It has become almost trite to say that institutions must operate on the assumption that an attacker will get in. Institutional resilience strategies are chock full of prevention and detection tools, but the evolution of a more advanced set of tools for recovery has yet to become commonplace. Distributed Security falls squarely into that recovery area by splitting critical resources and security processes across servers or services and by adding self healing capabilities that make even silent compromise a recoverable event. This talk describes the types of resources that should be distributed, including authentication decisions, access controls, and collections of personal data, and how that distribution can address institutional resilience, reduce liability and address privacy concerns. We will also discuss deployment strategies and address the benefits and challenges of diversification in a distributed security system.