Teleport announces DORA compliance readiness

• DORA imposes strict penalties for companies that struggle to withstand, respond to, and recover from cybersecurity disruptions to ICT infrastructure
• Teleport simplifies DORA compliance by offering improved cybersecurity resilience, better operational efficiency, and streamlined engineer and developer productivity

OAKLAND, CA, January 17, 2025 – Today, the European Union’s Digital Operational Resilience Act (DORA) comes into full effect, marking a major shift in how financial institutions and their technology providers prioritize and maintain operational resilience and cybersecurity standards. To help firms navigate these strict requirements, Teleport offers a modern, unified approach to secure infrastructure access that aligns with many of DORA's foundational requirements. With Teleport’s platform for secure infrastructure access, organizations can transform their security model and improve the velocity of their engineering output.

DORA aims to create a unified framework for Information and Communication Technology (ICT) risk management so that European financial institutions and those that wish to do business within the bloc can withstand, respond to, and recover from ICT disruptions. However, like similar regulations globally, today’s complex infrastructure environments complicate the journey towards full compliance – for both EU financial institutions and technology partners.

Financial institutions have a complex blend of traditional on-premise hardware and modern cloud-native components. This variance makes it difficult to maintain visibility, unified policy enforcement, and consistent access controls across infrastructure – yet these are crucial for addressing DORA’s requirements on minimizing unauthorized access risks. Meanwhile, ICT providers and software vendors supporting financial institutions have equally complex infrastructures and must comply with the same security standards for reporting, incident response, and secure access.

The Digital Operational Resilience Act is built around a five-pillar framework, emphasizing key aspects of ICT risk management:

1. ICT risk management: Establish robust governance frameworks to assess, mitigate, and monitor ICT risks.
2. Incident reporting: Implement mechanisms to report ICT-related incidents promptly to regulators.
3. Operational resilience testing: Conduct regular tests simulating cyberattacks, natural disasters, and human errors.
4. Third-party risk management: Conduct due diligence and ongoing monitoring of critical ICT service providers.
5. Information sharing: Foster collaboration between institutions and regulators to share insights on ICT threats.

To solve this, Teleport offers a platform for secure infrastructure access to simplify compliance for both financial institutions and the technology providers powering their growth. With Teleport, organizations can address multiple requirements within each pillar, which Teleport achieves by:

• Eliminating credentials and standing privileges, reducing unauthorized access risks
• Implementing dynamic access controls with short-lived certificates
• Providing centralized access visibility and real-time monitoring to identify potential security incidents (e.g. unusual login locations or requests)
• Enabling rapid incident response and operational continuity via automated access controls

“I believe compliance shouldn't be daunting for anyone. It’s not something financial institutions can afford to trip on when they face so many other critical business priorities,” says Ev Kontsevoy. “But it’s hard to comply with regulations if your infrastructure is so complex that you not only lack visibility but can’t enforce secure access policy. Many companies in financial services cannot confidently say they’re able to audit who has access to what. Our research has shown even security novices face much higher compliance costs than organizations that perform well in security. It’s an uphill journey, but Teleport assists with a comprehensive solution for meeting security controls while streamlining engineer and developer productivity. There should be no tradeoffs.”

Learn more about simplifying your journey towards DORA compliance with Teleport in our whitepaper, Digital Operational Resilience Act (DORA): Navigating Compliance with Teleport.

About Teleport

Teleport is the global provider of modern access to infrastructure, improving efficiency of engineering teams, fortifying infrastructure against bad actors or error, and simplifying compliance and audit reporting. The Teleport Access Platform delivers on-demand, least privileged access to infrastructure on a foundation of cryptographic identity and zero trust, with built-in identity security and policy governance. Headquartered in Oakland, California, Teleport is backed by Kleiner Perkins, Bessemer Venture Partners, and Insight Partners and serves more than 600 customers around the world. For more information, visit goteleport.com or follow @goteleport.