Customers in the Cloud: How Safe?
May 30, 2011
LITTLETON, Colo. -You can scale the outside wall of the Qwest CyberCenter here and drop down the other side into this industrial equivalent of a fortress, as a couple of national security spooks did a few years ago. But, like trying to scale a castle in the Middle Ages, you might just end up in a moat, inside.
If the tilt-up wall doesn't get you, the cameras will. Or, if the original FBI alumnus designing the security had had his way, the gun turrets would. But, as Paul Hoffer, the critical systems manager at the site, put it, "broomsticks" sticking out of the corners or tops of the walls surrounding what otherwise looks like just another distribution warehouse would probably draw more attention from the malicious set, than would justify their presence.
In any event, when the "men in black" scaled the outside of this facility where access to eight million customer records for more than 300 broker-dealers is controlled, Hoffer's watchful eyes were enough. He was out in the enclosed delivery yard, smoking a cigarette, and politely intercepted what turned out to be friendly, but determined, invaders.
Such is life at the hosting facility here where Quadron Data Solutions maintains the heart of its account opening and management business for broker-dealers and financial professionals, in the "cloud."
Roughly 65% of Quadron's customers are brokers, 30% investment advisors and 5% directly-sold mutual funds and annuity providers. From this base, Quadron receivess roughly 1,000 new customer records every day. Overnight, somewhere between 30 million and 40 million new records on financial transactions for all existing accounts are added to its database of customers and the $250 billion all told that sits in their accounts.
But the real security for those millions of customer account records and billions of transaction records does not rest with the Kevlar in the walls of the Qwest data center or the shredding of hard drives when their days are done. Or with its magnetic card, key and fingerprint access controls. Or the fact that all deliveries (and arrivals) must be cleared in advance of anything or anyone entering its front door.
Instead, it's the behind-the-scenes controls that a data services firm such as Quadron administers and maintains-and enforces with digital, rather than physical, protections.
Most notable is what Chief Security Officer Wade Turner and Executive Vice President of Technology Chris Cross refer to as "entitlements."
Basically: Keeping access to any part of the data limited to the fewest number of people possible, at Quadron. Because those with access to data are, logically, bigger threats, in theory and often in reality, than those who must scale the wall or otherwise break in.
In fact, Quadron's customers don't have direct access to their own data. They can only view it on screen, through Web services and file transmission, after it's been stored and processed.
Turner can't even see the data when it's in a readable form. "I have access to the raw data, the raw bits, the blocks," he said. He sees ones and zeroes, but not names and addresses or transactions.
Turner and Director of Information Technology Paul Chapman can move blocks of data around. They can access any piece of data. But, at the level in which they operate, there is no translation.
"The people who have the most access to the data don't really have a clue what the data is," Chapman said. "I mean, I can get to anything, but I really don't ever know what the data looks like-and I've looked at the data. It's just data." Not information.
There isn't a single employee, not even founder and Chief Executive Officer David Fetter, who has "total holistic access" to raw data and the finished information that it becomes, said Senior Systems Administrator Jason Simons. By design, access to any part of the finished data is partitioned.
Access is governed by roles. The folks, like Turner and Chapman, that can move data around, can't see what the information means. Those who can see the information, and what it represents, can't move it. Can't withdraw it. Can only make changes to it, as needed. And monitored.
Access to the customer and transaction records, in a visible form, is the purview of database administrators. And not just anyone at Quadron gets that type of access. Typically, they are employees who have been with the company for seven to 10 years. And they are not developers, who might use their skills to change something other than the records, and gain, say, root access to the system.
This is in a company with relatively low turnover. Average employee tenure is more than seven years and for database administrators, more than three.