Cybersecurity for Hedge Funds: Safeguarding the Technology Stack

In recent years, technology has completely transformed the investment landscape and process, reshaping how financial firms approach investing. Technology has greatly impacted how hedge funds operate, creating easier access to information and automating trading decisions. These advancements also come with great challenges, particularly when it comes to cybersecurity. 

Using data-driven insights has allowed traders to quickly analyze potential investments. New algorithmic trading systems are able to analyze large quantities of data in just seconds, allowing investors to react to fast-paced market events and take advantage of short-term opportunities. 

Another aspect in which technology has improved the investment process is with financial planning software which allows companies to monitor and analyze their financial data and look at cash flows with a click of a button. Simplifying how we can access our financial data has also allowed financial firms to work outside the office, especially post-pandemic.

Research from Deloitte suggests that 92% of investment management firms are implementing, or are planning to implement technologies that enable their people to work from anywhere. Social distancing and remote working environments increase the need for seamless two-way communication across multiple digital channels. 

Having your financial data uploaded and readily available does come at a significant cost to your private data security.

Now, more than ever, financial institutions have to ensure that their IT infrastructure can handle the changing requirements and regulations for the industry, but also bolster their systems with proactive and agile platforms that can respond to threats quickly and efficiently. Having a trusted managed service provider (MSP), like Thrive, can help keep all of your data secure and keep your firm up to date with ongoing training and compliance.  

Thrive’s Financial Operations Platform manages the full investment lifecycle through front, middle, and back office via our single custody private Cloud. Our Financial Operations Platform enables organizations to put investors at ease, as well as serves as a comprehensive tool during a potential regulatory or registration process with the SEC, FINRA, SIPC, MSRB and NFA.

Implementing robust cybersecurity practices, staying informed about emerging threats and creating a risk mitigation plan, and fostering a culture of security awareness amongst your firm, are essential for navigating this evolving tech landscape safely. Striking a delicate balance between technological innovation and a safeguarded cybersecurity plan, the financial industry can continue to thrive in this digital era.

 

5 Ways Healthcare Organizations Shine in the Cloud with Thrive

Did you know that 81% of healthcare executives say the pace of digital transformation for their organization is accelerating? In addition, 93% report they are innovating with a sense of urgency and call to action.

More Healthcare organizations are using the Cloud to process enormous amounts of healthcare data with real-time access to medical information.

However, despite the growing popularity of Hybrid Cloud deployment, many hospitals still use outdated software systems that have been patched repeatedly.

That’s why healthcare providers are turning to Thrive to tap into the full potential of the Cloud while maintaining compliance and security and reducing costs..

Take your healthcare organization to new heights with Thrive.

  1. Reduced CapEx Spend  When partnering with Thrive, your healthcare organization won’t need to pay upfront costs for expensive infrastructure and hardware. Thrive also helps you eliminate hidden operating costs and reduces downtime to keep your business running.
  2. Efficiency Hybrid Cloud delivers flexibility and can be engineered to meet all HIPAA and HITECH compliance requirements. It reduces overlap in processes and provides a necessary update to legacy infrastructure.
  3. Enhanced Regulatory Compliance Healthcare organizations need to meet reporting and risk assessment requirements, and Thrive’s experts can help your organization be agile without sacrificing safety or compromising compliance. Thrive performs a risk assessment and provides strategic IT consulting services to ensure a fully customizable Cloud migration plan is designed and executed.
  4. Advanced Cybersecurity As healthcare business systems grow in complexity, there is an increased risk of vulnerabilities, exploits and security breaches. Thrive’s comprehensive Cybersecurity solutions protect your business, uncover, and mitigate risks and meet stringent regulatory requirements. Our security-first Cloud approach is flexible and economical, provides specific, actionable information and is backed by a 24x7x365 Security Operations Center.
  5. Disaster Recovery
    Hospitals, health systems, and doctor’s offices cannot afford critical infrastructure failure, security breaches or human error. Data backup and security are essential, as well as a disaster recovery plan (DRP). When networks go down, or cyber-attacks occur, Thrive provides Cloud-based recovery so your healthcare organization can resume IT operations rapidly with minimal or no data loss.

Thrive gives healthcare organizations peace of mind with a comprehensive, proactive security strategy with technology solutions. Read more in our recent industry brief here.

 

Click here to contact us today to solve and manage your healthcare organization’s Cybersecurity and Cloud needs.

