These days, organisations with the largest domain name portfolios need to respond to three contradictory challenges: protecting their brand(s), securing their domain names and controlling their expenses. These challenges can be made all the more complex by the existence of a diverse portfolio acquired over the years by different departments and subsidiaries with no overarching rules.
In this interview lead by Lotfi Benyelles, Head of Consulting and Training at Afnic, Patrick Hauss, trainer and Corporate Development Manager at CSC Digital Brand Services, explains why it is vital for a key account to put in place a domain name portfolio management process and to train your teams in this role.
What does being a domain name portfolio manager involve?
First of all, it’s important to remember that very few organisations can afford to have someone dedicated to managing domain names. Instead they seem to invest in this occupation once they have over 5,000 domain names in their portfolio. Below this threshold, it’s a responsibility that often falls to the person in charge of intellectual property (who therefore manages a brand portfolio), IT (the person who configures DNS servers) or cybersecurity since domain names are a widely used vector of attack.
Managing a domain name portfolio means supervising a considerable number of different parameters that allow a business or organisation to exist on the Internet – legal, technical, marketing and IT. A good domain name manager is curious, they have a firm grasp of the key operating principles of the DNS and they also know how to react when the company is attacked (phishing, slamming, etc.).
What are the main risks that an organisation’s domain names can be exposed to?
The first risk is negligence when it comes to keeping up with renewals. An expired (or lost) domain name is an industrial accident – everything stops instantly. Education, organisation, accountability and governance surrounding domain names are paramount. Other risks also need to be taken into account. Firstly the risk of being hacked or having domain names stolen; there are ways to protect against this but you need to know what they are. A domain name can also be used by a third party as a vector of attacks such as phishing or cybersquatting which are very common techniques that require a certain amount of organisation to protect against. Using domain names was incidentally one of the top 10 methods behind phishing attacks in 20231.
What are the different types of protection organisations can put in place to secure their domain name portfolio?
The danger is often too much automation on the part of registrars combined with weak protection of domain name administration consoles. A login and password aren’t enough to secure digital assets. So it’s not only the choice of registrar that is essential, but also the use of protection systems. The .FR Lock service provided by Afnic is a great means of combating domain hijacking. And it’s also ANSSI’s first recommendation when it comes to domain name security.
Some big groups have independent subsidiaries and brands. How can an organisation with a decentralised structure secure its portfolio while allowing branches autonomy in the acquisition of domain names?
Centralised domain name portfolio management is a dream that not all companies unfortunately can make a reality. The culprits behind this situation are corporate culture and the interests of the different stakeholders who are unable to come to an agreement or to hand over their responsibility for these assets which as they know all too well are vital for the company. Some organisations resolve the problem by implementing more or less dense and restrictive internal policies, while others use delegation tools that allow several users to connect to a platform with different user rights in order to carry out operations within well-defined domain name perimeters. Multiple solutions often exist, and are put in place on a case-by-case basis within companies. Working with a corporate registrar offers the advantage of flexibility and makes it possible to adapt to these different models.
What roles do business partners play in securing a domain name portfolio?
They play a fundamental role given that an organisation’s level of security generally corresponds to the weakest link in the chain. It all comes back to the choice of a registrar again, but also to the choice of TLD and therefore registrar given that some TLDs do not offer sufficient protection mechanisms. Choosing an unusual domain to communicate via on the Internet sometimes means taking a risk, whereas some TLDs are already able to offer security services and therefore user confidence.
Afnic has added a new training course to its catalogue entitled “Managing and securing a portfolio of domain names – Key Accounts” to provide specific support to these structures. An upcoming training session is scheduled for 28 and 29 September 2023 with Patrick Hauss, trainer and Corporate Development Manager at CSC Digital Brand Services.
1 – Security Boulevard