a digital sign

Choosing The Right Cybersecurity Tools To Comply With The Digital Operational Resilience Act (DORA)

To comply with regulations such as the Digital Operational Resilience Act (DORA), it is crucial to choose the right cybersecurity tools. This requires an extensive understanding of the overall cybersecurity landscape and the particular requirements outlined in the legislation.

In this article, we help break down the criteria, offering a comprehensive understanding of the necessary cybersecurity measures. This is particularly important in light of the implementation of DORA entering into force on the 16th of January, 2023.

For further insights and details on how to improve your cyber resilience and security in compliance with DORA, watch our webinar “How to Achieve DORA Compliance with Data Protection”.

Webinar banner


 

What is DORA?

The Digital Operational Resilience Act (DORA ) is a legislative framework that aims to bolster cybersecurity and operational resilience within the financial sector. It imposes obligations on financial institutions, market infrastructures, and digital service providers.

DORA came into force on January 16th, 2023, and will apply as of January 17th, 2025. It signals a new era of heightened cybersecurity standards to mitigate digital risks and ensure the stability of financial systems.

DORA's objective is to fortify the IT security of financial entities, encompassing banks, insurance companies, and investment firms. The goal is to ensure that the European financial sector maintains robust resilience in the face of significant operational disruptions.

Operational resilience stands as a firmly established strategic cornerstone within the financial services sector and extends its significance across information, communication, and technology enterprises catering to financial institutions.

Organizations affected are financial entities such as banks, insurance companies, and investment firms.

Who is affected?

Article 2 of the DORA EU regulation defines the following entities that need to comply:

  • Credit institutions
  • Payment institutions
  • Account information service providers
  • Electronic money institutions
  • Investment firms
  • Crypto-asset service providers
  • Central securities depositories
  • Central counterparties
  • Trading venues
  • Trade repositories
  • Managers of alternative investment funds
  • Management companies
  • Data reporting service providers
  • Insurance and reinsurance undertakings
  • Insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries
  • Institutions for occupational retirement provision
  • Credit rating agencies
  • Administrators of critical benchmarks
  • Crowdfunding service providers
  • Securitization repositories
  • ICT third-party service providers

The DORA legislation seeks to enhance the cybersecurity of financial institutions and bolster their ability to withstand cyber-attacks or other IT-related disruptions. Consequently, the legislation encompasses regulations and mandates concerning:

  • ICT risk management 
  • ICT-related incident management 
  • Digital operational resilience testing
  • Third-party management 
  • Information sharing

DORA mandates that data is protected at rest and in motion, regardless of the environment. Data transfer between financial institutions should always be secured, and data should be maintained with high integrity and confidentiality.

Read Utimaco’s earlier article on The EU Digital Operational Resilience Act (DORA) to learn more about who is affected.

Articles of DORA - Safeguarding Resilience through Protection and Prevention

To fulfill the objectives outlined in DORA, financial entities are required to utilize ICT solutions and processes. These solutions and processes must:
Ensure integrity and confidentiality of data whether the data is at rest or in motion

Recommendation

  • Use an encryption tool that protects both data at rest and data in motion 
  • Ensure that the tool is user-friendly for employees (ideally featuring transparent encryption for seamless operation)

Minimize the risk of data corruption or loss of data, unauthorized access, and technical flaws that may hinder business

Recommendation

  • Ensure access management by user roles and groups to ensure that certain sensitive data is only accessible to authorized users
  • In case data is lost, ensure that it is still encrypted and that unauthorized users cannot read the information (be it internal or external)

Ensure that data is protected from risks arising from data management, including poor administration, processing-related risks, and human error

Recommendation

  • Minimize the risk of human error by granting only essentially administrative rights
  • Adhere to a strict role-split methodology, separating network management responsibilities from security management duties (Separation of Duties)

Strengthen Your Resilience and Ensure Compliance with LAN Crypt File and Folder Encryption by Utimaco

Utimaco’s innovative file and folder encryption solution, LAN Crypt File and Folder Encryption represents a pinnacle in data protection technology, providing unparalleled security for the protection of sensitive data. With a comprehensive suite of features including:

  • Protecting Data at Rest and Data in Motion
  • Minimizing the risk of data exposure
  • Ensuring confidentiality at all times with persistent encryption
  • Avoiding an all-powerful administrator with separation of duties

For further insights and details on how to improve your cyber resilience and security in compliance with DORA, we invite you to watch our webinar “How to Achieve DORA Compliance with Data Protection”.

Webinar banner
Downloads

Downloads

To find more blog posts related with below topics, click on one of the keywords:

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      About Utimaco's Downloads

      Visit our Downloads section and select from resources such as brochures, data sheets, white papers and much more. You can view and save almost all of them directly (by clicking the download button).

      For some documents, your e-mail address needs to be verified. The button contains an e-mail icon.

      Download via e-mail

       

      A click on such a button opens an online form which we kindly ask you to fill and submit. You can collect several downloads of this type and receive the links via e-mail by simply submitting one form for all of them. Your current collection is empty.