TL;DR: Misalignment between IT and security slows detection, complicates recovery, and widens blast radius, according to Commvault, which frames unified incident response and recovery, guided workflows, and Secure by Design as the operating model for cyber resilience. The real issue is governance continuity, because resilient recovery fails when operational and security decisions are not coordinated.
NHIMG editorial — based on content published by Commvault: IT and Security Alignment for Cyber Resilience
Questions worth separating out
Q: How should teams coordinate IT, security, and recovery during a cyber incident?
A: Teams should use a single incident command model that assigns clear ownership for detection, containment, recovery, and validation.
Q: Why does misalignment between IT and security increase cyber risk?
A: Misalignment increases risk because it slows containment, creates inconsistent recovery decisions, and widens the time window in which attackers can move or persist.
Q: What should organisations measure to know whether resilience alignment is working?
A: Use shared metrics that cover time to detection, recovery speed, restoration validation, and readiness testing outcomes.
Practitioner guidance
- Define a joint incident command model Assign explicit ownership for detection, containment, restoration, and post-incident validation across IT, Security, IAM, and recovery teams so no stage depends on informal handoffs.
- Gate restoration on security sign-off Require evidence that indicators of compromise have been reviewed and affected systems identified before backup recovery or workload restoration is approved.
- Map privileged recovery paths Inventory break-glass accounts, restore operators, and emergency access routes, then apply the same approval and logging standards used for other high-risk access.
What's in the full article
Commvault's full post covers the operational detail this analysis intentionally leaves for the source:
- How Commvault Cloud connects detection, investigation, and recovery workflows across teams.
- How Arlie AI guides responders step by step during incident handling and recovery.
- How cyber resilience assessments, scenario simulations, and isolated cleanroom testing support readiness.
- How Secure by Design and post-quantum cryptographic capabilities are positioned within the broader platform and trust model.
👉 Read Commvault's analysis of IT and security alignment for cyber resilience →
IT and security alignment: what does it mean for resilience?
Explore further
Misalignment between IT and security is now a resilience failure mode, not just an organisational nuisance. The article is right to frame speed, uptime, and compliance as competing forces that can damage incident handling when they are not governed together. In practice, the failure is coordination debt: one team restores, another team investigates, and neither has a complete picture of blast radius or trust state. Practitioners should treat alignment as a control objective, not a culture slogan.
A question worth separating out:
Q: Who is accountable for recovery decisions when security and IT priorities conflict?
A: Accountability should sit with a defined incident commander or equivalent governance role, supported by security, operations, and identity owners. Recovery decisions are high-risk because they affect trust, evidence retention, and potential reintroduction of compromise. Clear accountability prevents informal overrides during pressure and keeps restoration aligned to policy.
👉 Read our full editorial: IT and security alignment is becoming a cyber resilience control