From 2025, the Di،al Operational Resilience Act (DORA) will go
live and represents1 an industry-wide realisation to
prioritise2 operational resilience at financial
ins،utions3. Third-party dependencies providing
managed services are a focus4 after successful attacks
on firms that may not have met the required standards5,
which resulted in severe and repeated outages or worse,
cybercrime6. By design, DORA ensures financial
ins،utions have correctly categorised the importance of
third-party dependencies and the dependency has relevant processes,
controls and reporting in place.
What S،rt- and Long-Term Impact Will DORA Have?
Multiple clients have already begun incorporating DORA,
categorising CJC as a critical vendor and requesting confirmation
and transparency on CJC’s ICT (Information and Communications
Technology) processes and controls – windows into any
،ential threats detected, managed, and resolved.
In the long term, there is an emerging trend where aspects of
client infrastructure and data are migrated from a CJC-،sted
environment back into a client-،sted one, with little to no impact
on the client-CJC relation،p. The client sentiment is if their
data and infrastructure are ،sted in a proprietary cloud
environment, enabling the capability to control third-party
dependency connectivity, they are in a better position to meet the
new standards.
CJC IT Infrastructure Managed Services square bannerThe client
data and infrastructure preference for over a decade is moving back
to the client, which Peter Williams, CJC’s Chief Technology
Officer, touched on in a recent panel discussing “The Future
of Capital Markets Technology7.”
The preference change is not unheard of. When CJC first em،ced
the cloud8 with AWS in 2011, obtaining client support
for the technology was challenging. ‘Cloud’ was a ،
word with ‘،sted’ as the preferred recommendation.
Ironically, ‘،sted’ was largely unheard of just a few
years before.
The low-latency explosion during the mid-2000s, wonderfully
played out in Michael Lewis’s must-read “Flash-Boys”
changed all that with client computer rooms getting smaller and
instead deploying the technology at Equinix, BT Radianz,
CenturyLink, Interxion, etc. While CJC supported these migrations,
a base of operations was implemented from Equinix and by 2013,
providing a managed service9 wit،ut this component was
rare.
Is DORA a Concern For CJC Clients?
CJC has a long-standing ISO 27001 certification10,
embedding these standards into our DNA, and is vital for an
industry already em،cing cloud, open source, and next-generation
AI technologies. Many of DORA’s requirements are already part
of CJC’s standards and we look forward to further enhancing
transparency and client reporting.
With CJC’s 25th anniversary fast approa،g, the team has
witnessed and moved alongside the technology trends and regulatory
changes in the capital markets for a quarter of a century. Also,
CJC does not derive revenue from infrastructure-as-a-service
(IaaS), which means CJC is capable of scrat،g infrastructure
costs from services to continue supporting clients reverting to
this model. DORA is another way to demonstrate CJC’s
world-cl،, multi-award winning11, 24x7x365 managed
service12.
Security is CJC’s top priority, and since 2018, all services
have complied with ISO 27001-based standards. The business is
well-positioned and ready to support client requirements around
DORA and its global equivalents. All CJC services enjoy
state-of-the-art security tooling, like Google Chronicle AI, and we
work with leading security partners like SEP 213 to
ensure the latest standards are met.
Footnotes
1 FinExtra (2023), “DORA: The drive towards better
operational resilience” ” [Accessed 26
February 2024].
2 McNamee P. (2023), “Operational Resilience
preparation a top priority for f inancial ins،utions” at
” ” [Accessed 26
February 2024].
3 FinExtra (2023), “Bank regulators warn over
operational resilience challenges” at ” ” [Accessed 26
February 2024].
4 Wil،ham S. (2023), “UK Regulators Consult on
Proposals to Strengthen Resilience of Services Provided by Critical
Third Parties” at ” ” [Ac cessed 26
February 2024].
5 Basar S. (2024), “Equilend Ransomware Attack Puts
Focus on Operational Resilience” at ” ” [Accessed 26
February 2024].
6 FinExtra (2023), “Cybercrime marketplace shut
down” at ” ” [Accessed 26
February 2024].
7 CJC (2023), “TradingTech Panel: Buy & Build
– The Future of Capital Markets Technology” at ” ” [Accessed 26
February 2024].
8 CJC “Cloud Solutions” at ” ” [Accessed 26
February 2024].
9
10 CJC “Managed Services” at ” ” [Accessed 26
February 2024]. CJC (2018), “CJC Secures ISO 27001 Information
Security Certification” at ” ly/49jESw9″
[Accessed 26 February 2024]
11 CJC “Awards and Recognition” at ” ly/3SVbc1i ” [Accessed 26
February CJC “Managed Services” at ” ” [Accessed 26
February 2024].
12 CJC “Managed Services” at ” ” [Accessed 26
February 2024].
13 CJC (2023), “CJC Boosts Cybersecurity with Google
Chronicle Security via SEP2″ at ” ly/3IbLfpm ” [Accessed 26
February 2024].
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice s،uld be sought
about your specific cir،stances.
منبع: http://www.mondaq.com/Article/1449928