With the European Union’s Digital Operational Resilience Act (DORA) tightening standards for digital infrastructure, the focus on system resilience has reached new heights. Under Article 11, Paragraph 6 of DORA, financial entities are mandated to implement both a primary and redundant backup system for communication.
This requirement underscores the critical importance of maintaining continuous communication channels, especially during cyber incidents or other disruptive events. Here, we explore how this dual-system approach reinforces resilience, drawing on strategies detailed in recent Sentinel blogs that emphasise hot-backup disaster recovery, out-of-band communications, and secure video conferencing as key components of a resilient communication strategy.
The Rationale Behind Redundant Communication Systems
In today’s digital landscape, cyber attacks and outages pose severe risks to operational continuity, often rendering primary communication channels unavailable. DORA recognises that relying solely on a single communication channel or primary system introduces vulnerabilities that can escalate in times of crisis. Redundant systems ensure that organisations have a resilient fallback to keep stakeholders connected and informed when disruptions strike.
Building a Reliable Backup: The Role of Hot Backup for key documents and Out-of-Band Communication
The hot-backup disaster recovery model, as discussed in our post on Sentinel’s Hot Backup Disaster Recovery solution, provides a practical approach to achieving redundancy. In this model, secondary systems remain on standby, mirroring essential operations in real-time or near-real-time.
If a primary system is compromised, the hot backup activates instantly, preserving the flow of critical communications. This structure not only supports DORA’s requirements but also mitigates downtime, safeguarding communications that keep crisis management teams informed and responsive.
Out-of-Band Communication: Essential in Cyberattack Scenarios
When a cyberattack targets primary networks, traditional in-band communications - such as email or internal chat systems - may become inaccessible or untrustworthy. This is where out-of-band communication comes into play.
As covered in our recent blog on cyber attacks and the need for OOB comms, out-of-band systems provide a secure and isolated communication path on an independent network that remains unaffected by attacks on the main network. This setup aligns with DORA’s intent by ensuring that communication continuity is maintained without risking exposure through the compromised network, an essential measure for mitigating cyber risks.
A New Layer of Redundancy: Secure Video Conferencing
Sentinel’s planned release of secure, out-of-band video conferencing is another powerful tool for resilient communications. During a cyber incident, visual communication is often crucial, as it allows team members to discuss sensitive issues face-to-face without relying on vulnerable networks.
This out-of-band video conferencing system ensures organisations can conduct secure meetings and respond to unfolding situations with full situational awareness, even if core systems go down, meeting DORA’s redundancy requirement effectively.
Why DORA’s Redundancy Mandate is a Strategic Advantage
By enforcing a primary and backup system for communications, DORA pushes organisations towards a resilient, proactive stance. Redundant systems provide:
- Operational Continuity: Ensuring that communication channels remain active and reliable under any circumstances.
- Enhanced Security: Isolating backup systems protects sensitive communications from the vulnerabilities that may impact primary systems.
- Faster Response Times: With an established backup, incident response teams can react more swiftly, preventing delays in communication that can exacerbate crisis situations.
Conclusion: Compliance as a Resilience Booster
The requirement of Article 11, Paragraph 6 in DORA for both a primary and backup communication system is more than a compliance issue- it’s a strategic advantage. Leveraging hot backups, out-of-band communication systems, and secure video conferencing enables organisations to stay operationally resilient, safeguarding essential communication in the face of cyber threats.
For those looking to enhance their digital resilience, adopting these redundancy measures is not only about meeting regulatory requirements but about building a truly robust foundation for secure, reliable communication under any condition.
Blog Cover Photo by Terence Starkey on Unsplash
