Digital operational resilience: Why financial services must evolve—and how F5 and NetApp are leading the way

In today’s financial ecosystem, resilience is no longer a back-office concern—it’s a boardroom priority. The convergence of digital transformation, cyber risk, and regulatory scrutiny has created a new mandate for financial institutions: prove that you can withstand disruption, recover quickly, and continue delivering critical services without compromise.

This mandate is embodied in a growing wave of global regulations focused on digital operational resilience (DOR). At the forefront is the EU’s Digital Operational Resilience Act (DORA), which came into force in January 2025. But similar frameworks are emerging across the UK, Singapore, the United States, and other regions—each demanding that financial institutions not only secure their infrastructure but also demonstrate their ability to operate through crises.

For financial services leaders, the implications are clear: resilience is no longer optional. It’s a competitive differentiator, a compliance requirement, and a strategic enabler of innovation.

When it comes to building digital operational resilience, two technology leaders stand out.

F5 is the global authority in application security and multicloud networking. For over two decades, F5 has helped enterprises deliver and protect their most critical digital services—across data centers, clouds, and edge environments. From intelligent traffic management to advanced threat mitigation, F5 enables organizations to stay online, secure, and compliant in the face of evolving risks.

NetApp, meanwhile, is the global leader in enterprise storage and data management. Trusted by thousands of financial institutions, NetApp powers high-performance workloads across hybrid and multicloud environments. Its technologies ensure that data is always available, protected, and governed—whether it’s supporting AI models, customer transactions, or regulatory reporting.

Together, F5 and NetApp offer a joint solution that’s purpose-built for the demands of DOR and DORA. By combining secure connectivity, resilient storage, and simplified operations, the two companies enable financial institutions to meet regulatory requirements while unlocking agility, performance, and innovation.

The EU’s DORA regulation sets a new benchmark for operational resilience. It applies not only to banks and insurers but also to third-party technology providers, including cloud and data service vendors. Non-compliance can result in fines of up to 1% of a company’s average daily global turnover.

But DORA is just one piece of a broader puzzle. Regulators worldwide are introducing similar mandates:

• UK: The Financial Conduct Authority (FCA) requires firms to define impact tolerances and test their ability to remain within them.
• Singapore: The Monetary Authority of Singapore (MAS) mandates cyber resilience and incident response capabilities.
• U.S.: Federal agencies are tightening third-party risk management and continuity planning, with new guidance from the Federal Reserve, Office of the Comptroller of the Currency (OCC), and Federal Deposit Insurance Corporation (FDIC).

These frameworks share a common goal: ensuring that financial services can continue to operate securely and reliably—even in the face of major disruptions. They also reflect a growing recognition that resilience is not just about infrastructure—it’s about data, applications, and the ability to adapt in real time.

The shift to cloud and AI has transformed financial services—but it has also introduced new risks. Institutions now operate across multiple clouds, regions, and vendors, each with its own configuration, policies, and vulnerabilities.

Key challenges include:

• Cloud concentration risk: Over-reliance on a single hyperscaler increases exposure to outages and vendor lock-in.
• Fragmented security: Inconsistent policies across environments make it harder to detect and respond to threats.
• Limited visibility: Siloed data and infrastructure hinder real-time monitoring and compliance reporting.
• Operational overhead: Managing resilience across hybrid environments is complex and resource intensive.

These challenges make it difficult to meet DOR/DORA requirements for availability, integrity, confidentiality, and continuity of critical services. They also slow down innovation—making it harder to deploy AI, launch new services, or respond to market shifts.

F5 and NetApp have partnered to deliver a comprehensive solution that directly addresses the core pillars of DOR and DORA. By combining F5’s security and networking leadership with NetApp’s storage and data mobility expertise, the joint solution enables financial institutions to securely connect and protect data across hybrid and multicloud environments. It also enables them to simplify operations and reduce overhead, accelerate AI and digital transformation initiatives, and ensure compliance with resilience regulations.

Under DORA Article 9, institutions must prevent and mitigate ICT-related disruptions. Part of the F5 Application Delivery and Security Platform (ADSP), F5 Distributed Cloud Services and F5 BIG-IP provide intelligent load balancing and failover, while NetApp’s SnapMirror and StorageGRID ensure data replication and availability across zones and regions.

For example, a bank operating across multiple European regions can use F5 to route traffic intelligently during a cloud outage, while NetApp ensures that customer data is replicated and accessible from alternate zones—maintaining service continuity and compliance.

DORA Article 28 emphasizes the need for exit strategies from third-party providers. F5 enables secure, encrypted data migration over a private backbone, while NetApp simplifies workload repatriation with consistent storage across cloud and on-prem environments.

This is especially critical for institutions that need to move workloads back in-house due to regulatory changes, cost concerns, or vendor instability. With F5 and NetApp, repatriation becomes a strategic option—not a last resort.

Also a part of F5 ADSP, F5 Web Application and API Protection (WAAP) solutions deliver advanced defenses against distributed denial-of-service (DDoS), bots, and API abuse. Combined with NetApp’s secure storage, institutions can meet DOR requirements for proactive testing, monitoring, and incident response.

For example, F5 can detect and block volumetric attacks in real time, enforce rate limiting, and launch automated penetration tests via integrations like Heyhack. NetApp ensures that sensitive data remains protected and auditable—supporting compliance and customer trust.

Financial institutions developing generative AI applications need secure access to proprietary data. F5 and NetApp enable secure, scalable connectivity between AI models and enterprise data—without disrupting existing infrastructure.

This is particularly valuable for institutions using public models like Azure OpenAI. F5 provides secure connectivity and policy enforcement, while NetApp ensures that data is available, governed, and optimized for inference.

While DOR and DORA are regulatory mandates, the benefits of compliance go far beyond avoiding penalties.

Institutions that invest in operational resilience gain faster time to market for AI and digital services and an improved customer experience through higher availability and performance. They also reduce their risk from cyber threat and cloud outages, while obtaining greater agility to adapt to changing business and regulatory demands.

With F5 and NetApp, resilience becomes a foundation for innovation—not a barrier to it.

Consider the example of a global investment firm deploying AI-powered risk models across multiple regions. With F5 and NetApp, the firm can ensure secure data access, replicate models across clouds, and maintain compliance with local regulations—all while accelerating time to insight.

Or take a retail bank launching a new mobile app. F5 ensures secure, high-performance delivery across edge locations, while NetApp provides scalable storage and backup. Together, they enable a seamless customer experience—even during peak demand or unexpected disruptions.

Choosing the right partners for digital operational resilience is critical. F5 and NetApp bring the expertise and proven technologies organizations need, and a shared commitment to customer success.

• F5 is the global leader in application security and multicloud networking, trusted by 20,000+ customers worldwide. Its platforms deliver intelligent traffic management, real-time threat mitigation, and unified policy enforcement across distributed environments.
• NetApp is the global leader in enterprise storage and data management, with over 10,000 customers and deep partnerships across AWS, Azure, and Google Cloud. Its technologies power high-performance workloads, simplify data mobility, and support compliance across hybrid and multicloud environments.

Together, they offer a joint solution that’s not only compliant—but transformative.

Digital operational resilience is no longer a checkbox—it’s a business imperative. Financial institutions that act now will not only meet regulatory requirements but also position themselves for long-term success in a volatile, data-driven world.

F5 and NetApp offer the proven technologies, global expertise, and integrated solutions to help you lead with confidence.

To learn more, contact us to start the conversation.