Blast radius is the scope of systems, identities, data, or operations that can be affected when a security control fails or an attacker gains access. It matters because not every compromise has to become a full-environment disaster.
What is Blast Radius?
Blast radius describes how far the impact of a breach, misconfiguration, stolen credential, or service failure can spread. Security architecture tries to reduce blast radius through segmentation, least privilege, isolation, and tighter trust boundaries.
What Commonly Influences Blast Radius
Common factors include privilege levels, network reachability, identity trust, shared infrastructure, flat environments, and access to critical data or control planes.
Blast Radius vs. Incident Severity
Blast radius describes the potential or actual spread of impact. Severity reflects the broader business importance of what happened.
Frequently Asked Questions
Why is reducing blast radius important?
Because some incidents cannot be prevented entirely, so limiting how far they spread is a major resilience advantage.
How do teams reduce blast radius?
By using segmentation, least privilege, tighter identity controls, scoped credentials, and stronger administrative boundaries.
