How do you identify and protect the “Crown Jewels” of your architecture?

832 viewscircle icon2 Upvotescircle icon8 Comments
Sort by:
Director in Consumer Goods4 years ago

There's not a cookie cutter that says this is the most important in every business. It really goes back to understanding what the business is, what it's about, what are the key components that really support the business operations? And then you go from there and figure out what should be my top priority from a risk management, third-party risk perspective.

Lightbulb on3
Managing Partner & CISO in Software4 years ago

I mean, the reality here I struggle with because I talk to people who emphasize the notion of crown jewels. I actually disagree with it fundamentally. And here's why: when thinking about data as a crown jewel component, what it really protects against is compliance, regulatory fine litigation. Consumers have been exposed more times than we can count. And we're almost desensitized to it at this point. Map the critical data flows, not the actual crown jewels of data. If your data all traverses this one system that nobody can patch. Nobody wants to turn off. That's where the real risk is for the organization. Because when that goes away, all the connectivity and system flows fall. And so it became more of a crown flow, like what are the key flows of the organization? At JP Morgan, it was how does money move? And when you ask somebody how money moves, what you find especially for most SNBs is that it's email. And it's all in email systems that are not well logged, tracked, monitored. It's a hot mess. So, most organizations fail to understand their actual ecosystem of data flows. And that creates a fundamental core issue in ever trying to tackle the supply chain.

4 Replies
no title4 years ago

Yeah. I'm glad you brought that up, Anthony. I think you articulated well, that data flow sometimes really becomes that crown jewel data flow. That's a real salient point that I think we should all remember. If you do that crown jewel flow, then you can figure out how deep you go. Consider below the operating system, security firmware bios, right? In some contexts, highly critical. Half of the folks I’ve talked to said, "I'm not going to go deal with it on my PC servers or whatever because I don't have the time. And I'm just going to assume when I buy the laptop from Dell, they're doing a good enough job, right?"

no title4 years ago

They're not.

CIO in Manufacturing4 years ago

Yes. From a crown jewel standpoint, in the food manufacturing business it's your product formulations, your recipes, how you manufacture. Those are the crown jewels: what are the ingredients to the products that keep the lights on across all of our business lines. That's where we spend a maximum share of resources to secure and protect.

Member Board of Directors in Finance (non-banking)4 years ago

It's very important to identify what the crown jewels are, because I think everyone agrees that here is no such thing as 100% percent bulletproof cyber defence. It's just impossible. So depending on your business, you can say I'm going to protect my IP no matter what because these are my crown jewels. I was on the board of Ellie Mae. Ellie Mae processes 40% of all mortgages in the United States. Their crown jewels were the customer data.

Lightbulb on1

Content you might like

Yes83%

No17%

Zapier29%

KonnectzIT28%

IFTTT20%

Make (Integromat)7%

Other please specify14%

View Results