Applying cyber resilience to DORA solutions

Applying cyber resilience to DORA solutions

The Digital Operational Resilience Act, or DORA, is a European Union (EU) regulation that created a binding, comprehensive information and communication technology (ICT) risk-management framework for the EU financial sector. DORA establishes technical standards that financial entities and their critical third-party technology service providers must implement in their ICT systems by January 17, 2025.

DORA applies to all financial institutions in the EU. That includes traditional financial entities (like banks, investment firms and credit institutions) and non-traditional entities (like crypto-asset service providers and crowdfunding platforms). Notably, DORA also applies to some entities typically excluded from financial regulations.

DORA and other regulations focus on operational resilience, which is the ability to provide reliable and secure services to customers to address regulatory compliance and cybersecurity challenges. They require financial institutions to define the business recovery process, service levels and recovery times that are acceptable for their business. Regulators also require organizations to test business recovery processes periodically and provide documented test results showing that SLAs have been met.

As part of the risk-assessment process, entities must conduct business impact analyses to assess how specific scenarios and severe disruptions might affect the business. Entities will also be expected to put appropriate cybersecurity protection measures in place. This is where new solutions with cyber resilience become part of the picture.

What is cyber resilience?

Cyber resilience is a component of operational resilience. It focuses on providing a proven strategy around data protection and business continuity in case of advanced ransomware or cyberattacks, including scenarios where data is encrypted by ransomware.

The need for a strong cyber-resilience strategy

According to the IBM Cost of Data Breach Report 2023, the global average cost of data breach was $4.45M. In the U.S., the average cost of a data breach was at its highest, reaching $9.48M. It also reported organizations taking an average of 277 days (about 9 months) to identify and contain a breach. 

A strong cyber-resilience strategy that provides a unified approach—combining cybersecurity with data protection and disaster recovery methods—can help organizations protect against and rapidly recover from disruptive cyber incidents.

With attacks becoming more malicious and techniques more advanced, the strategies and plans to mitigate the impacts of such cyberattacks must also change. Traditional recovery plans like standard disaster recovery solutions are not adequate and must change to support these new scenarios, and it will require new thinking and teaming between disaster recovery and security teams.

Cyber resilience also tackles additional areas beyond the common resilience techniques of backup, high availability and disaster recovery. While these techniques are important and must be part of the overall resilience program, they will typically replicate a ransomware attack to multiple environments since they are focused on keeping the data replicated with the smallest RPO (recovery point objective).

A cyber-resilient solution must be considered as a separate leg of this stool, typically on a third environment, which can quickly take over while not replicating the ransomware. Cyber-resilient solutions can solve issues for compliance and close the security gaps by protecting against attacks with a host of tools.

Benefits of an isolated recovery environment

Coupled with disaster recovery, an isolated recovery environment in the cloud works in concert with standard disaster recovery in several ways:

  • It helps customize and configure the recovery process according to the unique needs of your applications. You can implement complex recovery workflows that may not be feasible with a standard disaster-recovery solution.
  • It offers more control and flexibility for comprehensive testing and validation. This enables you to verify the effectiveness of your recovery procedures.
  • It enhances security based on your specific requirements and helps meet compliance requirements.

IBM cyber-resiliency best practices

IBM infrastructure solutions enable clients to develop and manage cyber resilience across a wide landscape, including a hybrid cloud environment, while supporting compliance with key requirements from regulations like DORA. With both on-premises infrastructure and cloud-based resources, IBM can seamlessly integrate with your existing setup. You can replicate and recover on-premises systems to a cloud-based recovery environment, providing a unified and consistent recovery solution. This integration ensures that your entire infrastructure is protected and recoverable.

IBM cyber-resiliency best practices include the following:

  • Air-gapped protection as a fail-safe copy against propagated malware
  • Immutable storage to prevent back-up corruption and deletion
  • Clean rooms, data scanning and cleansing tools for test and validation
  • Automation and orchestration technologies as a part of response and recovery
  • Separation of duties

IBM Cloud provides the base infrastructure with the flexibility to provide trusted solutions that match compliance needs when faced with DORA requirements. Whether dedicated or used in a managed-as-a-service consumption model, IBM can easily provide the expertise for a fully compliant cyber-resilient solution independent of the production environment with IBM Cloud Cyber Recovery.

Learn more

Organizations can achieve a highly customized, flexible and resilient recovery solution by combining standard disaster recovery, backup solutions and an isolated recovery environment in IBM Cloud. The isolated recovery environment offers additional options for recovery, customization, security, integration and compliance. This enhances the overall effectiveness and control of the resiliency strategy and, at the same time, provides compliance and support for regulations like DORA—all working in concert to keep your organization’s business in business.

Understand the Digital Operational Resilience Act (DORA).

Read more about IBM Cloud Cyber Recovery

Related categories

More from Cloud

6 considerations to take when approximating cloud spend

5 min readCloud computing can add a collective $3 trillion to organizations that harness it correctly, according to McKinsey. It is poised to transform businesses and industries, revolutionize how employees and other stakeholders collaborate, and drive digital transformation initiatives. Many organizations have spent the past few years investing heavily in the cloud. Gartner predicted that cloud spending would reach nearly $600 billion by the end of 2023. There are many reasons why organizations have embraced cloud services, including improved efficiencies, cost savings,…

5 min read

IBM’s dedication to responsible computing

2 min readIn response to concerns faced by corporations about the impact of technology on our environment, IBM founded the Responsible.Computing() movement, creating a membership consortium with Dell that is managed by the Object Management Group. Customers and partners expect responsible corporate policies and practices, and they also build loyalty with employees. Responsible computing establishes a cohesive, interconnected framework across six critical domains to provide every organization the ability to educate on their responsibilities, define goals and measure their progress against these aspirations:…

2 min read

Suzhou Universal Chain Technology’s digital reshaping with IBM hybrid cloud and AI software

5 min readSuzhou Universal Chain Technology Company (hereafter referred to as Suzhou Universal Chain) and IBM China recently announced the successful development of Suzhou Universal Chain’s enterprise application integration platform and business process automation management platform using IBM hybrid cloud and AI software. This was achieved after six months of dedicated efforts and laid the foundation for reshaping the company into a more digitally advanced and intelligent enterprise. With more than 50 years of experience in the research and development (R&D) and…

5 min read

IBM and TCS team up to drive hybrid cloud adoption using IBM Power Virtual Server

4 min readTata Consultancy Services (TCS) is a global information technology services and consulting company with headquarters in Mumbai, India. With its deep expertise in digital and business solutions, engineering, and IT infrastructure services, TCS has been providing world-class services and consulting to clients, consistently delivering transformational results for over five decades. In 2023, TCS was selected to FORTUNE® magazine’s list of the World’s Most Admired Companies. Regarded as a barometer of corporate reputation, the list is based on a survey of business executives, directors and analysts from…

4 min read

Published at Fri, 18 Aug 2023 14:00:00 +0200

Previous ArticleNext Article

Leave a Reply

Your email address will not be published.