Should we start with resilience and work backward from there?

Patrocinado por: Kaseya

Esta es una entrada de blog escrita por International Data Corporation (IDC), líder mundial en inteligencia de mercado, en la que se ofrecen análisis independientes sobre el estado de la ciberresiliencia de los equipos de TI.

Businesses in the digital age work at the speed of information — essentially the speed of fiber optic cable, the speed of light and the speed of compute. Large language models (LLM) and agent-led computing now make it possible to assimilate great volumes of information and reach meaningful conclusions. This encourages businesses to expand their digital footprint.

This perpetual expansion is problematic. Businesses need to add new identities to IAM platforms; firewalls are updated to reflect new access policies and account for new applications; endpoints download the latest protection software, and data is encrypted. What companies do to protect their digital assets remains “you do this and then you do that” — a manual and rote process.

While many of these processes are intuitive, is the protection of individual assets baked into the sum of the whole? Can we be certain that our protections create redundancies? Should we simply start with resilience and then work backward?

The answer to the last question is probably “yes.” Not because prevention is hopeless, but because starting with resilience forces a discipline that prevention-first thinking often skips. When you ask, “What happens if we get hit?” before “How do we stop it?”, you surface gaps in your architecture that would otherwise remain invisible until a breach exposes them.

The anatomy of resilience

Consider what resilience requires. To recover cleanly, you need to know what you have — every device, every identity, every application, every data store. And you need confidence that your recovery or restore has not been compromised. That level of environmental visibility is exactly what most organizations lack, and it is the same visibility that would have made them harder to breach in the first place.

The adversary has already figured this out. Sophisticated threat actors now target backup infrastructure specifically, not as an afterthought, but as a primary objective. That’s because if you can encrypt or corrupt a victim’s backup before detonating ransomware, you eliminate their most important recovery option and foreclose recovery before it begins. An organization that has not thought carefully about resilience is not just vulnerable to the initial attack; it’s vulnerable to losing the ability to recover from it.

Three components define a mature resilience posture:

  • Prevention-side resilience is about maintaining visibility as the environment grows. Most organizations deploy new capabilities faster than they can secure them, including new SaaS applications, new users and new cloud workloads. Every one of those events creates drift between what is running and what is protected. Closing that gap continuously, rather than periodically, is what prevention-side resilience looks like in practice.
  • Detection-side resilience is about triangulating across signal types that most security architectures keep siloed. Security telemetry catches active indicators of compromise; backup and storage telemetry catches something different and earlier — encryption behavior that precedes any alert firing. An organization that can correlate both streams simultaneously has a detection advantage that security-only architectures cannot replicate.
  • Operational resilience is the recovery function itself, defined more rigorously than “restore from backup.” It means documented, tested recovery procedures and the ability to produce evidence of what was taken and what was not, because regulatory and legal obligations now require it. Cyber insurers are increasingly scrutinizing operational maturity rather than tool deployment alone, and a defensible record of how organizations detect, respond, and recover has become a business requirement. A backup that has never been tested is not a recovery capability — it is an assumption.

Build for recovery first

The manual and rote processes described at the outset of this piece are not just inefficient — they’re fragile. What replaces them is an architecture in which IT operations, security operations, and resilience functions share a common data layer, so any new identity added to an IAM platform is automatically accounted for in the security posture, and a backup anomaly automatically informs the threat detection stack.

Starting with resilience and working backward does not mean accepting breach as inevitable. It means being honest about the complex, expanding, and targeted environment you’re defending, and knowing that adversaries have already done the math on your recovery options. Build for recovery first, and you will find that the architecture capable of clean recovery is also the one hardest to bring down in the first place.

Message from the sponsor

The shift toward resilience-first security reflects the reality that prevention alone cannot account for every gap created by a constantly expanding digital footprint. Capabilities such as unified threat detection, managed response, and continuous visibility across identities, endpoints, and SaaS environments have become core components of a mature security posture. Kaseya’s security comprehensive and integrated security portfolio supports these objectives as part of a broader approach to detection, response and recovery. Discover IT security solutions from Kaseya

Una plataforma completa para la gestión de TI y seguridad

Kaseya 365 la solución integral para gestionar, proteger y automatizar las TI. Gracias a sus integraciones fluidas en todas las funciones críticas de TI, simplifica las operaciones, refuerza la seguridad y aumenta la eficiencia.

Una plataforma. Todo en uno para TI.

Kaseya 365 disfrutan de las ventajas de las mejores herramientas de gestión de TI y seguridad en una única solución.

Descubre Kaseya 365

Su éxito es nuestra prioridad número 1

Partner First es un compromiso con condiciones flexibles, riesgo compartido y asistencia especializada para tu empresa.

Descubre Partner First Pledge»

Informe de Kaseya sobre la situación de los MSP de 2026

Kaseya - Informe sobre la situación de los MSP en 2026 - Imagen web - 1200 x 800 - ACTUALIZADO

Obtén información sobre el MSP para 2026 de más de 1000 proveedores y descubre cómo aumentar los ingresos, adaptarte a las exigencias del mercado y mantener tu competitividad.

Descargar ahora

De la protección de datos a la ciberresiliencia

Patrocinado por: Kaseya. Esta es una entrada de blog escrita por International Data Corporation (IDC), líder mundial en inteligencia de mercado, en la que comparte

Leer la entrada del blog

¿Qué es la recuperación de sistema desde cero? Definición, proceso y cuándo utilizarla

El hardware falla sin previo aviso. Un sistema que funcionaba perfectamente al final del día puede quedar completamente inoperativo.

Leer la entrada del blog

¿Qué es SecOps? Explicación de las operaciones de seguridad

La mayoría de las organizaciones cuentan con dos equipos que deberían trabajar codo con codo, pero que a menudo operan en mundos separados: las operaciones de TI,

Leer la entrada del blog