Digital operational resilience: Why financial services must evolve—and how F5 and NetApp are leading the way

In today’s financial ecosystem, resilience is no longer a back-office concern—it’s a boardroom priority. The convergence of digital transformation, cyber risk, and regulatory scrutiny has created a new mandate for financial institutions: prove that you can withstand disruption, recover quickly, and continue delivering critical services without compromise.

This mandate is embodied in a growing wave of global regulations focused on digital operational resilience (DOR). At the forefront is the EU’s Digital Operational Resilience Act (DORA), which came into force in January 2025. But similar frameworks are emerging across the UK, Singapore, the United States, and other regions—each demanding that financial institutions not only secure their infrastructure but also demonstrate their ability to operate through crises.

For financial services leaders, the implications are clear: resilience is no longer optional. It’s a competitive differentiator, a compliance requirement, and a strategic enabler of innovation.

Why F5 and NetApp?

When it comes to building digital operational resilience, two technology leaders stand out.

F5 is the global authority in application security and multicloud networking. For over two decades, F5 has helped enterprises deliver and protect their most critical digital services—across data centers, clouds, and edge environments. From intelligent traffic management to advanced threat mitigation, F5 enables organizations to stay online, secure, and compliant in the face of evolving risks.

NetApp, meanwhile, is the global leader in enterprise storage and data management. Trusted by thousands of financial institutions, NetApp powers high-performance workloads across hybrid and multicloud environments. Its technologies ensure that data is always available, protected, and governed—whether it’s supporting AI models, customer transactions, or regulatory reporting.

Together, F5 and NetApp offer a joint solution that’s purpose-built for the demands of DOR and DORA. By combining secure connectivity, resilient storage, and simplified operations, the two companies enable financial institutions to meet regulatory requirements while unlocking agility, performance, and innovation.

The regulatory landscape: DORA and beyond

The EU’s DORA regulation sets a new benchmark for operational resilience. It applies not only to banks and insurers but also to third-party technology providers, including cloud and data service vendors. Non-compliance can result in fines of up to 1% of a company’s average daily global turnover.

But DORA is just one piece of a broader puzzle. Regulators worldwide are introducing similar mandates:

• UK: The Financial Conduct Authority (FCA) requires firms to define impact tolerances and test their ability to remain within them.
• Singapore: The Monetary Authority of Singapore (MAS) mandates cyber resilience and incident response capabilities.
• U.S.: Federal agencies are tightening third-party risk management and continuity planning, with new guidance from the Federal Reserve, Office of the Comptroller of the Currency (OCC), and Federal Deposit Insurance Corporation (FDIC).

These frameworks share a common goal: ensuring that financial services can continue to operate securely and reliably—even in the face of major disruptions. They also reflect a growing recognition that resilience is not just about infrastructure—it’s about data, applications, and the ability to adapt in real time.

The challenge: complexity, cloud risk, and cyber threats

The shift to cloud and AI has transformed financial services—but it has also introduced new risks. Institutions now operate across multiple clouds, regions, and vendors, each with its own configuration, policies, and vulnerabilities.

Key challenges include:

• Cloud concentration risk: Over-reliance on a single hyperscaler increases exposure to outages and vendor lock-in.
• Fragmented security: Inconsistent policies across environments make it harder to detect and respond to threats.
• Limited visibility: Siloed data and infrastructure hinder real-time monitoring and compliance reporting.
• Operational overhead: Managing resilience across hybrid environments is complex and resource intensive.

These challenges make it difficult to meet DOR/DORA requirements for availability, integrity, confidentiality, and continuity of critical services. They also slow down innovation—making it harder to deploy AI, launch new services, or respond to market shifts.

