We provide our customers with a unique blend of operational agility with paramount information security, combining the best attributes of public and private cloud computing

Managed Security – Overview

Options has been delivering financial technology as a service for over 20 years. No one understands the needs of the hedge fund industry better, and this is especially true when it comes to security. The complex nature of cybersecurity in 2015 demands that any managed platform or IT infrastructure solution must have best practice cybersecurity building blocks at its core. Not just that but the platform must also combine operational agility with absolute information security – the SOC-accredited Options platform does exactly that.

We focus on building security and transparency into our processes and procedures. Options has been leading the market in this regard for many years, we were among the first service provider of our kind to be SOC accredited (since it was first introduced in 2011) and we’ve made our cybersecurity policies and best practice recommendations open and available for download online. We have been making a substantial investment in the leading security related technologies for years now and will continue to do so.


Key Facts:

• Enterprise-grade infrastructure providing a resilient, secure and compliant platform that is SOC-accredited with best-in-class information security for clients.

• SSAE 16 SOC 1 & 2 and ISAE 3402 accreditations for both managed services and data centers.

• Platform blends operational agility with best practice cybersecurity building blocks:

– Multi-layered network with segregated network tiers and physical hardware isolation.

– Two-factor user authentication, extensive admin credential encryption and strict firewall and network access list-controls.

– Robust network intrusion detection and protection measures.

• Continued investment in web-filtering appliances, Active Directory, AD auditing, Window file systems auditing and BYOD management.

• Dedicated cybersecurity team that manages an extensive security program, including:

– Twice-weekly security team meetings.

– Quarterly penetration tests carried out by an accredited third party.

– Quarterly server patching for both servers providing platform services and clients.

– Weekly PC reboots, host and network vulnerability scans, ongoing reviews of new and emerging cyber threats and continuous assessment of each client’s security posture.

 


Industry Leading Cloud Accreditations

Industry Leading Cloud Accreditations (SSAE 16 SOC 1 and 2)

As a testament to the maturity of our security architecture, Options boasts multiple industry accreditations, including:

• SSAE 16 SOC 1/2 and ISAE 3402 for our managed services, not merely our data centres (an absolutely critical distinction).
• ISO 27001, which demonstrates a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information.

Prologue

 Security Architecture & Infrastructure

Options understand that the data security and integrity concerns of capital markets institutions are as acute as any sector in the economy. Accordingly, we’ve built and matured the security fabric protecting digital assets into the Options platform over the past 10 years to address those unique challenges. Options has invested significantly in our infrastructure in order to meet the increasing security demands service providers are facing in this space. All of the components touched on above are key building blocks that form our security offering to clients. We’ve built and matured the Options global private network over the past 10 years, enabling best-in-class information security for our clients. While other vendors in the space continue to use VPNs, customers leveraging the Options platform can harness a fully resilient and secure global platform with high bandwidth and low latency.

We provide our customers with a unique blend of operational agility with paramount information security by combining the best attributes of public and private cloud computing to deliver a solution which offers:

• Physical hardware isolation as a standard implementation pattern.
• Extensive administration credential encryption and control.
• Robust network intrusion detection and protection measures.
• Multilayered network and security change request controls.
• Private network access control.

In the last 12 months alone we have invested in a number of security and compliance products to enhance our security offering including Active Directory auditing, Windows file system auditing, BYOD management, and a web filtering platform refresh, to name but a few. All of these additions come at no extra cost – they are bundled within the service charge.