post

Enabling a New Era of Innovation, With Privacy Powered Data Sharing.

Protegrity

English

Français

Deutsch

Protegrity – General – Featured Image

campaign-banner

TALK TO US

Discover how leading organisations are preparing for DORA compliance. This guide provides actionable insights on meeting regulatory requirements, strengthening operational resilience, and ensuring your data protection strategies are up to par. Download the full guide now. 

Ensure your organisation is ready for the January 2025 deadline.

The Digital Operational Resilience Act (DORA) impacts all financial institutions and service providers operating within the EU, including those outside the EU offering services to EU-based entities.

With enforcement starting on January 17, 2024, DORA sets out to standardise risk management, improve incident reporting, and ensure operational resilience across the financial sector. 

Compliance is critical to avoid penalties, secure customer trust, and maintain market stability. 


Standardise Risk Management Practices – DORA seeks to harminise risk management across the financial sector, ensuring all institutions adhere to a unified standard.

Enhance Incident Reporting – The regulation introduces clear guidelines for reporting significant ICT-related incidents, ensuring timely communication with regulatory authorities.

Boost Operational Resilience – DORA aims to fortify the financial sector against digital disruptions, ensuring that essential services remain operational during crises.

<p>Evaluate your current practices against DORA’s requirements to identify areas that need improvement.</p>


Conduct a Gap Analysis

black

<p>Outline the steps necessary to close identified gaps, set clear goals, and assign responsibilities within your organisation.</p>


Develop an Action Plan

<p>Ensure all relevant teams are aligned, and allocate the necessary budget and resources for successful DORA implementation.</p>


Engage Stakeholders and Allocate Resources

<h2> Integrating security and development processes</h2>
<p>In the fast-paced world of software development, the clash between developers and security experts could greatly benefit from some much-needed balance. On one side, developers strive for success based on metrics like delivery time, deployment frequency, and number of features. On the other side, security professionals are measured on vulnerability and compliance metrics. This clash often results in a lack of time for vulnerability testing, leading to frustration and misunderstandings between the two teams. However, there is a way to resolve this ongoing conflict and create a harmonious working environment. Developers and security professionals can join forces to deliver high-quality products that meet customer needs by fostering collaboration, leveraging automation, and adopting a shift-left approach.</p>
<h2><strong>The Developer&#8217;s Perspective</strong></h2>
<p>From the developer&#8217;s point of view, security requests can feel like an unnecessary hindrance that slows down their speed to delivery. Their primary focus is meeting tight deadlines and delivering a product packed with features, so it’s understandable that security measures can be perceived as time-consuming and disruptive. However, developers must recognize that neglecting security, training, and developer resources can have severe consequences, both for the product and the organization as a whole. These elements ultimately slow down the overall development process. This realization is the first step towards building a more collaborative relationship with the security team. Next, comes the support and training developers need to implement secure solutions.</p>
<p>&#8220;Collectively, better intelligence, smarter​ analytics, and stronger collaboration can​ help organizations build the active-defense​ capabilities they need to respond more​ effectively to pervasive, advanced cyberthreats.&#8221; &#8211; <a href="https://www.mckinsey.com/~/media/McKinsey/McKinsey%20Solutions/Cyber%20Solutions/Perspectives%20on%20transforming%20cybersecurity/Transforming%20cybersecurity_March2019.ashx">McKinsey &amp; Co,. Perspectives on Transforming Cybersecurity, Digital McKinsey and Global Risk Practice March 2019</a></p>
<h2><strong>The Security Expert&#8217;s Perspective</strong></h2>
<p>On the other hand, security professionals are often frustrated by the lack of attention given to vulnerability testing and compliance. Their role is to safeguard the organization&#8217;s assets and protect the customer&#8217;s data. When security testing is left until the end of the development cycle, it becomes challenging to efficiently identify and rectify vulnerabilities. In fact, a recent <a href="https://about.gitlab.com/developer-survey/">GitLab survey</a> found that &#8220;43% of security professionals said testing happening too late in the development cycle is a major source of frustration.&#8221; This frustration can impede the overall progress and success of the product, leaving security experts feeling unheard and undervalued.</p>
<h2><strong>The Solution: Collaboration and Automation</strong></h2>
<p>Collaboration is key to bridging the gap between developers and security experts. By involving security professionals from the early stages of development, both teams can work together to ensure that security measures are integrated smoothly throughout the entire process. This collaborative approach, known as &#8220;shifting left,&#8221; enables vulnerabilities to be identified and addressed earlier, minimizing the need for last-minute fixes.</p>
<p>Furthermore, automation plays a crucial role in streamlining security practices. By automating security testing processes, developers can focus on their core responsibilities without compromising on security. This not only saves time but also ensures that security is not jeopardized in the pursuit of speed. According to <a href="https://www.techtarget.com/searchsecurity/tip/5-ways-to-automate-security-testing-in-DevSecOps">TechTarget</a>, automation tools such as static application security testing (SAST), dynamic application security testing (DAST), container scanner/vulnerable dependency analysis, software composition analysis, and vulnerability scanning help identify potential vulnerabilities early on, allowing developers to address them before they become significant issues.</p>
<h2><strong>Adopting a &#8220;Shift Left&#8221; Approach</strong></h2>
<p>Organizations must embrace the shift-left approach to foster a culture of security awareness. This means incorporating security practices earlier in the development process rather than treating them as an afterthought. By integrating security into every stage, developers become more attuned to potential vulnerabilities and can proactively address them. Security experts, in turn, can guide and support developers, ensuring that security measures are effectively implemented.</p>
<h2><strong>Security Is a Shared Responsibility</strong></h2>
<p>Developers and security professionals must recognize that their goals are not mutually exclusive. In fact, by working together, they can create a more secure and robust product. Developers can benefit from the expertise of security professionals, who can provide valuable insights and guidance throughout the development process. Similarly, security professionals can gain a better understanding of the development priorities and constraints faced by developers.</p>
<p>The competing priorities between developers and security experts are not insurmountable. Organizations can create an environment where both teams can thrive by fostering better collaboration, using automation tools, and adopting a shift-left mentality. Ultimately, this will result in the delivery of products that meet customer needs and prioritize security.</p>
<p>&nbsp;</p>


Collaboration: The Key Ingredient to Successful Security Compliance

Cross-Border Data Protection – Converting Compliance into Revenue

Protegrity Helps AWS Customers Attain Compliance for Data Security

More protegrity Resources