How do you identify and protect the “Crown Jewels” of your architecture?

796 views2 Upvotes8 Comments

Member Board of Directors in Finance (non-banking), 201 - 500 employees
It's very important to identify what the crown jewels are, because I think everyone agrees that here is no such thing as 100% percent bulletproof cyber defence. It's just impossible. So depending on your business, you can say I'm going to protect my IP no matter what because these are my crown jewels. I was on the board of Ellie Mae. Ellie Mae processes 40% of all mortgages in the United States. Their crown jewels were the customer data.
CIO in Manufacturing, 1,001 - 5,000 employees
Yes. From a crown jewel standpoint, in the food manufacturing business it's your product formulations, your recipes, how you manufacture. Those are the crown jewels: what are the ingredients to the products that keep the lights on across all of our business lines. That's where we spend a maximum share of resources to secure and protect.
Managing Partner & CISO in Software, 11 - 50 employees
I mean, the reality here I struggle with because I talk to people who emphasize the notion of crown jewels. I actually disagree with it fundamentally. And here's why: when thinking about data as a crown jewel component, what it really protects against is compliance, regulatory fine litigation. Consumers have been exposed more times than we can count. And we're almost desensitized to it at this point. Map the critical data flows, not the actual crown jewels of data. If your data all traverses this one system that nobody can patch. Nobody wants to turn off. That's where the real risk is for the organization. Because when that goes away, all the connectivity and system flows fall. And so it became more of a crown flow, like what are the key flows of the organization? At JP Morgan, it was how does money move? And when you ask somebody how money moves, what you find especially for most SNBs is that it's email. And it's all in email systems that are not well logged, tracked, monitored. It's a hot mess. So, most organizations fail to understand their actual ecosystem of data flows. And that creates a fundamental core issue in ever trying to tackle the supply chain.
4 Replies
Board Member, Advisor, Executive Coach in Software, Self-employed

Yeah. I'm glad you brought that up, Anthony. I think you articulated well, that data flow sometimes really becomes that crown jewel data flow. That's a real salient point that I think we should all remember. If you do that crown jewel flow, then you can figure out how deep you go. Consider below the operating system, security firmware bios, right? In some contexts, highly critical. Half of the folks I’ve talked to said, "I'm not going to go deal with it on my PC servers or whatever because I don't have the time. And I'm just going to assume when I buy the laptop from Dell, they're doing a good enough job, right?"

Director in Consumer Goods, 51 - 200 employees

They're not.

Board Member, Advisor, Executive Coach in Software, Self-employed

Yeah, trust me, I know. I always bring up below the operating system vulnerabilities, because I think it's a supply chain risk that permeates our infrastructure pretty broadly from cloud to on-prem: the printers to laptops, to desktops, let alone IoT. As buyers, we need to apply that third-party risk pressure onto the device manufacturers in order to have them prove they're doing a good job at that stack level that nobody's looking at.

Director in Consumer Goods, 51 - 200 employees
There's not a cookie cutter that says this is the most important in every business. It really goes back to understanding what the business is, what it's about, what are the key components that really support the business operations? And then you go from there and figure out what should be my top priority from a risk management, third-party risk perspective.

Content you might like

CEO in Services (non-Government), Self-employed
Using AI tools 2-3 a week. Use cases: 
-summaries of content 
-slide outlines
-Beauti.Ai for slide preparation
-Chat GPT 4
Read More Comments
3.5k views2 Upvotes9 Comments

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
42.7k views131 Upvotes319 Comments




Non-production DBs (Dev, Training, QA, etc.)30%


1.3k views1 Upvote