The Concord Advisory Group | Case Study

The Concord Advisory Meets SEC Cybersecurity Requirements: Implements Diversified Technology Solutions

The Concord Advisory Group, Ltd., an investment consulting firm based in Princeton, NJ, was looking to enhance their IT infrastructure. Due to their status as a registered investment advisor, Concord must comply with the requirements set by the SEC, as well as protect their clients’ privacy and financial interests. Their technology decision-makers chose RED74 to guide them through several impactful upgrades to their information systems, leading to significant improvements in both security and productivity.

Concord Advisory

Location: Princeton, NJ

Industry: Finance

Uses RED74 for: Project management, system monitoring, security services, hosted Exchange, server support

The Challenge

While Concord maintained a good standards-based server and data network, email archiving requirements, and the cybersecurity initiative enacted by the SEC led to the need for Concord to upgrade and expand on the capabilities of their existing technology. Email messaging had to be retained for several years with the ability to archive data suitable for legal discovery purposes. Confidential data had to be stored at rest in an encrypted state. Over and above their compliance requirements, Concord wanted to keep their downtime as close to zero percent as possible, and be prepared for any possible interruptions in service to their clients, such as power outages, natural disasters, etc.

The Solution

Concord chose RED74’s consultation and project management teams to design and deliver multiple solutions over the course of several projects. The first improvement was to move to a US-based Hosted Exchange email solution with secure archiving. All historical archived email was ingested by the new archiving partner, leading to a fully discoverable and compliant email system. Sensitive confidential data housed on the local area network was protected with military-grade AES encryption and stored separately from non-sensitive data. The entire data on the network was allocated to new drives based on operating procedures with access managed via group policy with complex password requirements, screen locks, etc. to ensure security at each network endpoint. Web content filtering was applied to proactively prevent infection by malicious clickjacking or redirection, as well as to record any anomalous activity. To protect the network edge, an intrusion prevention system (IPS) was deployed to work in tandem with their firewall appliance.

Addressing Concord’s business continuity concerns, RED74 implemented a hybrid cloud disaster recovery system, whereby image backups are performed throughout the day, with a nightly backup to a secure cloud repository. In the event of a disaster, Concord’s server can be recovered nearly instantaneously, either locally through a network appliance, or directly in the cloud and accessed securely via VPN from anywhere there is internet access. Additionally, all servers operate in a virtual environment, enabling a much more robust recovery ability and reducing resource consumption.

The Results

1. Fully SEC-compliant email system with archiving suitable for legal discovery

2. Multi-layered security solution encompassing IPS, web filtering, and endpoint security

3. Encryption for sensitive data and policy-enforced protection for all employees

4. Hybrid cloud disaster recovery and virtualization to guarantee near-zero downtime

“Access to our clients via electronic communication is imperative. The hosted solutions RED74 implemented have facilitated better communications, particularly during a power outage.”

Lynn Barclay
Director of Business Management, The Concord Advisory Group, Ltd.

Ready to move your
business ahead?

Contact Us Form
Sending

Ready to move your business ahead?

Contact Us Form
Sending

Enter your email address
to be informed of data
breaches as they happen.

First Name *
Email *