Cybersecurity is a top priority across industries, but no sector has more to lose from a successful cyberattack than financial institutions. According to the International Monetary Fund’s April 2024 Global Financial Stability Report, nearly one-fifth of all cyberattacks target financial institutions, costing firms as much as $2.5 billion. These institutions are increasingly more susceptible to cybercrime as a result of their digital transformation initiatives, which often introduce complexity, risk, and new vulnerabilities that chief information security officers (CISOs) must account for.
Recognizing the significance of these targeted attacks, the European Union introduced the Digital Operational Resilience Act (DORA), a framework that standardizes risk management and operational resilience processes across the financial sector.
Over the last few years, multinational firms doing business in Europe have been preparing for DORA to go into effect, and as of January 17, 2025, financial services institutions must now demonstrate progress toward compliance.
An organization’s data, analytics, and AI platform is a critical component of both its digital transformation strategy and its ability to demonstrate DORA compliance. Maintaining data security, governance, and resilience across the entire data estate is paramount, and only a true hybrid platform can provide this degree of coverage.
Let’s take a closer look at DORA, its impact, and how a true hybrid platform for data, analytics, and AI creates a flexible, secure, and resilient solution and allows financial institutions to meet DORA compliance requirements.
Understanding DORA and Its Impact
DORA is a regulatory framework designed to strengthen the operational resilience of financial institutions and their technology service providers. It mandates comprehensive risk management, incident reporting, resilience testing, and third-party oversight. Specifically, DORA requires that financial institutions:
- Implement systematic risk assessment to identify and mitigate cyber threats.
- Establish robust data governance policies to safeguard financial systems.
- Conduct continuous resilience testing to ensure operational continuity.
- Manage third-party risks, particularly those associated with cloud providers and technology and service providers.
- Facilitate cyber threat intelligence sharing in compliance with GDPR and other data privacy laws.
Non-compliance comes with serious consequences, including steep fines and penalties.
The Case for Hybrid Platforms in DORA Compliance
Hybrid and multi-cloud environments are common in financial services. For many organizations, distributed architectures evolve by accident, built in an ad-hoc manner as firms respond to the growing volume, variety, and velocity of data by continually adopting new methods of storing and analyzing it.
While accidental hybrid and multi-cloud environments often pose governance and security risks, an intentional, true hybrid architecture delivers enhanced flexibility and resilience while protecting data wherever it resides. The following criteria differentiate a true hybrid strategy from accidental hybrid architectures:
1. Hybrid and multi-cloud flexibility. As Flexera’s State of the Cloud Report continues to reinforce, most organizations now manage hybrid and multi-cloud environments, with critical sources of data residing everywhere. A true hybrid platform provides a consistent data management, analytics, and AI experience across environments, including on-premises data centers.
2. Consistent data security and governance. DORA mandates strict data access controls and security measures. Intentional and true hybrid architectures provide unified security and governance across on-premises and multi-cloud environments, with automated policy enforcement and comprehensive encryption and access controls for data in motion and at rest.
3. Comprehensive data lifecycle management. DORA requires financial institutions to maintain full visibility over their data, from collection to storage, analysis, and deletion. Ideally, a hybrid data platform provides integrated data services addressing the full data lifecycle.
4. Hybrid portability. Resilience is a core pillar of DORA. Hybrid portability gives data teams the flexibility to lift and shift workloads between environments and run them seamlessly without refactoring or redevelopment. This capability supports operational resilience and business continuity, enables deployment flexibility, and reduces costs.
Cloudera meets all four criteria, and is the only true hybrid platform for data, analytics, and AI. It’s deployable and portable across hybrid and multi-cloud environments and provides consistent data services and unified security and governance across the entire data lifecycle. The platform enables financial institutions to meet DORA requirements while delivering real-time and predictive customer and operational insights.
The Time to Act is Now
DORA is now in effect, and organizations have no time to waste in demonstrating progress towards compliance. The financial sector’s increasing reliance on digital technology requires a proactive approach to cybersecurity, risk management, and governance. A unified hybrid data platform is not just a solution for compliance—it is a strategic enabler for resilience, security, and future-proof operations.
As financial institutions embrace DORA’s mandates, those that invest in hybrid platforms will be best positioned to thrive in an era of heightened regulatory scrutiny and evolving cyber threats. The time to act is now. By adopting a secure, portable, and resilient hybrid data strategy, financial institutions can turn compliance into a competitive advantage while safeguarding their operations against emerging risks.
Learn more about how Cloudera can help financial services firms stay compliant.
