December 14, 2025

Last Updated on December 15, 2025

For decades, Business Continuity Planning (BCP) has revolved around answering a simple question: 

When your facilities, people, and/or technology fail, what will it take for the business to continue operating?

That premise made perfect sense in an era where:

  • Companies relied on physical offices.
  • Servers lived in on-prem data centers.
  • Critical applications were run internally and tied to specific people/desktops.
  • Employees had to be physically present on-site to perform their work.

But that era has largely passed for small and midmarket companies.

Instead, most SMBs and many midmarket organizations today are:

  • Cloud-first (Microsoft 365, Google Workspace, SaaS platforms everywhere).
  • Highly virtualized (remote and hybrid teams are the norm).
  • Location and device-agnostic (work can happen from nearly any location and internet-connected device).
  • Distributed (no single location drives operations).

This shift has fundamentally changed the continuity equation. And it leads to a provocative observation:

Traditional Business Continuity Plans are no longer relevant for most SMB and midmarket organizations.

Not because continuity isn’t still important, but because the risks and the operational realities have changed for cloud-first entities.

The old BCP model: “How do we keep operating during disruption?”

Traditional continuity planning focuses on issues like:

  • Where will employees go if our office is unavailable?
  • How will we keep critical business processes running manually?
  • What paper forms or fallback procedures do we need to maintain?
  • How do we route phone calls if PBX systems fail?

This approach assumes:

  • Work cannot be performed without specific physical spaces.
  • Teams must operate in a degraded or manual mode.
  • Technology disruptions are temporary disruptions to a primarily physical business model.

But these are not the continuity challenges modern organizations need to address.

The new reality is that cloud-first organizations don’t need to “operate in a disrupted state.”

The new IT Continuity model focuses on this question:

“How do we restore data, systems, and access so we can return to our normal operational state as quickly as possible?”

When your ERP, CRM, HR system, email, finance tools, and file storage all live in the cloud, ideas like switching to manual processes or relocating staff no longer apply.

Employees can work from home, from a coffee shop, or from another city, from any internet-connected device.

Modern SMBs don’t need a 50-page plan describing how to operate manually when the office floods, or the data center loses power or connectivity.  They need something far more precise and actionable. Continuity is no longer a people problem or a building problem—it’s a data and IT problem.

Why IT continuity has replaced traditional BCP for most SMBs

IT continuity replaces traditional BCP for many SMBs and midmarket entities because cloud services provide built-in resilience for:

  • Physical facilities
  • Hardware failures
  • Geographic disruptions
  • Application redundancy

What cloud does not automatically provide is:

  • Your data configured for proper backup and recovery
  • Rapid restoration of identity and access
  • SaaS-to-SaaS integration recovery
  • Endpoint reconstitution
  • Security configurations after a breach
  • Recovery from ransomware, data deletion/corruption, etc.
  • Recovery from IT system misconfigurations
  • Prioritized sequencing of IT restoration processes

These are the areas where most SMBs and many midmarket organizations are now vulnerable.

The core continuity question firms need to answer is:

“How do we recover our data and IT function fast enough to stay in business?”

This is the starting point for IT Continuity Planning.

What an IT Continuity Plan focuses on

An IT Continuity Plan has a far narrower focus than a traditional BCP but is far more relevant for most cloud-first organizations.

IT continuity planning looks at questions like:

  • What are our critical applications and data stores?
  • What are their recovery point objectives (RPO) and recovery time objectives (RTO)?
  • How do we back up SaaS and cloud systems (Microsoft 365, Salesforce, NetSuite, etc.)?
  • How do we reconstitute identity (Azure AD/Entra) after a compromise?
  • What are the prioritized sequences for restoring systems?
  • How do we recover from a major cyber incident such as ransomware or account takeover?
  • Who executes the recovery and what tools, credentials, and documentation do they need?

This is practical, actionable continuity preparation, not theoretical planning.

Who still needs a traditional Business Continuity Plan?

Traditional BCP is still critical for organizations that cannot virtualize their core business processes, including:

  • Manufacturing (physical production lines, OT systems, logistics dependencies)
  • Healthcare providers (clinical operations, physical patient care)
  • Critical infrastructure operators
  • Organizations with a significant in-person workforce
  • Companies with substantial on-prem IT infrastructure or data centers

These businesses must truly plan for operating in a physically degraded or disrupted state.

The bottom line

For a modern SMB or midmarket business:

  • The office is not the bottleneck.
  • Manual fallback procedures are not the solution.
  • Distributed teams and cloud applications have eliminated many traditional business continuity risks.

These organizations need to be prepared to rapidly recover data, systems, identity, and access.  What you need is an IT Continuity Plan—the new foundation of resilience in the cloud-first era.

Traditional BCP isn’t “wrong.” It’s just built for a world that many organizations no longer live in.

Back to Blog