Part 4. Getting your Act together

Navigating Operational Resilience and DORA with VMware?

Overview

Europe's new Digital Operational Resilience Act (DORA) is?going to make things very interesting for everyone in the financial services sector, as you will hopefully have seen from my previous three blogs in this series. This is true not just for financial entities, but also for third-party ICT providers – and even the regulators themselves.

There is much to be said for the positive up-side to the formalising of Operational Resilience practices, but we all recognise that this will not come around from us all just doing what we are already doing. So today, I’d like to talk in practical terms about how VMware can guide, coach and support your business in this pursuit.

With the introduction of DORA and its potential designation of some cloud, data and software providers as critical third-party provider (CTPP) tech vendors, there will be attention on the relationship between vendors and financial entities (and the significant obligations they now have) like never before.?

This doesn’t have to be a negative inflexion point for these relationships. But it does mean that both tech vendors and financial institutions need to get their act together, and quickly. We must all transition to more formalised, standard contractual arrangements and foster a deeper understanding of the criticality and importance of the services financial entities entrust to their vendors. Greater trust and transparency will be essential.?

A sense of urgency to ensure compliance with DORA isn’t yet pervasive. Some organisations believe they have almost everything in hand, bar some report formatting. Yet, others are going back to the drawing board to take a closer and holistic look at their Critical and Important systems, along with their supporting Operational Resilience practices.?

Whether you feel that, as an industry, we launched the ship before completing the build, are changing propulsion systems mid-voyage, or testing out different navigation systems far out at sea, a lot is going on and a lot is at stake.

The path to Operational Resilience excellence

Whichever way CTTPs become defined, we must all pull together to stay on the right side of the rules. It’s often said in IT circles that the best time to fix such issues was 20 years ago when the system was originally designed. The next best time is now!?

With this in mind, we need to ensure that the solutions running, today or tomorrow,?are architected with Operational Resilience at their core, not bolted on. This is true across the board – particularly for security, observability, reporting, and recoverability. This is no longer the pursuit of a must-have widget or function; it has to be core to being.

As you plot a course toward compliance with legislation, such as DORA, VMware wants to help you prepare, help you navigate, and be by your side for the journey.?We?have been supporting financial sector customers for more than 25 years. We have grown, learned and enhanced our enterprise offerings to support them and many of their third-party providers, who rely on us for running their critical service workloads. As a result, Operational Resilience has always been in our DNA, even before there was a name for it.

We have the tools, technology, and hands-on experience to help you confidently meet Operational Resilience objectives and improve Operational Efficiency.?This is thanks to products including vSphere,?the virtualisation platform at the heart of our VMware Cloud Foundation,?Aria, our infrastructure automation platform, and even Workspace ONE, our end-user computing portfolio.

We also have proven capabilities in moving running workloads between servers, between data centres and even between clouds. For example, many of our customers use our?vMotion?functionality to migrate test environments and production workloads, running live, from one server to another with zero downtime.?

Meanwhile, Aria and VMware network virtualization and security platform?NSX?make it routine to detect anomalies (be they accidental or intentional) and quickly throttle, isolate and fix them.?

It would also be remiss of me to not mention VMware Sovereign Cloud’s capabilities, which empower customers and cloud provider partners to build, run and manage cloud environments to the spirit and letter of sovereign cloud requirements.

I don’t often talk about VMware products in my blogs. But honestly, VMware and Operational Resilience are a match made in… the cloud, the data centre, and the edge. Whatever your needs, VMware isn’t boxed into the idea of one solution or deployed in one location. Instead, we’ll tailor an ecosystem of tools, capabilities, designs, solutions and partners to suit your needs.

To use another sporting analogy, navigating DORA compliance is like yacht racing. It requires a synchronous blend of craft, technique, capability, teamwork and a shared vision of the desired outcome (to win the race). Every tactical move and adjustment can impact the angle of attack. The race is not just about speed but mastering the rhythm of challenges together, sailing in clear air, and that shared vision of success ultimately helps your team to cross the line safely and ahead of the competition.?

Conclusion

Many VMware solutions are considered as best-of-breed. But the real strength of VMware as a partner to financial institutions is our ecosystem of systems, technologies and partners that come together seamlessly to ensure Operational Resilience and help you with your regulatory compliance.

The idea of investing in just best-of-breed solutions is great. However, having best-of-breed solutions for every single technology use case could produce a hodgepodge of services that don't necessarily integrate well with one another. In driving towards this best-of-breed nirvana, you could saddle yourself with higher costs and greater complexities, due to specialist infrastructure. In the world we are now in, this can benefit your adversaries and lead to increased cyber threat risk exposure.?

To untangle the complexity and streamline the process, VMware offers a broad technical capability with Operational Resiliency through VMware Cloud Foundation at its heart. This creates more opportunities to consolidate and standardise systems and can be a cost reduction multiplier to remove the need for multiple contracts, multiple vendors, administrators skilled in every vendor’s toolset, and so on. I like to think of this as Operational Resilience, Operational Efficiency and Operational Effectiveness all rolled into one, but more on that another time.

VMware’s approach produces the best integration, support and understanding from a proven enterprise partner. We ensure Operational Resilience in a way that a series of point solutions stitched together, some of which may have never run in a critical environment or may have never had a customer as big as you before, simply cannot.

So, to end, and with no apology, with DORA, we’re all in the same boat (yacht). Together, we can navigate and win the race. You’re the captain and VMware can bring techniques, processes, and capabilities – but it’s how we use these things together as a team that makes it possible to have a chance of winning.

Are you a financial entity, a service provider, or part of the VMware ecosystem with concerns about DORA’s impacts? What are your immediate priorities about the Act? I’d love to hear from you, share ideas and even get into the details.

Let’s start a discussion!