Spring Clean Your House of Domains, DNS and Digital Certificates
By Ken Linscott
At the start of the year, many responsible for managing domain name portfolios may be considering spring cleaning!
Traditionally, such a task consists of a review to check that all domains in the portfolio serve a purpose either from a commercial or defensive perspective. The aim is to ensure budget isn’t wasted on domains of little to no value. It’s fair to say that for many organizations, this is a difficult process — almost as feared as actually spring cleaning our own homes — and thus sometimes it falls to the bottom of our to-do list or never gets done!
Given the importance of domains, the domain name system (DNS), and digital certificates to the successful operation of your businesses, neglecting your domain portfolio could risk your business operations. If you’re looking to undertake a domain portfolio review, then here are five key security considerations for you:
1. Look beyond the assets within your control. At times, the assets most at risk are those you don’t yet know about, so consider ways to identify them, such as using a detective control like domain monitoring.
2. Focus on the domains that are vital to your business, and ensure they have all the security controls required of a business-critical domain:
- Access controls (two-factor authentication, IP validation, and federated ID)
- Add preventative controls by enabling appropriate advanced security features (registry locks, DNS security extensions (DNSSEC), domain-based message authentication, reporting and conformance (DMARC), certificate authority authorization (CAA) records, etc.)
These domains, and the DNS they reside on, should be managed with enterprise-class providers with a 100% uptime guarantee.
3. Know your trademark portfolio and business plan for new brands and markets. Aside from registrations of active brands and trademarks, defensive domain name registrations are a necessary part of your optimal portfolio. You can’t register everything, but it’s necessary to proactively secure the names and combinations (such as myCSC) that could otherwise be picked up by infringers — where the cost of registration is better value for money than the cost of recovery. Your approach here will depend on many factors, the popularity of your brand, the type of industry you are in, your risk appetite, your experience with infringers, and of course, your budget. Prevention is better than cure, but the level to which you adopt this approach will be as unique as your brand, so an up-to-date understanding of your business plan is essential.
4. Understand industry trends and how it impacts your business and its operations. In 2019, we saw some of the largest data breaches to date; organized cyber crime at a global scale prompted governments to issue alerts and recommendations. 2020 doesn’t bode well either, and we are beginning to see hefty GDPR fines being levied on companies since its implementation in 2018. The industry is also reacting. Registries are making new registry locks available, the redaction of the WHOIS is impacting how companies deal with domain infringements, and there continues to be a push to reduce digital certificate validity periods. With many new developments to stay ahead of, work with your service providers who can help you factor in additional considerations as you review your domain security.
5. Rinse and repeat — finding new ways to streamline, automate, and conduct reviews more regularly. Blind spots like business-critical domains managed outside your control or without the appropriate security measures in place are a risk. The sooner these security blind spots are identified, the sooner you can mitigate the risks and give confidence to your business that you’re doing everything you can to stay secure.
What originally looked like a simple spring cleaning exercise can look like a far more complicated and important process for your organization. Not completing the task could mean poor ROI for your domains budget, and more worryingly, that there’s an increase in the likelihood of an outage for business-critical functions if a security blind spot are not detected and corrected in good time.
Our recommendation is to consider domain portfolio review as part of your daily exercise rather than an annual spring cleaning. Partner with a registrar who can undertake this work for you, and provide the insights you need to make the timely decisions for your organization.
This article originally published on Digital Brand Insider.
Written by Ken Linscott, Product Director, Domains and Security at CSC
Follow CircleID on Twitter
More under: DNS, Domain Names, Brand Protection
Read more here:: feeds.circleid.com/cid_sections/blogs?format=xml
IoT ecosystem association adds connected health and wellness to key verticals in face of COVID-19
The Internet of Things Consortium (IoTC), a business development association for the Internet of Things (IoT) ecosystem, announced it will add connected health and wellness to its key verticals of focus. Recognising the urgent need to advance IoT growth in a sector overwhelmed by COVID-19, IoTC and its member partners will prioritise innovation in connected health and
The post IoT ecosystem association adds connected health and wellness to key verticals in face of COVID-19 appeared first on IoT Now – How to run an IoT enabled business.
Read more here:: www.m2mnow.biz/feed/
Samea Innovation selects Sequans Monarch Technology for new smart building IoT solution
Sequans Communications S.A., has announced that Samea Innovation, provider of wireless products and design services, is using Sequans’ Monarch GM01Q module to provide the LTE connectivity for its new Sensoriis Smart Building Wireless Sensor. The Sensoriis device is an advanced IoT solution designed to monitor, collect, and analyse building status information, including temperature, humidity, air
The post Samea Innovation selects Sequans Monarch Technology for new smart building IoT solution appeared first on IoT Now – How to run an IoT enabled business.
Read more here:: www.m2mnow.biz/feed/
Lenovo Delivers Smarter Edge to Cloud Infrastructure Solutions to Unlock Data Insights
By A.R. Guess
According to a recent press release, “Today, Lenovo Data Center Group (DCG) expands its portfolio of IT infrastructure solutions. As companies implement Internet of Things (IoT) solutions and 5G technologies, an increase in connected devices drives an explosion of data created, analyzed, stored and managed from the edge to the core. For enterprises building end-to-end […]
The post Lenovo Delivers Smarter Edge to Cloud Infrastructure Solutions to Unlock Data Insights appeared first on DATAVERSITY.
Read more here:: www.dataversity.net/feed/
eSIM takes device and application security to another level
By admin
In this brand new Quickfire interview, Marco Bijvelds, Senior Vice President EAP at Kore Wireless, tells Jeremy Cowan, editorial director of IoT Now, what the key drivers and primary use cases for electronic Subscriber Identity Modules (eSIMs) are and if there are foreseeable challenges with security.
The post eSIM takes device and application security to another level appeared first on IoT Now – How to run an IoT enabled business.
Read more here:: www.m2mnow.biz/feed/