Hedge fund data: a business that is torn between two radically different forces. On the one hand, there is the instinct to share data in order to improve transaction processes: fund managers and investors demand open networks from service providers like administrators, while the service providers themselves are working more closely together, communicating information between the critical parties to a transaction into a hedge fund.

On the other hand, the exposure of networks creates opportunities for cyber crime with the attendant reputational risk this entails.

How then, can fund managers, investors and service providers reconcile the conflicting demands of cyber security with the obvious cost savings offered by outsourcing and the use of the internet to deliver mission critical data? How can we be confident that orders are being securely managed between counterparties when we are being asked to interact with different firms with varying levels of cyber security protocols?

In Comada’s three part series on cyber security, we’ll be looking at some of the critical issues that the alternative funds industry needs to address as a matter of priority. In this, the first instalment, we look at what need to be included in a cyber security policy.

Your cyber security policy – are you ready?

Being aware of the risks is a continuous exercise: Comada, as a provider of secure solutions, communicates regularly with experts who can provide up to date guidance and planning. Strategies are also developing within the hedge funds industry to limit bilateral connectivity, thereby reducing cyber crime risks.

We understand that investors and managers face a rapidly changing security situation. On top of that, regulators and operational due diligence professionals are adding cyber security to the list of business items they wish to inspect. Lack of an informed and enforced policy will create problems for firms in the very near future.

Here are some guidelines to good cyber security policy practice:

• Ensure your policy is prepared in consultation with external professionals, and that it is detailed, including organisation and staffing issues, and how it applies to your clients and across your organisation. Make sure it includes who is responsible for ensuring security, how staff are expected to comply, how you vet personnel, what your password protocols should be, and how you ensure secure access to email, VPNs and your servers.
• Make sure your staff are properly trained: human error is frequently the source of problems, regardless of how tight your policies are. How is desktop software updated? How is anti-virus software installed and updated? How is this process managed, and how much is the individual employee expected to do?
• It is important that external vendors are made aware of security policies, and that they can adhere to these. They should be aware of their responsibilities under the policy.
• As Software As A Service (SaaS) has become an increasingly relevant solution for participants in the industry, your policy should make sure that it incorporates your SaaS vendors, and that they can respond effectively to your regular security audits and are able to implement their services securely.
• Cyber security threats are not simply external – internal data management is also critical. Drafting a policy may also be an opportunity to re-visit internal access protocols. Firms should be aware of who among their employees has access to different pieces of data. Should all your employees have universal access to all your data? Why? Your security policy should govern who has access to software and data and that this cannot be acquired by mistake. This may be harder to achieve in smaller firms like individual hedge funds or family offices, but it can be useful to leverage SaaS applications that have been developed for larger firms, but are now within the price range of the smaller market participant to use.
• Like driving a car, where you partly rely on the competence of other road users, you must still be vigilant. Make sure your policy covers the standards you expect of the firms you deal with, that they are reputable and that they vet their own staff.

In our next bulletin we will look at some of the practical applications available for firms in the alternative investment industry that want to make themselves more secure. How does this all work in practice?

If you would like to receive regular updates from Comada or are interested in speaking to use about our SaaS applications for hedge fund investors, administrators, custodians and TAs, please contact Stuart Fieldhouse (Europe) – sf@comada.com, or Dave Shastri (North America) – ds@comada.com or call +1 441 234 4300.

Migration of servers to new high security platform will offer clients more flexibility in their operational choices.

Hamilton, BERMUDA, July 2012: Comada, the provider of transaction-driven software solutions for investors in hedge funds, has migrated its servers to a new next-generation data centre hosted by QuoVadis Services Limited. The new Infrastructure-As-A-Service (IaaS) platform will bring considerable advantages to Comada’s customer base, including users of Comada’s award-winning M.A.T.ware software.

The new platform has been built using the latest generation networking equipment, high speed SAN for data storage, and servers designed for high density CPU and memory. It enhances the levels of security Comada can now offer its clients, with options for either multi-tenant or dedicated infrastructure. The platform also supports Comada’s programme to offer clients more flexibility in the way they use Comada technology.

Said Rupert Vaughan Williams, co-founder of Comada: “Security is a key requirement for today’s fund managers and their investors. With QuoVadis we are still able to offer clients robust solutions when compliance requirements mean they are unable to host software or data in a multi-tenant environment.”

Comada’s M.A.T.ware software is designed to be highly scalable, allowing it to be seamlessly deployed across a multi-tenant environment, along with highly configurable reporting features for fund managers and investors. Its scalability for both small and large firms in the alternative investments space requires a hosting environment that can meet the most stringent technological due diligence criteria.

Said Gavin Dent, CEO of QuoVadis Services (QVS): “QuoVadis has provided IaaS hosting to Comada for eight years, working with the company to support their fast growth and technology evolutions. By focusing on the performance, availability and security of the underlying platforms, QVS allows Comada’s team to focus on evolving the software at the heart of their services.”

About Comada
Comada is a global technology company specialising in building and implementing software solutions for the alternative investment industry. In particular, Comada’s flagship M.A.T.ware product delivers an unprecedented level of interconnectivity and transparency to the portfolio management and STP process in the alternative investments space. Praised for its flexibility, M.A.T.ware can be scaled to suit the needs of family offices as easily as large custodian banks. M.A.T.ware is already being used by custodians, fund administrators and funds of hedge funds. For more information, please go to www.comada.com.
About QuoVadis

Founded in 1999, QuoVadis Limited is an Internet security provider with operations in Switzerland, Netherlands, the United Kingdom, and Bermuda. The company is a global provider of digital certificate and digital signature services used to enhance privacy and confidentiality, data integrity, and strong authentication over the Internet. Drawing upon the company’s experience and investment in high performance datacenters, QuoVadis Services Limited (QVS) provides secure collocation, virtual hosting, and disaster recovery services to international organisations. For more information, please go to www.quovadis.bm.