S P O N S O R E D F E AT U R E
FOCUS ON
DISPELLING THE
MYTHS OF
CYBER-SECURITY
Grigoriy Milis, chief technology officer at RFA (Richard Fleischman &
Associates), explains the misconceptions with cloud technology and
why most cyber risks can be efficiently mitigated
As CTO, Grigoriy
Milis is an IT veteran
with more than 15 years
of experience working in
the financial industry. He is
responsible for managing
all aspects of infrastructure
design and leads the R&D
team in the evaluation and
testing of new technologies. Milis also manages
the systems architecture
team that handles highlevel escalations from all
technical departments.
HFMWeek (HFM): Cloud technology has received a
lot of press coverage in the last year. Have any misconceptions about its security developed from this,
and is cloud technology more or less vulnerable than
more traditional IT storage systems?
Grigoriy Milis (GM): The main misconception around
cloud security is that it does not exist, and that it is impossible to secure the cloud. In actuality, the cloud is not
any more vulnerable to cyber-security threats than traditional IT systems located on premises. When it comes to
security, the issue is not about comparing cloud environments to traditional IT environments, but rather about
the methods utilised to protect either environment. In
addition, not all clouds are created equally. In a public
cloud environment, all data are typically accessed by a
shared application environment. This model requires
shared security, which requires a shared security context.
This model presents or creates more possibilities for cyber breaches when a breach suffered by one client might
compromise the rest of the clients. In comparison, in a
more secure cloud environment, clients are completely
isolated from each other, and while they do sometimes
share underlying platform hardware, all applications and
hardware are completely isolated and have no connection points whatsoever.
HFM: How far has cyber-security developed in the
last year? Has it kept up with the pace of evolving attack strategies?
GM: Cyber-attack methods have continued to evolve
drastically, and hedge funds and other investment
management firms are struggling to keep pace and stay
adequately protected. As a result of ever evolving attack strategies, it is vital for firms to employ a variety of
security tools to ensure that their data stays protected,
including encryption, multi-factor authentication, intrusion detection and outsourced security consulting services. In order to keep up with the attack strategies, many
security vendors are developing next generation security
solutions that will become the front line of defence.
HFM: They say human error is the biggest cause of
successful cyber-attacks. Is this true and can this risk
be mitigated?
GM: Human error and negligence are a large part of
successful cyber-attacks, and while it is impossible to
3 0 A P R – 6 M AY 2 0 1 5
completely eradicate this type of risk, it can certainly be
mitigated. Firms should take time to implement policies,
procedures, and frequent employee training sessions related to cyber-security to ensure that attacks caused by
internal negligence are minimised. Trainings and policies should be focused on educating employees on security best practices, threat response plans and the various
types of security threats to improve awareness. Many of
the advanced attack strategies that plague financial firms
today can be extremely difficult to detect and often come
in the form of an innocuous looking email or phone call.
HFM: What does the RFA cloud offer?
GM: The RFA Cloud Platform is a complete Infrastructure-as-a-Solution (IaaS) offering that enables firms
of all sizes to move applications and data from on-site
servers to the hosted model. RFA develops customised
cloud solutions that are aligned with specific firm needs
and specifications. All clients are designated a separate,
private piece of RFA designed infrastructure in which
all data resides. In addition to providing on-demand
hosted infrastructure for firms that require agility, security and reliability and the daily demands of file hosting
and data storage, the RFA Cloud Platform also includes
a production environment supported by leading-edge
hardware and software, real time DR replication to secondary data centres, intrusion detection services and
nightly data backups.
HFM: What security protocol does it have in place?
GM: The RFA Cloud is supported 24/7/365 by dedicated staff in private, SOC 1/2 SAS70/SSAE16 Type II
audited data centres to ensure maximum reliability and
regulatory compliance. Additionally, all data centres adhere to SEC/FINRA/FCA standards and retain strict
AS A RESULT OF EVER EVOLVING
ATTACK STRATEGIES, IT IS VITAL FOR
FIRMS TO EMPLOY A VARIETY OF
SECURITY TOOLS TO ENSURE THAT
THEIR DATA STAYS PROTECTED
”
perimeter protection and internal protocols, including
a proprietary password and access management system.
As part of the RFA Cloud offering, clients receive a range
of comprehensive security protections, including managed backup, intrusion detection, master data management (MDM), web filtering, next-generation firewalls
and data encryption services.
HFM: How is RFA looking to stay ahead of the game
in cloud security in the coming years?
GM: RFA invests substantial effort in working with the
most advanced emerging security vendors in order to
shape and improve product development. Additionally, RFA continues to partner with the largest and established security vendors in order to leverage their vast
expertise and product portfolio for clients. n
H F M W E E K . CO M 33