This article can also be found in the Premium Editorial Download "Information Security magazine: What's your biggest information security concern?."
Download it now to read this article plus other related content.
As vice president of quality assurance for the Philadelphia Stock Exchange, Bernard Donnelly is responsible for the security and availability of a network that approaches 100 Gbps and 500,000 quotes per second. To add to the complexity, the exchange recently implemented a wireless trading network that relies on handhelds and demands ironclad security and unquestioned availability.
Why did you move to a wireless trading system given all of the security issues that it can create? Two years ago we made the strategic decision that we couldn't be floor-based anymore. It was just too chaotic. We came up with the handheld trading system, which monitors the markets to generate quotes on behalf of the traders. The member firms have the same capability on a larger scale, but we had to do it in order to stay ahead of what everyone else is doing.
What special measures did you take to secure the wireless trading network? First off, nobody comes directly into our network. They have to go through a variety of authentication and authorization mechanisms and several other hops. We only have icons on the handhelds--just the things you need to get the presentation layer to the trader. All of the traffic is encrypted. We had this on an 802.11 network, but the amount of data was too much for it.
What's the extent of your disaster planning? We just spent $10 million on a fiber network from here to New Jersey so that we can get
Financial services has more than its share of regulations already, so why did you decide to comply with Sarbanes-Oxley voluntarily? For a lot of companies that are going public, they're doing things they've never done before [to comply with Sarbanes-Oxley]. But it is a carbon copy of what the SEC has required us to do for years. I'd recommend it for other companies, too. It's a good best-practice and will lead you to find things you wouldn't find otherwise.
Read the full version of this interview with Bernard Donnelly at searchsecurity.com/ismag.
This was first published in December 2006