TL;DR: DDIL environments can break real-time authentication and authorization, pushing users toward risky workarounds and turning outages into openings for credential sharing, privilege escalation, and mission disruption, according to Strata Identity. Continuous identity controls, not cloud-only verification, become the deciding factor when access must survive disconnected conditions.
NHIMG editorial — based on content published by Strata Identity: Identity Continuity Zero Trust in the dark, securing missions when the network goes down
By the numbers:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.
- Only 5.7% of organisations have full visibility into their service accounts.
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
Questions worth separating out
Q: How should teams keep Zero Trust working when identity services are unreachable?
A: Teams should design continuity paths that preserve authentication and authorization when the primary identity provider is down.
Q: Why do DDIL conditions create so much identity risk?
A: DDIL conditions create identity risk because they remove the live verification loop that many Zero Trust programmes depend on.
Q: What breaks when access decisions require constant cloud connectivity?
A: What breaks is the assumption that every access event can be verified in real time.
Practitioner guidance
- Define critical DDIL access paths Identify the roles, applications, and mission workflows that must keep operating when the identity provider is unreachable, then document the minimum trusted access model for each one.
- Test session continuity under failover Run exercises that switch identity services mid-session and verify whether users remain authenticated without falling back to shared credentials or manual overrides.
- Harden lifecycle changes for degraded states Ensure joiner, mover, and leaver actions can still be approved, recorded, and enforced when connectivity is intermittent, including temporary responders and contractors.
What's in the full article
Strata Identity's full article covers the operational detail this post intentionally leaves for the source:
- How the Maverics Identity Continuity platform maintains sessions during identity provider failover.
- The DDIL-specific operating patterns the article uses to frame disconnected, denied, intermittent, and low-bandwidth environments.
- The field and edge use cases that show why outage handling must be built into identity architecture.
- The vendor's view of how continuity supports Zero Trust in military and civilian contexts.
👉 Read Strata Identity's analysis of Zero Trust identity continuity in DDIL environments →
Zero Trust continuity in DDIL environments: what teams miss?
Explore further
Identity continuity is now a Zero Trust requirement, not an optional resilience feature. Zero Trust that only works when cloud identity is reachable is not continuous Zero Trust. In DDIL conditions, the control plane itself becomes part of the attack surface because authentication availability determines whether policy can execute. Practitioners should treat continuity as a core design criterion, not a backup concern.
A few things that frame the scale:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
A question worth separating out:
Q: Who is accountable when users bypass identity controls during an outage?
A: Accountability stays with the organisation that designed the control model, not with the outage itself. If teams expect users in the field, on the edge, or in recovery operations to improvise, then the governance gap is architectural. Frameworks such as Zero Trust and lifecycle governance should define who approves continuity exceptions, how they are logged, and when they are revoked.
👉 Read our full editorial: Zero Trust identity continuity when the network goes dark