Kannika: Designing a Secure Backup and Restore Solution for mateco's Q.One Platform

Cymo 70Back to overview

As one of the world's leading companies when it comes to renting and selling aerial work platforms, mateco has plenty of assets to keep track of. In a previous case study, we explained how we built Q.one, an end-to-end modular business platform based on Event-Driven Architecture that serves as the backbone of mateco's operations. In this follow-up, we'll discuss how we developed Kannika, a flexible backup and restore solution for Q.one.

The Challenge

To ensure business continuity and the security of their operations, mateco's CIO Didier Dhaenens and Cymo discussed their need for a backup and restore solution, purpose-built for EDA architectures like Q.One. In the past two years, we developed this from an idea into a fully-fledged product that we also offer to our other customers: Kannika.

Growing Platform, Growing Needs

Once the Q.one project delivered its Minimum Viable Product (MVP) of the platform and started rolling out to more countries, the need for a backup and restore solution became more pressing.

When our architecture started going live across the world, it became increasingly important for our operations. With each country, the revenue and profit going through Q.one grew, but so did the potential impact of any mistakes on our core business.

Didier Dhaenens, CIO mateco Belgium

One of the main topics that was addressed from the very beginning was recoverability. The architecture we set up together with mateco was resilient by design thanks to its event-driven nature, and therefore relied mostly on a single Kafka cluster.

When we started looking at existing Kafka backup solutions like Cluster Linking to amend this, we quickly realised that they did not quite fit the bill. Because they only replicated existing clusters and kept them running in case of emergency, they would be costly and impractical to use due to the size of mateco's cluster.

Other solutions like Kafka Connect were also considered during the research phase. However, these are difficult to maintain and did not fit the true backup and restore needs of mateco. While backing up data through Kafka Connect is certainly possible, restoring it through the same principles isn’t that simple.

A backup functionality is something that you hope you'll never need in your systems, which is why this capability is often pushed back in projects. In some cases, it is even overlooked entirely. With the Q.one project, we kept backups in mind from the get-go and shifted into a higher gear once we had finished its initial development.

Wout Florin, Managing Partner and Director of Operations at Cymo

Security-First Mindset

Another important incentive for developing a backup and restore solution was the increasing professionalisation of cybercrime. The amateurish Hollywood hackers acting on their own accord that some people still think of are no more. Like everyone, cybercriminals have had to adapt to these volatile times and joined forces in companies with comprehensive service offerings. Didier explains:

We now see several bad actors offering ransomware as a service, complete with customer service. Interested parties can buy licences on a forum and receive access to specific companies that have been compromised through phishing and other methods.

Didier Dhaenens, CIO mateco Belgium

Because the access is often at a root level, resilience isn’t a solution for cybercrime as far as Didier is concerned. If bad actors can access one cluster, they’ve often had the time to explore your entire infrastructure. In other words: when one cluster has been compromised, so have the redundant clusters. Backups are often the first target during attacks, because the effectiveness of ransomware extortion tactics depends on them not being available.

A Trusted Partnership

Instead of relying on just internal backups and redundancies, mateco’s preferred solution for these advanced threats is remotely hosted data by trusted third parties. That's why they have chosen to use Kannika as Software as a Service (SaaS). Didier points out that attacks can also originate from within the company: a disgruntled system engineer with an administrator account can wreak havoc if not properly protected against.

To protect mateco against inside threats, users cannot delete data within the current setup. We make this possible by connecting to mateco’s cluster and offloading the data to our cloud environment. If required, we could also take a backup of that backup and store it in a secured location using another third party. As Wout points out, an extensive partnership like this requires two key elements: agreements and ex pertise.

Restoring an application based on Event-Driven Architecture is vastly different from restoring a ‘traditional’ application, so we decided on a solution tailored to EDA. We work together with mateco’s in-house infrastructure team in regular tests to evaluate our current way of working, and always include trainings with our service offering so customers can achieve the level of self-service they want.

Thanks to its flexibility, Kannika protects our customers from both internal and external threats across a wide range of use cases. From requests for data deletion using AI-replicated voices to human errors like single topic deletion and disaster recovery, we’ve got their backs.

Wout Florin, Managing Partner and Director of Operations at Cymo

Looking Ahead

As mateco keeps rolling out Q.one across the globe, we support them by backing up increasingly large amounts of important data on their Confluent Cloud tenant with Kannika. We’re also looking into compressing the relatively large files that mateco works with to optimise performance and reduce storage requirements. Finally, we are considering adding another layer of encryption during data transfer.

We meet with mateco on a regular basis to evaluate our progress and discuss new features, such as the upcoming improvements to the user interface. Any features and improvements that we develop will be added to our default Kannika offering, so other customers can benefit from them as well. We’re certain that our longstanding partnership with mateco will continue to result in innovative solutions and exciting improvements.

In need of a flexible yet powerful backup and restore solution for your Event-Driven Architecture? Discover Kannika today and be sure to contact us with any questions or requests.

Go to Kannika

Written byWout Florin