Despite the undoubted uptake in cloud platforms by global hedge funds over the last few years, with much written on the scalability and cost benefits, the perception remains that cloud usage invites data security risks. This is not market ignorance.
A cloud security report by Crowd Research Partners1 found that 91 per cent of cybersecurity professionals share such concerns. In its “Navigating a cloudy sky” report, McAfee2 noted that approximately 25 per cent of public cloud users have suffered data loss.
Hedge funds have to balance private versus public cloud usage and remain confident at all times that their data is going to be safe and secure. Indeed, with General Data Protection Regulation (‘GDPR’) now in play in Europe, assurances over personal data security cannot be overestimated.
So how should hedge fund professionals be sure that their cloud providers are up to scratch? What are the types of best practices they should be looking for?
Eze Castle Integration, one of the leading providers of cloud solutions and cybersecurity for the financial industry, has spent a lot of time thinking about this and recently published a white paper Cloud Security: Embracing Enterprise Innovation Without Risking it All – to highlight what some of those best practices are.
Security-first approach
First and foremost, a successful cloud migration hinges on taking a security-first approach to planning and implementation. Hedge funds should spend sufficient time at the planning phase to consider the assets or applications they plan to move to the cloud and how those items might become a target of cybercrime.
Additionally, IT teams should research possible cloud services providers and assess their respective data security protections. A key part of data security is built on strong collaboration between cloud providers and third party vendors, where both parties take a collective responsibility for protecting client data.
Grappling with access control
A second consideration relates to unauthorised access and underscores just how important it is for firms to manage the biggest data risk of all: human beings.
Eze Castle points out that malicious insiders were involved in approximately 28 per cent of more than 53,000 system attacks recorded in 2017, citing a Data Breach Investigations Report by Verizon Wireless3.
A lack of good login management practices permeates all industries and sectors and has to be addressed head-on by cloud providers to maintain security. This can be done by helping cloud users mitigate the risks by incorporating strict access controls, as well as Multifactor Authentication, within the cloud environment.
At the most basic level, this requires the use of preconfigured access management features included with most enterprise cloud services. The tools allow firms to dole out system access on a granular level.
However, employing these modules is not enough. IT teams and third parties tasked with managing governance strategies should have guidelines for granting access, particularly where it concerns matching permissions to user job duties. This way, firms can quickly identify when an employee is trying to access or download files that go beyond the scope of their role, which could indicate the early stages of malicious activity.
Install the right digital defences
Another key feature of maintaining a strong security posture is to put in place multi-layered protection. This can be broken down into three layers. The system-level defence layer protects the overall cloud infrastructure including networks, operating systems and connectivity systems.
The next layer of defence relates to application-level security. This layer relates to access control policies mentioned above. The third layer relates to data-level security and should act as the last line of defence against cyber attacks.
Eze Castle Integration points out in its white paper that while cloud-computing vendors are responsible for developing and deploying the data security features included in the first layer, internal IT teams or managed service providers must build out the two remaining layers of security.
A number of data security tools have proven effective over time including: access auditing; URL scanning; web filtering; system environment monitoring; multifactor authentication and email protection.
Applying these tools in a multi-layered defence should assuage hedge fund IT professionals that their data can remain secure within a hosted cloud environment and at least prevent small-scale data security issues metastasizing into something potentially serious.
Collaborate with best-in-class vendors
The largest public cloud providers are increasingly providing add-on features in an effort to be the single source for clients. While single source may seem appealing, it is unrealistic to think that one vendor can excel at all security and feature requirements.
A single vendor cannot be everything to everyone. Moreover, a single source strategy can result in increased risk due to a single point of failure.
“Given these reasons coupled with the complexity and rapid pace of technology change, it is recommended that firms follow a best-of-breed approach,” says Eze Castle Integration.
In Eze’s view, this approach gives firms more options to utilise the best feature sets from an array of solutions and ensure high levels of security.
Working with a managed service provider (MSP) that bundles public cloud features with other best-of-breed solutions (i.e. next-generation firewalls and other layers of security) is a successful strategy to get the best of both worlds.
By doing so, hedge funds can take confidence in knowing that the MSP will execute the necessary product testing to select the best vendor for each security layer and then manage the environment on an ongoing basis, 24/7, 365 days a year.
These best practices should help those thinking of migrating to the cloud and give them a framework within which to do proper planning. In the current environment, hedge funds can ill afford to take a reputational hit to their business because of poor cloud data security provisions.
To contact Eze Castle Integration for a consultation today, you can contact them: www.eci.com/contact/
Sources:
1. Crowd Research Partners, “Cloud Security Report,” 2018.
2. McAfee, “Navigating a Cloudy Sky,” 2018.
3. Verizon Wireless, “Data Breach Investigations Report,” 2018.
