For those of you who know me well, you will be aware I am an advocate of the principles outlined in Peter Senge’s Learning Organisation model and how a passion for learning influences healthy behaviours in the workplace. This is an area of focus for the Com Laude team. We have a vibrant evolving culture and consistently strive to apply our learnings to every-day work situations. The effect being continual service improvement whilst enhancing our engagement levels.
So, along with a bit of self-reflection (says he having recently entered a new decade… Senge also talks to celebrating the milestones!) and in the spirit of taking learnings onboard, this month I wanted to draw on a couple of items that caught my attention – with thanks to Andy Jenkinson and our partners at NS1 for sharing.
Earlier this month, the importance of properly configured SSL certificates was highlighted by Andy Jenkinson, of CyberSec Innovation Partners. I’ll briefly summarise.
A cyberattack took place, resulting in a ransomware gang gaining access to data at an Australian Cancer centre – and demanding a ransom to return the data to its original state. This followed on from a new digital certificate being placed on the centre’s website. However, it appears that there was a configuration error, which rendered the new certificate effectively useless. The consequence – a website that was not secure and exposed to exploitation.
This example of how a simple mistake can lead to significant continuity issues raises all sorts of concerns. Alas this wasn’t an isolated case, and whilst some companies can count themselves lucky not to be exploited in the same way, many will be thinking it could have been them. And yet we see so many organisations that do not co-ordinate the management of their domains with the associated encryption certificates. They often “assume” someone internally is doing the right things, on a timely basis; across what can be large numbers of certificates from many different vendors deployed across increasingly large domain estates.
But domain security is essential – the consequences of not being secure can be dramatic, impacting revenues and reputations – and yet so many businesses leave themselves vulnerable.
Consolidation of domains and SSL certificates in a single portal with a trusted provider can bring order to the chaos – and mitigate a substantial amount of the risk while retaining control. Having a genuine 360 view of how your digital assets are configured and performing. And – get this – it may even save you money.
I’d say there is valuable learning here.
Onto the next learning, where the absence of security protection for DNS traffic is exploited by cybercriminals. Data theft, phishing and ransomware often swiftly follow – not to mention malware distribution and Denial-of-Service attacks.
This is definitely an area where a modest cost investment is substantially outweighed by the benefits. And our partners at NS1 kindly shared an interesting article recently – reflecting on the importance of website performance and availability, via resilient DNS, for retailers. It demonstrates how a critical source of competitive advantage (through website performance) can fast turn into a major problem with enduring consequences.
NS1 noted interesting facts – where infrastructure capacity was unable to cope with unexpected spikes in DNS traffic (malicious or otherwise) in the retail sector:
These statistics relate to online retailers. Yet I would say any business wanting to give a “high performance” user experience, maintain their reputation and revenues while mitigating the potential for business disruption should utilise a resilient Enterprise-grade DNS provision. A must-have, not a nice-to-have in the highly competitive digital world.
In fact, I would be so bold to say that having Enterprise-grade DNS is an essential provision in all businesses.
Any business which depends on the online environment is a target for cyber crime. And sadly it is not a matter of “if” but “when”. Being on the front foot is essential – both in robust management of SSL certificates and DNS traffic. This will make your business better prepared to prevent or mitigate the risks. As Benjamin Franklin said in 1735 “An ounce of prevention is worth a pound of cure”.
So having a single portal for domains, where SSL certificates can be acquired and easily configured, and Enterprise-grade Managed DNS is provided as standard with easy intuitive management doesn’t just make a lot of sense, it puts security first.
Imagine all your digital assets and traffic expertly managed in one convenient location – with life cycles/renewals managed for you.
If this sounds appealing, or if some of these issues ring true for your business, please get in touch.
We’ll happily help you apply the learnings.
The portal is designed to be extendable; with modules that deliver the full range of client-shaped domain services. To manage the life cycles of portfolios of domains and related assets of all shapes and sizes – a task where Com Laude truly excels.