Sovereignty over data as a governing concept: a practical escape route achieving success via DORA
The European Union's Digital Operational Resilience Act (DORA) is set to reshape the IT landscape of financial institutions, particularly banks and insurers. This new regulation, which targets IT service providers for the first time, places these providers under regulatory scrutiny.
DORA directly affects IT and cloud service providers, requiring financial institutions to implement comprehensive exit strategies. These strategies must ensure the ability to transfer critical services to another provider at any time, with the plans being documented, regularly tested, and updated to maintain data sovereignty and operational resilience. Proprietary technologies, missing migration tests, or incomplete documentation can block any exit.
Technologies like GitOps, which manage infrastructure as code, can help make migration processes reproducible and transparent, while enhancing traceability for regulatory bodies. The combination of connectivity, data transfer, and documented infrastructure enables financial institutions to perform exit tests that meet DORA guidelines and ensure preparedness in case of emergencies.
For Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs), assessing the portability of data, the reproducibility of migrations, the openness of components, and the completeness of documentation is essential. Many financial institutions are turning to open-source technologies for their transparency, adaptability, and interoperability, which align with DORA's demands.
On-premises infrastructures are experiencing a renaissance in DORA, particularly for processing sensitive data or where physical control is indispensable. Modular, interoperable data platforms, preferably open-source, can be crucial for DORA implementation.
Data sovereignty is a central theme in DORA, referring to a company's ability to always have access to its business-critical data, regardless of location, storage location, or external service provider. For financial institutions, data sovereignty means full transparency over deployed software components, audit-proof documentation of all data flows, and avoiding proprietary formats that make a change of provider difficult or impossible.
Sönke Liebau, from Stackable, emphasizes the significance of DORA as a step towards data sovereignty and an opportunity to make the IT structures of the financial sector more resilient, independent, and future-proof. It is essential to rely on a provider that ensures both the security of individual solution components and demonstrates a proven supply chain security concept.
Addressing these points early provides legal certainty and helps make the IT structures of the financial sector more resilient, independent, and future-proof. A successful change of provider requires that data is fully documented, available in open formats, and systems are interoperable. Neglected open-source components can pose risks similar to outdated proprietary systems.
In summary, DORA intensifies requirements, leading many institutions to rely on hybrid and multi-cloud models to reduce dependencies and meet regulatory requirements for portability. By adopting modular, open platforms, financial institutions can achieve both compliance and flexibility, allowing them to run identical workloads on demand in their own data center or with a hyperscaler.
Read also:
- Understanding Hemorrhagic Gastroenteritis: Key Facts
- Stopping Osteoporosis Treatment: Timeline Considerations
- Trump's Policies: Tariffs, AI, Surveillance, and Possible Martial Law
- Expanded Community Health Involvement by CK Birla Hospitals, Jaipur, Maintained Through Consistent Outreach Programs Across Rajasthan
