wrong cloud model.
When beginning an evaluation of cloud services, it is imperative to understand the distinctions between the different types of cloud, as these can impact how your data is segregated, where and what type of infrastructure is used, and built-in features, such as disaster recovery, backup, and intrusion detection. As a hedge fund, it is even more important to remain conscious of these factors due to enhanced security and regulatory requirements relating to the data generated and handled by alternative investment firms.
When moving to the cloud, hedge funds should focus on six key areas to understand the level of security:
- What features are built into the cloud provider’s offering?
- How is data segregated from that of other users on the cloud?
- Where does the cloud provider’s infrastructure reside and what type of hardware is used?
- Who has access to the cloud provider’s infrastructure and how are these individuals screened?
- Is the cloud truly private with client segregation and private directory or is it a multi tenant cloud privately owned?
- Who is involved in the supply chain (front to back), is the provider reselling, who owns the Data centre, who provides the provider?
Understanding which services are bundled into the provider’s cloud will clarify the level of security that will be used to protect private data. Security features that are necessary for maintaining a secure cloud environment include:
- Web filtering
- Intrusion detection and prevention
- Data encryption
- Multifactor authentication