DNS is the first step in any communication on the internet, determining the availability and speed of a customer’s first interaction with applications or content. It’s obvious why DNS services are so crucial for e-commerce companies. In 2021, a one-hour DNS outage caused Amazon to lose an estimated $34 million in sales. And companies that experience frequent downtime incur costs that are 16 times higher than those with infrequent downtime.

Healthcare organizations also need reliable and fast DNS services for reasons other than revenue and customer engagement. For healthcare providers, DNS downtime can impact patient health — and even lives. Here are just a few examples of the catastrophic possibilities that can result from even a few minutes of DNS-related downtime:

• An ER doctor can’t access a patient’s electronic health records at a critical moment in that patient’s care, including lab test results and medication lists.
• Medical professionals lose the ability to communicate through electronic channels.
• Hospital administrators are unable to retrieve insurance records that determine the course of patient care.
• Healthcare organizations risk failing to comply with government and industry regulations.

Healthcare organizations, just like their e-commerce counterparts, need to make DNS trust a foundational component of their service architecture. However, trusted availability takes work to achieve. It requires an extensive and robust server network that keeps services online and delivers the required performance. Such a network would need enough capacity for incoming traffic to mitigate surges in DNS requests and fend off DDoS attacks. And it may require the management of multiple domains with role-based access and advanced automation.

Choosing a purpose-built, managed DNS service is the safest and most cost-effective way to achieve DNS trust. But what should healthcare companies look for when evaluating the best-managed DNS option for their needs? Here are three things that should be at the top of the list:

100% continuous uptime

Many managed DNS services offer high (99.99%) uptime assurance; a few even provide 100% uptime SLAs that give you a refund or service credit when they fail to meet them. But for healthcare organizations, a 100% SLA backed by a refund is insufficient, given the potential impact on health and safety dangers inherent in any downtime. The DNS service has to have a track record of delivering. To ensure DNS trust, healthcare organizations must analyze the historical performance of a managed DNS provider to confirm whether they truly provide the infrastructure, resiliency and expertise to deliver on their SLA.

This analysis should make sure that the vendor provides the following features that contribute to ensuring 100% uptime:

• A purpose-built DNS network with global points of presence (PoPs) to field billions of queries per day. Don’t settle for a managed provider that uses virtual machines (VMs) in third-party cloud instances or rebrands another company’s DNS offerings.
• A secure network that can withstand a broad range of DNS-based attacks regardless of size or complexity. This network should include built-in protection against DDoS attacks and DNS security extensions (DNSSEC) support.
• Multi-tiered redundancy with automated failover to assure continuous uptime and blazing-fast performance. If a server goes down or is overloaded with traffic, other servers automatically take over to maintain availability, regardless of whether an outage is localized or regional.
• Ease of use for complex environments. This includes features like a well-documented REST API for automating tasks and instant updates of DNS records that propagate across a global network of nameservers within a few milliseconds.
• Advanced traffic-optimization capabilities. These include geo-aware routing, support for multi-CDN scenarios and dynamic routing based on network health and status.
• Robust analytics and anomaly detection. Because DNS traffic monitoring leads to insights across every single digital service, it’s an essential foundation for service planning.

Centralized management of domains and records

Large healthcare organizations span many types of entities — some regional, some national and some, as in the case of pharmaceutical companies, global. A typical pharmaceutical company has thousands of domains used for a host of reasons, such as:

• Drugs that are marketed as different brands, requiring the need for multiple websites.
• Content based on region and language (e.g., drug.co.uk, drug.mx), requiring the need for multiple websites.
• Domains that are bought defensively (e.g., .net, .org, .io) to prevent bad actors from misusing a brand name or other piece of intellectual property.
• Domains that come from acquired companies that need to be integrated into the larger organization (and that probably use different DNS solutions from the parent company).
• Routing of traffic regionally, for compliance purposes.

Accumulating domains and associated records and required traffic routes too often results in separate administrative silos across multiple DNS providers. However, managing different services places an impossible burden on IT teams across the organization, and it can lead to domains being overlooked and insufficiently protected. A managed DNS solution should consolidate all domains under a single platform that simplifies and unifies domain management. In addition to significantly reducing the burden on IT, such a solution enables IT to align with InfoSec about how configurations should be managed for digital risk protection, compliance requirements and faster performance. Furthermore, working with one vendor streamlines overhead for the IT team.

Granular role-based controls using APIs and automation

In addition to centralizing management of multiple domains, healthcare companies must also be able to limit access to domains by role and automate enforcement of this access in a granular way. In practice, however, it’s often difficult to do both. Before buying DigiCert DNS Trust Manager, one healthcare customer found that the only way to limit domain access was to contract with separate managed DNS service providers as a workaround — which became problematic as the company started acquiring other companies. In addition to causing silos and security gaps, as described in the previous section, this workaround couldn’t scale with the company’s growth.

That’s why healthcare companies need a single DNS provider that supplies the capability to set up role-based access for API connections. The best way to achieve that is by leveraging API keys that give users the credentials only to access the domains relevant to their job. A developer, for example, can execute code to turn up a cloud instance and modify records using their unique API without worrying that someone else might inadvertently change those records. Similarly, the developer can accomplish their job without the marketing team worrying that their email records will accidentally change.

Automation further helps with limiting access by enforcing role-based controls. A company with 10,000 or more domains can’t expect to manually change and update records, let alone worry about whether employees have access to domains they shouldn’t. Moreover, they need a way to revoke access to domains should an employee change roles or leave the company. A managed DNS service provider that can automate the use of APIs to streamline domain management hardens security and allows for rapid scaling.

How DigiCert is helping healthcare companies deliver DNS trust

At DigiCert, we’ve helped healthcare companies — from pharmaceutical companies to hospital chains and specialty clinics — achieve the important goals of ensuring continuous availability, fast and reliable performance, and consolidated domain management. In addition to being the only managed DNS service that can boast 100% uptime for more than 12 years, DigiCert DNS Trust Manager has helped healthcare organizations solve a variety of challenges, such as:

• Ensuring uninterrupted access to critical systems, applications and online resources.
• Safeguarding disaster recovery and business continuity plans in the event of infrastructure failures or natural disasters.
• Overcoming latency, resolution speed and accessibility challenges through the use of DNS Trust Manager’s global network of DNS servers and its comprehensive Anycast routing technology.
• Improving domain management by streamlining and automating DNS management processes that reduce administrative overhead, minimize errors and improve overall operational efficiency.
• Scaling seamlessly to handle increased demand to support the expansion of operations, the launch of new services or business growth.
• Protecting against unauthorized access and data breaches, as well as complying with government and industry regulations, such as HIPAA and GDPR.

With more than two decades of industry expertise, our team of DNS product specialists has designed a DNS solution renowned for its exceptional uptime record, setting the benchmark for the industry. By ensuring DNS trust, healthcare organizations can focus on their primary objective to improve and safeguard patient health. This is where digital trust meets the real world.

To learn more about how DNS Trust Manager can help your healthcare organization with these and other DNS-related goals or to schedule a demo, email dnssales@digicert.com.