Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog

Building Identity Resilience for the Front Lines of Disruption

Published 05/07/2025

Home
Industry Insights
Building Identity Resilience for the Front Lines of Disruption

Written by Eric Olden, Strata Identity.

Originally published on Forbes.

 

No group relies on reliability and predictability more than the military. Human lives and critical data depend on safe and secure systems. Yet, operations frequently occur under extremely challenging conditions, including environments where disrupted communications are the norm, such as forward operating bases.

The bottom line on the front lines of conflict? The military requires a robust ICAM (Identity, Credential, and Access Management) framework that can function efficiently even when network access isn’t available — whether planned or unplanned. The term typically used to describe these unreliable network situations is: disrupted, disconnected, intermittent, and low-bandwidth environments (DDIL).

Not surprisingly, the same problems and principles can apply to organizations due to their business model (e.g., cruise ships), natural disasters, and/or network connectivity outages. Whether a disruption results from a network error, a software glitch, or a physical cut of a fiber optic line, there’s a need to maintain digital operations safely and securely.

The key to addressing the challenge revolves around identity continuity and disconnected hybrid topologies. This approach integrates governance, data handling, and security considerations to promote continuous operations even in disconnected modes.

 

Disruption Matters — especially when lives are on the line

Understanding the risks and realities of network disruption is the first step toward getting to a more resilient framework. Although DDIL isn’t a complicated concept, resolving it can prove challenging, especially in highly fluid military operations in theater. There are four core components to focus on:

Disrupted environments. Identity infrastructure is subject to attack at any time, and an organization must support resilient operations and application access across systems and applications.

Disconnected operations. In some cases, there’s a need for secure access to applications and data while disconnected from the cloud. Think of how a submarine operates underwater for extended periods or deploying assets in the field abroad.

Intermittent access. Under certain circumstances, teams may have infrequent or interrupted access to the cloud. An inability to reach data and applications can impact decision-making.

Low bandwidth. Field personnel, or those working in certain operating situations, may be unable to access high-speed broadband networks.

It isn’t challenging to understand the severity of military disruptions, planned or otherwise. However, DDIL impacts the business world in several ways. It can chip away at supply chain resilience, undermine productivity in hybrid and remote work environments, compromise crucial apps and systems for customers and employees, and present significant cybersecurity risks.

 

Minding the Gaps

DDIL environments may complicate an already tricky identity and security framework, yet there are ways to rein in the risks and establish greater resiliency:

  • Create a distributed air-gap architecture that provides data security and isolation.
  • Establish an identity orchestration layer (not simply an identity provider or IDP) that intelligently integrates with multiple identity systems.
  • Configure your identity fabric to support both cloud based and on-premises IDPs
  • Introduce orchestration capabilities that work in disconnected mode.
  • Use extensive logging and reporting on administrative changes and user access.
  • Architect a hybrid network that redundantly relies on both cloud-based and on-premises systems.

Core orchestration and identity continuity capabilities for DDIL include:

A disconnected mode. Identity orchestration must function in disconnected mode natively with an air gap design. It must be capable of swapping IDPs from a local environment to the cloud when connectivity is available.

Secure access to distributed workloads. It’s vital to provide identity services for applications that run in distributed environments, including on tactical edge appliances. Runtime enforcement must take place without a connection.

IDP Continuity. There’s a need for failsafe identity verification that works across IDPs in the event of a failure. This includes the ability to switch to local or other IDPs.

An ability to handle degraded access. An organization must be able to enforce different access modes under various scenarios. This includes a read-only capability.

High performance with a small footprint. An organization needs to be able to deploy software that has a small footprint to work with constrained resources in the field.

 

Gaining an Edge

Continuous identity must address two key requirements: high latency and low bandwidth situations that cannot run entirely on fast, reliable internet connections and built-in redundancies that support local file system checks and cloud storage options.

It's possible to achieve a best practice framework by focusing on three vital factors:

Governance. An identity provider responsible for managing users and access should exist in both on-premises systems and the cloud. This allows for using cloud systems when available, failover to on-premises IDPs, and support of disconnected environments.

Data Handling. The system uses secure methods to handle policy updates. This promotes integrity and prevents unauthorized changes. The process can take place via network transfers or using a physical device such as a USB drive.

Security Considerations. Encryption and signature validation ensure that an organization will maintain security even in disconnected modes. Additionally, the system can regulate access based on the current mode, restricting changes during lower security states, such as read-only access.

Continuous identity serves as a valuable tool for building operational resilience and Zero Trust security. It can prove transformative in both military and civilian settings. Deploying in air-gapped environments and infusing hybrid operational models helps an organization evade costly business and cyber threats and enjoy continuous access, even in the most complex and dynamic situations.

Data SecurityIdentity and Access ManagementIndustry

Share this content on your favorite social network today!

Future Cloud
Related Resources
Certificate of Competence in Zero Trust (CCZT)
The industry's first Zero Trust certificate program.
AI Organizational Responsibilities
A blueprint for enterprises to secure AI development and deployment.
AI Safety Initiative
Addressing present and future challenges of AI safety and security.
Latest from CSA
Register for the Free Virtual Summit on June 5th
Share Your Insights in this Open Survey for Cloud & Hybrid Security
CrowdStrike CEO George Kurtz Receives 2025 Philippe Courtot Award
Unlock Cloud Security Insights

Unlock Cloud Security Insights

Choose the CSA newsletters that match your interests:

Subscribe to our newsletter for the latest expert trends and updates

Enhance your cloud security skills with CSA's online training options.
Related Articles:
Unpacking the 2024 Snowflake Data Breach

Published: 05/07/2025

Taming the Beast: The 5 Essential Pillars of SaaS Security

Published: 05/07/2025

Securing the Media Industry

Published: 05/06/2025

Manufacturing’s Hidden Cybersecurity Crisis: Why ESXi Hypervisor Security Can’t Wait

Published: 05/06/2025