In December Azul announced that the integrated risk management practices for its OpenJDK solutions fully support the requirements of the European Union’s Digital Operational Resilience Act (DORA) provisions. The stability, resilience and integrity of Azul’s solution not only ensure DORA compliance but also enhance digital resilience and mitigate risks. Azul received assurance in December, but the work started many months before.
EU financial organizations and companies around the world with business in the EU had to ensure their IT infrastructure meets stringent new operational resilience standards. You can find out more in our January 14 DORA compliance announcement.
Our solutions enable companies to accelerate their compliance efforts while reducing costs and complexity.
Jame Johnston, Vice President of EMEA, Azul
“As a trusted partner to our customers, we understand the complex challenges financial institutions face in meeting these stringent requirements,” said James Johnston, vice president of EMEA at Azul. “With Java powering most critical financial systems, unsupported or vulnerable Java infrastructure puts DORA compliance at risk. Our solutions enable companies to accelerate their compliance efforts while reducing costs and complexity—critical factors given the rapidly approaching deadline.”
Azul’s comprehensive long-term support (LTS) Java versions ensure stability and ongoing security updates – including updates for older Java versions like versions 6 and 7— crucial for maintaining operational resilience under regulatory scrutiny. The company’s security features, comprehensive testing and compatibility with modern architectures and cloud environments provide a secure and scalable Java platform.
Azul’s DORA assessment results
Crucyble, the information security consulting firm that evaluated and assessed Azul’s DORA-related risk management practices, wrote in its assessment of Azul’s compliance work, “Azul’s proactive stance ensures it is well-equipped to meet the evolving challenges of ICT risk management and digital operational resilience, reinforcing its readiness to support customers in complying with the DORA EU framework.”
Azul’s proactive stance ensures it is well-equipped to meet the evolving challenges of ICT risk management and digital operational resilience, reinforcing its readiness to support customers in complying with the DORA EU framework.
Azul DORA compliance assessment by Crucyble
Azul’s offering includes:
- Fully supported, OpenJDK distributions (Azul Platform Core and Azul Platform Prime) that ensure timely security updates and patches.
- Stabilized security-only updates across all Java versions, operating systems and architectures.
- Continuous vulnerability monitoring and accelerated remediation response time with Azul Intelligence Cloud.
- Expert guidance and support for migration from unsupported OpenJDK distributions.
- DORA Compliance Considerations for Use of Java Apps and Java-based Infrastructure
To support financial entities in their DORA compliance efforts for the use of Java applications and Java-based infrastructure, Azul has outlined five essential steps:
- Develop and Implement an ICT Risk Management Framework. Unsupported OpenJDK distributions expose financial institutions to significant risks through unpatched vulnerabilities and performance issues. Azul provides the only commercially supported OpenJDK with stabilized, security-only patches across all Java versions, operating systems and architectures, ensuring applications remain resilient and compliant with ICT requirements.
- Establish an Incident Reporting Mechanism. Standard OpenJDK distributions often miss critical updates, leading to undetected incidents and non-compliance. Azul Intelligence Cloud provides continuous monitoring of vulnerabilities and dead code in production, enabling organizations to detect, report, and remediate issues faster.
- Conduct Regular and Rigorous Testing of ICT Systems. Outdated or vulnerable Java versions create unreliable test environments and false security assumptions. Azul maintains current and tested distributions for all Java versions, including 6 and 7, and architectures, including Windows x86 32-bit, enabling financial institutions to maintain accurate testing environments.
- Enhance Third-Party Risk Management Practices. Relying on unsupported OpenJDK distributions from third parties increases the risk of security breaches and operational failures. Azul’s fully supported builds of OpenJDK ensure that third-party Java-based applications and services meet the highest security and performance standards, reducing third-party risks.
- Facilitate Information Sharing on Cyber Threats. Unsupported Java installations often miss critical updates, creating weak links in security information chains. Azul’s supported distributions provide timely vulnerability updates and enable effective threat information sharing across organizations, strengthening collective cybersecurity efforts.
Get your Java estate in order with Azul
DORA focuses on ICT assets, which it defines as “a software or hardware asset in the network and information systems used by a financial entity.” Java is the programming language of choice for the Financial Services industry. According to the 2022 FINOS State of Open Source in Financial Services report, 51% of the code within the financial services data set is written in Java.
All the world’s top 10 trading companies and six of the top 10 U.S. financial firms have switched to Azul. Using a stable, supported Java platform is critical to complying with DORA. With that in mind, we present some guidance to help get you started on your road to DORA compliance.
Azul is the only OpenJDK distribution that provides quarterly Critical Patch Updates to its customers that are focused on security-only fixes. Azul is an excellent fit for DORA’s requirements, offering updates and patches to address vulnerabilities consistently faster than any alternative distribution. Azul makes these updates available according to a strict SLA, which is critical for protecting financial systems under DORA’s stringent cybersecurity mandates.
Conclusion
Companies interested in learning more about how Azul supports DORA compliance for their Java applications and Java-based infrastructure should read Azul’s DORA FAQs or talk to a Java application and infrastructure expert at Azul. There are dozens of regulations worldwide, and Aul is on the front lines of compliance to protect our customers.
For more information, read our DORA FAQs or talk to a Java application and infrastructure expert at Azul.
