ControlMonkey Targets Identity Recovery Gap for MSSPs

Identity is now the primary point of conflict between bad actors and the defenders trying to defend their systems against them. In recent years, threat groups have moved on from using zero-day vulnerabilities to gain access to corporate networks. Instead, they are looking to compromise and identities to push their way through protections.

Palo Alto Networks’ Unit 42 threat intelligence unit wrote in its Global Incident Response Report 2026 that last year, identity weaknesses, such as stolen credentials and tokens, were key to almost 90% of its investigations.

It’s not just corporate security teams taking on such threats; MSSPs and other service providers are seeing the same trend. Researchers with managed detection and response (MDR) firm Blackpoint Cyber, earlier this month, wrote in the 2026 Annual Threat Report that more hackers were using legitimate credentials to bypass traditional defense and sneak their way into enterprise systems.

Despite the massive amount of attention cyber threats to identities are getting, Amir Regev said there is still a gap that organizations are not paying enough attention to. Most understand that if an adversary compromises identity, they essentially gain access to almost everything – from infrastructure to SaaS environments to internal systems – and they are investing in detection, multifactor authentication, and conditional access tools

“But far fewer are thinking about what happens if identity configuration is corrupted [or] how quickly they can restore access policies,” Regev, global director of partnerships and cloud alliances for ControlMonkey, told MSSP Alert. “Protection is improving, but recovery is still lagging behind.”

Minding the Gap

The infrastructure-as-code automation platform startup this week unveiled its Identity Disaster Recovery solution that enables organizations to restore access configurations and regain control of their IT environments if identity systems are compromised. That includes recovering infrastructure, networking, and the identity layer that delivers control of access to them.

With Identity Disaster Recovery, ControlMonkey helps close the gap by making identity recoverable as part of an organization’s larger cloud environment rather than in isolation.

ControlMonkey addresses this by making identity recoverable as part of the broader cloud environment, not in isolation. This is important as the challenges in defending identity continue to grow. Identities and credentials are scattered between on-premises, hybrid, and cloud environments, and the surge of non-human identities (NHIs) such as AI agents, APIs, service accounts, and containers is expanding the credential pool that needs protecting, and the rapid adoption of AI by bad actors.

The Need for Disaster Recovery

What ControlMonkey has found at enterprises and SMBs is being seen by other vendors as well. Quest Software, in a survey released in March, found that more than 75% of 650 IT and security executives surveyed aren’t practicing disaster recovery plans every six months, as recommended, while 24% say they never practice it.

“What we see is that organizations often have backups, but not for everything,” ControlMonkey’s Regev said. “Even when they do, they don’t test the recovery itself. Many teams focus heavily on data backups but overlook the broader ecosystem. That’s where things break. You can restore systems, but if identity isn’t aligned or recoverable, users and admins can’t log in. At that point, recovery slows down or stops entirely.”

The vendor’s Identity Disaster Recovery offering automatically captures daily snapshots of key ID configurations, including single sign-on (SSO) settings, MFA policies, application assignments, and directory structures. It also collects identity configuration across providers like Okta, Microsoft Entra, Ping, OneLogin, and JumpCloud.

Recovery is the Key

“But the key difference is recovery,” Regev said. “We store configuration and we enable teams to restore identity together with the infrastructure, SaaS applications, and systems it controls. This includes versioned configuration snapshots, fast rollback to known-good states, and preservation of dependencies between identity and other layers. The goal is simple: Restore access quickly, not just configuration.

This is important for MSSPs and MSPs, particularly those managing Okta, Entra ID, Ping Identity or OneLogin, he said. A key one is that it will allow security service providers to create an IdP (identity provider) resilience-as-a-service, which creates a new revenue stream.

“While traditional [disaster recovery] focuses on data, we enable partners to back up and instantly restore the identity ‘brain that controls access,” Regev said. “This eliminates the risk of a misconfiguration or attack paralyzing a customer’s entire cloud.”

This capability allows partners to move beyond simple identity management to offering guaranteed recovery for the entire control plane, he said, adding that “it turns a reactive support role into a proactive resilience service with zero manual rebuilding required.”