Unable to find a registrar it could consider “high-security,” CloudFlare has launched its own domain registrar for high-profile enterprises, the company announced Tuesday. CloudFlare says that while each domain name is only as secure as the registrar that maintains it, the highest-value domains in the net are maintained by registrars with “limited security features” appropriate to the broader consumer market.
Large enterprise CloudFlare customers can protect their web domains from unauthorized changes by outside attacks or rogue employees with CloudFlare Registrar, the company said. Between the difficulty enterprises can have detecting domain hijacking, and the potentially labor-intensive, expensive, and reputation-damaging process involved in reclaiming a domain, organizations have an incentive to demand extra security for their domain.
“CloudFlare Registrar isn’t for the masses, it’s for organizations that would make a front-page story if they lost their domains,” Matthew Prince, co-founder and CEO of CloudFlare said in a statement. “There are plenty of great mass-market registrars available today, but now high-profile organizations don’t need to settle for a one-size-fits-most security approach when it comes to their online brands.”
CloudFlare is targeting a specific market with this new offering, so it won’t be cannabalizing the registrar business of many of its existing partners who offer mass market domain registration. However, CloudFlare’s other solutions, security and web optimization, run the gamut between individual website users and enterprise implementations.
The new solution protects against domain hijacking, expiration, or loss of control over an external account, CloudFlare said. It does so by integrating domain control and automatic renewal into the organizations IT workflow. Customizable security features include multi-stakeholder permission requirements for domain changes, along with multi-factor authentication.
The announcement laments the spotty implementation of various security features developed by registrars, registry operators, and even ICANN, and points out that measures like certificates rely on chains of trust in which one weak link breaks the whole.
Not just recognized brands, but also API providers could benefit from enhanced domain security, CloudFlare said, adding mobile application and IoT backend providers to CloudFlare Registrar’s target market.
“Customers who care enough about the security of their website to use CloudFlare are still at risk to domain hijacking via their registrar. By offering registrar services to CloudFlare Enterprise customers, we instantly eliminate the additional risk a third-party registrar may overlook,” Prince said.
Registrar Network Solutions launched a high-value domain security program WebLock in 2014 to address the same market gap.