By NHI Mgmt Group Editorial TeamPublished 2026-02-04Domain: Governance & RiskSource: Acsense

TL;DR: The Semperis acquisition of MightyID is framed as evidence that identity resilience has matured into a distinct category because identity providers now sit at the center of business operations, yet most organisations still lack recovery paths for outages, misconfigurations, and admin compromise, according to Acsense. The market signal is clear: detection and prevention alone are not enough when identity becomes critical infrastructure.


At a glance

What this is: This is an analysis of the Semperis and MightyID acquisition as a market signal that identity resilience has become a standalone category centered on restoring identity systems and business operations.

Why it matters: It matters because IAM teams, IGA leads, and security architects now have to treat identity recovery as part of operational resilience, not as an afterthought to threat detection.

By the numbers:

👉 Read Acsense's analysis of the Semperis and MightyID acquisition and identity resilience


Context

Identity resilience is the ability to restore identity services, trust relationships, and policy state after an outage, compromise, or configuration failure. In this article, the primary issue is that identity has become critical infrastructure, but many programmes still stop at prevention and detection instead of recovery.

The Semperis and MightyID acquisition is being used as evidence that the market now recognises identity recovery as a real operating requirement. That is a meaningful shift for NHI, IAM, and identity architecture teams because service continuity now depends on being able to restore identity state as well as access controls.


Key questions

Q: What breaks when identity systems have no recovery plan?

A: Without a recovery plan, identity outages stop authentication, block privileged access, and can shut down business services that depend on identity state. Detection tools may show the problem, but they do not restore trust relationships, federation settings, or tenant configuration. Recovery has to be designed as a separate capability.

Q: Why do IAM and ITDR tools not solve identity resilience?

A: IAM enforces access and ITDR detects abuse, but neither rebuilds a tenant after corruption, ransomware, misconfiguration, or admin error. Identity resilience requires restoration of configuration, dependencies, and operational validation. That is why organisations need a recovery model rather than only security monitoring.

Q: How should organisations measure identity recovery readiness?

A: Measure whether identity services can be restored to a known-good state within defined objectives, then test whether authentication, application trust, and administrative functions actually work after recovery. If those checks are manual, undocumented, or untested, the programme is not truly ready.

Q: Who is accountable when an identity outage causes business interruption?

A: Accountability should sit across IAM, security operations, infrastructure, and business continuity, because identity recovery touches all four. The failure is not just technical. It becomes an operational and governance issue when no team owns restoration, validation, and sign-off after the outage.


Technical breakdown

Why identity backup is different from infrastructure backup

Identity systems are not just data stores. They encode authentication policies, trust relationships, federation settings, MFA bindings, administrative roles, and application dependencies. Backing up virtual machines or databases does not preserve the operational meaning of an identity tenant. Recovery has to restore state in a way that preserves sign-in behaviour, authorization logic, and downstream integrations. That is why identity resilience is a distinct discipline rather than a narrow backup feature.

Practical implication: validate that recovery covers tenant state, policy logic, and trust dependencies rather than object export alone.

How identity outages create business interruption

When an identity provider fails, users cannot authenticate, applications cannot authorize requests, privileged administrators lose access paths, and dependent SaaS services may stop working. The failure mode is systemic because identity sits in the control plane for both workforce and machine access. Unlike endpoint outages, there is little graceful degradation. The result is not only a security incident but also a continuity event that can block operations across cloud, collaboration, and production systems.

Practical implication: map identity recovery time objectives to business downtime tolerance, not just security incident response metrics.

Why ITDR and IAM controls do not replace recovery

Identity Threat Detection and Response is designed to detect abuse, while IAM is designed to enforce access. Neither restores tenant configuration, rebuilds federation trust, or validates that identity services are functioning after a disruption. Backup tools also often miss the operational context needed to bring identity back safely. Identity resilience fills that gap by treating identity as a recoverable service with measurable restoration outcomes.

Practical implication: assess recovery capability separately from detection coverage and access governance.


Threat narrative

Attacker objective: The objective is to disrupt identity operations enough to halt access, delay response, and amplify business interruption.

  1. Entry occurs through misconfiguration, social engineering, ransomware, or tenant drift that disrupts identity state rather than exploiting a single endpoint.
  2. Escalation follows when administrators lose reliable control of authentication, roles, or federation settings and are unable to restore trust quickly.
  3. Impact is business-wide interruption because users, applications, and privileged workflows depend on identity services remaining available and correct.
  • Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
  • DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

Identity recovery has become a category because identity now behaves like infrastructure, not configuration. The market is reacting to a simple operational truth: if identity fails, the business fails with it. That means the old split between IAM enforcement and backup recovery is no longer tenable. Practitioners need to treat identity services as recoverable operational assets, not just policy engines.

