Azul Announces Java Solutions to Help Financial Institutions Meet DORA Requirements
January 14, 2025

Azul announced that the integrated risk management practices for its OpenJDK solutions fully support the stability, resilience and integrity requirements in meeting the European Union’s Digital Operational Resilience Act (DORA) provisions.

With the upcoming DORA enforcement deadline of January 17, 2025, quickly approaching, thousands of EU financial organizations and companies around the world with business in the EU must act quickly to ensure their IT infrastructure meets stringent new operational resilience standards that potentially require significant time investments to fulfill.

DORA’s primary goal is to enhance the digital resilience of financial entities, mitigate risks associated with Information and Communications Technology (ICT) risks and ensure that financial entities can withstand, respond to, and recover from all types of ICT-related disruption. This includes risks from ICT service providers that deliver digital and data services through ICT systems to internal or external users; it also includes hardware services and technical support via software updates. Java is the programming language of choice for the Financial Services industry. According to the 2022 FINOS State of Open Source in Financial Services report, 51% of the code within the financial services data set is written in Java.

Azul’s comprehensive long-term support (LTS) Java versions ensure stability and ongoing security updates – including updates for older Java versions like versions 6 and 7— crucial for maintaining operational resilience under regulatory scrutiny. The company’s security features, comprehensive testing and compatibility with modern architectures and cloud environments provide a secure and scalable Java platform. With a proven track record in stability, reliability, and security, Azul’s Java solutions help customers meet the requirements of DORA.

The DORA regulation represents a significant shift in how financial institutions must approach their digital operational resilience, with non-compliance resulting in corporate fines of up to 2% of annual turnover and potential fines for individuals up to €1,000,000. This extensive regulation affects not only EU financial entities but also global organizations with EU operations or business relationships and third-party service providers.

According to Crucyble, the information security consulting firm that evaluated and assessed Azul’s DORA-related risk management practices: “Azul has made considerable efforts to comply with the Digital Operational Resilience Act (DORA) EU by implementing a robust governance framework, risk management protocols, incident response capabilities, and third-party risk management strategies. Through continuous monitoring, regular testing, including penetration tests, and comprehensive plans for ICT resilience and recovery, Azul demonstrates a strong commitment to ensuring operational continuity and resilience. The company is actively addressing the requirements of DORA EU to support its financial customers in maintaining operational integrity and security. Azul’s proactive stance ensures it is well-equipped to meet the evolving challenges of ICT risk management and digital operational resilience, reinforcing its readiness to support customers in complying with the DORA EU framework.”

Azul’s offering includes:

- Fully supported, OpenJDK distributions (Azul Platform Core and Azul Platform Prime) that ensure timely security updates and patches.

- Stabilized security-only updates across all Java versions, operating systems and architectures.

- Continuous vulnerability monitoring and accelerated remediation response time with Azul Intelligence Cloud.

- Expert guidance and support for migration from unsupported OpenJDK distributions.

To support financial entities in their DORA compliance efforts for the use of Java applications and Java-based infrastructure, Azul has outlined five essential steps:

- Develop and Implement an ICT Risk Management Framework. Unsupported OpenJDK distributions expose financial institutions to significant risks through unpatched vulnerabilities and performance issues. Azul provides the only commercially supported OpenJDK with stabilized, security-only patches across all Java versions, operating systems and architectures, ensuring applications remain resilient and compliant with ICT requirements.

- Establish an Incident Reporting Mechanism. Standard OpenJDK distributions often miss critical updates, leading to undetected incidents and non-compliance. Azul Intelligence Cloud provides continuous monitoring of vulnerabilities and dead code in production, enabling organizations to detect, report, and remediate issues faster.

- Conduct Regular and Rigorous Testing of ICT Systems. Outdated or vulnerable Java versions create unreliable test environments and false security assumptions. Azul maintains current and tested distributions for all Java versions, including 6 and 7, and architectures, including Windows x86 32-bit, enabling financial institutions to maintain accurate testing environments.

- Enhance Third-Party Risk Management Practices. Relying on unsupported OpenJDK distributions from third parties increases the risk of security breaches and operational failures. Azul’s fully supported builds of OpenJDK ensure that third-party Java-based applications and services meet the highest security and performance standards, reducing third-party risks.

- Facilitate Information Sharing on Cyber Threats. Unsupported Java installations often miss critical updates, creating weak links in security information chains. Azul’s supported distributions provide timely vulnerability updates and enable effective threat information sharing across organizations, strengthening collective cybersecurity efforts.

“As a trusted partner to our customers, we understand the complex challenges financial institutions face in meeting these stringent requirements,” said James Johnston, VP of EMEA at Azul. “With Java powering most critical financial systems, unsupported or vulnerable Java infrastructure puts DORA compliance at risk. Our solutions enable companies to accelerate their compliance efforts while reducing costs and complexity—critical factors given the rapidly approaching deadline.”

Share this

Industry News

February 13, 2025

LaunchDarkly announced the private preview of Warehouse Native Experimentation, its Snowflake Native App, to offer Data Warehouse Native Experimentation.

February 13, 2025

SingleStore announced the launch of SingleStore Flow, a no-code solution designed to greatly simplify data migration and Change Data Capture (CDC).

February 13, 2025

ActiveState launched its Vulnerability Management as a Service (VMaas) offering to help organizations manage open source and accelerate secure software delivery.

February 12, 2025

Genkit for Node.js is now at version 1.0 and ready for production use.

February 12, 2025

JFrog signed a strategic collaboration agreement (SCA) with Amazon Web Services (AWS).

February 12, 2025

mabl launched of two new innovations, mabl Tools for Playwright and mabl GenAI Test Creation, expanding testing capabilities beyond the bounds of traditional QA teams.

February 11, 2025

Check Point® Software Technologies Ltd. announced a strategic partnership with leading cloud security provider Wiz to address the growing challenges enterprises face securing hybrid cloud environments.

February 11, 2025

Jitterbit announced its latest AI-infused capabilities within the Harmony platform, advancing AI from low-code development to natural language processing (NLP).

February 11, 2025

Rancher Government Solutions (RGS) and Sequoia Holdings announced a strategic partnership to enhance software supply chain security, classified workload deployments, and Kubernetes management for the Department of Defense (DOD), Intelligence Community (IC), and federal civilian agencies.

February 10, 2025

Harness and Traceable have entered into a definitive merger agreement, creating an advanced AI-native DevSecOps platform.

February 10, 2025

Endor Labs announced a partnership with GitHub that makes it easier than ever for application security teams and developers to accurately identify and remediate the most serious security vulnerabilities—all without leaving GitHub.

February 07, 2025

Are you using OpenTelemetry? Are you planning to use it? Click here to take the OpenTelemetry survey.

February 06, 2025

GitHub announced a wave of new features and enhancements to GitHub Copilot to streamline coding tasks based on an organization’s specific ways of working.

February 06, 2025

Mirantis launched k0rdent, an open-source Distributed Container Management Environment (DCME) that provides a single control point for cloud native applications – on-premises, on public clouds, at the edge – on any infrastructure, anywhere.

February 06, 2025

Hitachi Vantara announced a new co-engineered solution with Cisco designed for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes.