By Ken Linscott
product director, Domains and Security Share this post
At the start of the year, many responsible for managing domain name portfolios may be considering spring cleaning!
Traditionally, such a task consists of a review to check that all domains in the portfolio serve a purpose either from a commercial or defensive perspective. The aim is to ensure budget isn’t wasted on domains of little to no value. It’s fair to say that for many organizations, this is a difficult process—almost as feared as actually spring cleaning our own homes—and thus sometimes it falls to the bottom of our to-do list or never gets done!
Given the importance of domains, the domain name system (DNS), and digital certificates to the successful operation of your businesses, neglecting your domain portfolio could risk your business operations. If you’re looking to undertake a domain portfolio review, then here are five key security considerations for you:
1. Look beyond the assets within your control. At times, the assets most at risk are those you don’t yet know about, so consider ways to identify them, such as using a detective control like domain monitoring.
2. Focus on the domains that are vital to your business, and ensure they have all the security controls required of a business-critical domain:
- Access controls (two-factor authentication, IP validation, and federated ID)
- Add preventative controls by enabling appropriate advanced security features (registry locks, DNS security extensions (DNSSEC), domain-based message authentication, reporting and conformance (DMARC), certificate authority authorization (CAA) records, etc.)
These domains, and the DNS they reside on, should be managed with enterprise-class providers with a 100% uptime guarantee.
3. Know your trademark portfolio and business plan for new brands and markets. Aside from registrations of active brands and trademarks, defensive domain name registrations are a necessary part of your optimal portfolio.
You can’t register everything, but it’s necessary to proactively secure the names and combinations (such as myCSC) that could otherwise be picked up by infringers—where the cost of registration is better value for money than the cost of recovery. Your approach here will depend on many factors, the popularity of your brand, the type of industry you are in, your risk appetite, your experience with infringers, and of course, your budget.
Prevention is better than cure, but the level to which you adopt this approach will be as unique as your brand, so an up-to-date understanding of your business plan is essential.
4. Understand industry trends and how it impacts your business and its operations. In 2019, we saw some of the largest data breaches to date; organized cyber crime at a global scale prompted governments to issue alerts and recommendations. 2020 doesn’t bode well either, and we are beginning to see hefty GDPR fines being levied on companies since its implementation in 2018.
The industry is also reacting. Registries are making new registry locks available, the redaction of the WHOIS is impacting how companies deal with domain infringements, and there continues to be a push to reduce digital certificate validity periods.
With many new developments to stay ahead of, work with your service providers who can help you factor in additional considerations as you review your domain security.
5. Rinse and repeat—finding new ways to streamline, automate, and conduct reviews more regularly. Blind spots like business-critical domains managed outside your control or without the appropriate security measures in place are a risk. The sooner these security blind spots are identified, the sooner you can mitigate the risks and give confidence to your business that you’re doing everything you can to stay secure.
What originally looked like a simple spring cleaning exercise can look like a far more complicated and important process for your organization. Not completing the task could mean poor ROI for your domains budget, and more worryingly, that there’s an increase in the likelihood of an outage for business-critical functions if a security blind spot are not detected and corrected in good time.
Our recommendation is to consider domain portfolio review as part of your daily exercise rather than an annual spring cleaning. Partner with a registrar who can undertake this work for you, and provide the insights you need to make the timely decisions for your organization.