IBM Security for Z

 View Only

DORA Landscape with IBM LinuxONE

By Pradeep Parameshwaran posted Mon December 09, 2024 12:16 PM

  

The European Union (EU), along with its technology industries, including the financial services sector, is experiencing significant digital transformation. This shift aims to facilitate broader digital service adoption across public sectors and cater to the evolving needs of tech-savvy consumers. Given the sensitive nature of these critical workloads, securing the infrastructure hosting them requires careful consideration. As a result, the EU has developed regulations like "DORA" to better navigate and manage risk for this digital transformation process.

What is DORA?

DORA stands for Digital Operational Resilience Act and is a set of regulations established by the EU to define digital operational resilience requirements for financial institutions and their critical third-party providers.DORA provides a consistent and robust framework for managing ICT-related risks in the financial services industry across the EU. It achieves this by imposing uniform requirements in areas such as ICT risk management, incident reporting, operational resilience testing, and managing third-party ICT risks.DORA full implementation is applicable on 17 January 2025.

To ensure that organizations meet various ICT and cybersecurity risk management requirements, a digital resilience framework consisting of five core pillars has been developed and emphasized as part of DORA.

DORA establishes technical requirements for financial entities across the domains referenced above. For some specific domains, organizations need to establish business continuity and disaster recovery plans for various cyber risk scenarios, such as ICT service failures and cyberattacks.

Technologies and Innovation on IBM® LinuxONE

IBM® LinuxONE[i] is designed with security at its core, engineered to be energy-efficient. IBM LinuxONE's built-in security features, such as pervasive encryption and confidential computing environments, help keep sensitive data protected. This can give businesses the tools to innovate and grow in a complex and regulated landscape.By leveraging IBM LinuxONE's security and resilience features at the hybrid cloud level, clients can address their readiness for DORA for critical infrastructure workloads. Key technologies such as secure execution[ii], pervasive encryption capabilities[iii], on-chip crypto acceleration using CP Assist for Cryptographic Functions (CPACF), IBM LinuxONE integrated HSM support with IBM Crypto Express cards[iv], and IBM Instana Observability help clients operate their critical workloads in a cyber-resilient environment.In addition to platform specific capabilities, IBM LinuxONE supports various security ecosystem solutions, including endpoint detection and response tools, vulnerability assessments, compliance automation and security monitoring solutions.

As DORA regulations and implementation guidance evolve, IBM LinuxONE's platform-specific resiliency capabilities and security ecosystem solutions are designed to help clients be better equipped to operate a cyber-resilient infrastructure for their critical workloads with.



[i] IBM LinuxONE is an enterprise-grade Linux® server, powered by the IBM Telum® processor, that brings together the IBM expertise in building enterprise systems with the openness of the Linux operating system.

[ii] Confidential computing with IBM. https://www.ibm.com/confidential-computing.

[iv] IBM PCIe Cryptographic Coprocessor. https://www.ibm.com/products/pcie-cryptographic-coprocessor.

© Copyright IBM Corporation 2024. IBM, the IBM logo, and IBM Telum are trademarks or registered trademarks of International Business Machines Corporation, in the United States and/or other countries. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on https://www.ibm.com/legal/copytrade. The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.

This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. No IT system or product should be considered completely secure, and no single product, service or security measure can be completely effective in preventing improper use or access. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. The client is responsible for ensuring compliance with all applicable laws and regulations. IBM does not provide legal advice nor represent or warrant that its services or products will ensure that the client is compliant with any law or regulation.

0 comments
39 views

Permalink