Skip to main content

For years now, there’s been an informal agreement between hedge fund analysts and those responsible for the fund’s IT operations. For those in IT, it goes a little like this:

“You know they’re all doing it.
They know you know they’re doing it.
They know they shouldn’t be doing it.
Everyone silently agrees to leave it well alone.”

While it may sound a lot like your mom’s reaction to your heady college days, we’re actually talking consumer-led technology.

It’s common knowledge that non-compliant, sometimes insecure and often non-authorized consumer apps are still rife in hedge funds. Everyone knows that the likes of Evernote, Dropbox, Google apps and their ilk – are being used by research analysts at funds of all sizes, whether IT likes (or knows) it or not.

Whether instead of a formalized, traditional research management system, or in some cases in spite of one, research analysts have long sought out the technology that gives them the freedom they need to get stuff done. You know the type – fast, accessible, mobile, easy-to-use.

Enter the analyst’s go-to BYO work around: grab a credit card, head to the app store and cobble together a personal productivity environment that combines the consumer tools you fancy ‘off the shelf’ with your fund’s IT in order to suit your workflow and mobile needs.

Whether this is by stealth or not, such an informal approach to managing research data could be putting your fund at risk. There are plenty of reasons consumer technology can be good for business productivity. But there are an increasing number of reasons why it’s not all that good for hedge funds.

Here are just four consumer app alarm bells that regulators could ring in their cybersecurity risk assessments:

  1. The inability to segment data from public cloud users.
  2. The high levels of patches and vulnerabilities.
  3. The relative ease at which data can be transferred outside the fund – intentionally or otherwise.
  4. The lack of demonstrable control and monitoring over governance, access rights and data leakage prevention.