When beginning an evaluation of cloud services, it is imperative to understand the distinctions between the different types of cloud, as these can impact how your data is segregated, where and what type of infrastructure is used, and built-in features, such as disaster recovery, backup, and intrusion detection. As a hedge fund, it is even more important to remain conscious of these factors due to enhanced security and regulatory requirements relating to the data generated and handled by alternative investment firms.
When moving to the cloud, hedge funds should focus on six key areas to understand the level of security:
- What features are built into the cloud provider’s offering?
- How is data segregated from that of other users on the cloud?
- Where does the cloud provider’s infrastructure reside and what type of hardware is used?
- Who has access to the cloud provider’s infrastructure and how are these individuals screened?
- Is the cloud truly private with client segregation and private directory or is it a multi tenant cloud privately owned?
- Who is involved in the supply chain (front to back), is the provider reselling, who owns the Data centre, who provides the provider?
Understanding which services are bundled into the provider’s cloud will clarify the level of security that will be used to protect private data. Security features that are necessary for maintaining a secure cloud environment include:
- Web filtering
- Intrusion detection and prevention
- Data encryption
- Multifactor authentication