DORA will accelerate cloud migration in Financial Services

By Charles Adriaenssens

The much-anticipated Digital Operational Resilience Act (DORA) is finally here. This Regulation, applicable across the 27 EU Member States, provides a set of guidelines via which financial services organisations will need to prove that they are operationally resilient, i.e, they are able to withstand any unforeseen shocks. All financial system participants will be covered, from credit institutions and insurance undertakings to investment firm

The provisional DORA text was agreed in May 2022, and it should be formally adopted into law by the end of 2022. Financial services organisations will need to be compliant from the end of 2024 (the application deadline is 24 months) but many are already starting to plan to ensure that they meet its requirements.

Why is DORA so important?

Well, I think it’s important for three main reasons:

It effectively mandates ICT risk management at the C-level in all financial services organisations, which will mean that the impact of shocks such as the pandemic or the political situation in Ukraine will be felt less by consumers and the financial services industry itself.
It will clearly define what financial services organisations need to do to become resilient. They will need to ensure that they adhere to a series of ICT risk management and incident-reporting requirements. Some of these requirements will be further defined in Regulatory Technical Standards (RTSs). These standards will be prescriptive, which will eliminate the potential for misinterpretation and ensure consistency of response.
It covers critical Third-Party Providers (TPPs), including Cloud Service Providers (CSPs), and this is likely to increase the speed at which financial services organisations migrate to the cloud (as a multi-cloud strategy for improving resilience is favoured by regulators).

How can Splunk support financial services organisations as they build out their plans to comply with the requirements of DORA?

The Splunk solution set is perfectly aligned with the ICT risk management requirements of DORA. At a very high level, the legislation means that all financial services organisations will need to monitor their technology estate and manage any risks associated with the delivery of critical business services. All requirements that are likely to be included in the Regulatory Technical Standards will align with the capabilities of Splunk – and in particular, detecting and responding to any technology-related issues as well as cyber threats. In addition, Splunk can support any reporting required if / when ‘major incidents’ do take place.

By providing a unified approach to observability and security, Splunk optimises the use of data to address the specific requirements of the legislation. At a time when disruption is constant – political, social and economic turbulence have become the new normal – this will minimise Mean Time to Respond (MTTR) which is arguably the most important KPI aligned with resilience. Another key characteristic of Splunk is its ability to holistically monitor hybrid environments, which will be more important as hybrid and multi-cloud become the norm.

Want to find out more?

Additional information is provided on the Splunk website. If you are an existing Splunk customer, please contact your account manager.

Charles Adriaenssens

Charles Adriaenssens is a Financial Services Industry Advisor EMEA at Splunk, working within its Strategic Advisory Group (SAG).

In this role, Charles supports customers to use the Splunk platform to address key industry use cases. He is an industry thought leader and regularly writes on a range of key topics, including Business Resilience, Customer Experience, Financial Crime / Fraud and changes in Regulation / Legislation.

Before joining Splunk, Charles spent more than 20 years as a Business Consultant working in the fields of analytics, insight generation and data strategy.

Security 2 Min Read

The Importance of Enforcing Multifactor Authentication in Your AWS Environment

A new detection search in Splunk Enterprise Security Content Update v 1.0.15 helps you monitor for users in your AWS environment for users not being authorized by multiple factors

Security 3 Min Read

Contextualize your data with threat intelligence information from Project Honey Pot

Security 8 Min Read

Machine Learning in Security: Detect Suspicious TXT Records Using Deep Learning

The Splunk Machine Learning for Security (SMLS) team introduces a new detection to detect DNS Tunneling using DNS TXT payloads.

About Splunk

The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.

Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.

Learn more about Splunk

DORA will accelerate cloud migration in Financial Services

Why is DORA so important?

How can Splunk support financial services organisations as they build out their plans to comply with the requirements of DORA?

Want to find out more?

Related Articles

The Importance of Enforcing Multifactor Authentication in Your AWS Environment

Contextualize your data with threat intelligence information from Project Honey Pot

Machine Learning in Security: Detect Suspicious TXT Records Using Deep Learning

About Splunk

Subscribe to our blog

Connect with Splunk on X

Connect with Splunk on Instagram