Operational resilience and the DORA regulation in the wake of the CrowdStrike outage

The CrowdStrike outage is being corrected and companies are working through lessons learned. It’s a good opportunity to link this real-life example to what the NetApp® Financial Services Industry (FSI) team has been talking about in relation to the Digital Operational Resilience Act (DORA), operational resilience, and NetApp’s relevance to FSI.

How well are you prepared for outages like CrowdStrike? What contingency plans did you have in place? How difficult was it to bounce back from the interruption? Did all go as planned?

 And are you asking the question “What if this were on purpose?” This outage—which we’ve all read had nothing to do with a cyberattack—can be repaired, and business can continue to get back to normal. But look at what can happen with just a mistake! Imagine if we were faced with bad actors and a not-so-fixable outage. 

The DORA regulation speaks directly to these types of outage scenarios, but you don’t have to be regulated by DORA to discuss good data hygiene and operational resilience with your colleagues and customers.   

How do you talk about operational resilience, DORA, and everyone’s navigation of the recent outage and subsequent events? Here are some key challenges and solutions to cover. 

Challenges that financial entities can face include over consolidation and reliance on a single third-party information and communication technology (ICT) provider. DORA Article 28 states: 

 “Entities shall put in place exit strategies… [that] take into account risks that may emerge at the level of ICT third-party service provider, in particular a possible failure.…Entities shall identify alternative solutions and develop transition plans enabling them to remove the contracted ICT services and the relevant data from the ICT third-party service provider and to securely and integrally transfer them to alternative providers or reincorporate them in-house.”  

 NetApp helps you face these challenges with NetApp Cloud Volumes ONTAP®, Amazon FSx for NetApp ONTAP, Azure NetApp Files, and Google Cloud NetApp Volumes. Cloud Volumes ONTAP enables you to meet DORA requirements with the ability to create, replicate, back up, scan, classify, and tier data in any cloud.

 NetApp also meets the DORA requirement of being able to reincorporate workloads back in-house if a cloud failure occurs.

 All workloads are visible and controlled from a single console, and you can enforce your data security requirements with additional cyber-resilience tools, as required by DORA. 

Financial entities need response and recovery plans, including dedicated and comprehensive ICT business continuity plans. Plans should include recording all incidents, ensuring continuity of critical financial functions, quick and appropriate responses to cyberthreats, containment measures, and requirements for redundancies and switchovers from primary to secondary sites. DORA Article 11 states:  

 “Financial entities… shall have a crisis management function, which, in the event of activation of their ICT business continuity plans or ICT response and recovery plans, shall… set out clear procedures to manage internal and external crisis communications.​…” Entities shall activate “containment measures, processes, and technologies suited to each type of ICT-related incident and prevent further damage, as well as tailored response and recovery procedures.”​ 

 NetApp systems are protected by NetApp Snapshot™ copies, which are point-in-time, read-only images of your data. Because Snapshot images are read-only, captured data can’t be encrypted and locked by ransomware. With NetApp FlexClone® thin-cloning technology and SnapRestore® data recovery software, you can restore an entire volume or individual files from a Snapshot copy if a ransomware attack occurs—significantly faster than with any other recovery method. 

 And with its extensive experience, NetApp Professional Services can help develop business continuity plans ​for your critical workloads and create clear communication paths if a crisis arises. 

Financial entities need to work out their requirements for backup methods, including specifying scope and frequency based on data criticality. They also need dedicated “clean rooms” where data can be restored to avoid reinfection​. DORA Article 12 states: 

“When restoring backup data using own systems, financial entities shall use ICT systems that are physically and logically segregated from the source ICT system. The ICT systems shall be securely protected from any unauthorized access or ICT corruption.… Recovery plans shall enable the recovery of ​all transactions at the time of disruption.​” 

 You can meet these challenges with NetApp solutions: 

• MetroCluster​. NetApp MetroCluster® configurations combine array-based clustering with synchronous replication to deliver continuous availability, immediately duplicating all mission-critical data on a transaction-by-transaction basis. 

• Tamperproof Snapshot copies. Use NetApp SnapLock® compliance software to lock Snapshot copies for a specified period so that they cannot be deleted until the expiration time is reached. Locking Snapshot copies makes them tamperproof, protecting them from ransomware threats. You can use locked Snapshot copies to recover data if a volume is compromised by a ransomware attack.​ 

NetApp can help with operational resilience. To find out about webinars, read our e-book, and explore other ways that we can help, visit our DORA webpage. And if you have questions, please reach out to Peter Dean, Steve Rackham, or Adam Gale.