{"id":8647,"date":"2020-02-04T08:24:53","date_gmt":"2020-02-04T13:24:53","guid":{"rendered":"https:\/\/www.cscdigitalbrand.services\/blog\/?p=8647"},"modified":"2020-02-05T08:08:54","modified_gmt":"2020-02-05T13:08:54","slug":"domain-monitoring-for-policy-compliance","status":"publish","type":"post","link":"https:\/\/www.cscdbs.com\/blog\/domain-monitoring-for-policy-compliance\/","title":{"rendered":"The Three-Pronged Defense for Brand Owners Part IV:"},"content":{"rendered":"\n

Domain monitoring for policy compliance <\/strong><\/h2>\n\n\n\n
By Ken Linscott, product director, Domains and Security<\/i> Share this post \n<\/a>\n<\/a>\n<\/a>\n<\/span>\n\n\n\n
\"\"<\/figure>\n\n\n\n

In our three previous posts, we\u2019ve discussed how brand owners can defend their domains by using defensive registrations, blocks, and monitoring, with a focus on brand protection and third-party infringements.<\/p>\n\n\n\n

Domain monitoring is a known and commonly used tool for focusing on how others are misusing a brand in new domain name registrations. But this is only half the value provided by domain name monitoring. It also serves as a valuable cyber security tool that can help enforce centralized domain name policy so that brands remain compliant, both internally and externally, with initiatives like the General Data Protection Regulation (GDPR).<\/p>\n\n\n\n

WHOIS, RDAP, and ownership data<\/h2>\n\n\n\n

If you\u2019ve been following the developments in the world of WHOIS records for domains following the implementation of GDPR, you\u2019ll know there\u2019s been a lot of change.<\/p>\n\n\n\n

The WHOIS, a protocol that lists contact information for anyone requesting it, has increasingly been unable to meet the accuracy, accessibility, compliance, privacy, and other needs of domain name registrants, law enforcement agents, intellectual property and trademark owners, and individual users. This is hardly surprising given its birth in 1982 and the unimaginable way in which the internet and domain names have scaled up.<\/p>\n\n\n\n

With the implementation of GDPR in May 2018, the WHOIS needed to be replaced. GDPR is the most extensive privacy act globally, as it gives control to EU and European Economic Area (EEA) individuals over their personal data, with the aim of protecting their privacy. Its implementation led to companies scrambling to make compliant their internal processes and systems and place more significance on information security departments since violators of the GDPR may be fined up to \u20ac20 million or 4% of their annual worldwide earning of the preceding financial year in case of an enterprise, whichever is greater. This has implicated not only European companies, but all companies globally that engage with EU or EEA individuals.<\/p>\n\n\n\n

Unfortunately, the WHOIS simply did not meet these requirements. We needed a more secure and standardized format, with different access to data to ensure compliance with GDPR to protect the privacy of individual registrants, yet serve its original intent to provide clear ownership data to relevant organizations and authorities where warranted. In August 2019 The Registration Data Access Protocol (RDAP), which does just this, replaced the WHOIS as we knew it for some 30 plus years.<\/p>\n\n\n\n

With this change, now is the time<\/strong> to review your domain monitoring needs, and increase your investment in this vital data feed for security and compliance. <\/p>\n\n\n\n

And here lies the first really important point from a compliance perspective: You need to police your centralized domain name management policy. Policy without controls is worthless. Your control is domain name monitoring.<\/em><\/strong> Within the identified domains, you\u2019ll find those registered in good faith (however misguided) by your employees and perhaps even outside agencies. You need these under your centralized management not only to be compliant with your policy but for a host of security reasons.<\/p>\n\n\n\n

Monitoring digital assets for domain security<\/h2>\n\n\n\n

Digital assets including domains, domain name systems (DNS), and\ndigital certificates, are fundamental building blocks for your business. They\u2019re\nthe means with which you communicate with clients, each other, and your\ninternal networks. Sadly, digital assets are vulnerable to the risks of poor\nmanagement and are increasingly targeted by cyber criminals who hijack online\npresence and web traffic, and impersonate businesses, duping clients and staff\ninto sharing valuable and confidential information.<\/p>\n\n\n\n

The generally accepted security approach is to consolidate under as few enterprise-class providers as possible for easy, more secure management. This should be done by surveying your organization (including marketing, legal, and IT) to understand their business needs from these assets, what they already own, and who has access. You will also need to ask your providers and registrars to undertake external audits for you.<\/p>\n\n\n\n

These security reasons become clear when you realize that an important aspect of auditing and consolidating your portfolio\u2014which is often overlooked\u2014is understanding your company\u2019s business critical domains. That is, domains that underpin the successful operation of your business via the web, email, voice-over IP, virtual private network access, and more\u2014as well as the specific DNS and digital certificates those critical domains use.<\/p>\n\n\n\n

Without an appreciation for these vital assets:<\/p>\n\n\n\n