Financial entities need to follow strict data regulations to safeguard the data they collect and manage. These regulations are not limited to data security; they also apply to the availability and resilience of the system during normal operations and system disruptions. This could be a huge undertaking if you do not choose the right data platform.

One of those newer regulations is Regulation (EU) 2022/2554, known as the Digital Operational Resilience Act (DORA). DORA is a European Union regulation that addresses operational resilience and the potential risks that come with the reliance on technology. With the introduction of DORA, financial entities operating in the EU are now subject to requirements that aim to ensure they can withstand, respond to and recover from information and communication technology (ICT)-related disruptions and threats. These include measures for protection, detection, containment, recovery, and repair. DORA targets ICT risks, introducing rules for ICT risk management, ICT-related incident reporting, digital operational resilience testing, and oversight of ICT third-party risks, ensuring that operational resilience is not merely about financial buffers, but about the ability to withstand and recover from ICT disruptions. Enforcement of this regulation is through penalties and remedial measures that may be imposed for non-compliance.

Complying with DORA can lead to a more secure and resilient ICT environment capable of withstanding and recovering from ICT-related disruptions. The great news is that Autonomous Database has been designed with security and resiliency in mind, building on the comprehensive Oracle Database 23ai security posture combined with extensive platform automation. Autonomous Database can help your organization to address the DORA requirements through:

  • Built-in high availability: Self-healing infrastructure and database, with multiple standby instances in different regions for protection.
  • Backup and recovery: Encrypted backups and immutable backup retention lock, safeguards backups from ransomware attacks. Provides fast recovery times with near-zero data loss.
  • Automated proactive monitoring: Notifications and alarms for key events and performance. Using AI/ML pattern recognition, hardware failures are automatically predicted, and databases are immediately redirected to avoid hangs and automatically generate service requests for deviations.
  • Configured and secured by default: Data is automatically encrypted at rest and in-flight. Built-in Data Safe performs a comprehensive database security assessment and regularly assesses changes to help address the configuration requirements from GDPR, STIG, and CIS. This assessment can include the additional requirements from other regulations, and raise alerts if configuration drifts from established standards.
  • Privilege Analysis: Applied across all databases to understand user access privileges and changes over time. Helps address separation of duties and least privilege model to control proper access.
  • Data Discovery: Understands where sensitive data resides across all databases and applies data anonymization or masking.
  • SQL Firewall: Implement an allow-list of SQL statements and IP addresses and blocking unauthorized SQL and SQL injection attacks.

Additionally, with built-in security and automation of patching, backups, and failover, Autonomous Database can assist organizations to address the requirements in DORA that are targeted at strengthening the ICT resiliency and security posture of financial entities.

Autonomous Database automates database management and provides proactive capabilities to help enhance performance, operations, and security. For example, full-stack patching, including fixes for security vulnerabilities, is completely automated with zero downtime. Above all, these features come with no additional costs.

Listed below are some of the key requirements in Chapter II (ICT risk management) of DORA and explanations as to how Autonomous Database can help address them:

Articles

*The information in this table includes extracts of DORA. The official text is published in the Official Journal of the European Union: https://eur-lex.europa.eu/eli/reg/2022/2554/oj

As you can see, Autonomous Database provides a number of built-in security and high availability capabilities that can help you achieve sound practices and a proactive approach to managing risk and compliance. And you can take advantage of them with no extra cost.

For more information, explore:

  • Watch webinar: Don’t Stop me Now! The high Availability and Disaster Recovery story of Autonomous Database (link)
  • Watch webinar: Continuous Application Availability with Autonomous Database (link)
  • Read additional Oracle Blogs: The EU DORA and Oracle Zero Data Loss Recovery Appliance (link)
  • Read documentation: Security and Authentication in Oracle Autonomous Database (link)
  • Try Autonomous Database for free (link)
  • Try Autonomous Database via LiveLabs (link)