By Dirk Alshuth, cloud evangelist at emma, the cloud management platform

The cloud is becoming a fundamental component of business operations, with 17% of financial institutions in EMEA being “all-in” on cloud and more are looking to leverage cloud to enhance scalability, flexibility and innovation. However, recent regulation has placed further scrutiny on the already highly regulated sector.  

The Digital Operational Resilience Act (DORA), which came into effect on 17 January 2025, imposes stringent requirements for regulatory compliance, data security and third-party risk management on financial institutions. DORA applies to more than 22,000 financial entities and ICT service providers operating within the EU, in addition to the ICT infrastructure supporting them from outside the EU. Article 28 of the act mandates financial institutions implement robust security measures, particularly when partnering with third-party cloud services providers, to minimise risks and protect sensitive data.  

Therefore, strengthening cloud resilience and ensuring compliance with DORA’s mandates is crucial for safeguarding operations and maintaining regulatory alignment.  

Ensuring visibility across cloud environments  

Ensuring comprehensive visibility across diverse cloud environments is a critical component for financial institutions complying with DORA. The complexity of hybrid or multi-cloud architectures, while enhancing operational resilience, often results in fragmented systems. This can pose significant challenges in terms of integration, risk management, and compliance oversight, which are essential under DORA regulations. 

To effectively address this, financial institutions must develop and implement a dedicated and mature Digital Resilience Framework. This framework is crucial for providing end-to-end visibility across different cloud platforms, ensuring that all parts of an organisation’s digital infrastructure are monitored and governed efficiently.  

Conducting regular evaluations must be prioritised, incorporating resilience testing, such as threat-lead penetration tests, to identify and address the vulnerabilities in cloud environments. This enhances resilience with DORA’s stringent requirements and safeguards against potential regulatory penalties.  

With DORA now in full effect, many organisations are still in the process of building the capabilities and processes needed to address these challenges. The time to act is now, as delays in adapting could jeopardise compliance.  

The benefits of a cloud management platform in enhancing visibility   

A cloud management platform plays a fundamental role in ensuring visibility across complex cloud environments, providing benefits that can help financial institutions meet DORA’s requirements. Such platforms offer centralised control and visibility into the entire cloud ecosystem, simplifying management and enhancing security.  

Cloud management platforms facilitate real-time monitoring of workloads, resource utilisation, and performance across the entire cloud ecosystem. This aligns with DORA’s mandate for continuous monitoring of ICT risks and resilience, as real-time insights enable institutions to identify, assess, and address potential threats proactively. By providing a comprehensive view of cloud operations, financial institutions can improve their operational resilience and reduce the risk of digital disruptions. 

Re-evaluating cloud strategies to align with DORA 

Aligning with DORA requires a shift in how organisations plan and execute their cloud strategies. Rather than reactive compliance, a proactive approach is more sustainable and effective.  

Organisations must encourage collaboration by bridging gaps between compliance, IT, and cloud teams to embed resilience planning into daily operations. Regular cross-departmental meetings to discuss needs and concerns can help align their objectives, enabling IT and cloud teams to work together to design systems that meet regulatory and operational goals.   

Revisiting existing cloud architectures is also crucial to ensure they support both agility and compliance. Organisations need to conduct a thorough assessment of their current cloud setup to identify any weaknesses that could hinder compliance. By creating a solid cloud architecture, organisations can achieve greater flexibility and reduce the need for major overhauls when compliance requirements change.  

Additionally, firms must leverage tools to monitor, report, and address compliance challenges in real-time. These compliance automation tools can help identify potential issues before they before they escalate, allowing organisations to act quickly. They reduce the workload on compliance and IT teams, enabling a proactive approach to compliance management. These tools can also streamline the reporting process, making it easier to provide regulators with the necessary information quickly.  

Embracing DORA as an opportunity   

Although DORA presents challenges, it also offers financial institutions the opportunity to enhance their operational resilience and cloud strategies.  

DORA provides a comprehensive ICT management framework, allowing institutions to develop a more robust and integrated approach to managing digital risks across their operations. This simplifies regulatory complexity as fragmented regulations are integrated into a unified framework.  

DORA’s requirements may also prompt institutions to reassess and modernise their cloud legacy systems. By adopting more and advanced cloud solutions, financial institutions can improve their operational agility, driving innovation in their technological infrastructure and enhancing competitiveness.   

Future-proofing financial institutions  

Ultimately, future-proofing financial institutions through cloud technology, driven by the Digital Operational Resilience Act (DORA), transforms regulatory compliance from a challenge into a strategic advantage. Now is the time for financial institutions to re-evaluate their cloud strategies, aligning with DORA to modernise infrastructure, enhance security and build a foundation for long-term success. This will not only ensure compliance but enables financial institutions to remain competitive in a rapidly evolving financial landscape.

Learn more about emma.

Image: Pero Kalimero on Unsplash

Guest Editorial
This article was produced specially for Fintech Intel by an expert guest contributor.