DISPELLING THE MYTHS OF CYBER-SECURITY
S P O N S O R E D F E AT U R E FOCUS ON DISPELLING THE MYTHS OF CYBER-SECURITY Grigoriy Milis, chief technology officer at RFA (Richard Fleischman & Associates), explains the misconceptions with cloud technology and why most cyber risks can be efficiently mitigated As CTO, Grigoriy Milis is an IT veteran with more than 15 years of experience working in the financial industry. He is responsible for managing all aspects of infrastructure design and leads the R&D team in the evaluation and testing of new technologies. Milis also manages the systems architecture team that handles highlevel escalations from all technical departments. HFMWeek (HFM): Cloud technology has received a lot of press coverage in the last year. Have any misconceptions about its security developed from this, and is cloud technology more or less vulnerable than more traditional IT storage systems? Grigoriy Milis (GM): The main misconception around cloud security is that it does not exist, and that it is impossible to secure the cloud. In actuality, the cloud is not any more vulnerable to cyber-security threats than traditional IT systems located on premises. When it comes to security, the issue is not about comparing cloud environments to traditional IT environments, but rather about the methods utilised to protect either environment. In addition, not all clouds are created equally. In a public cloud environment, all data are typically accessed by a shared application environment. This model requires shared security, which requires a shared security context. This model presents or creates more possibilities for cyber breaches when a breach suffered by one client might compromise the rest of the clients. In comparison, in a more secure cloud environment, clients are completely isolated from each other, and while they do sometimes share underlying platform hardware, all applications and hardware are completely isolated and have no connection points whatsoever. HFM: How far has cyber-security developed in the last year? Has it kept up with the pace of evolving attack strategies? GM: Cyber-attack methods have continued to evolve drastically, and hedge funds and other investment management firms are struggling to keep pace and stay adequately protected. As a result of ever evolving attack strategies, it is vital for firms to employ a variety of security tools to ensure that their data stays protected, including encryption, multi-factor authentication, intrusion detection and outsourced security consulting services. In order to keep up with the attack strategies, many security vendors are developing next generation security solutions that will become the front line of defence. HFM: They say human error is the biggest cause of successful cyber-attacks. Is this true and can this risk be mitigated? GM: Human error and negligence are a large part of successful cyber-attacks, and while it is impossible to 3 0 A P R – 6 M AY 2 0 1 5 completely eradicate this type of risk, it can certainly be mitigated. Firms should take time to implement policies, procedures, and frequent employee training sessions related to cyber-security to ensure that attacks caused by internal negligence are minimised. Trainings and policies should be focused on educating employees on security best practices, threat response plans and the various types of security threats to improve awareness. Many of the advanced attack strategies that plague financial firms today can be extremely difficult to detect and often come in the form of an innocuous looking email or phone call. HFM: What does the RFA cloud offer? GM: The RFA Cloud Platform is a complete Infrastructure-as-a-Solution (IaaS) offering that enables firms of all sizes to move applications and data from on-site servers to the hosted model. RFA develops customised cloud solutions that are aligned with specific firm needs and specifications. All clients are designated a separate, private piece of RFA designed infrastructure in which all data resides. In addition to providing on-demand hosted infrastructure for firms that require agility, security and reliability and the daily demands of file hosting and data storage, the RFA Cloud Platform also includes a production environment supported by leading-edge hardware and software, real time DR replication to secondary data centres, intrusion detection services and nightly data backups. HFM: What security protocol does it have in place? GM: The RFA Cloud is supported 24/7/365 by dedicated staff in private, SOC 1/2 SAS70/SSAE16 Type II audited data centres to ensure maximum reliability and regulatory compliance. Additionally, all data centres adhere to SEC/FINRA/FCA standards and retain strict AS A RESULT OF EVER EVOLVING ATTACK STRATEGIES, IT IS VITAL FOR FIRMS TO EMPLOY A VARIETY OF SECURITY TOOLS TO ENSURE THAT THEIR DATA STAYS PROTECTED ” perimeter protection and internal protocols, including a proprietary password and access management system. As part of the RFA Cloud offering, clients receive a range of comprehensive security protections, including managed backup, intrusion detection, master data management (MDM), web filtering, next-generation firewalls and data encryption services. HFM: How is RFA looking to stay ahead of the game in cloud security in the coming years? GM: RFA invests substantial effort in working with the most advanced emerging security vendors in order to shape and improve product development. Additionally, RFA continues to partner with the largest and established security vendors in order to leverage their vast expertise and product portfolio for clients. n H F M W E E K . CO M 33
© Copyright 2024