The solution: F5 and NetApp for digital operational resilience

F5 and NetApp have partnered to deliver a comprehensive solution that directly addresses the core pillars of DOR and DORA. By combining F5’s security and networking leadership with NetApp’s storage and data mobility expertise, the joint solution enables financial institutions to securely connect and protect data across hybrid and multicloud environments. It also enables them to simplify operations and reduce overhead, accelerate AI and digital transformation initiatives, and ensure compliance with resilience regulations.

 

For many organizations, BIG-IP isn’t just traffic management—it’s a mission-critical component that ensures the performance, security, and resilience of its most precious resources: applications. As apps grow, deployments diversify across hybrid and multi-cloud environments (a reality for 94% of organizations), and the need for auditability increases.

That means manual, individualized, and click-ops based approaches to BIG-IP administration workflows simply cannot meet the needs of many organizations. Add in considerations like a constantly growing collection of API endpoints that need to be managed, the rise of mobile apps, app-to-app networking, expanding threat landscapes, and more sophisticated attack vectors (and point solutions to mitigate those threats) —and what you’re left with is what we call the operational “ball of fire.”

The question then becomes: how can your team evolve and scale BIG-IP administration effectively to meet the demands of your enterprise initiatives?

The answer is a holistic solution that unifies every aspect of operating applications: the F5 Application Delivery and Security Platform (ADSP). F5 ADSP was designed to address the growing complexity of hybrid multicloud environments, API sprawl, AI-driven workloads, and an expanded attack surface. At its core, F5 ADSP provides a unified solution that integrates delivery, deployment, security, and intelligent operations into a single platform.

In this blog post, we’ll explore the limitations of manual BIG-IP operations, dig into tools and strategies to scale administration workflows as part of F5 ADSP, and illustrate the outcomes you can achieve by adopting advanced BIG-IP administration and automation strategies.

Limitations of click-ops workflows

There are several limitations to click-ops workflows. These include:

• Manual overhead: Traditional, manual configuration via the BIG-IP GUI, while extremely powerful and highly customizable, can be time-consuming and error-prone, especially when managing complex, distributed workloads with multiple BIG-IP devices and hundreds of virtual servers in different deployment environments. These risks are compounded if there are no frameworks in place to ensure consistency of configuration across all these instances or automation of common repetitive tasks. In fact, we learned in the 2025 State of Application Strategy Report that 60% of organizations are mired in time-sucking manual operational tasks that block adoption of advanced workflows like AIOps.
• Lack of scalability: As app architectures become more dynamic, traditional administration methods fail to scale. Ensuring global consistency for traffic and security policies across hybrid and multicloud environments becomes overwhelming without centralized, repeatable, automated processes.
• Inconsistent configuration management: Without codified, documented workflows, teams risk diverging configurations, leading to outages, security gaps, and challenges with compliance audits. This can be especially risky for organizations operating in highly regulated industries like finance, healthcare, or government.
• Slow deployments: In the age of CI/CD pipelines, API-first design principles, self-service, templating, and instant app delivery, relying on manual steps to spin up or adjust BIG-IP settings creates organizational bottlenecks and slows the pace of innovation.
• Poor visibility and troubleshooting: Many teams struggle with monitoring automation efforts and tracking BIG-IP changes effectively. Without a reliable audit trail or visibility, troubleshooting and rollback become arduous tasks.

Evolving and scaling BIG-IP administration

To overcome these challenges and build resilient, future-proof operational workflows, BIG-IP admins are increasingly turning to scalable practices like scripts, automation frameworks, and infrastructure-as-code (IaC), for example. Below, I outline each approach beginning with foundational administration workflows, moving to advanced strategies like GitOps, and finally ending with full automation lifecycle management.

Here’s an overview of how you can start and the value each approach brings:

1. Policy-driven management using built-in BIG-IP tooling.If your team is taking its first steps toward reducing manual overhead, built-in BIG-IP capabilities like Local Traffic Manager (LTM) policies, iRules, iControl REST API, and Application Services 3 Extension (AS3) offer immediate wins. Using these strategies, you can improve administration and management and increase consistency, reliability, and visibility.