Having investigated the security and regulatory implications of using either a third-party data storage provider or keeping data in-house, the report’s second section covers physical and cloud-based uptake as it stands within the hedge fund industry. We investigate the combinations of cloud and physical data centre solutions that managers are using, the various merits of each type, and the factors managers consider when making business decisions around data storage.
Hedge fund managers use many combinations of data centre types – in-house racks, third-party centres, both, or neither – but the factors driving their choices will not necessarily result in a model best suited to their needs. In this first section, the Insights team looks at the strengths and weaknesses of internal storage, data centres and hybrids, and the extent to which managers are prepared for the events and challenges that come with having a physical location for their data.
Migration to the cloud can be a daunting prospect, particularly for firms without in-house IT expertise, and knowledge of the challenges involved is essential. Whether it be moving past an internal bias towards physical rack space, ensuring one’s cloud configuration is compliant with all pertinent rules and regulations or finding the right provider, the challenges involved are many and diverse, but surmounting them can provide a hedge fund manager with a range of new and exciting possibilities.
Striving to build state-of-the-art cyber-defences is all well and good. But all is for naught if a manager cannot demonstrate the quality of those systems, procedures and practices to an increasingly savvy investor community and band of regulators. Investor due diligence questionnaires and regulatory exams are evolving with the times. In this final section, the report seeks to identify the areas of interest for third parties and the ways managers can prepare for their assessments.
After considering the different threats and where they come from, we will now assess the measures managers are taking to protect themselves. Best practice should include penetration tests by a third party, vulnerability suites or managed detection and response (MDR) systems, as well as traditional security measures. Staff education is also an area where those firms ahead of the curve excel, not only by administering tests, but by simulating attacks. After all, being prepared means being protected.
From malware and phishing to credential-reuse and DDoS, the types of cyber threat a hedge fund firm faces come in a rich variety of forms and pose a similarly wide range of risks. Knowing your enemy has rarely been so difficult. Not all cyber-attacks are created equal and not all hedge fund firms are equally affected. In this first section, we explore the types of cyber-threat having the biggest impact on hedge fund managers – the first step to building a suitable defence.