How fintech companies can prepare for new DORA regulations

The clock is ticking for financial services companies that operate in the European Union (EU). Starting in January 2025, financial services providers and their third-party technology service providers must meet the new regulatory requirements of the Digital Operational Resilience Act (DORA).

As the financial services industry modernizes and moves away from legacy technology, cloud adoption presents new risks and vulnerabilities to cyber threats and attacks that require a comprehensive information and communication technology (ICT) risk management framework––namely, DORA. DORA will require financial services to embed so-called digital resilience on all levels of their operations based on six pillars:

• Governance and organization

• ICT risk management framework

• ICT incident management, classification and reporting

• Digital operational resilience testing

• Third-party provider risk management

• Information sharing

DORA is focused not only on cyber threats and attacks — but also on resiliency and reliability that can make or break customer experience. That's why observability is increasingly important for fintech companies.

What to look for in an observability solution

Like many other businesses, financial services companies rely on complex and mission-critical software systems to provide services to their customers. When evaluating observability solutions, financial services companies should consider several features to ensure they choose the right solution for their specific needs:

• Ease of data collection from a range of sources, including logs, metrics and other telemetry data

• Integration with the specific technologies and platforms used in financial services, such as databases, cloud services and trading platforms

• Capable of handling large volumes of data and scaling as needed

• Provides real-time insights into system performance and issues

• Defines and tracks custom metrics and creates alerts based on specific business and technical criteria

• Anomaly detection to identify unexpected patterns or deviations in data

• Complies with industry-specific regulations and offers security features such as data encryption, access controls and audit trails

• Long-term observability data storage for trend analysis, compliance and forensic investigations

• Supports redundant deployments and data backup for disaster recovery

How a serverless fintech startup ensures reliability with Sumo Logic

With reliability and performance concerns at the top of their minds, fintech organizations like cloud-native startup Snoop increasingly need an observability solution to cut through the noise and simplify troubleshooting.

Snoop was built using a serverless-first architecture that includes an extensive Amazon Web Services (AWS) tech stack, along with fourteen other software-as-a-service (SaaS) solutions for functions such as security and continuous integration/continuous delivery (CI/CD). While this kind of complexity is increasingly common, AWS and other multi-cloud environments can be more difficult to manage and monitor compared with traditional on-premises infrastructure.

To manage this complexity, Snoop’s three-person DevSevOps team needed a clear understanding of what was happening, the context it was happening in and what was affected. The Sumo Logic observability platform automatically ingests telemetry data collected by Amazon CloudWatch across Snoop’s AWS stack, which includes Amazon Elastic Container Service (Amazon ECS) on AWS Fargate and AWS Lambda instances. Because data collection is automated, there’s no need for Snoop to install or maintain collectors. To speed data ingestion, Snoop uses Sumo Logic’s Amazon Kinesis Connector app.

Sumo Logic aggregates Amazon CloudWatch logs and metrics—along with data from the fourteen other SaaS tools Snoop uses—into a single centralized analytics platform with easy-to-use dashboards. Watch this webinar to learn more.

The platform’s site reliability engineering (SRE) monitoring tools give Snoop’s team the visibility they need to quickly diagnose and troubleshoot issues across their entire stack. By bringing separate logs and other telemetry together in one place, Snoop can more easily identify trends, correlate issues and understand root causes. Once an alert is received, Snoop uses Sumo Logic’s Root Cause Explorer to accelerate the diagnostic process.

Read Snoop’s full story to learn more about how Sumo Logic’s observability platform helps improve customer experience.