As zero trust gains momentum, it’s upending how we approach security in general and network architecture in particular. And it’s about time. The prevailing assumption that we should inherently trust internal users, networks, and systems is no longer valid, as proven by an endless stream of data breaches.
The advantages of a zero trust approach are clear and compelling, but questions and challenges abound for network and security professionals tasked with implementing the architecture. Will they have to replace the entire network infrastructure? Is micro-segmentation a realistic goal? Does the cloud preclude the possibility of zero trust architecture?
The team at YourStory spoke to Jen Taylor, SVP & Chief Product Officer at Cloudflare — a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.
Taylor tells us how Cloudflare One differs from other zero trust security platforms and how it has enabled organisations to implement zero trust security.
Edited excerpts from an interview:
YourStory (YS): What kind of platform is Cloudflare One? How does it connect users to enterprise resources?
Jen Taylor (JT): Cloudflare One is Cloudflare’s Secure Access Service Edge (SASE) platform that combines network connectivity services with zero trust security services on one of the fastest, most resilient and most composable global networks. The platform dynamically connects users to enterprise resources, with identity-based security controls delivered close to users, wherever they are. Adopting Cloudflare One helps organisations improve workforce productivity, reduce cyber risk, and increase the efficiency of their technology stack.
YS: How is Cloudflare One different from other zero trust security platforms that offer the same services?
JT: There are multiple reasons why Cloudflare One is preferred by many customers. Today, over 10,000 organisations trust Cloudflare One to connect and secure their users, devices, applications, and data. Leaders at some of our largest customers choose us over the competition because we deliver more complete security, make their teams faster, and are easier to manage. They respect us as a long-term partner suited to innovate alongside them as they modernise their networking and security.
Reduced complexity: Cloudflare One simplifies life for IT and security teams. Instead of juggling multiple point solutions, administrators manage Cloudflare’s entire portfolio via one interface and one API. Customers value our easy setup and operations, and some solve their first use cases within 30 minutes.
Network resiliency: Our end-to-end traffic automation ensures reliable and scalable network connectivity with consistent protection from any location. With Cloudflare, every edge service is built to run in every network location, available to every customer – unlike with other security providers.
Enterprise agility: No vendor can adapt to customer needs the way Cloudflare can. Our composable architecture adjusts to any unique use case for our customers, and we ship new capabilities rapidly to evolve alongside our customers.
User experience: Cloudflare is able to deliver the consistent, lightning-fast security experiences around the world that modern organisations expect. Our network – which spans 285+ cities and sits within 50ms of 95% of internet users – is designed to ensure the shortest round trip times to connect any users, whether in the office or remote, to any application.
Innovation velocity: For long-term security modernisation journeys, customers trust in Cloudflare’s track record of rapid innovation and value our flexible architecture to adopt new security standards and technologies and stay ahead of the curve.
YS: Can you take us through how Cloudflare One has helped organisations implement zero trust security?
JT: A Fortune 500 telecommunications provider secures application and internet access for over 100,000 hybrid workers across Europe, India, and the US with Cloudflare.
Over the past few years, it has partnered with Cloudflare to shift security controls from on-premise appliances to the cloud. Specifically, the company replaced Cisco Umbrella and leverages Cloudflare’s simple, cost-efficient DNS filtering to protect remote and in-office users from malware, phishing, and other internet threats. Plus, the company has implemented identity-based, zero trust policies for hundreds of applications across AWS, Azure, and other cloud environments. (Read more)
Cloudflare has helped Brazilian fintech Creditas reduce the time to deploy and secure new applications by 90%. Specifically, Creditas administrators benefit from a simplified and consistent policy creation workflow within Cloudflare that has obviated the need to recode or reconfigure security policies for individual applications. (Read more)
YS: What are some of the security issues that companies can avoid by adopting Cloudflare One?
JT: Today, CISOs, CIOs, and CTOs are largely focused on security challenges related to hybrid work, which, for many organisations, requires a comprehensive modernisation of their IT and security approach. Our customers see Cloudflare One as the easiest path to secure hybrid work for improved team productivity and protection from cyber risks.
Hybrid work also means that organisations are grappling with a significantly expanded attack surface across remote users, unmanaged devices, and offices. In response, we see organisations turn to Cloudflare to strengthen their threat defence. This means preventing ransomware, multi-channel phishing, and other damaging attacks, which can be expensive to both a company’s brand and wallet.
YS: How does Cloudflare One help reduce reliance on slow, risky, and time-consuming VPNs?
JT: We help organisations take a proactive approach to stop threats by monitoring and filtering traffic for any user across every web, email, and cloud source. Part of doing that means delivering seamless IT experiences. Securing access with Cloudflare One means shifting towards a faster, simpler, and less intrusive zero trust approach that keeps safer and more productive than traditional location-based approaches.
For example, this helps to reduce reliance on slow, risky, and time-consuming VPNs and streamlines authentication for risky third parties and contractors. We also equip administrators with controls to prevent data leaks and compliance violations, block insider threats, and reveal unsanctioned SaaS applications (also known as Shadow IT).