Takeaways from the Recent DNS Hacking

Companies that use the web (for their website, e-mail, and web-based applications needs, for example) may have been affected yesterday if GoDaddy is their DNS provider. DNS, or Domain Name System, works as a key component of our Internet’s functionality by translating “humanized” hostnames (URLs) into more complicated IP addresses without affecting end users. When it comes to DNS setup, the devil is in the details.  In all aspects, security is only as strong as its weakest link. All forms of security must be seen as multiple layers:  physical, logical, and methodical.  Without any one of those, security will not be complete, or long-lived. First, physical security deals with the physical safety of data centers and their servers. For example, what measures are in place to protect intruders from gaining access to the server room, are there measures to protect the building against natural disasters, etc.? The second component is logical security, which protects the behind-the-scenes technology. There must be firewalls, anti-hacking measures, coding, and much more to prevent breaches. And the last piece of the puzzle is the methodical layer, which refers to the human factor of security. (I.e. Is your password written down on that piece of paper you misplaced, are your employees trustworthy, etc.?) What happened yesterday was a denial of service attack on GoDaddy’s DNS servers.  Not knowing all the details of GoDaddy’s setup, end users should always ask themselves if they have redundancy not only in their network, but also outside of their network.  Do they employ the three layers of security? Also, is your domain set up with multiple providers? Cloud providers work the same way; we MUST address these types of questions.  In order to gain our clients’ trust with their data, it is essential to do this. As a Cloud provider, we are constantly challenging ourselves to raise the bar of fault tolerance whether it be at a single site, multiple sites, multiple regions, or multiple continents. And as more and more companies are moving to the Cloud, some might ask if what happened with GoDaddy’s recent hacking could also happen to their Cloud provider. Outages like this are good, and productive, for the Cloud/Internet industry as a whole because it reminds us to keep pushing ourselves to the next level. I guarantee Cloud providers all over the world are currently asking themselves, “Are we ready for an attack such as the one experienced by GoDaddy?” However, security breaches like yesterday’s are not isolated to the Cloud, but rather lie in your company’s DNS setup on the web. Bottom line, yesterday’s take-away for all businesses should be: make sure your domain name is set up with not only multiple DNS servers, but with multiple providers.