December 16, 2020 | Blog
Cybersecurity and the Cloud: What Asset Managers Need to Know
By Dan Groman, Head of Technology, Enfusion
Cloud-based solutions have been steadily gaining traction for more than two decades as they offer speed of innovation, resilience, cost efficiencies and more streamlined computing. According to IDG, enterprises’ cloud spend has increased by nearly 60 percent in the last two years and currently totals $73.8M.
Despite those gains, the asset management industry still lags other sectors in cloud adoption in spite of all of the core benefits. That is starting to change, however, as the pandemic prompted many asset managers to fast track their migration to the cloud.
And, even among those who have bought in to the cloud’s many benefits, questions and misconceptions still remain around the technology. As a cloud-native solution, Enfusion and our team of engineers are often asked: how secure is the cloud?
The short answer is that security is an inherent benefit of the cloud. In fact, the security advantages were a key factor in many organizations’ decision to adopt cloud-based solutions while operating remotely during the current pandemic. Tech teams at those asset management shops that recently adopted the cloud had three key priorities: 1) maintain strong operations in a high fidelity manner, 2) support internal data sharing and collaboration, and 3) shore up online security to ensure the safety of sensitive financial matters across employees’ various private networks.
When it comes to the security of the cloud, part of the confusion boils down to terminology and misconceptions about different cloud models. In this article, I will outline the primary cloud-based models and the cybersecurity considerations for each.
Understanding Different Types of Cloud Solutions and Cybersecurity Considerations
Public cloud: A shared ecosystem
This is what most people first envision when they think of “the cloud.” The big three names in public cloud are Amazon Web Services, Microsoft Azure and Google Cloud Platform. Public cloud providers own and operate core infrastructure, including hardware, software, servers and storage; public cloud resources are delivered over the internet.
Any company or entity can pay for access to a public cloud, whose infrastructure is shared among other cloud tenants. With public clouds, tenants can benefit from cost efficiency, on-demand scalability and high reliability without having to purchase hardware or software or do maintenance work.
But while each tenant provisions their own resources, public clouds are inherently using underlying shared resources. Any mistakes, attacks, or data center outages could compromise firm data. Often, cybersecurity breaches on a public cloud are a consequence of human error and misconfiguration. Accidentally changing the sharing settings on a sensitive file, for example, could lead to inadvertently making confidential information accessible to the public.
While a public cloud infrastructure may work for certain industries or companies, private clouds may offer a more ideal solution, especially when it comes to total firm control and security.
Private cloud: Controlled environment, hosted by a trusted partner
A private cloud, also known as an enterprise cloud, provides many of the same zero-footprint benefits as public cloud computing, but is set up in a more controlled environment, often with higher levels of security and control. In vendor-hosted private clouds, the vendor acts as a single administrator and can provide higher levels of service and support than a public cloud vendor might.
Cloud environments are often used to offer clients a Software as a Service (SaaS). In this model, the SaaS providers host (private) and/or manage not only the underlying IT infrastructure, but also software applications delivered through the internet. For example, Enfusion hosts the majority of its SaaS platform that services our asset management clients, on-prem through its fully operated private cloud.
With a SaaS model, clients simply subscribe to the service and bring users online. SaaS providers deliver easy implementations; effortless, built-in upgrades; and on-demand scalability. Private cloud environments can also be easier to customize in order to meet specific business, IT and security requirements. Studies further show that SaaS delivered via private cloud is the fastest growth area with increased IT spend being allocated in this direction. In fact, Gartner forecasts that the SaaS market’s growth in 2020 could reach $104.7 billion.
Hybrid model: A popular choice for asset managers
Most organizations use a hybrid cloud configuration, or a combination of public and private clouds to meet their hosting needs. In fact, enterprises leverage about five different cloud platforms, on average.
According to Flexera, 45 percent of large enterprises used a hybrid cloud solution in 2019 and preference for that model is expected to continue. Nearly all (95 percent) of enterprises believe security is an important factor in hybrid cloud decisions, a 451 Research study found. We expect hybrid models to continue to be a popular choice, with a higher dependence towards private cloud to meet their growing needs.
Asset Managers See Cybersecurity as a Top Benefit of the Cloud
Across the board, cloud-based models carry added cybersecurity benefits. Cloud providers working within the investment management sector are often SOC 2-certified, providing extra assurance of data security and controls. Whereas asset managers might have a small internal technology team, vendors have large, dedicated teams of people with in-depth cybersecurity expertise and a dedicated focus on supporting the system’s security and integrity.
Research shows the benefits of the cloud are tangible. We recently completed a survey with global hedge fund managers and of those who are fully-cloud-based, 72 percent reported improved data security and two-thirds noted cybersecurity improvements. Beyond cybersecurity, 100 percent of cloud-based managers reported increased operational efficiency as a result of migrating to the cloud.
Cloud adoption brings significant opportunities for asset managers, but there are a lot of different avenues and options for firms to explore before making the migration. As the COVID-19 pandemic accelerates asset managers’ adoption of the cloud, it’s critical that leaders factor cybersecurity into their migration plans.
April 28, 2021
Tech Debt: The Vicious Cycle of Legacy Tech in Asset ManagementBy Thomas Kim, Chief Executive Officer, Enfusion There’s a “tech debt” crisis in the asset management industry. Every year, the… Read More
April 14, 2021
Global Trading Podcast W/ Terry Flanagan & Thomas Kimhttps://www.fixglobal.com/globaltrading-podcast-tech-debt-on-the-buy-side/ Key Takeaways: Why is tech debt important? Describes what legacy systems firms are plagued with when they cannot evolve… Read More
March 17, 2021