ThriveCloud
Enabling Remote Workforce and Business Operations to be Scalable During COVID-19 and Beyond.

As businesses and organizations around the world were forced to move their employees to work remotely, many were not truly prepared for what is required to make that transition while maintaining seamless operations.

As a result, businesses found themselves scrambling to get corporate laptops into the hands of key personnel, while others encountered supply chain issues that reduced stock at both large suppliers and local electronic chains. Each company, no matter what their size was faced with managing internal software and access requirements. But, how do you translate this at scale? How do you ensure that your employees can work anywhere, anytime, and on any platform available? The answer is simple, and it lies in a technology that has been around since the early 90’s and continues to evolve today. While there are many variations it is all fundamentally offshoots of remote desktop. Citrix, VDI, RDS, DaaS, are some of the current names with each product designed for different use cases and business needs.

Years ago, remote access was traditionally a very easy solve. Working from home was not a popular use case as it is today due to available consumer bandwidth options. Most commonly, users were granted access to corporate resources such as files and email via VPN (virtual private networking). More security-focused organizations provided employees with a corporate machine to access the VPN. However, this solution always had a fundamental flaw, those endpoints albeit secured with your corporate AV, were still living outside the perimeter of the network, and would then connect with full access to the network.

As the security landscape evolved to combat emerging threats from all angles, which specifically included remote workers; Solutions were born that allowed remote access to the corporate network without network level access. This meant that users could access all corporate resources but never actually be physically connected to the network. Additional controls put in place by an organization could further lock down and secure that access. While the organizations that still relied only on VPN access to the office, at the start of the quarantine were struggling to get laptops, configure VPN access points and buy additional licensing. Those that had already put in place a robust solution like Citrix, RDS, VDI or DaaS simply ensured that their end users knew how to access it. What makes this so much easier you ask? Well, it is because technologies like Citrix and RDS use the concept of shared application access. Take for example your accounting department who needs to run Great Plains while working remotely. Instead of loading Great Plains on each of those end users’ laptops, you would install it on the Citrix or RDS server and once any member of that accounting team logs in they would be able to access Great Plains as if they were sitting in their seats at the office. This also means that when it is time to upgrade the software, as the admin you simply perform the update once on the server, instead of multiple times for each remote employee. In the last 5-10 years this technology has evolved even more with the mainstream introduction of VDI (virtual desktop infrastructure). This concept took the idea of a windows machine and made it available as a virtual machine. This allowed admins the flexibility to deploy and scale machines on demand based on end user need. It allowed for controlled updates to the machines and operating system. Users can either use a pool of dedicated virtual desktops. If situations required it, they had the option of giving users their own dedicated desktops. Now imagine your users who already work in their VDI’s in the office are now asked to go into full remote work mode. Those same users simply go home and log into their VDI and it is like they were sitting at the office. In all these solutions there is a front-end server or appliance that handles load balancing of your connections as well as user authentication. Behind that is either your server farm that hosts the applications or a pool of desktops, making the solution highly resilient and redundant.

Solving the challenges of remote work environments are proving beneficial in other business operations. If added to your BCP/DR plan they ensure business continuity by allowing your operations to continue regardless of what happens in the office. Many of the VPN-only organizations currently allow their end users to VPN into the office and then use Microsoft RDP to access their office computers. In a perfect world this works, but it does not account for loss of power or catastrophic events that affect the office. It also does not account for simple things like computers that are simply powered off and cannot be accessed.

If you are an organization that is serious about proving the best level of remote access while securing the enterprise, Thrive is here to help. CONTACT US TODAY!

Cloud First with COVID-19 – The right business strategy

Like many of you, I have had some time in recent weeks to reflect on my role and how we as a NextGen managed services and security provider are helping during this pandemic. Much of my daily life before COVID-19 was convincing businesses that a cloud first strategy was the right choice, not only from a security and cost perspective, but primarily due to how the workforce has changed.

Before the pandemic, most of us relied on a platform that allowed us to work from any place at any time with flexibility during our busy lives on the go. Even with all the convenience provided by the cloud, most businesses that we spoke to still had a negative impression of moving “everything” to the cloud.

Here’s what they had to say:

  • The cloud is too expensive.
  • I have better security at my office.
  • I cannot run 100 % of my applications.
  • I don’t trust the cloud.
  • I can get another few years out of my server that lives in the closet down the hall.

