As financial institutions navigate the Digital Operational Resilience Act (DORA), the journey towards compliance presents significant challenges. This blog post explains how Dynatrace helps banks, insurance companies, investment firms, and others comply with the DORA requirements using analytics and automation based on observability and security data.
The Digital Operational Resilience Act (DORA) ensures that the European financial sector remains resilient during severe operational disruptions. DORA compliance is required of all organizations that fall under its jurisdiction by January 17, 2025.
Financial institutions have an increased compliance burden with DORA. We estimate that Dynatrace can automate 80% repetitive tasks introduced by DORA technical requirements using analytics and automation, based on observability and security data.*
* Estimated from our analysis of the technical needs and recognition of the issues that our platform can potentially resolve.
The DORA 5 pillars
DORA consists of the following five pillars.
- ICT Risk Management: Financial entities must effectively manage risks related to their information and communication technology (ICT) systems. This includes identifying, assessing, and mitigating risks to maintain operational resilience.
- ICT Incident Reporting: Organizations must promptly report major ICT-related incidents to competent authorities. Transparency is crucial for addressing disruptions and preventing widespread impact.
- Digital Operational Resilience Testing: Regular testing ensures systems can withstand cyber threats and operational disruptions. Robust testing practices enhance overall resilience.
- ICT Third-Party Risk Management: Financial institutions must assess and manage risks associated with third-party service providers. Outsourcing ICT services requires diligent oversight to maintain resilience.
- Information and Intelligence Sharing: Collaboration and information exchange among financial entities and ICT providers help combat cyber threats collectively. Sharing insights strengthens the sector’s defenses.
Why Dynatrace for DORA compliance
The Dynatrace® platform offers a comprehensive solution for DORA compliance that helps you identify and address various pain points and requirements described in the DORA pillars. Observability and application security, driven by hypermodal Davis® AI, help enhance the security of your systems, increase operational resiliency, effectively manage your risks, and reduce costs.
How Dynatrace solves key pain points in DORA compliance
We analyzed the DORA pillars to understand the requirements they bring to our customers. Having end-to-end visibility across the entire IT environment and validating our findings with customers and partners, we identified four key pain points DORA surfaces and how we think Dynatrace helps turn them into opportunities to innovate while increasing security, resiliency, and efficiency.
Complexity of digital ecosystems
Pain point: Financial services operate in complex environments with numerous applications, hybrid cloud infrastructures, and third-party vendors. This complexity increases cybersecurity risks and complicates governance.
Addressed DORA pillars: ICT Risk Management, Digital Operational Resilience Testing, Managing ICT-Third Party Risk
The Dynatrace solution
- Full-stack observability: To assist with DORA compliance, Dynatrace offers end-to-end visibility across the entire IT environment, including applications, cloud infrastructure, and third-party integrations. This holistic view simplifies the management of complex ecosystems, reducing cybersecurity risks and ensuring seamless governance.
- Dynatrace Runtime Vulnerability Analytics: This feature provides AI-powered risk assessment and continuous real-time exposure management throughout the entire application stack. It promptly alerts security teams about identified exposures and visualizes any affected dependencies using the platform’s topology map.
Third-party risk management
Pain point: Limited control over third-party ICT service providers requires robust risk assessment and continuous monitoring.
Addressed DORA pillars: Managing ICT-Third Party Risk
The Dynatrace solution
- Runtime Vulnerability Analytics: Dynatrace continuously monitors third-party software for vulnerabilities, providing real-time detection and prioritization of exposures. This proactive approach ensures third-party risks are managed effectively, maintaining a strong security posture for DORA compliance.
- Better Understanding of Third-Party ICT Risk: Dynatrace can detect and prioritize exposures in any monitored application, including third-party software like COTS and open source, eliminating the dependency on vendor-provided SBOMs.
Resource constraints
Pain point: DORA compliance demands skilled personnel, advanced technologies, and significant investment, often diverting resources from innovation and customer experience improvements.
Addressed DORA pillars: ICT Risk Management, ICT Incident Management
The Dynatrace solution
- Automated Compliance Monitoring: Dynatrace automates compliance checks and reporting, reducing the need for extensive manual effort. This automation frees up valuable resources, allowing teams to focus on innovation and enhancing customer experiences.
- Dynatrace Security Posture Management (SPM): SPM can digitally and automatically verify technical requirements across different DORA requirements, assisting you in achieving compliance with minimal manual intervention.
Integration with existing processes
Pain point: DORA compliance must integrate seamlessly with existing risk management, incident response, and business continuity processes, which can be challenging and resource-intensive.
Addressed DORA pillars: ICT Incident Management, Information Sharing Arrangements
The Dynatrace solution
- Seamless Integration: Dynatrace integrates with existing IT workflows and processes, ensuring compliance measures are part of daily operations. This seamless integration enhances efficiency and reduces the complexity of maintaining DORA compliance.
- Continuous Digital Operational Resilience Testing: Dynatrace automates change impact analysis with Site Reliability Guardian, validating service-level objectives and security vulnerabilities before and after deployments to improve release quality.
What’s next
Stay tuned for more blog posts about how Dynatrace assists with addressing DORA requirements, and contact your Dynatrace account representative to find the best solution for your organization.
Looking for answers?
Start a new discussion or ask for help in our Q&A forum.
Go to forum