NetApp Aims to Be the Financial Industry’s Technology Partner in the Challenge of DORA Compliance

“NetApp is a key partner for financial institutions wishing to comply with DORA. In addition to being a pioneer in securing the industry, we offer comprehensive cloud services and robust data protection mechanisms”. With these words José Luis Álvarez Cubero, NetApp Executive Architect for EMEA & LATAM, wanted to show how the company can and is already helping the financial sector to prepare for the arrival of DORA or the Digital Operational Resilience Act.

A regulation that will come into force on January 17, 2025 and that, far from what it may seem, not only affects banks but also credit institutions, investment firms, payment platforms and third-party ICT service providers such as cloud and data analytics providers will also have to adapt to it.

In fact, failure to comply with DORA will lead to fines of up to 1 percent of the average annual revenue of financial institutions.

However, despite the proximity of the rule’s entry into force and the high fines it establishes, few institutions are as of today ready for DORA. “The situation we see is very uneven among the different institutions, with the largest financial institutions at the forefront in terms of preparation, but the truth is that there is still a long way to go”.

Thus, NetApp assures that the main challenge, beyond deploying the necessary technical solutions, lies in “understanding the regulations and establishing a detailed plan that covers everything from identifying the necessary technologies to defining roles and responsibilities within the companies”. Roles, as pointed out by José Luis Álvarez Cubero, which, in Spain, financial institutions are still beginning to outline and which must be “multidisciplinary”, since the standard involves different departments, beyond legal, security or IT.

Greater transparency

Above all, DORA seeks to create an environment conducive to collaboration and information sharing between financial institutions, which strengthens the industry’s ability to address emerging threats and protect customer data more effectively.

This law in fact for end users, the implementation of this law will result in greater transparency and trust in the European banking system.

But complying with it is not straightforward as, among other aspects, the Act focuses on two critical issues: excessive concentration of data and applications in the cloud and protection against cyber threats, especially ransomware.

Data in the cloud

Specifically, from NetApp points out how one of the most disruptive aspects of DORA is that it seeks to mitigate the risk of relying too much on a single cloud service provider. This, regulated in Article 25 of the Act, implies that financial institutions have to adapt their IT to reduce this risk, taking measures proposed in the standard itself as a strategy of multiple clouds and planning the repatriation of data.

Thus, from NetApp point out solutions that the company itself already offers and that allow to meet this requirement such as NetApp Cloud Volumes, which gives the ability to create, replicate, backup, scan, classify and segment data in any cloud; or NetApp Astra, which simplifies the management of workloads in hybrid and multi-cloud Kubernetes environments.
“The biggest challenge is having the ability to bring your data back on premise and not rely on a single cloud service provider,” explained NetApp’s Executive Architect for EMEA & LATAM.

Solutions such as NetApp Cloud Data Sense or NetApp ONTAP (fpolicy) can also help with the data protection and prevention requirements established by DORA or NetApp Snapshot, which ensures that data is not vulnerable to ransomware attacks and thus facilitates compliance with the obligation established by law for financial institutions to have mechanisms to detect anomalous activities and test them frequently.

NetApp has been working with the financial sector for more than two years to help it comply with DORA, an objective that today is as urgent as it is strategic and in which the company wants to be the technological partner that makes it possible.