Quest Software: More than 75% of Global Organizations Are Not Testing Identity Disaster Recovery Frequently Enough

Quest Software, an Austin, Texas based company specializing in data management, cybersecurity, and platform modernization, has released findings from its annual global security survey examining how organizations approach Identity Threat Detection and Response (ITDR). The survey found that more than 75 percent of organizations are not practicing disaster recovery plans in the recommended six-month timeframe, while 24 percent state they never practice it at all.

According to Quest, identity has become the primary attack surface, and the sprawl of identities across on-premises, hybrid, and cloud environments have expanded organizations’ need to better protect their environments. This has created complications with the rise of AI-led attacks, including model theft, automated attacks, and the poisoning of data. The rapid growth of non-human identities has frequently outpaced visibility and guidance, making it even more difficult for organizations to manage identity security, with an estimated 82:1 ratio of machine identities to human identities.

In a multiple-choice selection, 51 percent of respondents said that non-human identities were the most difficult to secure, with 49 percent claiming third party and partner accounts, 47 percent stating service accounts, and 46 percent saying legacy systems, highlighting the expansion of identity areas to secure.

Quest’s annual ITDR survey also revealed that, since last year, more organizations now have an ITDR practice in place, with 57 percent of respondents saying they did compared to 48 percent a year ago. Similarly, there was an increase in organizations receiving benefits from ITDR, with 92 percent agreeing to the benefits of an ITDR practice, compared to 84 percent in last year’s survey.

“Our survey findings make one point abundantly clear: identity security challenges are broad, interconnected, and steadily growing,” said Michael Laudon, Chief Product and Technology Officer, Quest Software. “Identity systems are at the center of most environments, connecting users, applications, data, automation, and cloud services. When those systems are compromised, attackers gain immediate access and, in many cases, control over how quickly an organization can respond and recover. Many organizations still lack full visibility into their identity landscape and struggle to manage expanding workloads across hybrid environments, and most teams are not validating recovery often enough to ensure rapid restoration after an attack.”

Many organizations are putting too much confidence in preventative controls, but are not as focused on response and recovery readiness, according to the company.

The State of ITDR survey was completed by 650 top global IT and security executives and practitioners about their approach to ITDR amid a rise in AI-driven attacks, an increase in non-human identities, growing recovery risk, new and changing regulatory environments, and managing expanding attack surfaces.

Channel Impact^®
Channel partners can find multiple ways to leverage the data in this report, including leveraging the details toward enhanced testing on behalf of their clients.