The first control gap in identity resilience is restoration of tenant state, not threat detection. Most IAM and ITDR programmes were built to catch misuse, investigate events, and enforce access. They were not built to reconstruct trust relationships, federation logic, and admin structures after outage or corruption. The implication is that identity operations need recovery objectives that can be tested, audited, and repeated.

Identity resilience will increasingly become the bridge between IAM, PAM, and business continuity planning. That is where category formation usually stabilises. When identity is the control plane for workforce, customer, and machine access, recovery ownership can no longer sit in a narrow security silo. Practitioners should expect resilience requirements to show up in architecture reviews, audit evidence, and board continuity discussions.

The named concept here is identity recovery readiness. It is the point at which an organisation can prove that identity services can be restored to a known-good state with dependencies intact. That is different from owning backups or having an incident playbook. The practitioner conclusion is that identity recovery must be measured as an operating capability, not assumed because backups exist.

From our research:

  • 90% of organizations experienced at least one identity-related breach in the last year, according to the Ultimate Guide to NHIs.
  • Another finding from our research shows that 96% of organizations store secrets outside secrets managers in vulnerable locations including code, config files, and CI/CD tools.
  • For a broader view of identity failure modes and recovery gaps, see the NHI Lifecycle Management Guide.

What this signals

Identity recovery readiness: the next maturity test is not whether an organisation can detect identity compromise, but whether it can restore trust relationships and tenant state without improvisation. That shift will push identity programmes closer to resilience engineering, with recovery testing becoming a board-visible control rather than an admin exercise.

With 96% of organizations storing secrets outside secrets managers in vulnerable locations, identity continuity and secret hygiene are now linked operational risks rather than separate workstreams. Teams that treat recovery, rotation, and offboarding as disconnected tasks will keep finding the same failure mode from different angles.


For practitioners

  • Define identity recovery objectives Set recovery time and recovery point objectives for identity tenants, federation settings, MFA configuration, and privileged roles. Tie them to business downtime tolerance, not just security targets.
  • Test full tenant restoration Run restore exercises that rebuild SSO, MFA, application trust dependencies, and admin roles in a controlled environment. Verify that recovered identity state actually works before an outage proves otherwise.
  • Separate detection from recovery ownership Assign clear owners for incident detection, identity restoration, and business validation so teams do not assume one function covers all three. Document escalation paths before a real failure forces them.
  • Audit multi-IdP recovery paths If the organisation uses multiple identity providers, confirm that recovery procedures work across each tenant and that failover does not break authentication or downstream authorisation.

Key takeaways

  • The acquisition signals that identity resilience has moved from an emerging idea to a recognised operating category.
  • The core gap is not detection but the ability to restore identity state, trust relationships, and access services after disruption.
  • Practitioners need measurable recovery objectives for identity, not just controls that try to prevent or observe abuse.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

MITRE ATT&CK address the attack and risk surface, while NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0RC.RP-1Recovery planning is central to identity resilience and business continuity.
NIST SP 800-53 Rev 5CP-10Backup and restoration controls map directly to identity tenant recovery.
MITRE ATT&CKTA0040 , ImpactThe article focuses on business interruption caused by identity disruption.

Map identity outage scenarios to impact tactics and prioritise controls that preserve service continuity.


Key terms

  • Identity resilience: Identity resilience is the ability to restore identity systems, trust relationships, and access services after disruption. It goes beyond prevention and detection by proving that identity can return to a known-good operating state and support the business again.
  • Identity recovery readiness: Identity recovery readiness is the measurable ability to rebuild identity state within defined objectives and validate that authentication, authorization, and administration work after restore. It is an operating capability, not a claim that backups exist.
  • Tenant state: Tenant state is the full operational configuration of an identity environment, including policies, federation settings, MFA bindings, roles, and application trust links. In practice, losing tenant state can be as disruptive as losing the directory itself.
  • Identity control plane: The identity control plane is the layer where access decisions, authentication, and trust relationships are governed for users, applications, and services. When it fails, the blast radius extends across many systems because so much enterprise access depends on it.

What's in the full article

Acsense's full article covers the operational detail this post intentionally leaves for the source:

  • The article walks through why identity recovery emerged as a standalone market category rather than a feature inside existing IAM tooling.
  • It compares identity resilience with IAM security, ITDR, and traditional backup so practitioners can see where each approach stops.
  • It includes a practical evaluation checklist for identity resilience platforms, including tenant restoration, RTO and RPO, and audit evidence.
  • It outlines why multi-IdP environments change the recovery problem and why resilience cannot stay tied to one identity provider.

👉 Acsense's full article covers the category formation logic, analyst validation, and platform evaluation questions in more detail.

Deepen your knowledge

NHI governance, identity lifecycle management, and secrets management are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or operational resilience, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-02-04.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org