Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Identity resilience after the Semperis and MightyID deal: what changes?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10965
Topic starter  

TL;DR: The Semperis acquisition of MightyID is framed as evidence that identity resilience has matured into a distinct category because identity providers now sit at the center of business operations, yet most organisations still lack recovery paths for outages, misconfigurations, and admin compromise, according to Acsense. The market signal is clear: detection and prevention alone are not enough when identity becomes critical infrastructure.

NHIMG editorial — based on content published by Acsense: What does the Semperis acquisition of MightyID mean?

By the numbers:

Questions worth separating out

Q: What breaks when identity systems have no recovery plan?

A: Without a recovery plan, identity outages stop authentication, block privileged access, and can shut down business services that depend on identity state.

Q: Why do IAM and ITDR tools not solve identity resilience?

A: IAM enforces access and ITDR detects abuse, but neither rebuilds a tenant after corruption, ransomware, misconfiguration, or admin error.

Q: How should organisations measure identity recovery readiness?

A: Measure whether identity services can be restored to a known-good state within defined objectives, then test whether authentication, application trust, and administrative functions actually work after recovery.

Practitioner guidance

  • Define identity recovery objectives Set recovery time and recovery point objectives for identity tenants, federation settings, MFA configuration, and privileged roles.
  • Test full tenant restoration Run restore exercises that rebuild SSO, MFA, application trust dependencies, and admin roles in a controlled environment.
  • Separate detection from recovery ownership Assign clear owners for incident detection, identity restoration, and business validation so teams do not assume one function covers all three.

What's in the full article

Acsense's full article covers the operational detail this post intentionally leaves for the source:

  • The article walks through why identity recovery emerged as a standalone market category rather than a feature inside existing IAM tooling.
  • It compares identity resilience with IAM security, ITDR, and traditional backup so practitioners can see where each approach stops.
  • It includes a practical evaluation checklist for identity resilience platforms, including tenant restoration, RTO and RPO, and audit evidence.
  • It outlines why multi-IdP environments change the recovery problem and why resilience cannot stay tied to one identity provider.

👉 Read Acsense's analysis of the Semperis and MightyID acquisition and identity resilience →

Identity resilience after the Semperis and MightyID deal: what changes?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10520
 

Identity recovery has become a category because identity now behaves like infrastructure, not configuration. The market is reacting to a simple operational truth: if identity fails, the business fails with it. That means the old split between IAM enforcement and backup recovery is no longer tenable. Practitioners need to treat identity services as recoverable operational assets, not just policy engines.

A few things that frame the scale:

  • 90% of organizations experienced at least one identity-related breach in the last year, according to the Ultimate Guide to NHIs.
  • Another finding from our research shows that 96% of organizations store secrets outside secrets managers in vulnerable locations including code, config files, and CI/CD tools.

A question worth separating out:

Q: Who is accountable when an identity outage causes business interruption?

A: Accountability should sit across IAM, security operations, infrastructure, and business continuity, because identity recovery touches all four. The failure is not just technical. It becomes an operational and governance issue when no team owns restoration, validation, and sign-off after the outage.

👉 Read our full editorial: Semperis acquires MightyID and identity resilience matures



   
ReplyQuote
Share: