Achieving system resilience means not putting all your eggs in one basket

Achieving system resilience means not putting all your eggs in one basket

By Oliver Caudwell, Brand Sales Account Lead, NS1, an IBM Company

Oliver Caudwell

Most financial services companies have broken the back of their digital transformation projects and customers are benefiting from faster, easier, more personalised transactions as a result. While traditional banks have had to play catch-up with cloud-based digital start-ups, many have resisted a full-scale migration to the cloud and instead are keeping much of their foundational infrastructure technology, including their DNS, on premise.

However, revised regulations and guidelines are demanding change. In 2019, the European Banking Authority (EBA) published guidelines (revised in 2021), which called for redundancy of certain critical IT components to prevent the failure or unavailability of systems and data. These guidelines are now being codified into local laws and regulations and adopted by many financial institutions, and particularly EU member state central banks. In addition to this, all banks are regulated to ensure customers have access to their funds which, in a digitalised world, means availability on a 24/7/365 basis.

The connection point between a financial institution’s online services and its customers is the Domain Name System (DNS). This is regarded as a critical IT component and is therefore vulnerable to several scenarios that could result in a bank’s website becoming unavailable. These include Distributed Denial of Service (DDoS) attacks, particularly if the bank runs its own authoritative DNS infrastructure; misconfigurations, which are usually due to human error, and which redirect online traffic to a dead end; and high latency in a context where even a fraction of a second delay qualifies as a slow response.

For digital banks, whose operations started in the cloud, redundancy and security of systems was often built in from the start. Conversely, the traditional financial services sector carries technical debt and is still looking to get a return from its legacy infrastructure investment. So, instead of shifting wholesale into the cloud and reducing their physical infrastructure, many banks today are instead adding Enterprise Managed DNS services in parallel to their on-premise DNS servers. These help them not only to comply with domestic regulations and to make a connection between on-premise and cloud resources, but also to help meet their primary goal – resiliency.

Layered resiliency against DDoS attacks (and other availability challenges)

Against the backdrop of rising cybercrime, and the vulnerability of banks to damaging DDoS attacks, adding Enterprise Managed DNS to their existing environment allows banks to build resiliency in layers. Enterprise Managed DNS is designed to maintain the online services of banks with a high capacity, global network to provide seamless continuity of operations, even if a DDoS attack happens. Financial institutions can configure the service in multiple ways, so management is seamless, enabling resiliency with little change to day-to-day operations.

The other advantage to adding our Managed DNS network, for example, is that it enables intelligent traffic steering, allowing traffic to be automatically diverted around outages. This avoids service disruptions and ensures maximum performance levels are maintained while also optimising the online banking experience for customers. They get a seamless connection to applications and services based on their location, in real-time, regardless of the device they are using.

Given that the expectations of customers have never been so high, this quality of service is essential. The ability to make transactions in moments, confident in the knowledge that their funds are being transferred securely is what customers demand and is critical not only in retaining the long-term loyalty of existing clients, but to attracting new customers too.

Serving banks with different set-ups

While optimising the user experience is the main requirement of all banks and financial institutions, the route to delivering it is different depending on an organisation’s policies and preferences.

We work with a well-known British high street bank, for example, that operates two cloud providers in a primary capacity and uses our highly resilient Enterprise DNS service to protect them against downtime. We support a popular Swedish bank who continue to operate their DNS servers on premise and deploy our Managed DNS network in a ‘hidden primary’ configuration to provide resilience and DDoS protection. Another customer, a foreign exchange company, operates three DNS networks. An on-premise service, combined with our Managed DNS and Dedicated DNS to provide an extra layer of resiliency and intelligent traffic steering to ensure website and application optimisation.

As the threat landscape becomes even more acute, and traditional financial services companies strive to keep up with their digital-native counterparts, we anticipate that the approach of adding three layers of resiliency will become increasingly standard.

But building in resiliency is not the only concern. Banks are offering globalised services, and this means scaling their operations. Smaller organisations are flexible enough to do this, but for big, traditional finance companies, the roll out of a global network can be extremely complex and challenging. A managed DNS network can be easily deployed alongside an existing on-premise service, offering a zero-downtime migration. As networks change and grow, Managed DNS is infinitely scalable, offering no restrictions.

Let partners carry the load with transformation and automation projects

This complexity when scaling is one of the reasons that banks put this element of digital transformation on the ‘too hard to do’ list. But it doesn’t need to be that way. Providers understand that legacy systems will be part of the mix, that there has been considerable investment in existing infrastructure which needs to be realised, and that the fear of disrupting the user experience is holding back progress.

The job of Enterprise DNS providers is to be equally committed to customer success and onboarding, to take on the workload towards transition and in the case of DNS, to replicate all the zone and traffic steering elements in the new configuration. The role of providers is to introduce an API-first approach and add automation pipelines to network operations. This means that IT teams don’t have to learn new systems, or increase the resource allocated to ensuring resiliency of the network. They can simply automate it along with their other processes.

Conclusion

Across the financial services sector, organisations are at different points in their transformation journeys, whether they are playing digital catch-up, or they’ve already automated the entire operation. They are all seeking to achieve two things: to optimise the user experience and meet regulations. Their technology partners are fundamental to their success and understand that sometimes they will not want to put all their eggs in one basket by migrating everything to the cloud or keeping everything on-premise. The key to success, once a bank has combatted its inertia, is selecting partners with proven experience and a willingness to work collaboratively – both with the customer and with each other to achieve the transformational goals.