InformationWeek

"We've made it an absolute priority to not just focus on products but on making sure security is a core component of the products," says Debra Chrapaty, E-Trade's CIO and president and chief operating officer of its E-Trade Technologies unit. "It can't be an afterthought. Security is like raisins in a cake: It has to be baked in-inherent in everything we do."

Those sentiments are echoed by E-Trade president Levinson. "Our shareholders and customers look to us to provide secure transactions," she says. "We need to have credibility when it comes to security."

One of the first things Chrapaty did after joining E-Trade in 1997 was to form a systems-security group staffed with experts in areas such as encryption and intrusion detection. Security managers are regulars at strategic meetings and weigh in heavily when E-Trade considers developing or introducing new products.

"One of the most common questions we get from customers is, 'How do I know you're secure?'" Chrapaty says. "We want them to know we've taken every measure possible."

The Palo Alto, Calif., company has a wide range of security tools in place, including firewalls at all entry points to the company's networks. Automated intrusion-detection systems deployed both outside and inside firewalls let security staffers know when someone is trying to break into systems from outside via the Internet or from inside via the company's networks. The internal system also provides a second layer of defense in case someone gets through the perimeter. To deter internal break-ins, E-Trade has physically separated its commercial network from internal networks.

Security: An E-Biz Asset First Union: Rigorous Standards E-Trade: An Absolute Priority Equifax: Who Goes There? Catholic Healthcare West: Healthy Security

For Web site security, E-Trade uses Netscape's Secure Commerce Server to secure transactions. When clients access its site using Netscape Navigator or Microsoft's Internet Explorer, all communications are protected through server authentication and data encryption. All users are given unique user names and passwords that must be entered each time they log on, and the system requires users to enter passwords again when placing an order.

Do investors find this cumbersome? No, says Lisa Nash, VP of customer management, who says customers also rate network security very high on their lists of needs. "People are very comfortable with the process," Nash says. "They say it's not arduous for them, but it is rigorous on our side." She says E-Trade is broadening its customer base to include those new to investing online-and expects them to be even more security-conscious than more experienced E-traders.

E-Trade uses auditing software to log every activity on every network component. "We do centralized audit logs and look through those logs every hour of every day," says Cliff Reeser, director of information security. "If something odd happens, we're alerted immediately."

The company also employs vulnerability-detection systems, software scanning programs that continually try to break into servers and other systems to find weaknesses. In addition, it hires consultants, including some of the Big Five professional services firms, to test the integrity of its firewalls by launching random attacks. E-Trade is also evaluating smart cards for employee access to systems; it expects to be using them within a year.

In addition to its arsenal of tools, E-Trade has a clearly delineated IT security policy that reminds every employee of the urgency of password protection and other basic steps. The company recently hired a director of corporate security to oversee physical security at all levels. Otherwise, Chrapaty says, "we can have the most secure networks in the world and someone can get in and smash one of our servers."

E-Trade's emphasis on security extends to its business partners, such as Web content providers, whose staffs are drilled on the importance E-Trade places on security. "There are some we won't do business with if they don't hold up to a high standard," Chrapaty says. "We put them through the ringer and monitor them continuously."

Reeser says the number of attempts to break into E-Trade's networks is rising, though at a slower rate than in past years. "We detect people trying to break into the firewalls from the Internet almost every day," he says. "But we have software programs to locate these people and identify them by tracing the source of packets as they come across the network. I've called people up and threatened them with legal consequences if they continue to do this."

The biggest challenge for E-Trade is ensuring that global transactions are secure. "There's a lot more exposure," says Reeser. "We know that there are government agencies and companies in other countries that are capable of intercepting transmissions overseas, and some admit to doing this routinely." To protect data, E-Trade encrypts "absolutely everything" it transmits with the strongest encryption allowed by law, Reeser says. Protecting overseas transmissions will become particularly important as E-Trade branches out into other countries, including Australia, France, and Sweden, says Chrapaty.

The company continues to broaden its service offerings-it recently formed an investment bank to help companies raise money on the Internet-while staying on the lookout for the most-effective security tools. "We're hypersensitive to this," says Chrapaty. "Are we paranoid? Well, being paranoid doesn't mean they're not out to get you. Security is part of who we are and it has to be because we're housing billions of dollars of peoples' assets. It's represented in our organizational structure, budget, the whole mentality of the company."

Back to This Week's Issue

Send Us Your Feedback

Top of the Page

CAREER CENTER

Ready to take that job and shove it?

Open | Close

SEARCH

Function:
Information Technology Engineering

Keyword(s):

State:

Post Your Resume

Employers Area

News & Features

Blogs & Forums

Career Resources

Browse By:
State | City

SPONSOR

RECENT JOB POSTINGS

Featured Jobs:

ACCO Brands Corp seeking Director of New Product Development in Lincolnshire, IL

Transportation Security Administration seeking Chief Information Officer in Arlington, VA

Hebrew SeniorLife seeking Business Systems Analyst in Boston, MA

Trilogy Leasing seeking General Manager in Cranbury, NJ

UVIMCO seeking Senior Information Technology Leader in Charlottesville, VA

For more great jobs, career-related news, features and services, please visit our Career Center.

CAREER NEWS

10 Search Engines You Don't Know About

Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs

Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center

Today's Top News

• Apple Drops Price Of MacBook Air
• Google Employees Warned Of Data Breach At Benefits Company
• 'Containers' Out Perform Virtualization For KV Pharmaceuticals
• Mobile Music A $7.3 Billion Industry By 2011
• IBM Develops Audio Masking Technology To Protect Call Center Recordings
• IBM Back On Top Of Server Market

See Image Galleries

Specialty Resources

• VIEW ALL BRIEFING CENTERS

Featured Microsite

 

---

• InformationWeek Home
• News
• Windows
• Security
• Mobility
• Internet
• Software
• Hardware
• CIO Central
• Research & Tools
• Careers

• About Us
• Contact Us
• Current Issue
• Back Issues
• White Papers
• Briefing Centers
• Site Map


• Technology Marketing Solutions
• Editorial Calendar

Terms of Service | Privacy Statement | Your California Privacy Rights | Copyright © 2008 United Business Media Limited, All rights reserved.