Insight and analysis on the information technology space from industry thought leaders.
Why Overlooking Identity in Disaster Recovery Is Putting Businesses at Risk
To protect critical operations, organizations should embed identity continuity into disaster recovery plans, using failover, DR-specific policies, and identity orchestration for resilience and uninterrupted access during crises.
November 13, 2024
Cyber adversaries have increasingly trained their sites on identity systems. IBM’s 2024 X-Force Threat Intelligence Index reports a 71% increase in cyberattacks exploiting user identities in 2023. The interconnected nature of modern enterprise infrastructures that span multiple cloud providers has turned identity systems into an enticing attack surface for cybercriminals.
Why this focus on identity? Today’s enterprises operate in multi-cloud and hybrid environments where critical business operations are often only protected by a login, exposing identity assets in ways that traditional cybersecurity approaches cannot fully mitigate. The result: a heightened risk landscape that puts identity at the heart of business continuity and disaster recovery (DR) planning.
Rethinking Disaster Recovery and Business Continuity
Traditional disaster recovery and business continuity (DR/BCP) plans are well-established in most organizations. They account for physical redundancies, crisis communications, incident responses, and compliance with regulatory frameworks like GDPR or SOC 2. However, these plans often lack a detailed strategy for identity continuity. This oversight leaves a significant gap in protecting against identity-related risks that can disrupt business operations and compromise data integrity.
In a multi-cloud world, identity continuity must be vital to any DR/BCP strategy. It ensures that authentication, authorization, and access services are continuously available—even during outages or attacks. This requires integrating identity systems into DR planning, not as an afterthought but as a core pillar.
Building an Identity-Resilient Infrastructure
With identity firmly established as a cornerstone of security and a top target for adversaries, preparing for the worst is no longer optional. Even the most advanced recovery plans can fall short without continuous access to identity services. Imagine the chaos if critical identity services become unavailable during a crisis: employees locked out of systems, emergency response teams unable to access vital applications, and attackers exploiting every second of downtime.
To prevent such scenarios, CISOs must plan for identity resilience. This means going beyond conventional backup strategies and implementing best practices to ensure seamless authentication, authorization, and access management—no matter the challenges. Here are some best practices:
Identity Continuity Simulation and Testing: Just as organizations simulate cyberattacks and data breaches, identity continuity must be rigorously tested. Run regular simulations to ensure your disaster recovery protocols can sustain identity system failures without disrupting access to critical applications.
DR-Specific Identity Access Policies: In a disaster, a different set of access policies may need to be enforced. Establish DR-specific access policies that only grant necessary permissions to key recovery personnel and ensure these policies are audited and kept updated.
Dynamic Failover and Synchronization: Leverage an identity fabric or orchestration layer to synchronize identity data across on-premises and cloud environments. This ensures that if one identity provider (IDP) fails, another can seamlessly take over. Modern architectures should support hot standby modes, where backup identity systems are ready to activate without delays or disruptions.
Audit and Forensic Readiness: Detailed access and audit logs are essential during and after a disaster. Attackers often escalate their activities when they detect an organization is in a degraded state. Ensuring comprehensive logging and forensic capabilities can help detect anomalies in real time and facilitate post-incident investigations.
The Role of Identity Orchestration
In a multi-cloud environment, identity orchestration enables automated identity failover between providers like Azure AD, Okta, Ping Identity, or even on-premises identity systems like Microsoft Active Directory. For example, if a primary IDP becomes unavailable, orchestration can reroute authentication requests to a secondary provider, maintaining business continuity without sacrificing security.
Identity orchestration is a central hub for managing authentication and access control across an organization’s diverse technology stack. Instead of relying on fragmented identity systems, an identity orchestration layer consolidates and standardizes identity management, enforcing consistent security policies across all applications. This approach reduces the likelihood of adversaries exploiting gaps between on-premises and cloud-based identity systems.
Legacy Infrastructure: The Weakest Link
A major hurdle in ensuring identity continuity is the presence of legacy applications that don’t support modern authentication protocols. These outdated systems often lack strong security measures, such as multi-factor authentication (MFA) or passwordless access, making them attractive targets for attackers. However, even if upgrading to MFA or passwordless security isn’t feasible, integrating these legacy applications using identity orchestration can greatly enhance overall security and reduce vulnerabilities. This integration allows legacy applications to leverage advanced security features, such as centralized user authentication and comprehensive logging, even if they can’t natively support them.
Looking Ahead
Now that identity as an attack surface is firmly within attackers' crosshairs, organizations should adopt a holistic view of identity continuity, treating it as an integral part of their disaster recovery and business continuity plans. The future of identity security lies in the ability to transition seamlessly between cloud and on-premises IDPs, with orchestration tools enabling automated, policy-driven responses.
The stakes are high, but with proactive planning, rigorous testing, and strategic investments, businesses can stay one step ahead of adversaries and maintain operational resilience, even in the face of disaster.
About the Author
Aldo Pietropaolo is Field CTO of Strata Identity, a provider of identity orchestration technology. He has had over 20 years of experience in the identity industry and was co-founder of Good Dog Labs, where he invented the first identity and access management microservices-based product (Perseus IAM). Good Dog Labs was acquired by Lighthouse Computer Services. He has held senior management roles in identity solutions engineering and architecture with SGNL, Identropy, PwC, HP, RSA, and Securant.
About the Author
You May Also Like