Ameritrade completed its acquisition of TD Waterhouse in January to become TD Ameritrade Holding Just prior to the completion of that acquisition, Ameritrade finished rolling out technology that encrypts all data as it moves from servers to tape backup devices. The encryption effort was a reaction to the company's loss of a data tape with the names of 200,000 clients in April 2005. Jerry Bartlett, CIO at TD Ameritrade, spoke with Computerworld recently about data security and storage management.
When did you complete the tape encryption technology?
We completed it in the November and December time frame for the legacy Ameritrade facilities. And we're completing it for the combined TD Ameritrade this month.
Was it very difficult?
The difficulty was around deciding what we were going to do and how we were going to do it -- not around the implementation itself. In fact, the technology difficulty was really around coordination of the network teams and storage teams. Once we realized that we needed to execute like it's any other infrastructure project, we assigned a project manager with a plan coordinating our infrastructure teams. It was all about execution, and we're good at execution.
How many encryption appliances from Decru did you deploy?
About a dozen.
Do you have any concerns about un-encrypting data for restoration as new tape rev cycles come out?
Not really. We're comfortable with the backward-compatibility commitments. We would be concerned if the encryption algorithm were changed from the current AES 256-bit algorithm.
How long did it take to deploy?
It took us, to do the legacy Ameritrade, less than 6 months. Based on that experience, it took us less than three months to do the TD Waterhouse side.
How much data do you actually encrypt?
In the neighborhood of 30TB per week, including full and incremental backups.
How have the regulators reacted to the decision to encrypt your data?
The feedback we've received from [them] is that they're thrilled about it. So we're thrilled about that.
What other types of challenges are you facing?
In the storage world in particular, it's this whole idea of a formal and automated approach to the whole information life cycle management. We have very-well-understood retention rules, but it's too manual. As we acquire companies and the obligations of those firms become our obligations -- client data, client e-mails -- that's probably one of the biggest hurdles we have to address. We're just starting to put together a strategy to address it.
I think we have a good approach to rationalizing storage around our applications, which is important. It's a big spend. But now it's really around the overall data management [and] retention because of the industry we're in. I'd like to reduce the amount of manual effort associated with that.