If you think the proliferation of mobile devices changed the concept of the network edge, get ready for the emerging Internet of Things (IoT), where a network-connected sensor could be located on top of a mountain, in a corn field or even in the ocean.\nSo, how does an enterprise incorporate IoT into its disaster recovery plan? In one sense, IoT creates a unique challenge because it is far-flung and vulnerable. But it can also become part of a DR solution, helping to protect the business in the event of a disaster, according to experts.\n\n\u201cIoT impacts DR planning in several important ways,\u201d says IDC research director Phil Goodwin. First, with respect to IoT devices, both application logic and data may be widely distributed outside the data center, thus requiring that any DR planning be separate from the core IT systems.\nSecond, IT organizations need to expand their threat-analysis planning to take IoT devices into account.\n\u201cThreats to the data center may be different than those threats to the IoT environment,\u201d Goodwin says. \u201cObviously, different threats will spawn different response planning.\u201d\nThird, \u201cif we think of DR in the classic people, process, technology triad, not only will the technology be different for IoT, but so may be the people and processes,\u201d Goodwin says. \u201cIn fact, more of the recovery processes may be defined and executed by business unit personnel than the IT staff.\u201d\nAnd finally, IoT service-level agreements (SLAs) might be different from core IT, Goodwin says. \u201cIoT devices are often real-time and cannot tolerate an RTO (recovery time objective) measured in hours,\u201d he says.\nHow IoT can help\nOne way to think about IoT is that it\u2019s essentially about instrumenting a process, collecting data and acting upon that data, says Ian Hughes, senior analyst for IoT at 451 Research.\n\u201cMuch of the work done in sectors such as Industrial IoT uses the instrumentation to reduce downtime and engage in pre-emptive maintenance,\u201d Hughes says.\nThis same approach can be taken when it comes to disaster recovery. IoT systems, combined with analytics and machine learning, can be used to spot serious problems before they happen, Hughes says.\n\u201cWe are seeing development of digital twins within IoT, which represent a live, updated digital state of a collection of resources,\u201d Hughes says. \u201cThese are used at design time and commissioned into runtime, plus used for simulation and evolving of processes.\u201d\nWhile DR isn\u2019t the main reason for creating a shadow digital twin of industrial processes, that copy could be used in a disaster-recovery situation, adds Hughes.\nIt\u2019s important for enterprises to include IoT devices and data in their DR planning, Hughes says.\n\u201cThe risk is that, as happened with early web site and ecommerce [initiatives], IoT projects are seen as outliers or only early proof of concepts,\u201d he says.\u00a0\u201cBut they very quickly become essential providers of a rich information source. In many circumstances, storing historical IoT data provides a forensic trail that can be used to regain a state or rebuild back to the last known set of readings.\u201d\nOne of the traits of IoT is that the data that\u2019s gathered does not come from one source, but from many. And oftentimes these sources cross organizational boundaries, Hughes says.\n\u201cThis has to be taken into consideration if an enterprise is reliant on multiple sources,\u201d he says. For example, when using a weather forecasting source to help facilitate the running of a building\u2019s heating and ventilation, a company has to consider the impact of losing that service.\nIoT architectural considerations\nIoT architecture needs to ensure that it is able to manage and maintain the state of remote devices, Hughes says.\n\u201cLocal resilience with edge computing needs to be managed as closely as cloud resilience,\u201d he says. \u201cEndpoints may still be able to generate meaningful data during other outages, so [data caches] are important if the core systems are experiencing problems.\u201d\nMany of these architectures already exist in industrial automation, and are now connecting to the rest of the enterprise as part of wider digital transformations, Hughes says.\n\u201cSome resilience can be built into distributed architectures, as we see with technology such as blockchain,\u201d he says.\nGartner sees four key focus areas of IoT architecture for disaster recovery, and makes recommendations for each area, according to a report by research director Mark Thomas Jaffers.\nOne is user interface and application gateways. Companies need to categorize the data in terms of its value at each level in an IoT architecture to decide where to build out highly resilient architectures, the firm says.\nIf data present at this layer of the architecture is of a low value or easily replaceable, concentrate on building a fast recovery process, because this will be less expensive.\nThe second area is connectivity and network infrastructure. For this, companies should build out connectivity using scalable, redundant and multipath options from each link in the IoT data flow to the next.\nThird is the data repository. Companies should establish recovery point objective (RPO) and RTO goals to protect the data storage to the same standards that they currently have for any similarly critical data, Gartner says. However, scalability issues might require new technologies to achieve those same goals.\nThe final area is analytics applications. At the analytics layer, the firm says, companies should use the same resilience or recovery goals that they would with other existing decision support or customer-facing reporting systems as a starting guide.\nGartner\u2019s IoT reference model depicts five layers: processes, functions, information, communication and devices, as well as distinctions between edge, platform, and enterprise tiers and the interfaces between them, Jaffers says.\n\u201cIT disaster recovery planning needs to look at both the data protection as well as the resiliency across those different layers and tiers to ensure that IoT-enabled business processes are both capable of sustaining operations in the face of any anticipated disruptions, [and] also recovering from unexpected, large impact events that may have a low probability, but large impact when they occur,\u201d Jaffers says.