The power of SaaS-delivered disaster recovery
Protect AD and Entra ID from one cloud platform, delivering secure, malware-free identity recovery with high availability and instant restoration. The first-to-market comprehensive SaaS-based DR solution for on-premises AD environments is always on, updated, and available via the Quest unified identity cloud platform.
- Supports critical on-premises infrastructure: Many industries are still deeply entrenched in on-premises infrastructure due to regulatory and operational requirements. When attacks occur, the separation between AD admin teams and security teams causes delays and confusion, impacting business.
- Increases recovery speed: While traditional enterprise backup solutions take days or weeks to restore operations, Disaster Recovery for Identity recovers systems in minutes or hours, reducing downtime when costs can exceed $1M/hour. This rapid identity recovery is a key differentiator compared to other AD backup and recovery methods.
- Provides complete protection in a single UI: Manage the entire security lifecycle in a single interface. Our unified approach aligns with frameworks like the NIST CSF, covering all pillars: Identify, Protect, Detect, Respond, Recover, and Govern. This empowers IT to manage the entire recovery process independently, without coordinating between multiple teams.
- Lowers costs and enhances security — With cloud-based recovery, you’ll eliminate server and operating system costs while reducing hardware expenses over time. This is valuable when regulatory constraints prevent you from fully migrating to the cloud, allowing you to benefit from enhanced security features from cloud providers like Microsoft.
Highlighted Features
Preventing extreme recovery measures
An example of recovery challenges comes from a global shipping company that had a severe cyberattack. They had to fly a team member to another continent to retrieve an offline Active Directory server that remained unaffected by the attack. Disaster Recovery for Identity makes such drastic measures unnecessary, as it allows for centralized control and identity recovery from any location regardless of your global footprint.
Protecting your reputation
Beyond financial implications, prolonged downtime can damage your reputation. The longer systems are down, the more likely it is to attract negative attention from the media and customers. Disaster Recovery for Identity not only restores operations quickly but also helps protect your organization's reputation by minimizing incident impact.
Built on the Quest unified identity cloud platform
Disaster Recovery for Identity is built on the Quest unified identity cloud platform that’s migrated 100 PB of data, backed up 37B Entra ID objects in 12 months, and reduced customers’ identity attack surface by over 99%. It’s ISO/IEC 27001, 27017, and 27018 certified with award-winning, global support 24/7/365. We simplify identity security with better tools and resources, reducing the need for extensive training.
FAQ
In the event of a scorched earth attack, i.e., your entire on-premises environment is compromised by something like ransomware, even the most robust on-premises recovery solution will require hardware provisioning and installation before starting recovery procedures. Not to mention getting access to on-premises backups, if you can at all. When the cost of downtime can exceed $1M/hour, having an immediately available SaaS solution with cloud backups lets you instantly start identity recovery, saving not only money but brand reputation.
With Microsoft-provided tools and manual processes, Active Directory forest recovery is a difficult, time-consuming, and error-prone process. In fact, Microsoft’s Active Directory Forest Recovery Guide outlines 40 high-level steps that must be performed correctly and in the proper sequence – on each DC. In addition, many of the steps aren’t operations that AD administrators are familiar with; they are tedious, often command-line based steps, so it’s very easy to make mistakes that can re-corrupt your directory and require you to start over. Quest Software reduces risk by automating every one of these manual steps.
VM snapshots are no substitute for an enterprise AD disaster recovery solution. Using snapshots for forest recovery will almost always cause data consistency problems that are difficult to resolve. Since the data on DCs is constantly being updated and the replication process takes time, snapshots of different DCs almost always contain inconsistent information. Snapshots can also include malware, which gets restored with everything else on the DC. Plus, if you store your VM snapshots in the default location, they’re an obvious target for ransomware encryption, rendering them useless. And logistically, control over VM snapshots resides with the virtualization team, complicating the AD team’s recovery operation. The virtualization team may not know the AD snapshots are an essential part of the disaster recovery strategy and may not protect them appropriately.
An immutable backup is a duplicate copy of data that can’t be altered or removed for a specified timeframe. It’s a method you can use to protect valuable data from threats ranging from cyberattacks to accidental removal. When it comes to AD security, our solutions provide multiple storage locations for AD backups, with many organizations choosing a dedicated backup location for their identity recovery team that doesn’t rely on traditional backup teams (since traditional backup teams often rely on AD for authentication). While some organizations can choose to store backups inside enterprise backup storage, you should validate that there are authentication capabilities to retrieve those backups that do not require AD. Because we’ve seen physical destruction, as well as loss of connectivity to the internet, we recommend your backups are air-gapped or on immutable storage.