IBM NS1 Connect

 View Only

Multiple DNS Providers: A Strategic Necessity in Financial Services

By Charlie Sprankling posted Thu February 01, 2024 05:22 AM



In the ever-evolving world of banking, digital resiliency has never been more crucial. With the increasing reliance on online services being up 100% of the time, the Domain Name System (DNS) plays a pivotal role in ensuring that these services remain stable and secure. With DNS steering traffic to the front door of any financial institution over the public internet, understanding and managing DNS effectively is key to maintaining uninterrupted online banking operations.

Regulations Galore!

European banking regulations have started to shift to an always-available approach, making sure customers can always reach their favourite banking app and more importantly, their money. The Digital Operational Resilience Act (DORA) regulation, implemented in January 2023, marks a significant shift in the European Union's approach to IT risk management in the financial sector. This regulation aims to unify and standardise the practices across member states, ensuring a high level of cybersecurity, data protection, and operational resilience. For banks and financial institutions, this means adhering to stringent requirements that safeguard their digital operations against a variety of threats. In the US, while there is currently no regulation in place, the US Treasury have recently produced a report on the importance of operational resiliency for financial institutions, especially those operating in a “hybrid” or “multi-cloud” environment.

DNS In Banking Operations

I like to think of DNS as the phonebook of the internet, or the Google Maps of the world wide web, and is integral to the functionality of online banking services. It translates user-friendly domain names into IP addresses, enabling users to access banking websites and apps seamlessly. However, the DNS is sometimes susceptible to failures or cyber-attacks. A single point of failure in the DNS infrastructure can lead to service outages, severely impacting customer trust and financial stability and also lead to multi-million Euro fines from the local regulator. Brand reputation is also at stake, if customers cannot access their money.

Multiple DNS Providers is Necessary

With so much at stake if the DNS lookup fails, deploying multiple DNS providers emerges as a strategic necessity, not just for compliance with DORA regulations but also as a best practice in risk management. By diversifying DNS services, banks can significantly mitigate the risk of a complete service outage, while taking advantage of the performance and feature gains of this diversification project. This strategy enhances operational resilience, offering alternative pathways for traffic routing in the event of a DNS attack or failure. It also provides a robust defence mechanism against Denial-of-service attacks, ensuring continuity in banking operations in case one of the sets of servers goes down.

How NS1 Thrives in a Multi-Provider Setup

NS1 Connect provides a global and redundant Managed DNS network for customers, including many of the world’s biggest financial institutions. With NS1’s API-first platform and vendor agnostic ethos, we are perfectly positioned to sit alongside an existing self-hosted solution, allowing the customer to benefit from all the performance and 100% Uptime SLA guarantees, without impacting current workflows for the bank. NS1 also offers additional customer-dedicated networks, for even more layers of redundancy and resiliency on the DNS layer. Banks can even hide their “Primary” server from the public internet, to let NS1 absorb any DDoS attacks that might be occurring. This is referenced to as a Hidden Primary setup. With an active-active setup, customers can keep a continuous service running for any of their customers trying to access a banking application.

Appeasing the Crowd

In conclusion, embracing multiple DNS providers is more than a regulatory compliance issue; it's a step towards ensuring true operational resilience in the banking sector. Just like any other layer of the infrastructure stack, DNS plays a crucial and mission-critical role in getting customers to their applications, so ensuring that 100% uptime and performant traffic steering, keeps both customers and regulators happy