DORA : What are we talking about ?

The DORA regulation obliges companies to:

• reduce the risk of financial disruption and instability

• decrease administrative burden and enhance monitoring efficiency
• strengthen consumer and investor protection

The Regulation establishes the legal framework to address risks affecting financial services. As of today, it is the most stringent EU regulation concerning operational resilience and cybersecurity in the financial services sector.

The regulation will enable financial institutions, increasingly dependent on information, communication technologies and digital services, to meet the requirements and face challenges in a context where new cyber risks are emerging and threatening their operational resilience.

The adoption of the NIS 2 Directive is the result of the desire to respond to several security needs, as well as legal disparities observed throughout the European continent. With a view to strengthening cooperation between Member States, for example, the regimes of financial penalties for non-compliance have been harmonised. A strengthening of the oversight of the entities concerned by this new directive has also been implemented to support communication between Member States and to facilitate cross-border coordination.

This study presents the results of a survey conducted on organizations across all industries in Europe and the Middle East. The survey aimed to investigate the engagement patterns and reasons behind organizations seeking support from Managed Security Services Providers (MSSPs), security vendors, systems integrators, and cloud providers.

The whitepaper provides valuable findings and recommendations on how security practitioners can tackle new security challenges and adopt best practices by sourcing managed security and compliance from third parties. 

What you will learn in this IDC whitepaper?

• Learn from your peers on how to mitigate risk in a new digital world
• Benefit from insights into how businesses can understand and react to a continually changing and complicated threat landscape
• Explore the most desirable attributes and service capabilities of a modern and flexible managed security services provider

The objective of this White Paper is to provide an understanding of the issues related to poor data retention or a lack of data retention policy by reviewing the different types of backups and describing the risks identified in case of failure.
A proper management of data retention during its lifecycle is essential for 3 main reasons:

• to manage cyber risks,
• to be compliant with the GDPR and all other policies towards data protection,
• and to enable the protection of the company’s information assets.

It is also the responsibility of the data controller to determine the appropriate retention period according to their business needs in the absence of regulatory provisions.

Backup is an efficient way to restore all the information necessary for the proper functioning of an organization. It is therefore important for any organization to establish an effective data backup strategy that is adapted to the needs of its business.

The digital sector is increasingly targeted and cited among the most polluting activities. It already represents 4% of global CO2 emissions, a figure that could double by 2025.

This is why Devoteam has developed this guide, which offers a concrete, pragmatic and illustrated vision, enabling CIOs to accelerate their transition to a more responsible digital environment. This guide is an opportunity to share with you our convictions on the challenges to be met and the means to be implemented to initiate the Green transformation while drawing your attention to the key parameters that you must take into account when defining your action plan.

“Beyond pure economic logic, social and environmental responsibility is becoming a major concern for employees, customers and investors, which is why we are committed to promoting responsible digital business practices in our missions.”

• CI / CD is a commodity
  The work of a DevOps engineer often consisted out of create complex integrations of different steps in the pipeline. Today, a lot of functionality is often delivered as standard in platforms such as GitHub, GitLab and Azure DevOps. What is the impact on People, Processes and Technology of an organization?
• You don’t have one Cloud
  How many Clouds does your organization use? In the past, you probably only used Azure, Google or AWS. Today this is different. Multi-cloud strategies are becoming more popular and the horizon of cloud possibilities is expanding. What impact does this have on your organization? And how do you respond to this?
• Automation of infrastructure: infrastructure-as-code
  The rise of Cloud platforms makes it possible to change the way IT infrastructure is handled. The next step in automation is Infrastructure-as-code. Do you want to read more about this? One of the most obvious benefits of applying infrastructure-as-code is speed.
• Docker is dead
  Containers are very much alive, but the role that Docker plays is shrinking and open-source initiatives such as CRI-O and Podman are gaining ground. As an organization, you can always make the choice to opt for something other than Docker. Curious how?

• It is not just Dev and Ops anymore
  One of the DevOps trends is about aligning different goals within organizations and breaking silos. For this to succeed, it takes more than just Dev and Ops. Only an integrated approach to business operations, in which more focus is placed on culture change and less on technology, will bring success.
• Are we, developers, being automated away?
  Abstracting complexity away is something we find inspiring. Nowadays someone without IT knowledge can build an application. We are busy collecting business requirements and finding smart ways to solve them within a platform. Are we, developers, being automated away?

A fragmented internal Cloud landscape
With the increasing use of Cloud you actually see a similar trend as with the early days of the internet. Many organizations start with the Cloud, but there is not always a clear strategy or roadmap for using it. What is the consequence of this?

Additional ressources:

• Download “Accelerating Digital Innovation with Cloud” Whitepaper
• Download “The future of Devops” Whitepaper

However, effective issues management cannot be improvised. And additional external support is sometimes needed to enable businesses to concentrate their energy into a full recovery.

In this report, we offer you our expert overview and research findings, coupled with customer feedback on our crisis management tools, to ensure you have the information you need to future-proof your company for any eventuality.

Thank you to our cybersecurity experts, Julien BEAUSSART and Adrian VALLECCHIA.

Additional ressources:

• Download “Risk as a trigger for increased awareness” Whitepaper
• Download “Securing Digital comes with digitizing security” Whitepaper

Find out more about how to improve your business structure and growth, and allow better scalability through Microsoft outstanding technologies to help you reach your goals.

Data protection is a key issue for all companies and has become the main concern of managers.

In order to protect data and prevent its disclosure, companies must comply with the standards and regulations in force. To do this, it is necessary to ensure continuity of protection through auditable controls.

Devoteam and its partner Microsoft offer you their co-authored white paper to guide you through the key steps and points of attention related to the identification and protection of your sensitive data.  It is intended for an audience of security managers and legal professionals.

Agenda

Foreword – Renaud Templier, cybersecurity Director, Devoteam

Introduction: How can I identify the sensitive information in my Microsoft 365 tenant to comply with my security policy?

• From theory to practice
• Objective: “data protection by design”
• From platform to users, the security policy must be all-pervasive
• Conclusion: how to do it operationally and where to start?

Authors and contributors 

• Amélie Barboteau, Cybersecurity Senior Consultant, Devoteam
• Karim Bouami, Digital Identity & Trust Services Director, Devoteam
• Vincent Tostain, Cybersecurity Senior Consultant, Devoteam    
• Ludovic Hecky, Cybersecurity Senior Consultant, Devoteam    
• Charles Tostain, Global Black Belt Advanced Compliance, Microsoft

Cloud is the engine of digital transformation, and it is important to get cloud transformation right enterprise-wide. In 2021, the European IaaS public cloud market is set to grow 30.3%, higher than both SaaS and PaaS. ​Cloud is not just “someone else’s computer,” but requires new technical and business skills, organizational change, new roles, and new work methods.
IDC undertook cloud adoption research, including a benchmark survey, to assess where organizations are on their cloud journey, as well as exploring their attitudes, usage, and future outlook of the cloud in achieving their business outcomes. The research benchmarks organizations on three stages of their cloud journey — Cloud Experimenter, Cloud Optimizer, and Cloud Innovator. The research reveals that organizations with more cloud experience are running their cloud infrastructure more effectively and driving a greater degree of digital innovation than their competitors.