Gen II’s CTO on responding to the evolving cyber threat-scape

Where once the fund administrator, like many businesses, focused on threats to their physical locations, 'now we have hundreds of remote user end points to protect,' says the CTO of Gen II Fund Services.

In October, Gen II Luxembourg Services, a wholly-owned subsidiary of Gen II Fund Services, announced its information security management system had earned the ISO 27001 certification.

Protecting the increasing volume of data held by private equity firms has become a core exercise for Gen II, which has more than $600 billion of private capital under administration, and other prominent fund administrators.

Raj Gidvani

The ISO 27001 certification demonstrates that an organization meets the international standard for information security established jointly by the International Organization for Standardization and the International Electrotechnical Commission.

Having acquired the Luxembourg entity in 2020, the first thing Gen II did was to introduce all of the firm’s processes and practices, said Raj Gidvani, chief technology officer at Gen II.

“Information security is always a priority for us, so getting the ISO certification in Luxembourg was one of the first things we did,” Gidvani told Private Funds CFO. “Our private equity fund clients generally perform sophisticated due diligence on Gen II before they award us their business, and in their due diligence, they mostly cover the elements of cybersecurity, data protection processes and controls… most of which are elements of the ISO certification process. By having this certificate, it institutionalizes the information security diligence our clients perform, and they can validate us against the gold standard.”

Data security has become a central concern of CTOs and COOs as private funds groups continue to embrace the cloud and ingest (and share) larger volumes of data. This requires fund administrators to redouble their efforts to ensure good cyber hygiene is upheld at all times.

Gidvani confirmed that during the pandemic, Gen II expanded the reach of its capabilities beyond the physical location of the office. “Our employees no longer simply connect to our network via firewalls in our physical office locations, which we need to protect. Now we have hundreds of remote user end points to protect. We must therefore ensure the best practices we have in place, and the education we have in place, are robust.”

One of the reasons for COOs prioritizing data security is the increasing sophistication of cyberattacks. Gidvani noted that Gen II continues to see clever phishing attacks: “We’ve seen examples where people have registered domain names of companies we do business with, or cases where they’ve pretended to represent our own internal human resources to get access to information. To thwart these attacks, we’ve implemented some new technology tools to detect and respond proactively to prevent intrusions.”

He added that one of the key tenets of information security is to always remain vigilant and look for suspicious end point activities.

“We were always forward thinking to have embraced cloud-based technologies for server infrastructure to help with this,” Gidvani said. “We have also moved our staff end-user desktops into the cloud. This means all the data (and data systems) remain in the cloud where we can manage them centrally and apply end-point security tools.

“Our [chief information security officer] continues to stay informed on information security and uphold best practices. We are also partnering with a remote 24/7 real-time security network operator to monitor for any suspicious activity. We are confident this will help improve relationships between GPs and LPs and provide peace of mind, now that we have this ISO certification.”