Ensure DORA Compliance: What You Need to Know

Banking and financial services are important to local and global infrastructure, affecting nearly everyone daily. With recent digital advancements, these services and their customers rely on information and communications technology (ICT) and digital data. This makes them prime targets for cybercriminals who want to steal data, disrupt operations, and cause significant harm.

Financial organizations must be able to withstand, respond to, and recover from ICT incidents with little impact to their key functions and customers. The EU's Digital Operations and Resilience Act (DORA) introduces uniform requirements across EU member states. Its aim is to increase the strength of the financial sector’s resilience to cyber incidents.  

The Illumio Zero Trust Segmentation Platform helps financial services in the EU meet DORA standards.

What is DORA, and why is it important?

The banking sector is key to the global economy, and it needs strong cybersecurity to prevent potential breaches from becoming disaster.

DORA requires banks in the EU to strengthen their cyber resilience so that they can withstand, respond to, and recover from breaches. This ensures that they can:

• Protect customer data

• Maintain operations despite inevitable breaches

• Reduce the effect of breaches to preserve the global economy

While DORA enforces specific compliance and technical standards, its broader goal is to build cyber resilience.  

Learn how DORA differs from NIS2.  

Facts about DORA

The new mandate started on January 16, 2023 and will be enforceable 24 months later. This means financial companies must comply with DORA by January 17, 2025.

Throughout 2024, European Supervisory Authorities (ESAs) will issue several regulatory and technical standards. These will give organizations the details and guidance they need to meet DORA requirements.

Firms based in the UK and other countries might need to follow DORA if they operate in EU markets. ICT third-party service providers must also follow DORA if they have contracts with firms covered by DORA.

Read the DORA directive.

DORA’S 5 core pillars

The act has five core pillars to help financial services build a strong cyber resilience framework. Within each of these pillars is several articles that define how to achieve the pillar. Here is a quick summary of those five core pillars.

ICT risk management

• Create strong ICT systems

• Constantly find and guard against ICT risks

• Spot unusual activities

• Set up detailed business continuity plans

• Keep learning from external events and internal ICT issues

ICT-related incident response

• Set up a detailed process to monitor, classify, report, and share information about ICT incidents

• Follow regulatory and supervisory reporting rules

Digital operational resilience testing

• Regularly test the ICT risk management framework to ensure readiness, fix weaknesses, and fill gaps

• Testing should match the entity’s characteristics, such as using Threat Led Penetration Testing (TLPT) for higher-risk situations.

ICT third-party risk

• Strongly monitor risks linked to ICT third-party providers

• Use aligned relationships, detailed contracts, and a Union Oversight Framework to promote supervisory unity

Information sharing

• Encourage collaboration among financial entities

• Securely share cyber threat information

• Find ways to boost digital resilience, raise awareness of ICT risks, and limit ICT threats

How does Illumio align with DORA?

Now is the time to start considering projects, budget requirements, and organization-wide initiatives in preparation for DORA’s full enforcement in January 2025. Security teams can take proactive steps to be ready to hit the ground running on building resilience and achieving DORA compliance.

1. Identify risk via network mapping

The mandate’s first pillar focuses on identifying risk which is fundamental to success with the other pillars. If you haven’t already, your organization’s security team should map application dependencies for the entire infrastructure. Some security solutions like Illumio even include this kind of mapping as part of their broader platform offerings.  

Use the map to find your critical and non-critical processes and identify your third-party dependencies. You will likely find previously unknown risks that can immediately get addressed by your security team.  

2. Boost detection capabilities

With a better understanding of the environment, you can lean into improving your detection capabilities. Solutions like Illumio can feed information into your Security Information Management System (SIM), helping your security team get data to speed up detection of threats.  

3. Proactively prepare to contain breaches

DORA specifically calls out breach containment as key to resilience. Breach containment technologies like microsegmentation, also called Zero Trust Segmentation, help security teams separate the network into zones to control communication between workloads and devices to only allow what is necessary and wanted.

For example, you can use microsegmentation to restrict server-to-app communications, dev to prod, or IT to OT. This allows you to proactively isolate high-value assets or reactively contain compromised systems during an active attack to stop the spread of a breach.

How does Illumio align with DORA compliance?

There are many regulations tied to DORA compliance. Because of that, one solution can’t achieve them all. You need to find solutions that help you reach as many pillars as possible in one platform.  

Now is the time to plan projects, budgets, and initiatives to prepare for DORA’s full enforcement in January 2025. Security teams can take steps now to build resilience and achieve DORA compliance.  

Here are the ways the key DORA requirements that the Illumio ZTS Platform can help you achieve.

Identify threats

DORA requirements:

• Identify, classify, and document all ICT systems and their connections with internal and external ICT systems. 

• Identify all sources of ICT risk, especially how firms expose each other to risk.

• Map how ICT assets are linked and depend on each other.

• Identify all processes that depend on ICT third-party service providers

• Identify how ICT third-party service providers connect to each other.

Identifying threats is crucial for the success of all DORA pillars. Your security team should map all communication and traffic between workloads and devices in the network. Some security solutions like Illumio offer this kind of mapping.

Use the map to find your critical and non-critical processes and identify third-party dependencies. This can help show hidden risks that your security team can fix immediately.

Protect from and prevent attacks

DORA requirements:

• Automated mechanisms that isolate infected assets.

• Set policies that limit access to ICT resources, allowing only what is needed for approved functions and activities.

• Design the network so it can be quickly disconnected during an attack.

• Divide the network into segments to reduce and prevent the spread of attacks, especially for connected financial processes.

DORA emphasizes the importance of containing breaches. Illumio ZTS helps teams divide the network into zones. This controls communication between workloads and devices, allowing only communication that is allowed.  

For example, you can use Illumio ZTS to limit server-to-app communications or separate development from production. This helps proactively isolate high-value assets or contain compromised systems during an attack to stop the spread of an attack.

Detect threats

DORA requirements:

• Quickly detect unusual activities, including ICT network performance issues and ICT-related incidents.

• Set up multiple layers of control, define alert thresholds and criteria to trigger ICT incident detection and response processes, and establish automatic alert mechanisms for staff responsible for ICT incident response.

• Quickly detect unusual activities, including ICT network performance issues and ICT-related incidents.

With a better understanding of your network, you can make the ways you detect threats better and faster. Illumio sends data to your SIEM, helping your team detect threats faster.

Respond and recover from attacks

• Ensure critical functions can continue during and after an attack

• Respond to and resolve all ICT-related incidents to limit damage, resume activities, and recover from an attack.   

• Quickly begin plans that contain attacks that make sense for each type of ICT-related incident and prevent more damage.

• Estimate the impact, damage, and losses that a breach could cause.

The less time a breach stays in your system, the better your cyber resilience. With Illumio, proactively prepare for breaches by seeing security gaps and setting granular policies that isolate high-value assets. When a breach happens, stop its spread and isolate the systems it has infected.

Backup policies and recovery methods

• When restoring data after a breach, use ICT systems that are not directly connected with the main system. Ensure they’re securely protected from any unauthorized access or corrupted ICT systems.   

• Backup sites should be able to continue services and provide the same level of service that the primary site could.  

• Staff should be able to immediately access the backup site to continue services during an attack.

With Illumio, you can ringfence the backup site to ensure its security and continue services. Ringfencing shrinks the security perimeter, closing it off from attackers trying to access the site.

Download our free ebook, Strategies for DORA Compliance: Key Role of Zero Trust Segmentation, to learn more.