What is DORA and GovAssure?
It’s likely you’ve heard the terms DORA (The Digital Operational Resilience Act) and GovAssure mentioned in the press over the last few weeks, if not, you will do soon. But what do they both mean and how does it affect the IT industry? We’ve broken it down and explain how it will change the way we implement ransomware recovery.
Both DORA (alongside the Financial Conduct Authority) and GovAssure are risk assessment frameworks for data and operational resilience with a particular focus on cyberattacks. By 2025, the rules and guidance will be enforceable with financial penalties if compliance cannot be proven.
What’s the difference between DORA and GovAssure?
DORA and FCA are specifically for the financial sector and GovAssure is for the UK government’s IT systems which run key services for the public.
Why is it important?
For many years, companies have paid huge amounts to insurance companies to protect their data from a cyberattack. Should an attack take place, the ransom is usually paid, and the data is recovered. IBM does not believe that this type of insurance will be widely available for much longer. For those who are lucky enough to secure insurance, their contract will likely stipulate that a data recovery plan is in place, and that compliance with DORA/FCA and GovAssure can be proven.
How Chilli’s CopyAssure solution reinforces the framework
Ransomware recovery for IBM i is available through our CopyAssure solution. It’s a service that leverages the IBM Virtualize feature, FlashCopy. Via the Copy Services Manager, a backup policy schedule manages periodic FlashCopy snapshots which are immutable. This secures the data to prevent it from being compromised. CopyAssure then automates the process of validating the copy allowing tests to confirm the data is good and it can be used. It also provides additional services to assist your IT department should an attack be found. In many cases, data can be recovered in as little as 20 minutes.
How CopyAssure fits in the framework
Ransomware Recovery for IBM i
Here we see the traditional Primary workload on a POWER server and the High Availability or Disaster Recovery target. In itself this is providing a level of operational resilience and will always be required. Protection from complete hardware failure, loss of a data centre and natural disasters will always require this level of resilience to be in place. However, this cannot help us in today’s world where the Cyber threat is increasing. Traditional replication type solutions will just propagate the bad data from one system to the other so we need another level of protection.