Advisors who custody assets with TD Ameritrade Institutional could, with little effort on their part, suddenly find they have enhanced cyber security on at least a portion of their workday life. It will likely take advisors a bit longer to understand both how this new security works and where it begins and ends.
Thanks to a new partnership between TDAI and cleverDome, Inc. there is now a “community-driven solution” meant to protect confidential consumer information by taking that data “Under the Dome,” meaning it is both encrypted and not running on the Wild West of the open internet. The partnership is being announced today as part of the T3 conference being held in Denton, Texas.
“We’re always seeking ways to help advisors protect their systems and client data. In an interconnected world, that also means making sure advisor systems are secure when connecting with us and third-party solutions,” said Jon Patullo, managing director of technology solutions at TD Ameritrade Institutional, in a prepared statement.
In a nutshell, registered investment advisors using software from a handful of vendors and who custody assets with TDAI and use the firm’s Veo One platform, can sign up to bring their online traffic running between themselves, the third-party applications and the Veo One platform onto a more secure route managed by cleverDome.
“By taking critical data off the open internet, we can better protect data shared between multiple parties and help RIAs ensure their computers and mobile devices are protected when accessing client data anywhere, anytime,” Patullo continued.
But networks aren't the only online vulnerability. Many high-profile breaches are caused by insider error, such as weak passwords and falling for phishing attacks. A 2016 study by IBM found that 60 percent of all attacks were carried out by insiders. The financial services industry has been the most-targeted industry for cyber criminals for two years in a row, according to a 2018 IBM study, experiencing the highest volume of security incidents and the third-highest volume of cyberattacks.
Companies that have publicly signed on to work with cleverDome include Orion Advisor Services, Redtail, Riskalyze, United Planners, Geneos and FCI. The firm has been in discussions with many others over the past 12 months, including both other third-party providers to the RIA industry and broker/dealers as well as b/ds themselves.
Today’s Announcement Is Only Part of the Story
While today’s news highlights the work of cleverDome, TDAI and several third-party fintech vendors, there is much more to understand in terms of the underlying technology involved.
Besides providing network security, cleverDome takes on a role as arbiter of due diligence, establishing a common due diligence standard for advisors and vendors. If advisors are sufficiently satisfied with cleverDome’s standard, vendors realize cost savings by doing due diligence once as a cleverDome participant instead of for each advisor they work with, said Aaron Spradlin, founder and CEO of cleverDome.
Advisors that trust the standard due diligence will also have an easier time picking a vendor, because cleverDome’s stamp of approval will narrow down the advisor’s choice in vendors. “It is an all-ships-rise-together model,” he added. “An advisor now can know that their unregulated vendors—that are holding their confidential information—are showing commitment to advisors’ fiduciary standard by joining this cooperative.”
The cleverDome solution combines what is referred to in online security parlance as “end-point protection” with a “secure communication layer.”
“Everything on the internet today is point to point,” said Nic Fragale a senior sales and solutions engineer with NetFoundry. What cleverDome and NetFoundry have done is, in essence, begun to build a network overlay that acts as kind of a proxy for the traffic, Fragale explained.
Instead of simply going point to point as the internet works today, the cleverDome and NetFoundry network runs atop the internet but relies on smart midpoints and nodes along the way that are running its firmware. Those nodes and midpoints always find the best route to get its data to its ultimate destination.
An important element of how all of this works is that the traffic is composed of both destination instructions and the core content being moved. Each part is separately encrypted and, at best, a hacker might be able to decrypt where something originated or is destined for but not the contents, the data itself.
Matt Sarrel, CISSP, a security industry analyst and security practitioner who is unaffiliated with cleverDome or NetFoundry, explained this in terms of a traditional letter.
“If I mailed you a letter you could see from a return address that I’m the one that sent the letter and you are the one meant to receive it but not what is inside,” said Sarrel, executive director of Sarrel Group, a security testing and evaluation consultancy based in San Francisco.
“Security by obscurity—all this wrapper and encapsulating conceptually is not new; it was around in 1995; it’s hidden but only because no one is looking for it,” Sarrel said.
Netfoundry and others have taken those concepts and combined both new technology, as well as the capabilities of modern hardware, and patented it.
The cleverDome network runs on AES 256-bit encryption, often referred to as “military-grade” or “bank-grade” security for all of an advisory firm’s computers and devices.
A case can be made that because of this, cleverDome can replace traditional VPN solutions and enable RIA firms to benefit from lower costs and higher speeds. There are certain costs however, which are yet to be clearly delineated, especially in terms of which entities will bear the costs of infrastructure and hardware upgrades.