In August of 2019, we convinced a client of ours to move the cloud. We advised them to take a leap and move everything to a modern cloud platform that would support their goals of a cloud first strategy and a true mobile workforce. A few benefits that they were looking to gain were:

  • Better and more turnkey remote access, no clunky VPN’s
  • Higher security
  • Operate more efficiently
  • The ability to scale quickly
  • Access to 100 % of the firm’s data. (files, folders, network drives, and all applications)

They decided to move their entire organization to the cloud and by November of 2019 this firm was up and running.  I spoke with our client last week (April 2020) and he mentioned something to me that I had to share.

“Thrive and the NextGen cloud platform might be one of the single best decisions that we ever made as a firm!  100 % of our firm is now able to work in the cloud from anywhere. Had it not been for this move during this COVID-19 pandemic, we simply would not have been able to work in this manner. Our firm would be in a much different place.” ~ Michael Cohen, Managing Director – Glass Jacobson

Stories like these not only point out how a good cloud first strategy helps our client’s business during normal times, but really shines during times like these.  As a NextGen MSP and MSSP, I know that we have armed our clients with a robust cloud computing platform that is helping their business every day and enabling them to keep their virtual doors open and employees productive from anywhere.

For more information on Thrive’s Cloud Solutions, CONTACT US TODAY!

SEC Sweep Exam Priorities – Business Continuity

Watch the Full Webinar Presentation!

 

Marc Capobianco, EVP of FinTech at Thrive, John Stiles, Founder & CEO of C/Bridge Strategic Advisors and Michael Dale, CFO at Eastward Capital Partners discuss how financial firms need to review and update their business continuity plans to comply with regulators expectations.

Discussion Topics:  

  • Does the firm have policies, procedures, guidance or other information tailored to address the continuity of business operations during a pandemic?
  • Has your firm activated its BCP in response to COVID-19?
  • Does your firm’s BCP address the resiliency practices of third-party vendors, service providers and partners?
  • How has your firm addressed cybersecurity policies and procedures regarding employee remote access?
  • Does your firm have any specific limitations in its ability to operate critical systems and operations during the pandemic?

Fill out the form to get instant access to our on-demand webinar.

Trusted Advisors – Beyond Service Understanding and into Deal Positioning

As 2019 ended and 2020 began, the nationwide Channel continued its tremendous growth. Partners are more established than ever in their roles as trusted advisors and are increasingly adept at uncovering cyber security, Cloud, and a variety of other Managed IT opportunities.  A greater overall focus on partner education has been a key contributor to this success with Master Agencies at the forefront — coming up with increasingly engaging and effective ways to prepare partners to win deals. However, as a supplier, it is important to note that the education cannot end there.

While partners receive enhanced educational benefits from an industry and general service perspective, one thing I have noticed is the push for suppliers to not only educate partners on their assorted services and products, but to go a step beyond. Yes, understanding the product suite is vital, but the true value is in understanding HOW to sell these services to your existing account base once you learn them. This is not a one size fits all approach and must be addressed uniquely. Thrive is making a push to provide more education to our partners beyond what we offer and how we differentiate in the marketplace. We aim to dive deeper into how to take this knowledge and position it through the right line of conversation with the goal being to find direct opportunity alignment.

A big piece of this additional education is helping our partners identify key market trends and build business cases around them, specifically as they relate to Thrive and our strengths. For example, organizations with a new IT Director or C-Level executive have proven to be the perfect candidates for a Network Health Assessment; a commissionable engagement run by our consulting team that helps businesses drive value by understanding where they need to invest from an IT perspective. In a broader example, we have seen more and more first time SIEM adopters. With our partners asking the right questions, a need was identified for smaller SIEM/SOC deals with under 100 devices that had previously not been a focus of ours. Partners now know to leverage Thrive on these opportunities as we have a strong SIEM offering.

While this is already about a paragraph too long, I think it’s important to emphasize the main takeaway here. Partners are becoming more educated and bringing better opportunities to the table. There needs to be a push to go beyond the ABCs of our services as suppliers and continue to build the deal positioning aspect.  This requires a tailored approach that focuses directly on what we do best and helping partners leverage that.

We don’t expect to be picked for every given opportunity, but want to make sure that when we are, everyone wins.

For more information on Thrive’s Channel Program, CONTACT US TODAY!

