James Crisall’s MCR-SEO podcast explores trending topics from a range of industries, from the perspectives of industry professionals that are at the heart of organisations. In a recent episode, James was joined by SES Account Directors, Tom Wheeler and Darragh Lavin.
Tom and Darragh discussed a range of topics, from the Digital Operational Resilience Act (DORA) which is set to be enforced in the finance sector at the start of next year, to how organisations can improve their business continuity capabilities, even in the face of unprecedented disruption.
This blog explores some key learnings and insights from the conversation. Below is the podcast episode:
2025 will see the EU finance sector kicking off the year with the enforcement of a new regulation. As the countdown to January 2025 commences, more and more organisations are seeking information on DORA and consequently planning their alignment with DORA compliances.
DORA is an EU regulation that aims to improve the level of IT security of financial entities, such as banks, investment firms, and insurance firms. DORA is set to support the finance sector with being more resilient and better prepared when faced with unexpected events and disruption (e.g., a bank’s software supplier encountering maintenance issues).
In a disruptive event, a business’s operations would be significantly impacted. An objective of DORA is to ensure that in this type of event, a business has a mitigation process in place. Through businesses adhering to DORA’s guidelines, the finance sector is set to have a greater level of stability.
Historically, in response to disruptive event occurrence, many companies have reacted by investing considerable amounts of money on solving the issue and managing risk. However, this approach does not highlight the source or nature of the problem and therefore, does not provide a long-term solution. Essentially, DORA supports businesses with implementing a proactive approach, as opposed to a reactive approach.
The introduction of DORA means that organisations within the finance sector will have a set of guidelines to adhere to. These guidelines have been designed to ensure that organisations have a long-term plan in place which enables them to demonstrate business continuity following a crisis event.
As the awareness of DORA’s upcoming enforcement date grows, it’s expected that there will be an influx of organisations seeking assistance with complying with DORA’s regulations. SES Secure offer bespoke services that align with client needs and industry specifications.
A misconception surrounding DORA is that it does not affect UK businesses. However, whilst DORA is an EU regulation, it still impacts UK businesses. If you are a UK-based business supplying to the EU or working with an EU supplier, you must comply with DORA. This is something that many UK businesses have been unaware about.
We recommend UK businesses to determine if DORA guidelines are applicable top them. Following this, any required assurances should be put in place soon after. Adhering to DORA guidelines would support any business, including those in the UK, to become more robust and agile.
Whilst DORA is specific to EU countries and the finance sector, many other countries and industries would certainly benefit from having the assurance of effective mitigation plans being in place. Essentially, the finance sector isn’t the only industry that is subject to disruption events. All industries face this risk.
Ultimately, the impact of an organisation optimising its Operational Resilience is something that can benefit all companies where stakeholders use critical applications. Operational Resilience is at the core of a business, and so tools such as Software and SaaS Escrow should not be undervalued.
Alongside deep diving into the world of DORA, Tom and Darragh also discussed the evolution of SaaS applications. A SaaS (Software as a Service) system uses hosted applications. A ‘hosted application’ refers to software that is installed on a remote server and can be accessed via the internet.
Historically, a lot of critical software systems have been on-premises. This would enable such systems to continue working after disruption. However, this process is a lot more complex with SaaS systems.
As discussed in the podcast, over the past few years, it’s been noticed that when a release condition has been triggered, many clients aren’t set up to tackle the issue, even when their systems have been tested. In this kind of situation, SES Secure can step in and recover a system – we have access to IP, we can get a system back up and running without releasing IP, and we can also test systems in advance.
Initially, when SaaS systems began to gain popularity, there was a lack of awareness around the fact that Software Escrow could be implemented within a SaaS system, with many being unaware that this was a valid option.
The complex nature of a SaaS system disruption can be mitigated by long-term planning. Many companies will address an issue after the impact of a crisis event has already been felt. This can be combatted through proactively putting a protection plan in place well beforehand. Investing in Operational Resilience offer peace of mind, confidence, and comfort.
As the world of technology continues to change, the SES Secure team continue to evolve and adapt to the ever-changing digital landscape. From DORA to SaaS Escrow, to long-term Business Continuity planning, our team of experts can provide in-depth guidance that covers a range of industry developments.
We work with our clients to clearly understand their needs, preferences, and specifications. Following this, our team will determine the actionable steps required to meet the objectives of the client.
If you would like to speak to a member of our team, please do get in touch.