Menu
On February 9, 2022 the SEC proposed new cybersecurity rules for Investment Advisers and Funds, and just last week an article in Ignites suggested that the SEC is on the cusp of finalizing the rule – perhaps sooner than anticipated. According to Ignites, legal experts and compliance consultants predict that the recent approval of a cybersecurity rule for publicly traded companies could accelerate the timeline for the investment advisor rule, potentially resulting in its adoption before the expected fall timeframe.
Following are key highlights from the article:
The upcoming cybersecurity rule signifies the SEC’s commitment to fortifying cybersecurity measures within the investment advisory sector, and we think their proactive stance aligns with the increasing importance of cybersecurity readiness in today’s digital landscape. We support the intent of this proposal and agree that the custodians of wealth – and those who service them – have a responsibility to ensure that wealth is both sustainable and future-ready.
Operational risk must be viewed from a systemic and preventative point of view, and if organizations are going to outpace cybercriminals, they must consider legacy technology’s limitations when it comes to upgrading, patching and maintenance. Systems that are decades old and pre-date the cloud revolution are unlikely to protect investors and maintain orderly markets because they cannot be updated easily or cost-effectively to adequately meet today’s requirements. Embracing cloud capabilities is crucial to manage risks effectively and unlock evolving benefits. And yet, there are still some legacy thinkers that believe on-premises technology offers more control and safety.
So, let’s debunk that myth…
Cloud Transition Defined: The cloud shift involves porting software to new cloud data centers or building cloud-native applications on platforms like Azure or AWS. These cloud environments boast inherent advantages including redundancy, data replication, and fortified access controls, fostering enhanced asset protection.
Security as a Tandem Effort: The security underpinning a cloud-native approach comprises two fundamental aspects: safeguarding the underlying cloud infrastructure and ensuring the security of the application itself. Public providers such as Microsoft, Amazon, and Google diligently invest in cybersecurity R&D, employing experts and cutting-edge methods to uphold robust cloud security.
Infrastructure and Application Security: Cloud providers’ dedication to securing their services is a Herculean task to replicate in-house. For application security, cloud-native SaaS applications have demonstrated enhanced security. Their design, development, and automated patching mechanisms equip them to stay ahead of threats, compared to legacy technology on the cloud.
Vendor Evaluation: Opting for a cloud-native approach aligns security interests with the capabilities of cloud providers. While complexity might increase, the cloud bestows a dual defense mechanism—infrastructure and application levels. A multi-cloud strategy further enhances security by isolating instances on distinct public clouds.
Balanced Migration Approach: Organizations can initiate their cloud journey by complementing existing systems with cloud-based services, reaping immediate benefits like redundancy and scalability. However, overlaying cloud services on legacy technology may perpetuate vulnerabilities. A proactive cloud migration strategy empowers businesses to seize competitive advantages promptly.
Evolving with the Cloud: Transitioning to the cloud requires discernment, understanding that security lies in collaboration between organizations and cloud providers. The cloud empowers organizations with advanced safeguards and offers a proactive stance against cyber threats in an ever-evolving landscape.
As fund managers and their service providers continue to adapt to their growing risk oversight responsibilities, they should be rigorously assessing their providers’ cybersecurity capabilities as well as their own capabilities. Key questions include:
FundGuard is a cross-enterprise, all-in-one investment accounting solution for IBOR, ABOR and NAV contingency. FundGuard’s fully digital, AI-powered, cloud-native operating model supports global asset managers, asset owners, custodian banks and fund administrators in the management of their investment and accounting books and aligns well with firms looking to replace out-of-date systems processing in monolithic cycles.
Unburdened by the challenges of decades old legacy systems, FundGuard is transforming investment operations and existentially changing asset servicing, with a mission to help the world more safely and efficiently accumulate and grow assets.
Contact us when you’re ready to join the transformation.
About the Author
100 Bishopsgate
18th Floor
London, EC2N 4AG, United Kingdom
Sign up for FundGuard Insights
Your use of information on this site is subject to the terms of our Legal Notice.
Please read our Privacy Policy.