Business Continuity and the Internet of Things

  • 13 Mar 2018
  • Paul

About 30 or so years ago, when the Internet was moving out of the lab and into the mainstream, it was enough to even be able to connect to the Internet.  It certainly wasn’t as pervasive as it is today.  Few web sites existed, and the notion of mobile phones with intelligence was still mostly a dream.  Flash forward to today, and it’s hard to imagine doing anything without using the Internet in some fashion. 

Perhaps one of the most intriguing phenomena in today’s world is the Internet of Things, or IoT.  It simply means the Internet can connect virtually any kind of device to any other device, which creates some amazing possibilities   For example, you can now communicate with your home, tell it when to turn lights on and off, cycle heating and cooling systems, and even start the coffee, all from a smart phone.  The possibilities are simply limited to one’s imagination. 

When we think of business continuity (BC) and disaster recovery (DR) we usually apply these processes to a business organization.  Most employees connect via email and smart phones.  Systems connect to users and each other through increasingly smart networks.  The Internet provides the underpinnings for many business activities, and it begs the question: What next?  The IoT’s impact on business operations is occurring all around us.  Coupled with advances in and availability of equipment with artificial intelligence (AI) capabilities, the IoT is likely to improve business efficiency, provide better customer service, generate more revenue and create new business opportunities. 

Now as we depend more and more on the Internet and the IoT, we must also identify potential risks, threats and vulnerabilities to those resources.  Naturally people come first when planning for BC/DR, but technology is a very close second.  How do we leverage our BC/DR skills and resources to ensure that organizations dependent on the IoT are protected?  How can we ensure their resilience in the face of disruptive events?

First, we need to augment business impact analysis (BIA) and risk assessment (RA) activities to identify how the IoT impacts an organization.  We need to better identify the touchpoints where IoT-based systems interact with each other as well as people.  We need to dig deeper into the relationships across technology platforms, because the assumption is that everything will be connected to something.  DR activities will need to be more rigorous than they are today, and strategies for protecting and recovering systems and data will need to cover a broader range of assets. 

Next, BC/DR professionals will need to work more closely with cybersecurity professionals as the impact of a breach that impacts IoT-based systems may be significant.  Greater integration of technologies via the IoT will also create opportunities for cyberattacks from multiple directions.  If just about every device being used has an IP address, it can be “reached” by another device.  Cybersecurity and BC/DR will need to partner more than ever before; and probably ought to be – eventually – part of the same organization.  Silos of today will no longer be possible with IoT-enabled systems. 

Finally, senior management needs to understand the impact of IoT-based systems and how their role as stewards of the organization may change.  Educating senior management on the IoT and business resilience represents an important opportunity for BC/DR and cybersecurity professionals. 

Final Word

The time to begin breaking down silos is today, as the future is coming quickly.  It’s also a perfect opportunity for BC/DR professionals to reinforce their value to senior management and their organizations.

More on
About the author

Paul Kirvan


Independent consultant with over 25 years in business continuity, disaster recovery, IT auditing and technical writing. Founding board member of the BCI USA chapter, former Vice Chair of the Global Membership Council, and former member of the BCI Board. Currently an FBCI assessor and awards judge; also a contributor to the BCI USA chapter web site. Prepare and deliver webinars and podcasts; contributor to; over 150 articles published.