The Challenge
With 180 clients and $800 million under management, this San Francisco Bay Area investment management firm was acutely aware that hackers would consider it an appealing target. The COO, who is also the Chief Compliance Officer, became concerned about business and security risks—and about how long it was taking the firm’s IT outsourcing provider to respond to those concerns, even as the number of attempted attacks on employees and even clients ticked upwards. The COO began looking for a new IT provider that combined security knowhow and familiarity with a complex and fast-changing regulatory environment.
The Solution
The firm contacted Xantrion after hearing positive reviews of Xantrion services from other local financial advisors. “Their depth of technical knowledge was super-apparent,” says the COO. “What’s more, their willingness to sit with us in the event of an SEC audit and the breadth of their offerings showed that they understood both the regulations and the risks of the environment that we work in.”
Today, Xantrion manages the firm’s security and compliance processes as well as its IT infrastructure, fine-tuning and continuously monitoring its systems for the optimal balance of performance and security. In addition, Xantrion provides regular security analysis and end user cybersecurity trainings to spot vulnerabilities and prove that the firm is meeting regulatory requirements. The only systems the firm still manages in-house are its password management and cloud-based file sharing, which both passed Xantrion’s rigorous compliance and security testing.
“Any time I receive an alert that Xantrion has changed something in our configuration, I look up the details and discover that it’s a response to some new security risk that was just announced,” the COO says. ” I don’t have to monitor the news and push them to plug security holes, and that’s taken a weight off my shoulders.”
The Outcome
With Xantrion overseeing virtually all of its IT environment, the investment management firm can now prove to its clients who are concerned about cybersecurity that it’s doing all the right things to protect their sensitive data and access to their assets. The same documentation also helps the firm prove compliance with all relevant regulatory requirements, freeing the COO from manually reporting on security gaps.
The firm continues to meet regularly with Xantrion’s engineers to discuss new initiatives and review potential infrastructure improvements, ensuring that its systems remain secure and easy to use. And when employees do have issues or questions, the COO simply directs them to Xantrion’s help desk.
“I have a high degree of confidence that Xantrion is doing all the right things better than I could,” the COO concludes. “They’ve improved our IT environment more in 6 months than our previous vendors did in the prior 3 or 4 years.”