Virtualization Technology News and Information
Article
RSS
VMblog Q&A: Valiantys, HYCU, Appfire, and Lansweeper Partner to Address DORA Compliance with New GRC Service

interview-hycu-valiantys 

In an era where digital resilience and regulatory compliance are paramount concerns for financial institutions, Valiantys, HYCU, Lansweeper, and Appfire have forged a strategic partnership to tackle the challenges of DORA (Digital Operational Resilience Act) compliance. VMblog sat down with Adam Jackson, Global Head of Enterprise Service Management at Valiantys-the largest Atlassian solution partner globally-and Andy Fernandez, Senior Director of Product Marketing at HYCU to learn more about why the four companies aligned on this innovative GRC (Governance, Risk, and Compliance) service.

The partnership combines Valiantys' expertise in IT consultancy and Atlassian solutions with HYCU's powerful backup capabilities, Lansweeper's best of breed asset discovery and management solution, and Appfire's dashboard and document management capability to offer organizations a streamlined approach to achieving and maintaining DORA compliance, particularly crucial as the pending January 17, 2025 deadline approaches.

VMblog:  Can you provide some background on Valiantys and its role in the industry?

Adam Jackson:  We are a global IT consultancy organization specializing in the Atlassian stack, with presence across North America, APAC, UK, Benelux, Switzerland, Germany, and France, where we were founded. We have the most specializations of any Atlassian solution partner and are the largest in terms of numbers and dedicated focus. Beyond platform and license reselling, we provide best practice advice and guidance around change enablement and transformation using the Atlassian stack as a catalyst to add true value to organizations.

We work very closely with Atlassian, helping shape their HR approach and security controls. We're members of the Partner Advisory Council and the Solution Partner Advisory Council, providing guidance on how Atlassian can enhance their transformative capabilities and partner more effectively with organizations to further the ecosystem.

VMblog:  How did the partnership between HYCU and Valiantys come about?

Andy Fernandez:  Two years ago, Atlassian became an investor in HYCU. Many of our customers were running Atlassian on data center environments with traditional virtual backups, but when migrating to cloud solutions, there was a gap. HYCU filled that gap. As a channel-focused company, we wanted to ensure customers had a partner to guide them from a solutions perspective. Valiantys, being the largest partner in the Atlassian ecosystem with the broadest coverage, was a natural fit. This isn't just about having logos on websites - we're building solutions that solve real problems.

VMblog:  What drove the development of your new GRC service?

Fernandez:  Third-party risk is critical, and we're seeing good progress with EU regulations focusing on cloud and SaaS-savvy regulation. Recent incidents have shown how service disruptions can affect everything from flights to hospitals. While cloud brings tremendous scale and value, it's not infallible. We need to protect the supply chain and tool chains that organizations rely on. DORA is one of the regulations protecting financial services, and soon we will see other directives to protect other critical infrastructure in the EU and in the US.

VMblog:  Why did you choose to focus on DORA initially?

Jackson:  The January 17th deadline created an urgent market need. We identified a gap in the market for DORA-specialized platforms, particularly in the Atlassian ecosystem. While there are solutions being adapted for DORA, none were built specifically for it. We're using DORA to catalyze and build more GRC solutions.

Fernandez:  DORA represents a new wave of regulation that fully understands cloud-native risk. Legacy GRC integration hasn't caught up to meet these requirements. Someone needed to build this from scratch for this new wave of regulation, and that's why the Valiantys GRC is so important.

VMblog:  And what's driving the urgency around DORA compliance?

Fernandez:  We're seeing major incidents every week where third-party service providers, cloud platforms, or SaaS platforms experience supply chain attacks or mistakes leading to significant enterprise disruptions. While these platforms provide tremendous value, Murphy's Law applies - regardless of how strong the five nines are, there's always going to be third-party risk.

The technology landscape has evolved dramatically. Twenty years ago, everything was in a data center - your email, document management, git repository, and critical apps were all on-premises. Today, we have a mix of critical apps running both on-premises and in the cloud, plus countless SaaS applications that anyone with a credit card can purchase. Our research shows that IT managers typically underestimate their SaaS footprint by a factor of ten - when asked about their organization's SaaS applications, they estimate 20 when the reality is closer to 200.

