As discussed, the principals of many established hedge fund firms are weathering a perfect storm of cumbersome legacy technology and archaic mindsets, making it harder to shift to the progressive infrastructure a modern asset management firm needs. Breaking down the results of our survey of hedge fund managers by firm longevity we see that the vast majority of firms utilising only the cloud were established after 2010 (Exhibit 3.1). These newer shops were also far less likely to employ only physical data centres, with just 6% of firms established after 2010 doing so, compared to 60% of firms founded prior to 2001, marking a clear trend towards cloud adoption among younger firms.
The middle group – firms established between 2001 and 2010 – present a notable split, with a little under half of these respondents (44%) utilising only physical data centres and a little over half (56%) using both physical and cloud solutions. This is the transitional group, where infrastructure and managerial mindsets are at a tipping point. Firms established between 2001 and 2010 and not yet making use of the cloud are likely being held back by issues of cost rather than legacy technology. This is understandable, but short-term pain might be necessary to secure a long-term future.
How long can the status quo last?
Our survey also asked managers how long they expected their current data storage configuration to meet their requirements. Over 60% of respondents expect to update their data storage set-up within five years, while 11% thought that their current configuration would last less than a year (Exhibit 3.2). One CTO interviewed by the team said that he could not predict his data storage needs beyond 18 months, as the amount of data used increased ever further, while another said that his firm was having to reconfigure its data storage set-up every six months just to keep up. HFM expects that over the next five years – as older managers re-evaluate their data storage requirements, new firms are established, and managers and investors become increasingly comfortable with the cloud concept – the proportion of managers employing only cloud-based solutions will grow exponentially.
Hurdles to cloud comfort
This final section is an opportunity to present the main issues firms encounter in making the transition to the cloud and provide suggestions on how to overcome them. Through our research, we identified a raft of problems which firms have experienced, but there were four key hurdles which stood out:
1) The psychological hurdle – overcoming one’s own reservations about the cloud to make the most of the array of services on offer
2) The regulatory hurdle – ensuring one’s data storage configuration complies with all the regulatory and legal requirements in place and does not fall foul of the regulator or the law
3) The technical hurdle – making sure one has the proper technical expertise and technological infrastructure in place to accomplish a successful transition
4) The vendor hurdle – finding a provider one can work with and who will deliver a decent service at a reasonable rate
#1 The psychological hurdle
The first hurdle any firm must overcome before migrating to the cloud is psychological. As we saw in the first section of this report, many hedge fund managers remain reluctant to relinquish the control they feel they have via in-house physical servers. With the cloud, the choice between a public and private vendor has created an additional psychological hurdle – and not just for asset managers. Is a public server less secure than a private one? “Perception is the biggest problem,” one CTO said. “Going from a server to a private cloud is a much smaller step and far easier for investors to accept.”
Managers still nervous by the concept of the public cloud should turn their gaze inwards. The bigger risk is not a flawed third-party concept, but poor internal governance. In 2016 the UK’s National Cyber Security Agency, a division of the British intelligence organisation, GCHQ, published its 14 Cloud Security Principles, which included the need for a “governance framework which coordinates and directs its management of the service and the information within it.” The real challenge with respect to data security is not where the data is stored per se, but the redundancies that are in place, the encrypting of the data itself and the cyber-security policies adopted by the firm in question.
Surprising cloud users
Our research suggests that the vast majority of managers accept that, as a concept, the best public cloud solutions are no less secure than private cloud solutions (even if some investors are playing catch up). Indeed, one consultant interviewed claimed that many of his hedge fund clients were “bypassing the private cloud entirely and going straight to the public cloud”. Among all survey respondents that use the cloud, the proportions using public and private solutions were effectively split 50/50 (Exhibit 3.3).
If anything, the bigger adopters of public cloud solutions were not those one might expect, with our survey suggesting higher usage rates among quant firms and managers established before 2008 than discretionary and emerging managers. What is driving these trends? When deciding between public and private cloud solutions, a manager must choose the cloud solution that suits its needs. Private clouds may offer a more bespoke solution and give the end user more control over their data, but public cloud platforms offer a range of advantages, not least in cost terms. It may be that quant and older firms are using the cloud as a secondary solution, in addition to expensive physical servers, and thus more likely to choose a cheaper, public offering.
Public cloud limitations?
However, managers of all types are uncomfortable using the cloud for certain functions. As we see from Exhibit 3.4, while many firms use both public and private cloud to operate middle and back office functions, far fewer use public cloud systems for front office or execution functions. This is despite the potential upside from moving said functions to a public cloud system, demonstrating the ongoing reluctance of firms to move key processes and store data in public cloud platforms.
Overcoming one’s own reservations, while easier said than done, is the first and most important step on the path to a successful cloud migration. HFM Insights expects that as the cloud becomes ubiquitous in people’s daily lives, through the proliferation of personal data and its storage in the cloud, the concept will permeate businesses too, as investors and heads of IT deem it an acceptable means of data storage. Nevertheless, CTOs, heads of IT and COOs must ask themselves whether they do have a mental block in relation to the cloud and consider whether this is preventing them from taking a leap, which may have a significant positive impact on their business.
