One of the bugbears of IT network security is the denial of service (DOS) attack.
Instead of (or as well as) trying to sneak past a firewall with a few innocent-looking data packets, the DOS attack tries to cripple a network or a system by swamping it out. In the case of network firewalls, the attacker will try to generate as much network traffic as possible to overload the firewall’s processing power. Attackers often multiply the sources of the network traffic for that reason, leading to distributed denial of service (DDOS) attacks.
Firewalls that are submerged by traffic may become unmanageable, unless the vendor has taken suitable design precautions, which might also inspire good business continuity in general.
To ensure that a firewall continues to respond to management commands, some models are designed with separate data and control ‘planes’. The control plane gives network administrators access to the firewall configuration, no matter how much or what kind of traffic is going through the firewall. If the data plane is suffering from too much traffic that needs too much processing, the administrator can step in to change things, for example to alter the security check level and therefore the processing effort for certain types of traffic.
Enterprises as a whole benefit from a similar separate business activity and business continuity architecture. When the pressure is on or when several crises happen at the same time, it can be difficult for organisations to stay upright if all their business continuity is buried in the departments trying to put out the fires.
Ideally, business continuity is both integrated at the sharp points where business is done and managed by a separate business continuity function that can step in to help with business continuity evaluation and action. Did firewall vendors copy business continuity experts or was it the other way round? It really doesn’t matter as long as both parties successfully weather their different attacks and crises.