The Challenge
Registered investment advisors (RIAs) can’t just rent an office and start taking customers. They also have to comply with a variety of stringent US Securities and Exchange Commission (SEC) regulations that protect investors’ money and personal information. As this group of experienced advisors planned to launch their new San Francisco based firm, they needed an IT services partner that could not only support all their business needs, but ensure their complete compliance with all relevant regulations from their first day of operations.
The Solution
Xantrion implemented an IT infrastructure based primarily on the Microsoft Cloud platform. This allows the RIA firm to leverage the familiar tools and rich functionality of Microsoft’s office management suite. It also simplifies connectivity and configuration issues among the firm’s three locations in San Francisco, Honolulu, and Washington, DC. Most importantly, the IT infrastructure seamlessly supports business operations while remaining secure and compliant at all times.
Xantrion secures the firm’s IT environment with Microsoft’s Enterprise Mobility and Security suite, including multifactor authentication, mobile device management, and identity management for single sign-on. It also blocks suspicious emails before they reach user inboxes using the advanced email link, attachment filtering and spoof detection in Microsoft Office 365 Advanced Threat Protection. Microsoft Office 365 SecureScore allows Xantrion to continuously monitor the configuration of Microsoft Office 365 services and make adjustments to improve the security of those services and the data they contain.
Xantrion also uses advanced security technology that is part of Microsoft Azure, such as Log Analytics to collect security logs and events from across the financial services firm and retain them in a single centralized location. This not only simplifies audits and meets retention regulations, but provides data for Azure Security Center, which drives Xantrion’s analytics and alerting around network anomalies, suspicious events, and configuration status.
Last but not least, Xantrion is using Microsoft Advanced Threat Analytics to monitor the firm’s IT environment and develop a baseline of normal user behavior. This makes it easier to spot suspicious activities that might indicate a cybersecurity breach, like a user logging in from an unrecognized computer or an account accessing files it doesn’t normally require.
In addition to implementing state-of-the-art technology to ensure the firm remains secure and compliant, Xantrion:
- Assesses the cybersecurity practices of critical vendors
- Provides ongoing cybersecurity awareness training
- Performs regular vulnerability and sensitive data scans as well as issue remediation
- Provides audit support
- Updates the firm’s cybersecurity policy as well as risk management and DR plans each year
- Records annual cybersecurity meeting minutes to prove management due diligence
The Outcome
Xantrion spun up the financial services firm’s cloud-based IT infrastructure virtually overnight, enabling it to start working with clients on its first day in business. With Xantrion managing every aspect of its IT operations, the firm has been able to grow to 30 people in less than a year without needing an in-house IT staff to onboard new employees, field help desk calls, or manage on-site hardware.
The combination of Xantrion’s Certified Support and Managed Security services provides ongoing support that ensures the firm remains secure and compliant. For example, Xantrion recently helped the firm identify excessive personally identifiable information (PII) on its network and helped to consolidate and protect it. In addition, Xantrion supported the firm in its most recent mock SEC audit performed by an outside auditing firm.
“We chose Xantrion as our IT partner because of their significant presence in the RIA industry and the Bay Area. We also liked their client recommendations and security and compliance offering,” says the financial services firm SVP and Chief Legal Officer.