Notifications
Clear all
Topic starter
06/06/2026 2:33 am
TL;DR: When identity systems fail, users cannot authenticate, applications cannot start, VPN access breaks, and broader business recovery stalls, according to Semperis. The message is clear: identity recovery is not an IT back-end task, but the first operational prerequisite for restoring the minimum viable company.
NHIMG editorial — based on content published by Semperis: identity recovery and the minimum viable company
Questions worth separating out
Q: How should organisations design identity recovery for cyber incident response?
A: Start with the identity layer, not the application layer.
Q: Why does recovery fail when identity is not restored first?
A: Because every downstream service depends on trust in authentication and admin access.
Q: What breaks when teams rely on system state restore for identity servers?
A: System state restore can reintroduce the operating system state that attackers or malware already influenced.
Practitioner guidance
- Define a minimum viable identity baseline Document the smallest set of identity services needed to support authentication, forensics, containment, and admin access after a destructive incident.
- Separate recovery from reinfection risk Prefer clean operating system rebuilds for identity infrastructure when there is any chance that persistence survived in the original host image.
- Test staged restoration by region Run exercises that restore identity services in phases across locations, including scenarios where one site or network path is unavailable.
What's in the full article
Semperis' full blog post covers the operational detail this post intentionally leaves for the source:
- The fictional Megakorp recovery sequence, including how the identity MVC was sized and restored step by step.
- The rationale for using an isolated recovery environment rather than rebuilding inside the compromised production estate.
- The staged return of regional authentication services and how the recovery model handled differing local constraints.
- The discussion of why bare metal and system state recovery were rejected in favour of a clean operating system rebuild.
👉 Read Semperis' analysis of identity recovery as the foundation of business resilience →
Identity recovery for business resilience: what IAM teams need now?
Explore further
06/06/2026 4:17 am
Identity recovery is a business continuity control, not a technical afterthought. When authentication fails, the enterprise loses the ability to bring users, systems, and administrative functions back in a trusted order. That makes identity the first recoverable business dependency, not a downstream support service. Practitioners should treat identity recovery as part of the minimum viable company design, not as a separate infrastructure exercise.
A few things that frame the scale:
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to the Ultimate Guide to NHIs.
A question worth separating out:
Q: Who should own identity recovery during a major outage?
A: The recovery owner should be the team that can coordinate authentication, privilege, containment, and validation in the right order, with clear escalation paths for business and technical decisions. In practice, that means shared ownership across identity, infrastructure, and incident response, with one accountable lead for each stage.
👉 Read our full editorial: Identity recovery is the foundation of a minimum viable company
