Managing a domain name portfolio for Key Accounts: challenges, roles, good practices

What does being a domain name portfolio manager involve?

First of all, it’s important to remember that very few organisations can afford to have someone dedicated to managing domain names. Instead they seem to invest in this occupation once they have over 5,000 domain names in their portfolio. Below this threshold, it’s a responsibility that often falls to the person in charge of intellectual property (who therefore manages a brand portfolio), IT (the person who configures DNS servers) or cybersecurity since domain names are a widely used vector of attack.

Managing a domain name portfolio means supervising a considerable number of different parameters that allow a business or organisation to exist on the Internet – legal, technical, marketing and IT. A good domain name manager is curious, they have a firm grasp of the key operating principles of the DNS and they also know how to react when the company is attacked (phishing, slamming, etc.).

What are the main risks that an organisation’s domain names can be exposed to?

The first risk is negligence when it comes to keeping up with renewals. An expired (or lost) domain name is an industrial accident – everything stops instantly. Education, organisation, accountability and governance surrounding domain names are paramount. Other risks also need to be taken into account. Firstly the risk of being hacked or having domain names stolen; there are ways to protect against this but you need to know what they are. A domain name can also be used by a third party as a vector of attacks such as phishing or cybersquatting which are very common techniques that require a certain amount of organisation to protect against. Using domain names was incidentally one of the top 10 methods behind phishing attacks in 2023¹.

What are the different types of protection organisations can put in place to secure their domain name portfolio?

The danger is often too much automation on the part of registrars combined with weak protection of domain name administration consoles. A login and password aren’t enough to secure digital assets. So it’s not only the choice of registrar that is essential, but also the use of protection systems. The .FR Lock service provided by Afnic is a great means of combating domain hijacking. And it’s also ANSSI’s first recommendation when it comes to domain name security.

Some big groups have independent subsidiaries and brands. How can an organisation with a decentralised structure secure its portfolio while allowing branches autonomy in the acquisition of domain names?

Centralised domain name portfolio management is a dream that not all companies unfortunately can make a reality. The culprits behind this situation are corporate culture and the interests of the different stakeholders who are unable to come to an agreement or to hand over their responsibility for these assets which as they know all too well are vital for the company. Some organisations resolve the problem by implementing more or less dense and restrictive internal policies, while others use delegation tools that allow several users to connect to a platform with different user rights in order to carry out operations within well-defined domain name perimeters. Multiple solutions often exist, and are put in place on a case-by-case basis within companies. Working with a corporate registrar offers the advantage of flexibility and makes it possible to adapt to these different models.

What roles do business partners play in securing a domain name portfolio?

They play a fundamental role given that an organisation’s level of security generally corresponds to the weakest link in the chain. It all comes back to the choice of a registrar again, but also to the choice of TLD and therefore registrar given that some TLDs do not offer sufficient protection mechanisms. Choosing an unusual domain to communicate via on the Internet sometimes means taking a risk, whereas some TLDs are already able to offer security services and therefore user confidence.

1 – Security Boulevard