VMblog:  Who needs to be DORA compliant?

Jackson:  DORA's reach is extensive. It applies to financial institutions, banks, investment firms, crypto companies, crowdfunding platforms, and payment processors. Importantly, any organization that provides services to an EU Financial Services organization must also be DORA compliant. Similar to GDPR, while it's an EU regulation, it affects any organization wanting to do business with EU entities. It's not just for enterprise-level organizations - it applies to companies with as few as 30-40 employees if they're handling customer financial data.

VMblog:  What are the main challenges organizations face with DORA compliance?

Fernandez:  There are two major pain points. First is the technology challenge - understanding your SaaS and asset footprint is incredibly difficult and typically requires manual effort. Most organizations don't have a clear picture of their application landscape, and when they discover it, they often find that the majority of applications have zero protection capabilities.

Jackson:  The second challenge is operational. We're seeing organizations struggle with the preparation phase. One organization in the Nordics hired a 100-person team just for DORA preparation. The costs are astronomical, and they're not even thinking about how to manage the ongoing compliance lifecycle. This is reminiscent of what we saw with GDPR, where contractors made fortunes helping organizations prepare.

VMblog:  How does your GRC service address these challenges?

Jackson:  We've built an integrated system that uses Jira Service Management as a system of record to provide consistency for managing platforms and applications across the entire organization. We've focused heavily on the end-user experience - from my past experience in service assurance, preparing for an audit could take six weeks of continuous work. Our solution provides immediate visibility from the C-suite level down to individual departments, all surfaced through the CMDB within JSM.

The solution combines several best-of-breed components: Lansweeper handles deep discovery and asset management, HYCU provides backup and restore capabilities, and Appfire delivers holistic visibility through dashboards showing compliance status, document management, and risk management approaches. Instead of having risk registers at different levels, we've lifted everything to an organizational level that can be drilled down into individual silos.

VMblog:  What makes this solution different from traditional GRC approaches?

Fernandez:  Traditional approaches often result in dozens of people trying to manage compliance through spreadsheets and manual processes. The Valiantys GRC Solution reduces this to one admin who can manage everything across the board. It's not just a fancy recording tool - it's connected to the solutions that actually solve the problems.

Jackson:  A key differentiator is that we've built this without heavy coding, using a low-code/no-code approach. Organizations can manage their entire compliance program through a single platform, and because JSM uses a single module, you're not paying licenses per department. You can copy the configuration and benefit from the same license structure.

VMblog:  How does the implementation process work?

Jackson:  We provide a roadmap of activities that build a longer-term journey, ensuring customers feel like they're dealing with one unified solution rather than four individual parts. This is quite novel in the Atlassian ecosystem. We've focused on making data-driven decision-making possible at all levels of the organization - not just IT managers or the C-suite, but everyone can access the data points they need to understand the implications for their individual departments.

VMblog:  What's the current status of this service? When will it be available?

Jackson:  The service is available now. It uses Jira Service Management as a system of record to pool all required data. Each SaaS application is created as an individual asset, and we automate workflows to track backups and compliance requirements. We surface this information through Appfire dashboards and provide visibility using the Confluence platform for document management. It's essentially expanding traditional ITSM tools by integrating these different components.

VMblog:  What's next on your compliance roadmap?

Jackson:  While we're currently focused on DORA with a January 17th deadline, we're building this as a framework that can adapt to other compliance requirements. ISO standards (27001, 29000, 9001) are next, followed by American market requirements like HIPAA and energy compliance frameworks. The solution is highly repeatable - we can adapt to new frameworks in just a month or two rather than 6-18 months. We're using the Elastic AI platform to build an agent that will help analyze framework requirements and structure our approach accordingly.

The key is that we're not just building point solutions - we're creating a platform that can grow with organizations' compliance needs while maintaining that single source of truth and unified user experience.

##

Published Tuesday, November 26, 2024 11:01 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2024>
SuMoTuWeThFrSa
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567