A cloud infrastructure outage in late 2025 rendered smart devices non-functional across three continents — purifiers that would not dispense water, environmental controls that froze, systems that became unresponsive because the remote servers they depended on were unavailable. In consumer technology, this is an inconvenience. In a corporate campus, a data centre, a banking facility, or a critical infrastructure site, the same failure mode is a physical security incident.

The Enterprise Version of the Same Problem

Modern built assets run on IP-based, cloud-connected security infrastructure. Access control authenticates credentials against cloud-hosted directories. Surveillance platforms stream to cloud storage. Building management systems communicate via networked protocols. When connectivity fails — whether through ISP outage, cyberattack, or cloud provider incident — the question is not whether the thermostat responds. It is whether the door opens, whether the camera records, and whether the security operations centre has situational awareness.

Most organisations that have invested in smart building infrastructure have not systematically assessed what happens to their security posture when that infrastructure fails. The answer is typically worse than expected.

The ISO 27001 Architecture Principle

ISO/IEC 27001 — the international information security management standard — provides the governance framework that connected building infrastructure should be designed around from the outset. Its core requirement is that information security risks must be identified, assessed, and treated systematically — including the risks created by every connected device in the estate. Applied to IoT and smart building architecture, this means three structural requirements:

  1. Network segmentation by function and risk class — OT and IoT networks must be isolated from corporate IT networks. A compromised IP camera should not be a pathway to the access control database or the building management system.
  2. Offline operational capability for critical security functions — access control, fire systems, and alarm management must operate in degraded-connectivity conditions. ISO 27001's availability principle is not satisfied by a system that fails open or fails locked when cloud connectivity drops.
  3. Defined patch and firmware management — every connected device is a potential attack surface. The 2016 Mirai botnet compromised hundreds of thousands of connected cameras and routers through default credentials and unpatched firmware, disrupting over 1,200 organisations globally. The attack surface is significantly larger today.

Three Failure Modes to Audit Before Deployment

  • Cloud dependency without fallback: Does the system function if cloud connectivity is unavailable for four hours? Most IP-based access control systems do not — a finding that should be known before contract signature, not discovered during an incident.
  • Convergent failure risk: A single network disruption can simultaneously disable access control, surveillance, alarms, and building management if underlying dependencies are shared. This convergent failure is invisible from any single system's architecture document.
  • Attack surface exposure: What credentials govern device access? When was firmware last updated? How is the device network segmented? These questions precede procurement in a correctly governed estate.

The Governance Principle

Connectivity is an enhancement to security capability, not a substitute for it. ISO 27001 makes this explicit: controls must be proportionate to the risk, and residual risk must be accepted by accountable management — not left unexamined in a vendor specification. Smart infrastructure designed around ISO 27001 from the architecture stage genuinely improves security outcomes. Smart infrastructure procured without that framework creates dependencies that adversaries and outages will eventually exploit.

Discuss a requirement

Initial conversations are obligation-free. Senior practitioner from the first call.

Start a Conversation →