The Digital Operational Resilience Act (DORA)

Name: The Digital Operational Resilience Act DORA
Brand: Fortanix
Rating: 5 (1 reviews)

Fortify cyber resilience and secure your most sensitive data with Fortanix

Overview

The Digital Operational Resilience Act, or DORA, is a European Union (EU) regulation that creates a binding, comprehensive information, and communication technology (ICT) risk management framework for the EU financial sector. The Act seeks to harmonise digital resilience in the EU through ICT related risk management and incident reporting. The regulation was published on 27 December 2022, in the official journal of the EU and will apply in full from January 2025.

Objectives of the Act

Avert cyberattacks

All financial organizations in EU have necessary safeguards to avert cyber-attacks and mitigate risks.

Harmonize ICT risk management regulations

The Act aims to address risk management in financial services and harmonize regulations that exist in EU member states.

Framework for third-parties

The act also provides an oversight to critical third-party providers like cloud service providers.

Fortanix Solution

Fortanix enables financial organizations to fortify cyber resilience and meet DORA compliance.

Centralized data discovery, classification, management, auditing, and reporting.

Confidential Computing for encrypting data in use.

Fine grained access control for users and data.

Consistent policy management and robust authentication.

Key data security requirements as mandated by DORA Act

Maintain high standards of confidentiality of data, whether at rest, in use or in transit.

Ensure the security of the means of transfer of data.

Minimise the risk of corruption or loss of data and unauthorised access.

Prevent breaches of confidentiality and the loss of data.

Implement security policies and strong authentication mechanisms.

How Fortanix can help meet these requirements?

Confidential Computing Powered Data protection, whatever its state.
Control keys to the cloud with Bring-Your-Own-Key/Key Management System, with access controls and kill-switch to prevent decryption of data-at rest.
Fine grained access control for users and data including advanced capabilities like Quorum approvals, RBAC, MFA, User-defined access, and custom plugins.
Full key lifecycle management with FIPS 140-2 level 3 Certified HSMs.
Single pane, uniform, and consistent policy management with strong authentication.

Key Differentiators with Fortanix

Centralized key management

With discovery, visibility, command control, policy enforcement, reporting.

Data protection, whatever its state

Trusted execution environments secure data at rest, in motion, and in use.

Zero trust for your data

Policy-driven RBAC, quorum controls, and least-privileged access.

Post-quantum ready

PQ algorithms with ability to rapidly deploy updates.

Privacy by design

Built-in privacy capabilities (Confidential Computing, Tokenization, Data Masking etc.) to greatly reduce risk and improve compliance.

Learn How Fortanix is Helping Financial Organizations Worldwide

Blog
Fortanix Helps Banks Secure Data Lakes Enroute Cloud
Read Blog
Fortanix Collaborates with Goldman Sachs on Data Migration Initiatives
Read Case Study