Recently, I’ve been speaking with organisations across Northern Ireland, and many are sharing the same experience: cloud services they rely on were suddenly unavailable.
For some, it was email. For others, file access or identity services. In most cases, the outage was temporary — but the impact was immediate. Work slowed or stopped, communication broke down, and teams were left waiting for systems to come back online.
This has shifted resilience conversation in a practical way. Organisations are no longer asking if outages can happen. They are asking what happens to their data and their backups — when they do.
For many organisations, Entra ID has quietly become the control plane for the entire digital estate. It governs who can access systems, which devices are trusted, how applications authenticate, and what administrators are allowed to do.
Despite this critical role, Entra ID does not include native point-in-time backup or recovery.
Most identity-related incidents are not the result of sophisticated attacks. They are caused by human error, misconfiguration, or unintended changes — such as the deletion of users, groups, or Conditional Access policies. When identity is unavailable or corrupted, even fully intact data and applications become inaccessible.
Backing up Entra ID is about ensuring organisations can regain control, restore access, and continue operating after an incident — whether caused by error, outage, or attack. Organisations are starting to pay more focus to this gap.
As organisations review their resilience, many are uncovering a blind spot.
Many do have backups. But those backups live inside the same cloud ecosystem as their production environment. That discovery raises a question:
If there is a broad cloud outage, does that mean I can’t access my backups either?
For some organisations, the answer is yes.
Many backup tools store data on the same underlying platform as live services. If the SaaS provider is experiencing a broader outage, recovery may be delayed or impossible until services are restored.
Imagine locking your car , You keep a spare key — But instead of keeping it at home or giving it to someone you trust… you put it in the boot of the same car. It’s technically a spare.
But if the car is locked, stolen, or inaccessible — so is the spare key.
You’ve created redundancy, inside the same dependency.
Cloud platforms deliver benefits, and for most organisations they remain the right choice. The challenge is not the cloud itself, but cloud concentration risk.
Recent outages have brought this into focus. Short periods of unavailability can halt operations, delay services, and undermine confidence.
What’s changing now, is the nature of the questions organisations are asking.
The focus is on very practical scenarios:
These are increasingly being asked by leadership teams, not just IT.
Many organisations are reaching the same conclusion: true resilience requires a degree of independence.
That doesn't mean abandoning cloud platforms. It means ensuring recovery paths are not entirely dependent on the same environment as production.
Independence gives options. It allows you to regain access to data and make decisions, rather than waiting for services to be restored. Without separation and independence for backups, even well-designed environments can leave organisations static.
Alongside availability, another theme is emerging: data sovereignty.
Recent outages and geopolitics have prompted organisations to look at where their data resides, who can access it, and how many third-party sub-processors sit between them and their information.
In many cases, backup data is stored in the UK or EU, but processed by multiple parties that are not well understood. During normal operations this rarely feels like a problem. During incidents, audits, or regulatory scrutiny, these details suddenly matter, particularly for public sector bodies, regulated industries, and organisations operating across borders.
Organisations are asking practical questions:
Encouragingly, many organisations are beginning to recognisesovereignty and resilience are closely linked.
What is clear - is that resilience thinking is maturing.
Organisations are moving toward evidence. They are questioning long-held beliefs about availability, backups, and cloud guarantees. And they are recognising that resilience is about what is tested — not what looks good on paper.
Northern Ireland is rapidly growing in the cyber sector in recent years. Organisations and individuals based here are already supporting businesses through exactly these challenges.
With a strong cyber ecosystem, close links between industry and academia, Northern Ireland has an opportunity to play a meaningful role in shaping how organisations approach digital risk — not just locally, but beyond the region.
This presents an opportunity for the next generation. Cyber resilience is no longer a niche technical field. It is central to how organisations operate, protect services, and maintain trust.
In this increasingly technological world, I would encourage more people to consider a field in cyber in Northern Ireland, as the ecosystem goes from strength to strength.
Sync NI's Spring 2026 magazine explores innovation and collaboration transforming Northern Ireland's technology ecosystem
This issue features exclusive insights from industry leaders on AI transformation, cybersecurity evolution, legal technology innovation, and how strategic partnerships between academia and business are accelerating real-world impact across the region.
Read the Spring 2026 edition free online →
Stay connected with NI's tech community:
