The Digital Operational Resilience Act (DORA), a European Union (EU) regulation, supersedes and surpasses previous directives and regulations such as the European Central Bank (ECB) Cyber Resilience Oversight Expectations (CROE) and the EU Network and Information Security (NIS2) directive. Its objective is to guarantee the operational resilience of financial services provided to customers by demonstrating information and communication technology (ICT) measures, rather than solely financial risk controls.
DORA applies to financial services organizations operating within or transacting with entities within the EU, including firms offering services across various sectors such as investments, retail, commercial banking, and insurance. It also encompasses providers of digital and technology services that financial services organizations rely on, such as software as a service (SaaS), cloud computing, and operations management.
The Journey Toward Compliance
DORA is focused not on isolated audits but rather on continuous compliance. It represents a journey where firms will be held accountable for demonstrating incremental improvements and making ongoing strides toward excellence.
The foundation of risk management lies in the fundamental principle of “knowing your services.” This requires identifying important business services (IBSs) that are key to the financial system (examples would be access to cash, retail banking, and faster payments).
Once an IBS is identified, it is crucial to ascertain the underlying service and resource dependencies. A discovery process should validate and verify that the information is current and that these services facilitate the IBS’s operation in accordance with its specifications.
Furthermore, the specific operational controls necessary to achieve the required operational targets must be defined and subjected to testing.
For each IBS scenario, testing should be conducted to demonstrate that the people, process, and technology are all functioning effectively. In certain instances, this may entail constructing “near-production” replicas to test and subsequently validate the rebuilt service’s suitability for deployment.
Organizations must implement robust controls to safeguard and fortify their IBS. One critical concern is the potential for distributed denial-of-service (DDoS) attacks. Network and security operations teams must prepare rapid-response capabilities to protect all IBSs, regardless of whether they reside on premises or in the cloud (public and private).
As a final note, DORA also ensures that where controls are deployed, they are operable and continuously monitored for policy compliance.
Operational Resilience Aligns with NETSCOUT Digital Quality Assurance
NETSCOUT’s Visibility Without Borders platform elevates the power of visibility by uniting performance, security, and availability into a common data foundation. This innovative approach enables consistent, real-time visibility and automated analysis across any application, any scale, anywhere, anytime, in any operational team, in any ecosystem, and with any vendor’s cloud or network operations monitoring solution. The ability to quickly pinpoint the root cause of any issue across your digital ecosystem truly gives your teams the visibility they need to address the full range of performance, availability, and security risks impacting their digital services, earlier and with more precision.
Our Visibility Without Borders platform provides comprehensive network visibility that is both broad—covering legacy and hybrid cloud environments, applications, and all end users—and deep—down to the packet level. Because we analyze and catalogue every packet traversing your network, our platform runs on the most complete and detailed dataset possible. All our solutions leverage this data, enabling one unified view (see figure).
Network assurance: Identifying underlying IBS dependencies, including third parties
- Link analysis
- Application mapping
- Capacity planning
Service assurance: Managing risks; developing and running test scenarios
- Dependency mapping and analysis
- Service monitoring
Security assurance: Reporting on incidents and sharing intelligence
- Forensics
- Threat mitigation
Smart Data Core: The intersection of network, service, and security assurance
- NETSCOUT’s Smart Data Core is key to meeting DORA obligations
Conclusion
DORA represents one of the initial sets of transformations that are transpiring globally, encompassing both developed and developing nations.
As the reliance on digital technologies expands and encompasses a wider range of applications and functionalities, the imperative to fortify services against both natural and cyber-based disruptions has transcended mere technical or business concerns and become a pressing political challenge.
NETSCOUT solutions assist organizations in comprehending service dependencies, facilitating service monitoring, validating connectivity, ensuring security and availability, and monitoring performance. We furnish businesses with the necessary data from which the responses to disruptions can be developed and validated, as well as enabling the construction of proactive responses.
Contact NETSCOUT to learn more about our solutions.