Notifications
Clear all
Topic starter
12/06/2026 9:50 pm
TL;DR: When email, collaboration platforms, and messaging apps are compromised or unavailable, organizations lose the trusted communication channel they need for incident response and continuity, according to SSH Communications Security. The governance issue is not just transport replacement but whether the backup channel has independent trust, authentication, and infrastructure assumptions.
NHIMG editorial — based on content published by SSH Communications Security: out-of-band communications for incident response and resilience
Questions worth separating out
Q: How should organisations set up out-of-band communications for incident response?
A: Organisations should predefine a separate channel for incident coordination that remains usable when email, chat, or collaboration platforms are compromised or unavailable.
Q: Why do backup messaging tools fail when they share the same identity stack?
A: Backup tools fail when they inherit the same identity provider, tenant administration, or control plane as the primary channel.
Q: What do security teams get wrong about secure collaboration during incidents?
A: Teams often treat secure collaboration as an app choice instead of a governance decision.
Practitioner guidance
- Define an out-of-band communications standard Specify when responders must leave the primary collaboration platform and which alternate channel becomes authoritative during compromise, outage, or uncertainty.
- Separate identity dependencies from the primary stack Ensure the fallback channel does not depend on the same identity provider, tenant administration, or control plane as your day-to-day messaging tools.
- Test communications failover in incident exercises Run tabletop and technical exercises that force teams to coordinate through the backup channel under realistic conditions.
What's in the full article
SSH Communications Security's full article covers the operational detail this post intentionally leaves for the source:
- How SalaX Secure Messaging is positioned for secure messaging, voice, and video across desktop and mobile devices.
- Deployment options the vendor describes, including on-prem, private cloud, and air-gapped configurations.
- The emergency preparedness organisation example showing how one team used an air-gapped collaboration model.
- The vendor's framing of secure communications for sensitive executive discussions and incident coordination.
👉 Read SSH Communications Security's analysis of out-of-band communications for resilience →
Out-of-band communications: what resilience teams are missing?
Explore further
13/06/2026 12:12 am
Out-of-band communications are a resilience control, not a convenience feature. Once the primary collaboration stack is compromised or unavailable, the organisation’s ability to coordinate recovery becomes a control problem. The article correctly frames communication as part of incident response readiness, because response speed depends on whether people can still exchange trusted instructions, approvals, and status updates. For security leaders, that means communication continuity belongs in the same planning bucket as backup access paths and recovery runbooks.
A few things that frame the scale:
- 4.6% of all public GitHub repositories contain at least one hardcoded secret, according to The State of Secrets Sprawl 2025.
- Around 100,000 valid secrets were found in public Docker images, with ENV instructions alone accounting for 65% of all secret leaks in containers.
A question worth separating out:
Q: Who should control the fallback communication channel during a crisis?
A: The fallback channel should be controlled by the incident response and security governance function, with clear rules for activation, access, and oversight. That prevents ad hoc use, reduces confusion during high stress, and ensures sensitive coordination remains inside an accountable operating model rather than drifting into unmanaged messaging.
👉 Read our full editorial: Out-of-band communications are becoming a resilience control