#2 The regulatory hurdle
Despite its ubiquitous presence, the regulation surrounding data storage does not seem to be a concern for managers, with very few survey respondents identifying it as a key consideration when choosing a physical or cloud-based data storage solution (Exhibits 2.2 and 2.3). However, with the impending implementation of new regulatory regimes such as GDPR, Mifid II
and NISD, a key aspect of managing the transition will be to account for the various regulatory requirements and ensure one’s data storage configuration is compliant.
Current FCA guidelines on cloud usage remind firms that they must consider which cloud solution would better allow them to comply with the various legal and regulatory requirements they are beholden to, whether that be public or private. In 2015, research from Behind Every Cloud found that just 21% of private cloud providers in the UK offer services compliant with UK Finance’s best practice guidelines.
UK guidelines, US regulations
While the FCA has issued cloud guidelines, the SEC has firm regulations in place surrounding cloud data storage, including the so-called ‘safeguard rule’. One US-based investment firm fell foul of this in 2015 and was fined $75k for a data breach connected to its cloud systems, which leaked ‘personally identifiable information’ on around 100,000 individuals, including the firm’s own clients. Both the FCA and the SEC regard cloud services as a form of outsourcing, and hence it is the responsibility of the investment manager to monitor how and where any data is uploaded, stored and distributed, not that of the cloud provider, making careful assessment of a provider’s security procedures essential.
One US-based CTO interviewed by the team had used a security ratings provider in order to compare the security and reliability of their data storage provider. Various firms operate in this space including Avanan, BitSight and
SecurityScorecard and give a company a rating based on their cyber-security and benchmark them against their peers, these ratings can then be used when taking out cyber-insurance or simply when choosing between providers – a handy tool for the busy CTO.
#3 The technical hurdle
Another key consideration is the technical expertise and infrastructure a firm already has in place. Most smaller businesses at least have found transitioning to the cloud largely problem-free, but poor employee training, poor transition/integration and poor technical support have been cited as potential stumbling blocks (Exhibit 3.5). Ensuring one has the correct systems knowledge in place, and that employees are fully prepared for the switch are easily managed, if time-consuming, tasks.
As demonstrated in last month’s Cyber Security Insights report, almost three-quarters of our survey respondents conduct in-house training sessions or one-on-ones on cyber-
security. For firms making the transition to cloud, such a setting would be a good opportunity to educate staff on the new systems and what the transition itself entails. Ensuring that all staff are aware of the ins and outs of the new set-up is key, as the point of migration can be the time when a firm is most open to a
cyber-attack and the internal threat of someone clicking on the wrong thing is the greatest cyber risk of all.
Cyber threats during migration
Indeed, as we learned during our research, one of the few examples of a hedge fund firm being on the receiving end of a full-scale, ‘successful’ cyber-attack, was when a manager was being spun out of another larger firm and was migrating its systems to a new platform. CTOs, COOs and heads of IT, therefore, should be especially vigilant during the migration process.
Another technical bugbear among CTOs interviewed was the need to install physical equipment in one’s office to connect to cloud systems, partly negating one of the key benefits of the cloud: not needing to install expensive physical infrastructure, such as cooling systems, redundant power connections and so on. In this regard, it is important to compare the technical requirements of the different cloud vendors and consider whether they are fulfilling their purpose, i.e. making your life easier.
#4 The vendor hurdle
Ultimately, a successful cloud migration will hinge on finding the right cloud provider. It is here that the other aspects of the transition come together, whether it be finding a provider whose service complies with the regulations a manager operates under and can be easily integrated with the firm’s existing technology, to ensuring that the provider’s security and connectivity are rock solid.
Several managers the Insights team interviewed complained that although they had a defined service level agreement (SLA) with their provider, the level of service they received in reality fell short of what was outlined in said agreement. In this respect, the greater degree of control and support afforded by the private cloud, meant that some managers were holding off on a move to a public cloud platform. As one CTO told us, “the biggest concern is that you just become a number.”
Here we see how essential finding the right vendor can be. One manager interviewed had shifted their cloud storage to Amazon Web Services (AWS) from a hedge fund specialist private vendor after receiving suboptimal service. Other managers too cited AWS, as an example of a public provider with a strong service level and pricing “in line with what you’re getting”. As noted in the previous chapter, the market for data storage is a buyer’s one, meaning hedge funds are in a strong position to renegotiate with any provider taking liberties over the level of service.
Reaping the rewards
For those who do manage a successful transition to the cloud, the benefits are manifest. These include greater scalability, faster access to data and the ability to bolt on applications at any time after adoption. Indeed, the longer a firm has been using the cloud, the greater their satisfaction with the cloud in general, a 2017 survey from RightScale found.
One Hong Kong-based manager interviewed by the team was considering migrating his firm to the cloud to make use of the enhanced computing power to conduct financial modelling and test investment strategies. Almost half the respondents to our survey either do this already or were considering doing so (Exhibit 3.6), leaving half that were not considering such a move. Here we see a clear example of where firms could benefit from the power of the cloud, as modelling times can be reduced from days to hours or from months to weeks.