March 5, 2024
DORA – The Upcoming Changes & Impacts On Your Managed Services
Cloud Solutions,
Managed Services,

Register to receive insights from CJC

Get notified of the latest news, insights, and upcoming industry events.

DORA Heralds a Wind of Change to Managed Services

Steve Moreton

DORA goes live in less than 12 months and thrusts operational resilience into the spotlight, with third-party dependencies providing managed services as a key focus area. As a critical supplier to financial institutions worldwide, CJC views the standards set by DORA as crucial. This insight discusses the upcoming changes and the potential impacts on managed services, including:

  1. Why is DORA Needed, and What Are The Changes?
  2. What Short- and Long-Term Impacts Will DORA Have?
  3. Is DORA a Concern For CJC Clients?

Editor: Antony Fung, Marketing Manager at CJC.


Why is DORA Needed, and What Are The Changes?

From 2025, the Digital Operational Resilience Act (DORA) will go live and represents1 an industry-wide realisation to prioritise2 operational resilience at financial institutions3. Third-party dependencies providing managed services are a focus4 after successful attacks on firms that may not have met the required standards5, which resulted in severe and repeated outages or worse, cybercrime6. By design, DORA ensures financial institutions have correctly categorised the importance of third-party dependencies and the dependency has relevant processes, controls and reporting in place.

What Short- and Long-Term Impact Will DORA Have?

Multiple clients have already begun incorporating DORA, categorising CJC as a critical vendor and requesting confirmation and transparency on CJC's ICT (Information and Communications Technology) processes and controls – windows into any potential threats detected, managed, and resolved.

In the long term, there is an emerging trend where aspects of client infrastructure and data are migrated from a CJC-hosted environment back into a client-hosted one, with little to no impact on the client-CJC relationship. The client sentiment is if their data and infrastructure are hosted in a proprietary cloud environment, enabling the capability to control third-party dependency connectivity, they are in a better position to meet the new standards.

CJC IT Infrastructure Managed Services square bannerThe client data and infrastructure preference for over a decade is moving back to the client, which Peter Williams, CJC’s Chief Technology Officer, touched on in a recent panel discussing “The Future of Capital Markets Technology7.”

The preference change is not unheard of. When CJC first embraced the cloud8 with AWS in 2011, obtaining client support for the technology was challenging. ‘Cloud’ was a dirty word with ‘hosted’ as the preferred recommendation. Ironically, ‘hosted’ was largely unheard of just a few years before.

The low-latency explosion during the mid-2000s, wonderfully played out in Michael Lewis's must-read “Flash-Boys” changed all that with client computer rooms getting smaller and instead deploying the technology at Equinix, BT Radianz, CenturyLink, Interxion, etc. While CJC supported these migrations, a base of operations was implemented from Equinix and by 2013, providing a managed service without this component was rare.

Is DORA a Concern For CJC Clients?

CJC has a long-standing ISO 27001 certification, embedding these standards into our DNA, and is vital for an industry already embracing cloud, open source, and next-generation AI technologies. Many of DORA’s requirements are already part of CJC’s standards and we look forward to further enhancing transparency and client reporting.

With CJC’s 25th anniversary fast approaching, the team has witnessed and moved alongside the technology trends and regulatory changes in the capital markets for a quarter of a century. Also, CJC does not derive revenue from infrastructure-as-a-service (IaaS), which means CJC is capable of scratching infrastructure costs from services to continue supporting clients reverting to this model. DORA is another way to demonstrate CJC’s world-class, multi-award-winning9, 24x7x365 managed service10.

Security is CJC’s top priority, and since 2018, all services have complied with ISO 27001-based standards. The business is well-positioned and ready to support client requirements around DORA and its global equivalents. All CJC services enjoy state-of-the-art security tooling, like Google Chronicle AI, and we work with leading security partners like SEP 211 to ensure the latest standards are met.

Peter Williams, Chief Technology Officer said, "CJC treats its position as a critical third-party supplier of market data-managed services to the capital market community seriously. Security is our top priority. Like our recognised market data and technological expertise, CJC is at the bleeding edge of operational resilience and third-party dependency requirements. No matter the service level, DORA-compliant standards and transparency are out-of-the-box from CJC."

About CJC:

CJC is the leading market data technology consultancy and service provider for global financial markets. CJC provides multi-award-winning consultancy, managed services, cloud solutions, observability, and professional commercial management services for mission-critical market data systems. CJC is vendor-neutral and ISO 27001 certified, enabling CJC’s partners the freedom to focus on their core business.

For more information, contact us or:

Email: [email protected]
Tel: +44(0) 203 328 7600

Get In Touch

Get in touch with our experts to learn how we can help you optimize
your market data ecosystem!
Arrange a Meeting