Increasing digitalization and the use of cloud services pose new challenges for banks, insurance companies, and other financial institutions. Stringent regulations such as the EU's Digital Operational Resilience Act (DORA) set high standards for ensuring the resilience of IT systems. How can financial organizations efficiently implement these requirements while increasing their competitiveness? The EU research project "EMERALD" offers innovative answers.
The pursuit: Continuous Compliance
EMERALD follows the approach of Continuous Compliance. This is based on the draft EUCS (European Cybersecurity Certification Scheme for Cloud Services) and the German Federal Office for Information Security's C5 criteria catalog (BSI C5:2020). The introduction of continuous and automated compliance management aims to increase operational efficiency, reduce risk and facilitate compliance with complex regulatory requirements, which is also an important and valuable development in the context of DORA. Rather than waiting for periodic audits that may reflect outdated information, organizations will increasingly rely on real-time verification of certificates and security standards. This will involve the use of APIs (application programming interfaces), hybrid multi-cloud technologies and AI.
Pilot project with CaixaBank and Fabasoft
In the highly regulated financial sector, there is a particular need for continuous certification in view of the strict requirements. To drive this approach forward, one of the pilot projects within EMERALD is looking at continuous compliance using the practical example of CaixaBank, Spain's third largest private bank with more than 20 million private customers.
The research team is tackling key challenges such as the security of customer data in the cloud and the definition of standardized processes for cybersecurity certification in multi-cloud environments. Fabasoft is addressing the specific needs of CaixaBank, which is looking to extend its existing on-premises services to include SaaS and IaaS applications.
By developing a real-time assessment, the bank should be able to ensure that cloud services comply with defined security standards. This makes it possible to integrate these services into the existing infrastructure and to reliably meet compliance requirements such as DORA or the new harmonized EUCS cybersecurity requirements catalog at certification level "high". The EMERALD UI plays an important part in this. It spans the entire audit process and helps auditors and users intuitively monitor compliance levels.
Fabasoft DORA: Digitized processes for financial companies
At the same time, Fabasoft DORA is being used in the pilot project to meet CaixaBank's regulatory requirements. The software for the digital management of outsourcing makes it possible to digitally manage all the relevant data and supporting documents, to carry out automated risk assessments and to keep the status of compliance transparent at all times. Digital templates for supplier questionnaires and workflows significantly reduce manual effort and support the secure integration of third-party providers into the system.
Conclusion: Paving the way with EMERALD
With its pilot in the financial sector, EMERALD is demonstrating how hybrid multi-cloud environments can be used securely and efficiently. The application of real-time compliance technologies is critical to making financial firms more resilient and competitive in the future.
Read more about the EU research project EMERALD in our blog post: DORA: EU pilot project
