Originally aired on March 30 @ 5:30 AM - 6:00 AM EDT
Welcome to Cloudflare CIO Week 2023!
This CIO Week we’ll demonstrate how Cloudflare is helping CIOs keep data, devices and employees both safe and fast across hybrid and remote environments. We’ll show how Cloudflare accelerates digital transformation and modernizes networking and security towards a Zero Trust model.
In this episode, tune in for a conversation with Cloudflare's Angie Kim, and Nick Simmons.
Tune in all week for more news, announcements, and thought-provoking discussions!
Read the blog posts: For more, don't miss the Cloudflare CIO Week Hub But. Hello to our Cloudflare TV audience. I am Angie Kim, product director of Enterprise Systems, and I'm joined by Nick Simmons, who is our head of customer growth Operations. Hi, Nick. How's it going, Angie? Oh, good. Well, we excited to be part of CIO Week and be included in all of the amazing announcements. We're also happy to be here sharing about how our enterprise customers can start can get started on using products that are not part of their contracts. So just as a reminder, if you have questions, send them to live studio at Cloudflare Gateway and we'll do our best to answer them during our time here. But let's go back to that time not too long ago and set the stage. Can you describe to me what the process was like when a customer was interested or curious about a. Yes. So as you can imagine, it's very common for existing customers to want to learn more about new products and try new products. And in the past, there was a I think, of as kind of a crazy process for doing that, sort of a three step process. So step one is either they'd reach out to their account manager or the account manager would reach out to them. Then step two is usually over the course of a couple of different conversations, the account manager would determine whether this customer met some criteria for a proof of concept or, in other words, a trial. And then finally, they'd work with a sales engineer to try the product for a fixed period of time before deciding if they want to buy or not. And this process makes sense for some customers, and that's a very traditional type of or sort of process for buying an enterprise service. But in a lot of cases, either because the product is easy to implement or maybe just the customer really knows what they're doing, it's kind of a crazy process, really cumbersome and high friction process for customers. So what is there? Was there a sense of urgency that the customers had in wanting to get access sooner rather than later? As part of the new process or the old process? The whole process. I think with the old process, I mean, it depends if there was a sort of launch that was coming on their side or some sort of event on their side and there could be some urgency. And then I'd say the other urgency once they start is we would set these artificial limits on the customer's usage in their proof of concept, and that would create this additional urgency, which if we're being honest, it doesn't exist for any reason other than to make life easier for the sales team, for the salesperson. And so it's a really it's the opposite of a customer centric and customer focused approach. So it sounds like overall there are opportunities where we could be more customer centric, like you said, make it an overall better experience for them, not have them be compelled with caps and things of that nature to make it a much more satisfying experience. So we know that there's a friction for customers that already have that relationship with us, and it shouldn't be so cumbersome for our customers to explore what Cloudflare has to offer, especially when we're looking so many things like think about all the things that are coming up this week. And I know that internally when we're facing a challenge, we go through developer docs and beta announcements just to see if there's something that we can use from the vendors that we have partners partnerships with, and especially if it's not our expert domain. Essentially, we want to be quick and nimble and flexible so that we're intentionally being proactive. We want to be self sufficient. Plus we already have that trusted partner and it takes a lot of paperwork and time to go through security reviews and any new vendors. And we also know that there are situations where getting that signature on contract less urgent than having to address things that are pressing for customers like a malicious actor or an attack. So we know that customers want to be able to move quickly and being able to not have to wait a salesperson and getting past all that necessary approval is critical. So that's why Nick and I are here. So what's new for enterprise customers today or now? Users with admin level access can go through the Cloudflare dashboard and start enabling products that are not part of their contracts today for the enterprise zone. So they're having to contact the sales team. So is a single click. Normally users would have seen before a message redirecting to their customer success manager or filling out a form to enter in their contact information. But instead we've removed all of that and made it extremely easy and quick. So why do we do this? Well, for some of the reasons that they had mentioned, it wasn't customer centric, but also by making it self service, we're not standing in our customer's way. This is a new workflow for us and we're excited that we're giving our customers the power to start exploring more independently. So when users enable the product, their accounts are going to be getting access to each of the products out of features. It should be enough for the users to get a sense of how the product works. But for whatever reason, if you need more, feel free to reach out to your sales team. And for instance, you need to increase the number of Zero Trust seats or waiting rooms, load balancing, origins, treatments. Those are just examples. Otherwise, like Nick said, we