I recently attended the inaugural Family Office Fintech Summit, a conference presented by Family Wealth Report devoted wholly to the technology challenges facing family offices and wealth managers. A dominant theme throughout the panel discussions was cybersecurity, a concept that – based on the discourse during these panels – still has not achieved a concrete definition within this industry. Family offices are notoriously late technology adopters, an issue which has been discussed in prior articles, and the “laggard/late majority” perspective of this industry was consistent with the commentary of the conference.
The panel Improving the Client Experience through Operational Efficiency Gains raised the topic of determining whether Cloud hosting or on-premise hosting represents the most secure option for investment management software. I was genuinely surprised that panel’s consensus was that on-premise hosting was the preferred deployment method.
Cloud hosting provides a diverse variety of benefits for alternative investment firms. The cost of an on-premise platform far exceeds Cloud hosting. On premise hosting requires massive capital expenditure, such as hardware, rack space, and a significant increase in power usage. Installation also entails a long-term reliance on consultants and contractors in order to maintain the viability of the system.
On-premise hosting limits users’ data access to their main working site, which is detrimental to productivity on the road and operational continuity. Cloud hosting empowers users to share and update data on demand from any location, ensuring that users across the firm have optimal context for meetings, portfolio analysis, and investment decisions.
Alternative investment firms may be willing to forego those benefits for the sake of controlling their own security through dedicated hires and physical constructs, but Cloud hosting vendors typically provide more comprehensive security than an on-premise hosting setup when you consider the limitations of personnel and budget. Cloud software providers in the alternative investment space take on responsibility for all disaster recovery and business continuity. If the Cloud vendor’s server goes down for any reason, backup servers with the same data go live almost immediately to guarantee productivity loss is minimized. When using an on-premise setup, if the server fails, there is no recourse and users must wait for the problem to be resolved by the appointed contact amidst their other responsibilities.
Beyond platform failure, the top concern for alternative investment firms with their asset management software is the threat of being breached. This threat is best addressed by an organization that has the information security posture and personnel to actively monitor network and application usage – a Cloud-based provider employs a dedicated team and tool kit to do so. Cloud software providers are accountable for the security of their products, regularly participating in Service Organization Control (SOC) Type I and II audits to ensure that security procedures align with best practices in technical compliance. Cloud-based investment management software providers also regularly perform in-house and third-party penetration tests, in order to test the limits of the existing security measures and identify optimization opportunities. Carrying out these same-measures with an on-premise deployment would again require hiring expensive consultants, and there is no guarantee any implemented security can adjust to new threats. Cloud providers have the advantage of diluting information security costs across all clients, which enables providers to provide broader and better services.
General and limited partnerships seeking a secure solution for contact and portfolio data should engage in an in-depth dialogue with Cloud-based providers to identify the security measures that satisfy their needs. Many Cloud vendors offer flexible options that include the capability to encrypt data at rest and enact IP address restrictions. Cloud security is far more adaptable than on-premise software at a fraction of the cost.
Cybersecurity is a complex topic, and misinformation is still being treated as gospel in many facets of the alternative investment industry. Firms should apply the thorough due diligence to the technology selection process, and identify the steps needed to ensure their security and operations are poised to seamlessly adapt to evolving technology challenges.