Strong cloud foundations are a must for FSI businesses striving for DORA compliance

The Digital Operational Resilience Act (DORA), initiated by the European Union, provides a specialised framework tailored to the financial sector, enforcing strict standards for maintaining digital operational resilience.

As a Microsoft Azure specialist, it was important to become a Microsoft Solution Partner for Security, adding to our existing Microsoft Azure Solution Partner certifications for Digital & App innovation (including the Kubernetes on Azure specialism), the Azure Infrastructure and Data & AI partner certifications.

However, these solution partner certs are really just the tip of the iceberg when I consider what else we are doing at BlakYaks that is below the surface. These certs are one part of our story about building enterprise scale Azure platforms that are secure and operationally resilient. 

In the next year or so, some financial services businesses will find themselves grappling with the implications of the Digital Operational Resilience Act (DORA) and its impact on their technological processes, policies, controls, and governance. With a keen focus on maintaining resilience amidst the ever-evolving cyber threat landscape, organisations will undergo changes, ranging from minor adjustments to substantial overhauls.

The extent of these changes will largely depend on the maturity of their existing ICT or technology landscape, as well as the robustness of their current tools, processes, policies, controls, and business continuity measures. 

Why now?

Central to DORA is the emphasis on the health and resilience of critical third-party suppliers. Many financial services and insurance organisations have increasingly relied on hyper-scalers like Microsoft Azure over the past five years, placing these suppliers in the critical supplier category under DORA. 

Having spent the last decade overseeing teams deeply involved in deploying Microsoft Azure platforms and solutions, particularly within the Financial Services and Insurance sector, I've come to appreciate the critical role that meticulous design, implementation, and operations play in ensuring the effectiveness of these platforms.  

While companies like Microsoft excel in providing platforms like Azure that embody the digital operational resilience characteristics sought by large businesses, the importance of getting the foundational elements right cannot be overstated.

A poorly executed implementation at the foundational level can undermine the inherently secure and resilient properties of platforms like Azure. Thus, high-quality upfront design and engineering of cloud environments is paramount to ensuring businesses derive maximum benefit from the inherent security and resilience features. 

Comply with DORA by laying solid foundations

At our firm, BlakYaks, we are ardent proponents of establishing rock-solid platform foundations. It may seem more enticing to discuss cutting-edge services like Azure OpenAI and Github Copilot, however whilst we do integrate these into our own daily operations, we favour emphasising the significance of getting foundational elements right and maintaining them over the long term, as they form the bedrock for every other Azure service a business deploys.  

Enumerating what constitutes good foundations would be a disservice within the confines of this article. However, it's imperative to highlight that laying solid foundations is a crucial step in the journey towards DORA compliance. At a summary level, some of the key aspects we emphasise include: 

These are just a few of the aspects we consistently advocate for our clients, particularly those in the Financial Services and Insurance sector. While DORA extends beyond cloud hyper-scalers platforms and encompasses various other domains, it’s important we recognise our role as an Azure specialist partner, and setting the tone for adjacent systems, services and technologies.