Institutions call networks, cloud platforms and payment systems critical infrastructure. Identity sits underneath all of them.
If the directory, domain, privileged accounts or recovery channels fail, healthy applications become unavailable to legitimate users and available to the wrong ones. Every recovery plan that begins with servers has started one layer too late.
Identity determines who may recover
During an incident, the institution must establish who is authorised to isolate, restore and reconnect. If that proof depends on the compromised identity system, recovery becomes circular.
Value object — The Identity Continuity Map
- Authoritative identity sources.
- Privileged and recovery identities.
- Independent emergency authentication.
- Critical systems dependent on each source.
- Manual issuance and revocation route.
- Last recovery exercise and evidence.
Recover the control plane first
Prioritise domain, directory, administrator and secure communications. Issue short-lived emergency access through an independently verified process. Restore applications only after trustworthy identities and logging exist.
Identity is not a support service. It is the infrastructure through which the institution proves who may act.
