The DORA Directive is transforming the way companies within the EU deal with cybersecurity. Compliance with the directive is not only about avoiding fines, but also about building a more resilient, secure environment that protects against cyber attacks. According to Ruud Wilting of OpenText, deploying the right IT tools can greatly simplify this complex task.
The Digital Operational Resilience Act (DORA) aims to make the financial sector within the EU more resilient to increasing cyber risks, such as cyber attacks and data breaches. It also harmonizes national regulations within the European market.
Waiting to prepare is no longer an option: organizations must comply with all the requirements of the new regulations by Jan. 17, 2025. Organizations that fail to comply will not only suffer reputational damage, but could face large fines - up to 2% of global annual sales.
To be DORA-compliant, companies need robust systems for monitoring, managing and securing their infrastructure. IT tools enable organizations to comply in real time. Here the key IT tools that contribute to DORA compliance:
1: Configuration Management Database: Crucial in risk management
A CMDB (Configuration Management Database) provides a comprehensive overview of all assets and their configurations, serving as the foundation of the IT environment.
Under DORA, maintaining an accurate and reliable CMDB is critical to managing risk and reporting incidents effectively. A well-maintained CMDB allows an organization to track relationships between assets, detect potential vulnerabilities and quickly identify affected systems in the event of a cyber incident.
Because they provide complete visibility into all third-party systems that connect to the organization's infrastructure, CMDBs also enable companies to meet DORA requirements for supply chain security.
2: IT Asset Management (ITAM).
ITAM tools help organizations track and manage their hardware and software assets throughout their lifecycle, ensuring that nothing is overlooked. Given DORA's emphasis on complete risk assessments and asset visibility, keeping an up-to-date inventory is critical. ITAM provides real-time data on all critical assets, allowing companies to respond to potential vulnerabilities before they become bigger problems.
This asset tracking becomes essential when conducting audits or meeting DORA reporting requirements, as companies need to know exactly what is installed within their network.
3: Discovery tools
Discovery tools provide automatic detection of all devices, software and connections within your network. These tools guarantee that even previously unknown assets or third-party systems are visible, allowing organizations to mitigate security breaches.
In terms of DORA compliance, this becomes especially important for supply chain risk management. Companies can track external suppliers and their access to internal systems, providing complete transparency on all devices interacting with critical infrastructure.
4: Observability tools
Observability platforms give organizations the ability to monitor the health of their IT systems in real time. By providing insight into system performance and user behavior, they go a step beyond basic monitoring. This allows companies to identify potential problems early on.
In the context of DORA, observability tools help organizations quickly detect cybersecurity incidents and ensure they meet the requirement to report incidents within 24 hours. Continuous monitoring also supports ongoing compliance efforts by proactively identifying risks and containing them before they escalate into larger security incidents.
5: IT Service Management (ITSM).
ITSM tools streamline incident response and help manage workflows within an organization. Within DORA, ITSM is critical to the timely and organized handling of incidents. ITSM tools can support incident documentation, manage service-level agreements and ensure proper communication between departments during a cybersecurity incident.
This structured approach enables organizations to remain compliant with DORA's reporting mandates and provides a framework for maintaining operational resilience even during a security crisis.
While each of these tools performs its own function, they still work best when integrated together in a complete compliance strategy. By combining CMDBs, ITAM, discovery tools, observability platforms and ITSM, organizations can maintain continuous visibility and control over their infrastructure.
Key steps to be ready for DORA:
Create an updated inventory of IT assets: Use ITAM and discovery tools to continuously monitor your assets and ensure full visibility.
Ensure a robust CMDB: Update your CMDB regularly to reflect all assets and their relationships. This is essential for incident response and risk management.
Leverage real-time monitoring: Observability tools allow you to detect and mitigate cyber security incidents before they escalate.
Build an Incident Response Framework: Use ITSM tools to efficiently manage incidents and meet the strict timelines prescribed by DORA.
Manage third-party risks: implement discovery tools to monitor third-party assets within your supply chain to meet DORA's supplier management requirements.
As the deadline for DORA compliance approaches, organizations must prioritize cybersecurity and implement the necessary IT tools to protect themselves from the growing threat of cyber attacks.
While it introduces more stringent requirements, more importantly, these challenges also offer companies an opportunity to increase their overall cybersecurity resilience. By leveraging tools like CMDBs, IT Asset Management, discovery tools, observability platforms and ITSM, you not only stay compliant, but you build stronger and more flexible security that also protects your critical infrastructure over the long term.
Moreover, the proper deployment of these tools simultaneously helps ensure that the organization is well positioned to also remain compliant with the NIS2 directive that went into effect this month.
About the author: Ruud Wilting is Account Manager at OpenText, a software vendor that provides smart solutions that allow companies to securely capture, manage and exchange information. OpenText will be present at the IT Asset Management conference on Nov. 19 in Mechelen. You can register here . More information about ITOP's solutions is here to find.
