Automating to Assure Resilient Financial Services Networks

Compliance and business continuity have always been table stakes for financial services firms, but today they’re more critical than ever. The IT infrastructures that power financial services have evolved to become increasingly distributed and complex. Their workloads and storage are no longer confined to data centers. Today, they are dispersed across premises, remote sites, and multiple clouds.

These distributed network environments require complicated IT supply chains. They rely on third parties for public cloud, Content Delivery Networks (CDNs), Secure Access Service Edge (SASE), telco connectivity, and other vital services. Third parties are constantly updating a diverse array of networks, solutions, and environments. However, even a minor bug or configuration error can quickly ripple out and bring operations to a halt.

The infamous CrowdStrike service outage, caused by a single update issue, impacted 8.5 million Microsoft Windows systems worldwide. It is estimated to have cost Fortune 500 companies $5.4 billion.

Highly distributed environments are also more difficult to defend against cyberattacks. Visibility and control are limited as the traditional perimeter breaks down. Sophisticated attacks like phishing, ransomware, DDoS, and AI-enabled threats are on the rise and evolving fast.

Even one cyberattack, faulty software update, or supply chain failure can cause operations to come crashing down. It can impact an organization’s customers, its bottom line, and its reputation.

Global regulators respond to rapid industry change

As the pace of change accelerates, proactive network testing is essential to ensuring network stability and resilience. Industry regulators have stepped up to the challenge to advocate for more stringent testing across the industry.

For example, DORA, the European Digital Operational Resilience Act, requires global financial organizations to perform operational security resiliency testing. The act also mandates incident reporting within hours, with potentially steep fines for non-compliance.

DORA became effective in January 2025 and defines a variety of compliance testing requirements, including:

• Vulnerability assessments
• Third-party and open-source software and service analysis
• Network security assessments
• End-to-end information and communication technology testing
• Gap analysis and process review

To meet these requirements, DORA also recommends a variety of operational resilience test methodologies. This includes performance and capacity testing, disaster recovery, and evaluating the impact of updates, patches, and configurations.

What are the limitations of current testing?

Most organizations have looked to vendors to test solutions before rolling them out to their branches, hosted sites, and data center locations. But in today’s complex, multi-vendor environments, that approach is changing.

Financial services firms understand that they can’t depend on vendor testing alone. They need to assume more responsibility for the operational resilience of their networks. That’s not easy with current test approaches that are hampered by:

• Siloed testing conducted in labs by different teams that may be poorly coordinated
• Rigid, static testing that can’t keep pace with rapid network changes
• Manual, time-consuming test processes that might take months
• Limited test coverage focusing on functions rather than real-world factors
• Lack of automation and no integration into a CI/CD pipeline

Unleashing the automation advantage

How can financial services organizations break free from the limitations of legacy testing? Automation provides a powerful way to accelerate the testing process, while keeping costs and risks in check.

Unlike traditional approaches, a network test automation platform gives organizations the ability to test continuously and evaluate a variety of different scenarios. Its superior speed, accuracy, and variability make it a strong fit for today’s complex, distributed enterprise infrastructures.

Automation also enables organizations to go beyond the static, limited scenarios of lab testing. It enables them to perform stress tests that better reflect real-world challenges. With an automated testing platform, they can explore how their network reacts to potential security threats, traffic surges, and unexpected disruptions.

A holistic approach, spanning “lab to live,” is key to fully realize operational resiliency. Even a small change in the network across its diverse supply chain is capable of disrupting operations. Before being deployed to the production network, all modifications should be tested automatically, and consider the context of the entire network environment.

Don’t forget continuity

Continuity is also essential for testing within dynamic, distributed infrastructures. A robust resilience test framework will need to be capable of supporting a continuous flow of changes. It should be flexible enough to support any test on any infrastructure and to emulate real-world situations, such as changing traffic conditions.

With automated features, a strong framework can accelerate test setup via APIs. Additionally, it can proactively run tests and communicate results to the right teams.

Since traditional test scripts aren’t sufficient to test operational resilience, organizations will need to utilize specialized tools such as:

• Emulators to vary test traffic, without requiring the creation of a lab network
• Digital twins that recreate real-life scenarios and more accurately test network and infrastructure resilience

AI capabilities can add a tremendous amount of value to continuous, automated testing. They can help boost efficiency by choosing the optimal test cases for a specific scenario. AI can also accelerate root cause analysis and mean-time-to-repair (MTTR) by zeroing in on the source of issues and forwarding important details and context to technical staff.

Fostering innovation while minimizing risk

In an era of digital transformation, the rapid evolution of enterprise environments, security threats, and compliance requirements shows no signs of slowing. A robust set of continuous, automated testing methodologies, enabled by the right framework and tools, means financial services firms can feel secure in the knowledge that their networks and operations will stay resilient even as they undergo constant change.

Instead of worrying about risks, disruptions, and compliance, they can focus on delivering the best possible experience to users and customers well into the future.

---

Spirent Communications plc. (LSE: SPT) is a leading global provider of automated test and assurance solutions for networks, cybersecurity, and positioning. The company provides innovative products, services and managed solutions that address the test, assurance and automation challenges of a new generation of technologies, including 5G, AI, cloud, autonomous vehicles and beyond. From the lab to the real world, Spirent helps companies deliver on their promise to their customers of a new generation of connected devices and technologies. For more information, please visit www.spirent.com and follow us on LinkedIn, X, and Facebook.

The post Automating to Assure Resilient Financial Services Networks appeared first on Enterprise Times.