DRaaS (Disaster Recovery as a Service) is a solution that takes data as it’s traveling through your network and saves a backup copy. Some versions stop just there: they are called BaaS (Backup-as-a-Service). Others also save and secure your business’s processing power and business logic embedded in applications; these are full-scale DRaaS solutions. So, if you have specific code or commands running in containers, DRaaS can back those containers up so that when those or databases go down, it can bring up all of the infrastructure your code is running on.
DRaaS can help handle such threats to business continuity as natural disasters, equipment failures, and cyberattacks. The latter can be an especially pressing danger in the modern war context. Let’s take the current Russo-Ukrainian war as an example.
LockBit international hacker group is notorious for cyberattacking financial institutions in Western countries that back Ukraine with ammunition and other assistance. Over the last five years, the criminals carried out more than 3,000 cyberattacks employing ransomware, demanding large sums for functionality restoration. For instance, one American company faced a $90 million ransom demand from LockBit. Just recently, two members of the criminal group were caught.
As cyberattacks are escalating globally, with geopolitical tensions keeping pace, DRaaS solution providers respond with the same speed. Disaster recovery technologies are enhanced and diversified to meet the demand. In the scenario above, when the attackers encrypt all of your data and say, “Give us bitcoin, and we’ll unlock it,” a DRaaS solution lets you restore your system to the previous point in time.
Things like floods or $90 million cyberattacks just occur once in a while. In between, there are smaller but still harmful events happening. These may include databases going down, AWS having issues in one of the regions, or denial-of-service (DoS) attacks. Basically, it’s about just one part of your infrastructure collapsing or having issues.
One of the rules to be compliant with good oversight of your data is having a log that shows access to things. DRaaS solutions store traffic and backing data, and they can also keep your logs and other information on what’s happening in your system, which can help you with audits.
The question is, which options suit your business? Let’s see what’s on offer.
Whatever solution you’re looking for, it’s always a good idea to ask for referrals. Considering big names is great, but it might be more helpful to look for companies similar to yours. This helps find DRaaS that fits in terms of what they specialize in. Some may be big enterprise government contractors; these will know the government-related specifics. Others may be more suitable for startups.
Also, paying attention to the provider’s security standards is essential. Check if they have SOC II certifications, are PCI-compliant, and have other relevant certifications. Another crucial moment is data access and controls. Make sure you only share as much as needed, because otherwise, once your system or its parts get locked, they may be exposed to more sides than the attackers alone.
Finally, depending on your system’s location, on-prem or cloud, look for a provider with expertise in the relevant area.
To choose the DRaaS variant that your business can make the most of, you should first carefully look at the important metrics like the ones below.
Time to recovery. If your system goes down or an issue happens, how long does it take for the system to recover?
Time to alert. How quickly does your system signal there’s any issue? How long from that alert does it take for your system to take action automatically?
Data to lose. How much of the system data your company can afford to lose? Say, a DRaaS solution does a daily backup. This means that if the incident happens one minute before the backup, you’ll lose a day's worth of data. Some companies can afford that, while others count data per millisecond.
So, on the one hand, you have a snapshot of your daily backup. On the other, you can go all the way to continual monitoring: as your system is processing data, it’s streaming it to another system; any time you update code, the system will push it to multiple places with as low latency as possible.
If you have doubts about your company’s ability to adequately and fully access the business context and come up with the requirements, look for a provider who can help you with such an analysis.
Ensure a secure development process with cutting-edge cybersecurity measures.
→ Discover INSART
Another factor affecting your DRaaS solution choice (whether you buy or build) is the size of your FinTech business and its operating area.
Any team should think of resiliency and rigor in their system from the beginning. It’s much easier to build the architecture from the start for situations like losing data or the system going down. Changing the architecture to accommodate disaster recovery later, when your business has grown and is forging partnerships, can cost more, whether you use vendor’s help or build a DRaaS solution of your own.
Again, this is very individual: much depends on what kind of business you’re leading. But let’s make up an example to outline the kind of tasks you might be facing. For instance, a credit card business. It has several components.
I’d sort the architecture for DRaaS into two main buckets.
Whether you build on your own or buy an off-the-shelf solution, testing the solution is vital to ensure it won’t fail you at a critical moment.
Overall, the platinum standard would be testing in production and moving real customer traffic. That’s a big jump to do and definitely risky to do the first time. So, before attempting that, make sure to do the following:
Implementing a robust DRaaS solution is not just a precautionary measure; it's a strategic imperative. By carefully assessing your business needs, selecting the right provider, and rigorously testing your solution, you can fortify your fintech against disruptions.
If you have any questions left on DRaaS and need engineering expertise, let us know by dropping your question here.