Thrive Partner Testimonial – Blue Front Technology Group

This video features Thrive’s Channel Partner — Dan Passacantilli, Founder of Blue Front Technology Group. Blue Front Technology Group has been a channel partner of Thrive’s for 15 years.

Agents and Technology Consultants partner with Thrive to leverage our technical expertise coupled with our NextGen managed services. Thrive is considered a trusted advisor that partners rely on to offer their clients NextGen Technology Services.

For more information on how to partner with Thrive, CONTACT US today.

The Single Cause Behind Most Vulnerabilities and How to Solve It

Having been involved in hundreds of vulnerability assessments I can confidently say that most issues have a single underlying source.  The discovered vulnerability could be an increased risk of ransomware exposure, buffer overflows, elevation of privileges, denial of service, weak encryption, etc.  Regardless of the diversity of the vulnerabilities, there is commonly a single deficiency within the organization that led to the risk.  It is a crucial component of any solid cyber security framework, yet it remains one of the least appreciated and maintained areas of Information Technology.  By now, you may have guessed, that I’m referring to patch management.

Inevitably, a vulnerability assessment will overturn workstations, servers, switches, firewalls, routers, wireless access points, hypervisors and countless other devices which all need to be patched. Consequently, the IT department is consumed with months of maintenance windows to get everything updated.  After many late nights, every piece of infrastructure is finally fully patched.  The IT department can finally get a good night’s sleep!  Unfortunately, it won’t last long because while all of those patches were getting installed more vulnerabilities were discovered which will require more patching.  This is the never-ending struggle of patch management.

It’s true that most IT departments have a pretty good handle on patching workstations and servers by leveraging automated patching solutions.  However, that addresses only a small piece of the typical IT infrastructure.  What’s a sleep deprived IT department to do to keep up with the tidal wave of patches? It’s simple, embrace Thrive’s NextGen services.

  • Offload all server and hypervisor patching responsibility by transferring workloads to one of Thrive’s many cloud solutions.
  • Deploy ThriveCloud managed firewalls, switches and wireless access points to allow for automated patch and firmware deployments during scheduled maintenance windows.
  • Leverage Thrive’s 3rd party patching solution to update often overlooked and highly vulnerable software like Java, Acrobat and Zoom.

For more information on Thrive’s NextGen managed services, CONTACT US TODAY!

Remote IT & Security. Is your business and corporate data at risk?

Overnight, the COVID-19 pandemic has permanently changed our approach to remote IT and security. We went from offices full of collaboration and activity to at home offices now exposing businesses and corporate data to increased risk.  At Thrive, we hold a daily management meeting to review and discuss the implications of a remote workforce during this experience. Many organizations are following a similar protocol as well, and although it has taken some getting used to, it has shined a light on how well we are able to collaborate remotely.

Our president, Marc Pantoni, mentioned the other day on one of these calls that the focus at the beginning of the Work From Home period was stability but as it matures, many organizations will start to focus on risk management as they were during prior to this unplanned event.

Over the years, we’ve seen disaster recovery tests become quite commonplace but now we’ll start to see pandemic tests or WFH tests become much more prevalent.  This isn’t fear mongering, it’s prudent risk management.  I surmise that like many of you, my work from home plan was my laptop sitting on a home office desk or perhaps a kitchen table.  My home office did not have all the trappings of my branch office. Over the last couple of weeks, I’ve gotten quite efficient at WFH and for many end users that environment is here to stay even once we all return to the office semi-full time.

Securing that location will now become a higher priority.  For many senior leaders and high-tech workers, we will look to high value yet low effort solutions to protect the household.  For years network security companies have added a feature to their devices that is not very widely used that can provide “clean” network connections.  This function, usually called transparent mode, introduces unified threat management appliances into home networks without changing the overall topology of the environment.  This means that we can add intrusion prevention and malware protection at the network level without the needing to swap out the consumer wifi solutions, which are very popular.  Fact is, having malware on a home network is as big of a problem as it is on an office network regardless of where it resides.

To understand this concept a little easier, here’s a simple network diagram:

Home Network

These solutions are extremely straightforward to setup and maintain as opposed to creating a branch office inside a home office.  It allows for added protection of all devices on the network without the headache of redesigning the entire home network.

If you have questions or concerns about remote IT and security, Thrive is here to help. CONTACT US TODAY!