Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Sustainability, resilience, and cyber continuity: what IAM teams should notice


(@lalit)
Member Admin
Joined: 1 year ago
Posts: 235
Topic starter  

TL;DR: Sustainability, cyber resilience, and workforce continuity should be treated as connected pillars of operational stability, with materiality updates, energy-efficient facilities, and cybersecurity governance shaping long-term resilience, according to Commvault’s FY25 Sustainability Report. The identity lesson is that resilience programmes now extend into data, access, and governance decisions, not just environmental reporting.

NHIMG editorial — based on content published by Commvault: FY25 Sustainability Report

Questions worth separating out

Q: How should organisations connect resilience programmes to identity governance?

A: They should map continuity dependencies to the identities, credentials, and approval paths that support them.

Q: Why do sustainability and cyber resilience programmes overlap for IAM teams?

A: Both programmes depend on disciplined ownership, current evidence, and response readiness.

Q: What do security teams get wrong about resilience governance?

A: They often treat resilience as a reporting exercise instead of a control system.

Practitioner guidance

  • Align resilience reviews with access governance cycles Use the same review calendar for continuity planning, supplier oversight, and access recertification where operational dependencies overlap.
  • Map continuity dependencies to privileged and third-party access Identify which business continuity assumptions depend on vendor accounts, service credentials, or recovery tooling.
  • Reduce redundant identity paths in systems that move data heavily Review architectures that create duplicate integrations, repeated data transfers, or multiple service accounts for the same workflow.

What's in the full article

Commvault's full report covers the operational detail this post intentionally leaves for the source:

  • Specific sustainability metrics behind the company’s environmental efficiency claims, including office and data centre optimisation.
  • Detailed descriptions of the Cyber Resilience Council’s composition and how external expertise informs internal decision-making.
  • Examples of product design choices that reduce data proliferation and support customer sustainability outcomes.
  • Workforce continuity initiatives, including benefits, upskilling, and flexible work practices that support retention.

👉 Read Commvault’s FY25 Sustainability Report on resilience and continuity →

Sustainability, resilience, and cyber continuity: what IAM teams should notice?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9696
 

Resilience is becoming an identity governance issue, not just a sustainability issue. Once organisations describe continuity as dependent on operations, suppliers, and cyber readiness, they are describing a governance model that identity teams already own. The useful insight is that lifecycle discipline, ownership clarity, and review cadence now matter outside the IAM team as much as inside it. Practitioners should treat resilience language as a signal to align access governance with broader continuity controls.

A few things that frame the scale:

A question worth separating out:

Q: How can teams tell whether a resilience council is working?

A: Look for measurable control changes, not just meeting outputs. A working council changes access policy, clarifies ownership for recovery paths, and closes specific operational gaps. If it only produces discussion, the governance signal is weak.

👉 Read our full editorial: Commvault’s sustainability report links resilience to business continuity



   
ReplyQuote
Share: