The Digital Operational Resilience Act (DORA) requires mandatory compliance by financial services organisations by January 2025, but it’s a complicated piece of regulation that needs to be addressed sooner rather than later by the financial services companies it affects. Driven by the EU Commission’s growing concerns that the sector is increasingly vulnerable to cyberattack, it demands new levels of resilience around the adoption and use of technologies.
While more detailed technical requirements will be released by the joint committee of European Supervisory Authorities (ESAs) over the coming months, there’s enough in the Act as its stand to know that cloud services are firmly in the spotlight. A challenge for companies in the next year is to find pathways to the kind of ICT resilience that is now demanded of them.
De-risk a single point of failure
DORA underscores the importance of adopting a hybrid-cloud strategy, acknowledging the necessity to mitigate the EU Commission’s apprehension regarding a potential single point of failure that could disrupt the financial services sector across Europe. Upon closer examination, it becomes evident that the recommendation supports a multicloud strategy, emphasizing the importance of combining services in a hybrid approach to strengthen business resilience.
For 30 years, Ergo has been providing IT services to leading players in banking, insurance, AMIF (Asset Management and Investment Funds), helping them navigate new regulations in a fast-changing threat landscape. Now Ergo is bringing all its experience to bear on readying companies for DORA. Our team of experts possesses extensive knowledge and expertise in technologies helping business with DORA compliance. These include VMware solutions that provide the backups, redundant capacity and secondary facilities that DORA demands around disaster recovery and business continuity. A type of cloud architecture that simplifies cloud entry and exit is the great enabler from VMware, the ability to move data around and run workloads in different places with minimal complexity.
Underpinning it all is VMware’s Software-Defined Data Centre (SDDC) architecture, which allows for a hybrid cloud infrastructure platform to be deployed across a wide variety of cloud endpoints, whether they are on-premise, in public/private clouds or at the edge. Not only can financial services use the platform to innovate quickly and experiment with different cloud providers, they can shortcut their journey to DORA compliance and stay ahead in a rapidly evolving regulatory landscape.
Simplifying infrastructure management
VMware Cloud on AWS can be used as a foundation for hybrid deployments, connecting on-premise data centres to the cloud. Crucially, it simplifies infrastructure management by using the same technologies, thereby extending the life of existing skills, tools and processes that run on-premise environments, and integrating them with a single point of management control for virtual machines and containers in the cloud as well as on-premise.
Ergo can quickly deploy a service like VMware Cloud on AWS, which provides dedicated, single-tenant cloud infrastructure with up to 16 hosts per cluster. VMware manages and operates the service, including 24×7 service enterprise-grade support and site reliability operations, with scheduled SDDC software updates, emergency software patches and auto-remediation of hardware failures.
With this approach, VMware is bringing a new and leading capability to cloud journeys that will strike a chord with financial services customers as they look to achieve DORA compliance. Having a hybrid cloud infrastructure platform allows them to manage and take advantage of one or more public clouds simultaneously with on-premise environments, fulfilling the DORA requirement to have options that make the business more resilient.
No need for second failover site
Another VMware product that directly addresses a DORA pressure point is VMware Cloud Disaster Recovery (VCDR). One takeaway from the new Act is the importance of establishing a second site for failover, an environment that’s disconnected from the main infrastructure, guaranteeing business continuity if the first is disrupted.
An easy-to-use Software-as-a-Service solution, VMware VCDR offers on-demand disaster recovery, a pay-as-you-go-service that removes the need to own, rent or maintain a secondary DR site. It makes it easy to test and orchestrate your DR plans non-disruptively – another big requirement of DORA – and has audit-ready DR health checks and reporting to demonstrate that backup plans are executed correctly. It’s a way to optimise your existing environment and achieve DORA compliance without having to spend a fortune.
Ergo’s comprehensive understanding of DORA compliance combined with proficiency in hybrid cloud and robust Business Continuity and Disaster Recovery (BCDR) solutions further solidify the company as a trusted partner for companies striving to meet the new DORA regulatory requirements.