The Digital Operational Resilience Act (DORA) is a pivotal regulation for financial institutions in the European Union (EU), designed to ensure operational resilience and safeguard against cyber threats. Complying with DORA is a strategic yet resource-intensive initiative for financial institutions operating in the EU. Dynatrace analysis suggests that by leveraging the unified observability and security capabilities in Dynatrace, organizations can automate up to 80% of the technical tasks necessary to manage DORA compliance, which reduces the time and personnel required. This reduction also helps enhance accuracy and efficiency, minimizing non-compliance risk. Dynatrace automated processes help with continuous monitoring, providing real-time insights and proactive management of compliance requirements.
Automation can help European banks save 50-70% of effort in DORA compliance
The journey to continuous DORA compliance can be summarized in three steps:
- Continuous monitoring of IT environments
- Proactive incident prevention and handling
- Ongoing management of compliance requirements
These efforts demand significant resources, time, and operational bandwidth. Manual processes are prone to human error and inefficiencies which can lead to compliance gaps, posing substantial risks to financial institutions. The strain on resources can divert attention from core business activities, negatively impacting overall productivity and growth.
“We estimate that with Dynatrace, organizations can automate up to 80% of the technical tasks necessary to be DORA compliant, helping reduce the overall required time and personnel by 50-70%. Unifying observability and security not only helps save significant time and effort, it also provides the necessary visibility into the organization’s IT environment and helps to achieve continuous compliance,” said Bernd Greifeneder, Founder and Chief Technology Officer, Dynatrace.
Customers have shared that our platform has helped them save significant time and increase productivity by reducing mean time to discovery (MTTD) by 99%, time spent on root cause analysis by 80%, and mean time to resolution by 80%, among many other customer success stories with Dynatrace. Taking those into account and understanding how we use Dynatrace for self-monitoring, our analysis suggests that using unified observability and security from Dynatrace can lead to saving up to 50% – 70% of the effort required to manage DORA compliance.
Based on the above, we estimate the following effort needed for DORA compliance in a medium to large bank operating in multiple EU markets, with 5,000 to 20,000 employees.
Estimated effort for DORA compliance with minimum automation
- Initial phase (12 – 24 months): 50 – 100 people
- Ongoing management: 20 – 30 people
Estimated effort for DORA compliance with automation
- Initial phase (6 – 12 months): 20 – 60 people
- Ongoing management: 5 – 10 people
Continuous monitoring of IT environments
Because DORA requires continuous compliance, a snapshot of an institution’s compliance with DORA is often insufficient. In complex IT environments, new services, applications, and other components can be added or removed at any time. Manually monitoring those changes and updating the map of the entire IT environment each time a change occurs is quite labor intensive.
Dynatrace helps cross-functional teams (comprising IT managers, compliance officers, risk managers, and others) save significant amounts of time through real-time monitoring of the entire IT environment. Dynatrace provides up-to-date network maps, identifies critical services, and highlights gaps in coverage.
Proactive incident prevention and handling
Reacting quickly to incidents when they occur isn’t sufficient. Any incident can negatively impact service availability, and even a swift reaction might not prevent financial, reputational, or societal damage from happening. Proactive risk management and prevention are crucial and are reflected in DORA and other similar frameworks.
In a continuously monitored IT environment and leveraging Davis® AI, Dynatrace helps security and incident response teams detect abnormal behavior, identify root causes, and detect vulnerabilities and attacks on your IT environment—all in real time, with prioritization based on business impact. Remediation activities can be triggered automatically, supporting timely and efficient incident handling.
Ongoing management of compliance requirements
DORA comes with technical best practices and standards for IT environments. Tracking, validating, and remediating potential findings is a labor-intensive task necessary to keep the environment compliant and provide evidence for auditing.
Dynatrace helps IT and compliance teams continuously assess their IT environments against DORA standards, at scale, and relative to current and future growth. Dynatrace gathers all relevant findings on security posture with full context and creates a holistic and intuitive way to prioritize, remediate, and report on those findings.
Increase productivity beyond DORA compliance
Dynatrace helps simplify the compliance process and delivers substantial value to organizations. By automating compliance efforts, you can:
- Reduce operational costs: Lower the personnel and time required for compliance.
- Enhance accuracy and efficiency: Minimize human error and increase productivity in achieving continuous compliance.
- Improve operational resilience: Proactively manage compliance and mitigate risks.
- Focus on core business activities: Free up resources to drive growth and innovation.
Based on the above-mentioned use case for DORA compliance, we estimate that adopting Dynatrace can help organizations save significant time and resources needed to achieve and manage DORA, NIS2, PS21/3, CPS 230, and similar cybersecurity and resilience compliance frameworks, translating into substantial cost savings and operational efficiencies.
What next?
In the face of stringent regulatory requirements, automating DORA compliance with Dynatrace offers a strategic advantage for financial institutions. It assists with efforts to achieve continuous compliance and helps enhance operational resilience, reduce costs, and free up resources for core business activities. Integrating Dynatrace into organizations’ compliance strategy can be a valuable step for executives and senior management to help secure their organizations’ future.
Read the blog post, Dynatrace for executives: Security compliance from our CTO, to understand better how integrating Dynatrace into your compliance strategy helps your business be more resilient and compliant and provides a strategic advantage in today’s dynamic regulatory landscape.
Disclaimer: The estimated effort savings are based on analyzing how customers use Dynatrace and on internal research. They are intended for informational purposes only. Actual results may vary depending on individual organizational factors. Organizations should conduct their own assessments and planning to determine the most appropriate approach for achieving and managing DORA compliance. Dynatrace does not guarantee specific outcomes or savings.
Looking for answers?
Start a new discussion or ask for help in our Q&A forum.
Go to forum