How it all began for Kannika: secure backup & restore at mateco
Before Kannika emerged as a brand, it began as a project within Cymo designed to support mateco IT. Mateco, a global leader in the rental and sale of aerial work platforms, relies heavily on Q.one, an end-to-end modular business platform based on Event-Driven Architecture. As mateco rolled out Q.one globally, they realized the need for a specialized backup and restore solution, leading to the creation of Kannika. This is the story of how Kannika came to be.
As mateco integrated Q.one across various countries, the platform's importance grew significantly. "With each country, the number of transactions going through the platform grew, but so did the potential impact of any mistakes on our core business," explains Didier Dhaenens, CIO at mateco. To ensure business continuity and security, Dhaenens discussed the necessity for a dedicated backup and restore solution tailored to Event-Driven Architectures with Cymo.
Developing the Solution
We immediately began working on an idea that evolved into a solution for mateco, eventually becoming Kannika Armory, a unique backup and restore solution for event-driven data streams. From the outset, our primary focus was on recoverability. The resilient architecture designed with mateco utilized a single Confluent Kafka cluster. Initially, we explored existing Kafka backup solutions like Cluster Linking but found them unsuitable due to impracticality and cost concerns.
Other solutions, such as Kafka Connect, were also considered. However, they proved difficult to maintain and did not fully meet mateco's needs for true backup and restore functionality. While Kafka Connect could facilitate data backups, restoring data through the same principles was complex.
Backup is often deprioritized in projects and sometimes overlooked entirely, as it is a feature one hopes never to need. But with the Q.one project, we prioritized backups from the beginning and accelerated development after the initial stages.
Adapting to Cybercrime
The increasing sophistication of cybercrime also drove the development of our backup and restore solution. Cybercriminals have evolved, offering services comparable to legitimate companies.
Today, bad actors offer ransomware as a service, complete with customer services. Parties can buy licenses on a forum and gain access to compromised companies through phishing and other methods
notes Didier Dhaenens - CIO at mateco.
Given that cybercriminals often gain root-level access, resilience alone is insufficient. If one cluster is compromised, attackers typically explore the entire infrastructure, potentially affecting redundant clusters as well. Backups are frequently targeted in attacks, as the success of ransomware depends on them being unavailable and inaccessible.
Implementing a Flexible Solution
To counter these advanced threats, mateco opted for remotely hosted data managed by trusted third parties rather than relying solely on internal backups and redundancies. Thus, they chose Kannika Armory as a Software as a Service (SaaS) solution.
Didier highlights that attacks can also originate from within the company; a disgruntled system engineer with an administrator account can cause significant damage if not properly secured. Therefore, the current setup prevents users from deleting backed-up data. We achieve this by connecting to mateco’s cluster and offloading data to our cloud environment. If necessary, we can also create a backup of the backup and store it securely with another third party. Such an extensive partnership requires agreements and expertise.
Tailoring the Solution
Restoring an application based on Event-Driven Architecture is vastly different from restoring a traditional application. Therefore, we developed a solution specifically for this architecture. Together with mateco’s in-house infrastructure team, we conduct regular tests to refine our processes and include training to help them achieve their desired level of self-service. "This flexibility allows us to protect customers like mateco from internal and external threats across a wide range of use cases," says Wout Florin, co-founder of Kannika. "From requests for data deletion using AI-replicated voices to human errors like single topic deletion and disaster recovery, we’ve got their backs."
Looking Ahead
As mateco continues to roll out Q.one globally, we support them by backing up increasing amounts of critical data on their Confluent Cloud tenant with Kannika. We optimize performance and reduce storage requirements by compressing the relatively large files mateco uses. Additionally, we are considering implementing another layer of encryption during data transfer. Regular meetings with mateco help us evaluate our progress and discuss new features, including upcoming improvements to the user interface.
Eventually, this successful collaboration has led to the launch of Kannika as a spinoff brand from Cymo, allowing other customers to benefit from our expertise. Kannika’s mission is to help customers maximize their Event-Driven Architectures. The solution born from our work with mateco is Kannika Armory. Besides backup and restore functionality, the tool offers the ability to create new demo or test environments.
Any new features and improvements we develop will be added to our Kannika offerings, providing the building blocks for our customers’ event-driven fortresses. We are confident that our ongoing partnership with mateco and other customers will continue to yield innovative solutions and exciting advancements.