Cloud Security Misconfigurations and Compliance: An Empirical Model for DORA Readiness in Financial Environments

Ferzali, Ali; Mengistu, Naol; Seid, Elias; Blix, Fredrik

Home // SECURWARE 2025, The Nineteenth International Conference on Emerging Security Information, Systems and Technologies // View article

Cloud Security Misconfigurations and Compliance: An Empirical Model for DORA Readiness in Financial Environments

Authors:
Ali Ferzali
Naol Mengistu
Elias Seid
Fredrik Blix

Keywords: Cloud Security; DORA Compliance; Financial Institutions; AWS Misconfigurations; Operational Resilience; Regulatory Technology (RegTech); Cybersecurity Governance Identity and Access Management (IAM).

Abstract:
The increasing reliance of financial institutions on cloud infrastructures has amplified concerns surrounding regulatory compliance and cybersecurity, particularly in light of the EU’s Digital Operational Resilience Act (DORA). This paper presents an experimental, empirical model designed to assess security misconfigurations in Amazon Web Services (AWS) and evaluate their alignment with DORA compliance requirements. Leveraging a Python-based scanning script built with the AWS Boto3 SDK, the study programmatically inspects critical AWS services—S3, Elastic Compute Cloud (EC2), Identity and Access Management (IAM), and Virtual Private Cloud (VPC) —within a controlled environment configured with known vulnerabilities. Each misconfiguration is automatically mapped to relevant DORA articles (Articles 5, 9, and 10), and accompanied by actionable remediation strategies. The results, visualized through a Streamlit dashboard and exportable PDF reports, demonstrate the tool’s ability to detect compliance gaps in real-time. Unlike previous work based on theoretical models or manual audits, this research offers a replicable, data-driven approach that bridges the gap between technical vulnerabilities and regulatory mandates. By doing so, it empowers financial institutions to strengthen their operational resilience and proactively align with emerging regulatory standards in dynamic cloud ecosystems.

Pages: 139 to 146

Copyright: Copyright (c) IARIA, 2025

Publication date: October 26, 2025

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-68558-306-4

Location: Barcelona, Spain

Dates: from October 26, 2025 to October 30, 2025