top of page
Search

In Case of Emergency, Break Glass—Revisited for 2025

The classic “break glass in case of emergency” approach—pulling the plug, cutting off the corporate router, or isolating critical systems (often called ring-fencing)—has long been a staple of cyber incident response.


In many organisations I have had this playbook created, mapping out the complex environment and the crown jewels we needed to protect. At one stage I had even researched a physical key-locked macro button to put on the CISOs desk akin to the big red button in all those disaster movies (in my head it's always The Hunt For Red October), which would disconnect everything in a drastic fashion.


But the world has changed. Today’s environments are sprawling, complex, and interconnected in ways that make the old playbook almost redundant. So, as we sit here in mid-2025, how do we adapt the “break glass” philosophy to our multi-cloud, multi-app, hybrid reality?


The Challenge: Complexity and Interdependence


Let’s set the scene:

  • Multi-cloud: Your workloads, data, and apps are spread across AWS, Azure, GCP, and perhaps a few SaaS providers (such as SAP and Salesforce).

  • Hybrid environments: Some critical assets are still on-premises; others live entirely in the cloud.

  • Identity sprawl: Single sign-on (SSO) is common, but not universal. Some admin accounts are siloed, others federated, and some are shadow identities you might not even know about.

  • Supply chain and third-party risk: Your environment is only as strong as its weakest vendor.


The days of a single “kill switch” are over.


Modern “Break Glass” Strategies


1. Segmented Emergency Controls


Instead of one big red button, think in terms of segmented controls:

  • Cloud-native controls: Each cloud provider offers ways to restrict access, disable accounts, or isolate resources. Pre-build scripts or runbooks for each platform.

  • Network segmentation: Use software-defined networking (SDN) to rapidly isolate segments or VLANs, both in the cloud and on-prem.

  • Application-level isolation: For SaaS and critical apps, pre-configure emergency admin accounts and access policies that can be activated when needed.


2. Automated Playbooks and Orchestration


Manual intervention is too slow and error-prone. Invest in:

  • SOAR platforms (Security Orchestration, Automation, and Response): These can trigger coordinated actions across clouds, endpoints, and apps.

  • Pre-approved automation: Scripts that can disable SSO, revoke tokens, or reset credentials across multiple environments at once.


3. Privileged Access Management (PAM) with Break Glass Accounts


  • Maintain offline, highly protected “break glass” admin accounts for each critical environment. These should be stored in a secure vault , with strict access controls and audit trails.

  • Regularly test and rotate credentials to ensure they work when needed.


4. Zero Trust and Just-in-Time Access


  • Adopt zero trust principles: Assume breach, verify explicitly, and limit lateral movement.

  • Use just-in-time (JIT) access for privileged accounts, so that standing admin access is rare and can be revoked instantly.


5. Tabletop Exercises and Drills


  • Regularly test your “break glass” procedures. Simulate incidents involving multiple clouds, SSO compromise, and vendor breaches.

  • Update playbooks based on lessons learned.


What About the Human Factor?


  • Clear escalation paths: Everyone must know who can authorise emergency actions.

  • Training: Ensure your team understands the tools and procedures—muscle memory matters in a crisis.

  • Communication: Pre-drafted internal and external comms can save precious time.


Looking Ahead


The “break glass” approach is still vital, but it’s no longer about a single switch. It’s about preparation, automation, and segmentation. In 2025, the winners will be those who can orchestrate a rapid, coordinated response across a fragmented landscape—without causing more harm than the attack itself.


You can’t “pull the plug” in a hybrid, multi-cloud world. But you can build a modern, distributed set of emergency controls—tested, automated, and ready to deploy when seconds count.


Action Steps:

  1. Inventory your critical assets and map out where emergency controls are needed.

  2. Build and test automated playbooks for each environment.

  3. Secure and regularly rotate “break glass” credentials.

  4. Drill your response—because in a crisis, practice beats theory every time.



In case of emergency, break glass… and be ready to break it everywhere, all at once.



Need Help?

Let Cyber Resilience Group be your trusted partner ensuring your business can Anticipate, Withstand, Recover, and Adapt to the threats you face and be Cyber Resilient.


Be Prepared!


 
 
 

Recent Posts

See All

Comentários

bottom of page