TD Ameritrade Encryption Project Is Nearly Complete

CIO says work at TD Waterhouse sites should be finished this month

Ameritrade Holding Corp. late last year finished rolling out technology to encrypt corporate data as it moves from servers to backup devices, just before its acquisition of TD Waterhouse Group Inc. closed in January. Jerry Bartlett, CIO of the combined firm, called TD Ameritrade Holding Corp., talked about extending the encryption technology to TD Waterhouse sites and other issues at the recent Storage Networking World conference.

Jerry Bartlett, CIO of TD Ameritrade Holding Corp.
Jerry Bartlett, CIO of TD Ameritrade Holding Corp.
Have you rolled out the Decru encryption technology throughout the combined company? We completed it in the November and December time frame for the Ameritrade facilities. And we're completing it for the combined TD Ameritrade this month.

Was the process of installing encryption technology difficult? The difficulty was around deciding what we were going to do and how we were going to do it -- not around the implementation itself. Once we realized that we needed to execute like it's any other infrastructure project, we assigned a project manager with a plan coordinating our infrastructure teams.

How many Decru encryption appliances have been deployed? About a dozen.

Do you have any concerns about unencrypting data for restoration in the future? Not really. We're comfortable with the backward-compatibility commitments. We would be concerned if the encryption algorithm were changed.

How long did it take to deploy the appliances? It took us to do the legacy Ameritrade less than six months. It took us less than three months to do the TD Waterhouse side.

How much data do you encrypt? In the neighborhood of 30TB per week, including full and incremental backups.

How have the regulators reacted to the decision to encrypt your data? The feedback we've received is that they're thrilled about it. So we're thrilled about that.

What other types of storage challenges is your company facing? It's this whole idea of a formal and automated approach to information life-cycle management. We have very well-understood retention rules, but it's too manual. As we acquire companies and the obligations of those firms become our obligations -- client data, client e-mails -- that's probably one of the biggest hurdles we have to address. We're just starting to put together a strategy to address it. I think we have a good approach to rationalizing storage around our applications, which is important.

What is your take on the upcoming Storage Networking Industry Association standard to allow migration of data across tiers of storage? My fundamental view is we are, and ought to be, vendor-agnostic. My team's a big believer in standards -- in this case, standard interfaces and the ability for a heterogeneous group of vendors to be able to be utilized across the whole data life cycle, I think, is the right direction.

Does that mean the company, now mostly an EMC shop, will look at technology from other vendors? Right now, we're an EMC shop, so as we do mergers and acquisitions, we stick with EMC. It doesn't mean we won't continue to look at vendors whose offerings become potentially higher in quality, availability and resiliency at competitive cost points. A fundamental tenet is [that] we're vendor-agnostic.


Copyright © 2006 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon