Objectives of the Act
All financial organizations in EU have necessary safeguards to avert cyber-attacks and mitigate risks.
Harmonize ICT risk management regulations
The Act aims to address risk management in financial services and harmonize regulations that exist in EU member states.
Framework for third-parties
The act also provides an oversight to critical third-party providers like cloud service providers.
Fortanix enables financial organizations to fortify cyber resilience and meet DORA compliance.
Centralized data discovery, classification, management, auditing, and reporting.
Confidential Computing for encrypting data in use.
Fine grained access control for users and data.
Consistent policy management and robust authentication.
Key data security requirements as mandated by DORA Act
Maintain high standards of confidentiality of data, whether at rest, in use or in transit.
Ensure the security of the means of transfer of data.
Minimise the risk of corruption or loss of data and unauthorised access.
Prevent breaches of confidentiality and the loss of data.
Implement security policies and strong authentication mechanisms.
How Fortanix can help meet these requirements?
- Confidential Computing Powered Data protection, whatever its state.
- Control keys to the cloud with Bring-Your-Own-Key/Key Management System, with access controls and kill-switch to prevent decryption of data-at rest.
- Fine grained access control for users and data including advanced capabilities like Quorum approvals, RBAC, MFA, User-defined access, and custom plugins.
- Full key lifecycle management with FIPS 140-2 level 3 Certified HSMs.
- Single pane, uniform, and consistent policy management with strong authentication.
Key Differentiators with Fortanix
Centralized key management
With discovery, visibility, command control, policy enforcement, reporting.
Data protection, whatever its state
Trusted execution environments secure data at rest, in motion, and in use.
Zero trust for your data
Policy-driven RBAC, quorum controls, and least-privileged access.
PQ algorithms with ability to rapidly deploy updates.
Privacy by design
Built-in privacy capabilities (Confidential Computing, Tokenization, Data Masking etc.) to greatly reduce risk and improve compliance.