Automating to Assure Resilient Financial Services Networks

Business continuity is fundamental for financial services firms, where even seconds of downtime can have a significant impact on revenue. Today's companies and their customers demand nonstop, secure access to digital services, and maintaining a resilient network infrastructure is essential to meeting their expectations. Yet according to a recent McKinsey survey, 84 percent of business leaders reported feeling underprepared for future disruptions.

From increasingly complex, distributed environments to evolving security threats and new compliance requirements, financial services firms are contending with new challenges and rapid changes. How can they seize the initiative and position themselves to assure operational resiliency? A modern, automated testing strategy built on a robust platform can point the way forward.

New complexities and new threats are challenging network resilience

In years past, enterprises seeking to assure network resilience could focus primarily on the data centre. But as digital transformation reshapes the financial services industry, networks have become more distributed and diverse. Workloads, storage, and other key resources are routinely scattered across a diverse array of data centre, remote sites, and multi-cloud environments. Surveys show that 98% of financial institutions globally already use at least one cloud service—an increase from 91% in 2020.

Today's evolving, highly complex architectures are shaking up the rules for network management and maintenance, cybersecurity priorities, and business continuity. Network infrastructures now rely on third parties for public cloud services, Secure Access Service Edge (SASE), connectivity and Content Delivery Networks (CDNs). Frequent changes are occurring across these multiple environments, impacting data centres, hosted sites, and branch offices. Every update introduces a new opportunity for errors, misconfigurations, and compatibility issues that can threaten network resilience. Major strategic initiatives such as network modernization or merger and acquisition events can disrupt network operations even more severely.

According to a survey by the Enterprise Strategy Group, more than half of participants were impacted by downtime in public cloud infrastructure services, due to misconfiguration, outages, and other events.

Increasingly distributed network environments are also compounding resilience risks in terms of cybersecurity. Traditional network perimeters no longer apply, and security threats have evolved, making networks more difficult to protect. Organizations are aggressively adopting a zero trust approach to safeguarding the network, requiring individual verification of all users and devices that require access, and bringing even more complexity to environments.

Regulatory compliance requirements add pressure

Government and industry compliance requirements are constantly evolving in financial services, and a new wave of updates is adding urgency to the need for improved operational resilience. New regulations such as the European Union's Digital Operational Resilience Act (DORA) and the UK's FCA/PRA/Bank of England requirements are motivating organizations to focus on testing in particular. Effective as of January 2025, DORA aims for a more consistent, harmonized resilience, establishing five key requirements, including:

1. Third-party and open source software and service analysis
2. Vulnerability assessments
3. Network security assessments
4. End-to-end ICT testing
5. Gap analysis and process review

The regulation also recommends several specific test methodologies for operational resilience, including penetration testing, performance and capacity testing, network security assessments, and disaster recovery (DR) assessments. Fines for non-compliance can be steep—as much as two percent of total revenues.

Operational resilience testing is top of mind

To meet their compliance needs and identify issues before they can impact business processes and the customer experience, proactive network testing is critical. In the past, enterprises looked to vendors to test their applications and other solutions before putting them into production at their data centre or branch sites. However, distributed environments with complex supply chains require enterprises to take more control over their testing. However, rigorous testing isn't easy for IT teams contending with a constantly changing array of policies, threat signatures, and software patches, versions, updates, and configurations. Traditional, manual test methodologies face limitations for organizations due to issues such as:

1. Isolated, siloed testing environments run by different teams
2. Rigid, infrequent testing that happens too late to consider possible network changes
3. Manually created test cases that can take months to execute
4. Poor integration into continuous integration/continuous delivery (CI/CD) pipelines, preventing validation of changes
5. Limited test scope that focuses on function while neglecting context

Embracing an automated, holistic approach to testing

A test automation platform can dramatically accelerate the testing process while minimising costs and risks. With the right solution and strategy, organizations can move beyond impractical, inefficient manual testing toward a more proactive, comprehensive process.

Automation gives financial services the ability to test a variety of complex scenarios on a rapid, continuous basis. A strong strategy should extend testing from lab environments to live production environments and support a constant flow of changes. Updates in the network across diverse, complex supply chains are potentially disruptive, so changes should be tested automatically, considering the context of the entire network, before they are rolled out to production.

Specialized tools also play an important role in automated resilience testing. For example, emulators can enable IT teams to vary test traffic without requiring the creation of a network in a lab. Digital twins are also helpful in simulating real-world scenarios to thoroughly test resilience in ways that traditional test scripts can't.

Realizing measurable outcomes in cost and efficiency

Automated, continuous operational resilience testing has been shown to yield significant improvements in operational efficiency. By minimizing its manual, error-prone processes, one major bank was successful in reducing test setup time from four months to just eight hours. Through automation, the organization also reduced its annual lab spending by 95 percent—while dramatically increasing its volume of test runs per year.

Although keeping pace with today's changing requirements requires strategic planning and investments in a robust solution, organizations can become more efficient and proactive—and position themselves to better address new security challenges and changing regulatory requirements in the years to come.