Azul has moved to reassure customers worried about the start of enforcement of the European Union’s Digital Operational Resilience Act (DORA). DORA requires financial organisations to improve their operational resilience standards. It is not just about the physical systems that organisations deploy. It also means understanding the risk from the entire IT environment, including software and the tools used to write it.
To reassure its customers, Azul has stated that “the integrated risk management practices for its OpenJDK solutions fully support the stability, resilience, and integrity requirements in meeting the European Union’s Digital Operational Resilience Act (DORA) provisions.”
Azul’s statement is important. The 2022 FINOS State of Open Source in Financial Services report says 51% of code in the sector is written in Java. As a result, a lot of attention has been paid to Java’s stability and security. One of Azul’s promises is support for older versions of Java, going back to version 6. Its maintenance delivers security, resilience, and stability updates.
James Johnston, vice president of EMEA at Azul, said, “As a trusted partner to our customers, we understand the complex challenges financial institutions face in meeting these stringent requirements.
“With Java powering most critical financial systems, unsupported or vulnerable Java infrastructure puts DORA compliance at risk. Our solutions enable companies to accelerate their compliance efforts while reducing costs and complexity—critical factors given the rapidly approaching deadline.”
What is Azul delivering
Azul says that there are four key elements in its offering:
- Fully supported, OpenJDK distributions (Azul Platform Core and Azul Platform Prime) that ensure timely security updates and patches.
- Stabilised security-only updates across all Java versions, operating systems and architectures.
- Continuous vulnerability monitoring and accelerated remediation response time with Azul Intelligence Cloud.
- Expert guidance and support for migration from unsupported OpenJDK distributions.
However, resilience requires more than just tools. To that end, Azul says there are five essential steps organisations need to take:
- Develop and Implement an ICT Risk Management Framework: Use a supported OpenJDK distribution, which delivers stable security patches across all Java versions and deployments.
- Establish an Incident Reporting Mechanism: Azul Intelligence Cloud provides continuous monitoring of vulnerabilities and dead code in production, enabling organisations to detect, report, and remediate issues faster.
- Conduct Regular and Rigorous Testing of ICT Systems: Only use fully patched and tested distributions to test code. This will create accurate testing environments that will identify vulnerabilities in code.
- Enhance Third-Party Risk Management Practices: Using fully supported OpenJDK distributions reduces the risk from third-party tools.
- Facilitate Information Sharing on Cyber Threats: Only use OpenJDK distributions with regular updates and vulnerability alerts. Ensure that information is shared across the entire organisation to create a secure baseline for your Java deployments.
Enterprise Times: What does this mean?
The EU is increasing pressure on financial services organisations to improve the quality of their IT environments. DORA is just one of several pieces of legislation that have been or are about to be enforced. In the case of DORA, organisations have had two years to address its requirements before they are enforced later this month. However, many are behind.
This announcement from Azul serves two purposes. First, it reinforces the company’s position regarding its support to existing Azul customers.
For those who are not its customers but who have significant Java investments over multiple versions, this is why they should move to Azul. With just a few days before DORA is enforced, those who have not addressed their Java investments must act quickly.
