There has been plenty of talk about where businesses are headed into the New Year, but little has been said on the best way to get there. Cloud services, bring your own device (BYOD) policies and disaster recovery plans are among the hottest topics, leaving security managers with new challenges, and even bigger questions.
With a market place exploding in competition and niche vendors for every industry, hedge funds and other investor firms have their pick of services. And while the bar on user interfaces and customer service has risen that hasn't detracted from issues of security, making firms a little wiser each day about the questions they pose to vendors.
"They are digging deeper," says Bob Guilbert, managing director of Eze Castle Integration, a hedge fund IT and private cloud services vendor.
Nine out of ten firms are adopting cloud platforms to simplify their operations and for cost predictability, he explains, but security is still one of the biggest hurdles. People are now examining the tools out there and proactively monitoring services on premise or on cloud environments to see if they're highly defended.
"Clients have started performing vulnerability assessments for any holes or opportunities for rogue attacks to occur. Couple that with a network or security operation service with proactive monitoring intrusion detection systems (IDS) to basically see if anyone is trying to hack in and unlawfully gain access to the cloud environment. "That is a proactive approach that funds and investors in the enterprise data quality (EDQ) process are asking about to make sure their assets are protected."
It's not uncommon for potential clients to ask cloud vendors questions like, "When was the last vulnerability assessment? How did it go?" and "Are intrusion detachment systems in place?" It wasn't so long ago these questions ended at "Do you have spam filtering? Antivirus?"
In 2014 it's anticipated there will be more activity around disaster recovery and business continuity plans. Security officers want to know what their vendors are going to do with their data, and what their plans are, and what plans should be taken in case of a storm like Hurricane Sandy, or even the recent cold weather snap.
Outages, fire, flood, whatever it is, investors are demanding a recovery plan. More than that, they ask how often vendors have asked if they tested those plans, how often, and what were the results. "People are actually asking this question now," says Guilbert.
"There's a definite trend here. While there are have always been higher level expectations for funds, now there's greater due diligence about underlying components of what tech providers are using, How resilient are data centers, do they have their own disaster recovery testing? Multiple points of entry? Power backups, and other things along those lines. The investor is becoming more savvy in what underlying technology service providers use."