By Dirk Alshuth, Cloud Evangelist at emma – the cloud management platform
The cloud is increasingly integral to business operations, with 17% of financial institutions in EMEA fully committed to cloud adoption, while others seek to harness its scalability, flexibility and innovation. Already a highly regulated industry, new regulations have added further scrutiny to an industry which presents as much opportunity as it does potential risk.
The EU’s Digital Operational Resilience Act (DORA), which came into force on 17 January 2025, demands financial institutions follow rigorous guidelines for regulatory compliance, data security and third-party risk management. It applies to over 22,000 financial entities and ICT service providers within the EU and extends to their supporting global ICT infrastructure. In practice, Article 28 of the act requires financial institutions implement strong security measures when partnering with third-party cloud services providers to mitigate risks and protect sensitive data.
As a result, financial institutions must prioritise strengthening cloud resilience and achieving DORA compliance to uphold regulatory adherence and ultimately protect their operations.
Achieving comprehensive cloud visibility
Achieving comprehensive visibility in diverse cloud environments is crucial for financial institutions complying with DORA. While hybrid and multi-cloud architectures enhance operational resilience, their complexity often leads to fragmented systems, complicating risk management and compliance, which are key requirements of DORA.
Financial institutions must therefore develop and implement a dedicated and mature Digital Resilience Framework to achieve end-to-end visibility across different cloud platforms. This ensures that all aspects of an organisation’s digital infrastructure are monitored and governed efficiently. Prioritising regular evaluations and resilience testing also helps to identify and resolve vulnerabilities in cloud environments. Not only does this increase resilience with DORA’s stringent requirements, it protects against potential regulatory penalties.
With DORA now in full effect, several organisations are still in the process of building the capabilities and processes required to tackle these challenges. Non-compliance with DORA’s regulations can lead to serious consequences. Critical third-party ICT service providers that fail to adhere with DORA risk facing steep fines, operational restrictions, and lasting reputational damage. This highlights the need for organisations to take immediate action, as a delay in adapting could compromise compliance.
Leveraging a cloud management platform for optimal visibility
A cloud management platform is essential to ensuring visibility across complex cloud environments, helping financial institutions meet DORA’s requirements. These platforms provide centralised control and visibility into the entire cloud environment which simplifies management and enhances security.
Moreover, cloud management platforms enable real-time workload monitoring, resource utilisation, and performance tracking across the entire cloud environment. This aligns with DORA’s mandate for ongoing ICT risk monitoring and resilience assurance and allows institutions to proactively identify and address potential threats. By providing comprehensive cloud operation insights, financial institutions can strengthen operational resilience and minimise digital disruption risks.
Reassessing cloud strategies to meet DORA’s requirements
Aligning with DORA’s requirements calls for a shift in an organisation’s cloud planning and execution strategies. To start, adopting a proactive rather than a reactive approach, which has proven to be more sustainable and effective.
Organisations must encourage collaboration among compliance, IT, and cloud teams to embed resilience planning into everyday operations. Regular interdepartmental meetings can help align their objectives by allowing teams to discuss their current needs and concerns. This enables IT and cloud teams to work together to devise systems that meet both regulatory and operational goals.
Alongside this, reevaluating existing cloud architectures ensures they support both agility and compliance. Conducting comprehensive assessments can help identify compliance vulnerabilities within current cloud setups. By establishing a robust cloud architecture, organisations can achieve increased flexibility and avoid major overhauls when compliance regulations change.
Organisations should also leverage tools for real-time monitoring, reporting, and addressing compliance challenges. Compliance automation tools pre-empt potential issues so that organisations can act quickly. This reduces the workload on compliance and IT teams, enabling a proactive approach to compliance management. These tools can also streamline the reporting process, making it easier to provide regulators with the necessary information quickly.
Turning DORA challenges into strategic opportunities
While DORA presents challenges, it also enables financial institutions to boost operational resilience and optimise their cloud strategies.
DORA offers a comprehensive ICT management framework, allowing organisations to establish a more robust and integrated digital risk management approach across their operations. This simplifies regulatory complexity by merging fragmented regulations into a unified framework.
The act may also encourage institutions to modernise their cloud legacy systems. By utilising more advanced solutions, financial institutions can improve their operational agility, drive innovation in their technological infrastructure and enhance overall competitiveness.
Preparing financial institutions for a compliant future
To ensure compliance with the Digital Operational Resilience Act (DORA), financial institutions must embrace cloud technology, turning regulatory challenges into strategic opportunities for growth and resilience. Now is the time for financial institutions to reassess their cloud strategies in alignment with DORA’s requirements as modernising infrastructure and strengthening security measures will lay a strong foundation for long-term success. This approach not only ensures compliance but maintains competitiveness in an ever-evolving financial landscape.
