Operating an asset management business remains a resource-intensive endeavor, particularly as fund fees have come under pressure from investors. See “Investor Pressure Drives New Performance Compensation Models and Increased Disclosure Obligations for Managers
” (Jun. 29, 2017). Some managers have sought to reduce their operational costs by moving at least some of their technological infrastructure – e.g.
, data storage, trade execution, accounting systems, client-relationship-management systems and disaster recovery services – to the cloud. While hosting these services in the cloud offers cost-effective and convenient technology solutions, fund managers must be cognizant of the potential cybersecurity risks associated with relying upon a cloud solution, including the legal risks that may be lurking in the standard service level agreements with cloud service providers. Considerations of potential risks and liabilities associated with engaging a cloud service provider, along with tips on how to conduct due diligence on a cloud vendor, were addressed at PLI’s Eighteenth Annual Institute on Privacy and Data Security Law. The panel featured Matthew Kelly, vice president and senior corporate counsel at cloud computing company ServiceNow, Inc. This article offers Kelly’s insights as to what an investment manager should and should not expect from cloud service providers, along with key provisions to understand in their service level agreements. For background on how private fund managers are using cloud computing, see “Can Emerging Hedge Fund Managers Use Technology to Satisfy Business Continuity Requirements and Mitigate Third-Party Risk?
” (Sep. 3, 2016); and “Greenwich Associates Report Argues That Hedge Fund Managers Can Use the Cloud to Obtain Greater Computing Power at Lower Cost With Acceptable Risk
” (Jun. 6, 2014).