As vice president of quality assurance for the Philadelphia Stock Exchange, Bernard Donnelly is responsible for the security and availability of a network that approaches 100 Gbps and soon will be handling 500,000 quotes per second. To add to the complexity, the exchange recently implemented a wireless trading network that relies on handhelds and demands iron-clad security and unquestioned availability. Donnelly recently shared his thoughts on keeping all of this up and running securely.
What's the extent of your disaster planning?
Donnelly : We just spent $10 million for a fiber network from here to New Jersey so that we can get a five millisecond response time. We're going to own the fiber and we'll become our own carrier so we don't have to rely on anyone else. And we just built a new data center in Philadelphia, so we have two here and a co-location facility in New York. Uptime is paramount for us. A 30-second outage is devastating for us. We might see one every two years, but that's too many. I also oversee all of the change controls, which is sort of disaster prevention. It's one of our strong points as an organization and it pays because systems don't break until you change something. We act as an auditing department and I have the final determination on all of the security packages.
Financial services has more than its share of regulations already, so why did you decide to comply with Sarbanes-Oxley voluntarily?
Donnelly: For a lot of companies that are going public, they're doing things they've never done before [to comply with Sarbanes-Oxley]. But it is a carbon copy of what the SEC has required us to do for years. I'd recommend it for other companies, too. It's a good best practice and will lead you to find things you wouldn't find otherwise.
Why did you move to a wireless trading system given all of the security issues that can create?
Donnelly: Two years ago we made the strategic decision that we couldn't be floor-based anymore. It was just too chaotic. We came up with the handheld trading system, which monitors the markets to generate quotes on behalf of the traders. The member fans have the same capability on a larger scale. But we had to do it in order to stay ahead of what everyone else is doing.
What special measures did you take to secure the new wireless trading network?
Donnelly: First off, nobody comes directly into our network. They have to go through a variety of authentication and authorization mechanisms and several other hops. We only have icons on the handhelds, so just the things you need to get the presentation layer to the trader. All of the traffic is encrypted. We had this on an 802.11 network, but the amount of data was too much for it.
