Notifications
Clear all
Topic starter
06/06/2026 2:14 am
TL;DR: Modern resilience planning now has to include cloud identities, not just on-premises directories, because identity is the control plane for recovery, crisis communications, and operational continuity, according to Semperis. Least privilege, out-of-band communications, and controlled recovery become the practical baseline when the cloud is inside the blast radius.
NHIMG editorial — based on content published by Semperis: MVC resilience beyond on-prem, the cloud protection conundrum
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
Questions worth separating out
Q: How should security teams scope recovery access for cloud identity backups?
A: Scope recovery access to the smallest set of permissions needed to export, validate, and restore identity objects.
Q: Why do cloud identities change disaster recovery planning?
A: Cloud identities change disaster recovery because they control access to the systems that keep the business operating after an incident.
Q: What breaks when incident communications stay inside a compromised environment?
A: Legal coordination, decision logging, and task tracking all become unreliable when the communication platform may be observed or tampered with.
Practitioner guidance
- Scope cloud identities into the Minimum Viable Company Inventory Entra ID and other cloud identity dependencies alongside on-premises identity so recovery planning covers the systems that actually keep the business running.
- Re-tune recovery access to least privilege Replace broad administrative grants on backup and restore tooling with narrowly scoped permissions, MFA, RBAC, and auditable control points for each restore action.
- Separate crisis communications from production identity Stand up an out-of-band collaboration path for legal, technical, and executive incident coordination, with protected documents and controlled transcription outside the primary environment.
What's in the full article
Semperis's full blog post covers the operational detail this post intentionally leaves for the source:
- The specific Megakorp recovery sequence across on-premises identity, Entra ID, and business continuity planning.
- The access-control trade-offs considered for backup and restore tooling, including how least privilege was applied.
- The crisis communications workflow used to coordinate legal, technical, and executive response during the incident.
- The vendor's product-context examples for identity recovery and secure incident collaboration.
👉 Read Semperis's analysis of cloud identity resilience, recovery, and crisis communications →
Cloud identity resilience: are your recovery controls secure enough?
Explore further
06/06/2026 3:47 am
Cloud identity resilience fails when organisations still treat identity as an on-premises problem. The article shows that modern recovery scope now includes cloud identity providers, collaboration systems, and the configurations that keep them usable during crisis. That means the recovery target is not merely the directory, but the identity control plane that keeps the business operational. Practitioners should reset their MVC assumptions around cloud dependency, not just disaster recovery timelines.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to the Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: Who is accountable for protecting identities in cloud recovery architectures?
A: The customer remains accountable for protecting identities and the cloud components it controls. Shared responsibility does not move identity risk to the provider, so IAM, recovery, and incident response teams must define ownership for restore permissions, logging, and crisis coordination.
👉 Read our full editorial: Cloud identity resilience requires least privilege and secure crisis control
