Brands

Hot News

DORA Compliance at Scale: A Technical Account of Intesa Sanpaolo's Transformation
Publish Time: 01 Apr, 2026

Just like Italian coffee, the relationship between Cisco and Intesa Sanpaolo is strong and intense. That's what 20 years of close collaboration gets you: a partner that you can trust to help you with the most urgent, critical, and complex business challenges.

Ensuring DORA compliance was one of these challenge for Intesa Sanpaolo. The Digital Operational Resilience Act (DORA) is a European Union regulation requiring financial entities to enhance their digital operational resilience, including the security of their ICT systems and third-party providers. DORA compliance came with a set deadline, and no grace period. To comply, Intesa Sanpaolo needed to ensure their distributed network devices met security compliance standards across their network of 2,500 bank branches. They were looking at an upgrade of around 8,000 switches.

Running Infrastructure as Code to Ensure DORA Compliance

From our first in-person meeting in Milan, it was clear that the new requirements demanded a new infrastructure management and configuration approach.

Traditionally, the configuration and provisioning of network services and infrastructure are executed manually. These manual workflows lack the necessary change validation, tracking and automated testing -making them error-prone, time-consuming, and difficult to reproduce consistently. Factoring in the scale and urgency of their project, the old-school way of doing things wasn't going to work for Intesa Sanpaolo.

Equally important, the whole exercise had to happen while maintaining uninterrupted access and the highest standards of service for the bank's 7.6 million customers. Our team knew the solution was the transition to a sophisticated, "as-code" approach which would ensure every network change is automatically validated, repeatable, and fully compliant. That's where Cisco Services as Code (SaC) came in. Cisco Services as Code allows organizations to define their network infrastructure state and treat all elements as software that can be versioned and managed at scale. Automation and DevSecOps methodologies expedite the provisioning, configuration, testing, and deployment processes to enable them to seamlessly operate and optimize their network, backed by 24×7 technical support.

One-click Network Management: Behind the Architecture

For the next couple of weeks we were focused on solution setup, validation, and knowledge transfer. We recommended Cisco Catalyst Center as the centralized controller with Services as Code (SaC) on top, which ensured compatibility with their pre-existing version control and workflow orchestration environment. An existing Catalyst Center cluster was leveraged to onboard all the network devices that needed to comply with the regulatory requirements. Next, we customized a series of intent-based workflows adopting all the tools and processes included in Services as Code (SaC).

From the jump, our team (Cisco Professional Services) was there to support Intesa with the technical expertise only Cisco can offer:

  • Validation: We implemented advanced custom validation rules to eliminate operator error during configuration.
  • Terraform best practices: We established robust standards to manage thousands of devices, including secure, cloud-based storage for terraform state files.
  • Custom 'one-click' workflows: We developed intent-based workflows to automate device onboarding in Cisco Catalyst Center, streamlining security policy enforcement and RMA procedures.
  • Custom testing automation: We customized the Robot Framework to verify configuration changes and ensure ongoing compliance. Intesa Sanpaolo now runs these automated tests periodically as independent compliance reports to validate changes, such as successful 802.1X enablement.

By leveraging Services as Code (SaC) and Cisco Catalyst Center, we were able to automate deployment, increase assurance and gain unmatched visibility.

Beyond Compliance: The Benefits of the 'Programmable Infrastructure'

While the trigger for this network transformation was the DORA regulation, the benefits extend far beyond compliance.

Intesa Sanpaolo now has a 'programmable infrastructure'. No more manual, error-prone GUI implementation, messy change management, and painful rollbacks! In just a few seconds, they can start an end-to-end comprehensive workflow -from code-based configuration for automated provisioning to validated testing and deployments.

The project is still ongoing, but the impact is already measurable. With Cisco Services as Code(SaC), Intesa Sanpaolo has:

  • Achieved seamless DORA compliance with auditable, consistent network configurations through automation.
  • Improved network speed, reliability, and scalability by adopting CI/CD pipelines and automated deployment
  • Reduced time to implementation by 70%, freeing up IT teams from manual tasks and allowing them to focus on strategic innovation and business growth.
  • Strengthened operational agility and confidence with repeatable, code-defined processes for network management.

Together, as long-time partners, we will continue to advance Intesa Sanpaolo's journey to AIOps.

Identifying and remediating a persistent memory compromise in Claude Code Why full-stack post-quantum cryptography cannot wait
Cisco Services as Code DORA compliance Infrastructue as Code Solution Validation Services
I’d like Alerts: