Should we start with resilience and work backward from there?

Avec le soutien de: Kaseya

Il s'agit d'un article de blog rédigé par International Data Corporation (IDC), leader mondial de l'analyse de marché, qui présente des analyses indépendantes sur l'état de la cyber-résilience des équipes informatiques.

Businesses in the digital age work at the speed of information — essentially the speed of fiber optic cable, the speed of light and the speed of compute. Large language models (LLM) and agent-led computing now make it possible to assimilate great volumes of information and reach meaningful conclusions. This encourages businesses to expand their digital footprint.

This perpetual expansion is problematic. Businesses need to add new identities to IAM platforms; firewalls are updated to reflect new access policies and account for new applications; endpoints download the latest protection software, and data is encrypted. What companies do to protect their digital assets remains “you do this and then you do that” — a manual and rote process.

While many of these processes are intuitive, is the protection of individual assets baked into the sum of the whole? Can we be certain that our protections create redundancies? Should we simply start with resilience and then work backward?

The answer to the last question is probably “yes.” Not because prevention is hopeless, but because starting with resilience forces a discipline that prevention-first thinking often skips. When you ask, “What happens if we get hit?” before “How do we stop it?”, you surface gaps in your architecture that would otherwise remain invisible until a breach exposes them.

The anatomy of resilience

Consider what resilience requires. To recover cleanly, you need to know what you have — every device, every identity, every application, every data store. And you need confidence that your recovery or restore has not been compromised. That level of environmental visibility is exactly what most organizations lack, and it is the same visibility that would have made them harder to breach in the first place.

The adversary has already figured this out. Sophisticated threat actors now target backup infrastructure specifically, not as an afterthought, but as a primary objective. That’s because if you can encrypt or corrupt a victim’s backup before detonating ransomware, you eliminate their most important recovery option and foreclose recovery before it begins. An organization that has not thought carefully about resilience is not just vulnerable to the initial attack; it’s vulnerable to losing the ability to recover from it.

Three components define a mature resilience posture:

  • Prevention-side resilience is about maintaining visibility as the environment grows. Most organizations deploy new capabilities faster than they can secure them, including new SaaS applications, new users and new cloud workloads. Every one of those events creates drift between what is running and what is protected. Closing that gap continuously, rather than periodically, is what prevention-side resilience looks like in practice.
  • Detection-side resilience is about triangulating across signal types that most security architectures keep siloed. Security telemetry catches active indicators of compromise; backup and storage telemetry catches something different and earlier — encryption behavior that precedes any alert firing. An organization that can correlate both streams simultaneously has a detection advantage that security-only architectures cannot replicate.
  • Operational resilience is the recovery function itself, defined more rigorously than “restore from backup.” It means documented, tested recovery procedures and the ability to produce evidence of what was taken and what was not, because regulatory and legal obligations now require it. Cyber insurers are increasingly scrutinizing operational maturity rather than tool deployment alone, and a defensible record of how organizations detect, respond, and recover has become a business requirement. A backup that has never been tested is not a recovery capability — it is an assumption.

Build for recovery first

The manual and rote processes described at the outset of this piece are not just inefficient — they’re fragile. What replaces them is an architecture in which IT operations, security operations, and resilience functions share a common data layer, so any new identity added to an IAM platform is automatically accounted for in the security posture, and a backup anomaly automatically informs the threat detection stack.

Starting with resilience and working backward does not mean accepting breach as inevitable. It means being honest about the complex, expanding, and targeted environment you’re defending, and knowing that adversaries have already done the math on your recovery options. Build for recovery first, and you will find that the architecture capable of clean recovery is also the one hardest to bring down in the first place.

Message from the sponsor

The shift toward resilience-first security reflects the reality that prevention alone cannot account for every gap created by a constantly expanding digital footprint. Capabilities such as unified threat detection, managed response, and continuous visibility across identities, endpoints, and SaaS environments have become core components of a mature security posture. Kaseya’s security comprehensive and integrated security portfolio supports these objectives as part of a broader approach to detection, response and recovery. Discover IT security solutions from Kaseya

Une plateforme complète pour la gestion informatique et de la sécurité

Kaseya 365 la solution tout-en-un pour la gestion, la sécurisation et l'automatisation de l'informatique. Grâce à des intégrations transparentes entre les fonctions informatiques essentielles, elle simplifie les opérations, renforce la sécurité et améliore l'efficacité.

Une seule plateforme. Tout l'informatique.

Kaseya 365 bénéficient des avantages des meilleurs outils de gestion informatique et de sécurité, le tout dans une solution unique.

Découvrez Kaseya 365

Votre succès est notre priorité absolue.

Partner First, c'est l'engagement d'offrir des conditions flexibles, un partage des risques et un accompagnement dédié à votre entreprise.

Découvrez Partner First Pledge »

Rapport Kaseya 2026 sur la situation des MSP

Kaseya - Rapport 2026 sur la situation des MSP - Image web - 1200 x 800 - MISE À JOUR

Découvrez les perspectives 2026 sur le MSP, issues des témoignages de plus de 1 000 prestataires, et apprenez comment augmenter votre chiffre d'affaires, vous adapter aux pressions du marché et rester compétitif.

Télécharger maintenant

Faire de la protection des données un pilier de la cyber-résilience

Avec le soutien de : Kaseya Cet article de blog a été rédigé par International Data Corporation (IDC), leader mondial de l'analyse de marché, qui partage

Lire l'article de blog

Qu'est-ce que la restauration complète du système ? Définition, procédure et quand y recourir

Le matériel tombe en panne sans crier gare. Un système qui fonctionnait parfaitement à la fin de la journée peut se retrouver complètement hors service.

Lire l'article de blog

Qu'est-ce que le SecOps ? Explications sur les opérations de sécurité

La plupart des entreprises comptent deux équipes qui devraient travailler main dans la main, mais qui évoluent souvent dans des mondes à part : les opérations informatiques,

Lire l'article de blog