wanted to remove some of the friction with things like the caps in the amount of usage you consume or the monetary value. So we know that it takes time to evaluate how to configure the different features and learn about the capabilities that fit into the existing solutions. We don't want our customers to feel as though that they're completely alone during this time, so we still want to be part of that journey. So, Nick, with this new flow that we're we've implemented, what can the customer expect from the sales team during this time? Yeah, well, I think the simplest way of describing it is the customer can expect the sales team to try to help One of the the great benefits of implementing a process like this is the sales team's reason for reaching out used to be that the customer needed to talk to sales to be able to move forward with a proof of concept for the trial. Now, the sales person's kind of sole goal with the customer is isto help them. And so that can mean a range of things. One, it can be answering any questions they have about what it would look like to purchase one of these products to add it to their contract. In other words, or to it could be help with onboarding or implementing the product. So some of our products are really easy to implement and some are more difficult. And so and also obviously there's a wide range of knowledge that a customer has about how to implement these different products. And so yeah, so pricing and purchasing information and questions and then also onboarding and implementation help. Awesome. So what happens, you know, after some time a customer just comes to the decision that it's not that right fit. What happens? Are there any penalties that they're going to incur or what happens next? Yeah, no penalties. That's that's okay. That's part of I think if a customer isn't. Deciding they don't want to purchase some products they've tried. They're probably not trying enough products. We want to create an environment where a customer is excited and encouraged to try as many products as they want. And we don't want to put these artificial limits. So there's no penalties. There's no we're not going to charge you without telling you for something. This is truly a preview without any unreasonable limits or artificial limits to give you the chance, the space that you need to try the product out. Yeah. Yeah. And we want we want to have customers have the full customer experience for each of those products. So. So that was intentional. So we rolled this capability out in late October without any announcements. What has been the reception like from customers? Any surprises? Yeah, it's been incredible. I've been stunned, actually, at how much adoption there's been in a really positive way because we didn't proactively tell customers about this. I didn't know what to expect. I thought maybe some customers, like a handful of customers, would come across this in the dashboard and they would give it a try. But we're in a situation where we're going to completely, over time, over a relatively short period of time, the majority of our contract customers or our enterprise customers will be using these previous at least one of these previews. And so my main learning, we can go into it in more detail, but my main learning is that this is going to completely invert the customer facing motion for our sales team. So whereas before a customer was or a salesperson was maybe somewhat annoyingly reaching out to a customer to, to inquire about whether they have interest in a product, now the customer is telling us. And so that means that our salespeople can focus their time on much more customer centric activities. In other words, talking to customers about products in which they've already shown an interest. So that's been my biggest surprise, is just the sheer amount of adoption and the really rich customer conversations that are coming as a result. Yeah, I have to echo that sentiment because for me I underestimated how active our enterprise customers are in the dashboard. It's not just like a one and done and forget about it, but it's been encouraging to see the amount of adoption and engagement that our customers have had. And once they find a good match, I'm seeing that they're enabling it across the board. In addition to like surprises. What are the trends that you see happening with the different products that are being enabled? Yeah, So the three most popular products that we've seen have been rate limiting API shield and bot management. In particular, bot management is the one that's been, I'd say the most surprising to me. It's always been a product that has a lot of interest from our customers, but the configuration and implementation can be a bit complex. And so and so maybe this is a case where like I was underestimating our customers that there's sort of this maybe tendency on the sales team to think, you know, they really need us to be able to actually know like our customers are, are really smart. They understand these different products, They understand the pros and cons of previewing these things. And so it's been one of the top three products that have been reviewed. We've also seen a lot of uptake on certificate manager Argo images, load balancing and SSL process. So really across the board a lot of different kinds of products. And then we haven't yet enabled previews for all of our developer products, but we're we're seeing a lot of interest in those as well. And I would anticipate actually that that's where we're going to see the most uptake because this is the sort of traditional way that developer products are purchased. Yeah, Yeah. I mean, it's been great to see the adoption, especially when it comes to our application security suite. It just reinforces how good the Cloudflare products are. And yeah, like you said, maybe we're underestimating our customers nuances when it comes to being able to configure these themselves. So that's great. Any customer feedback that you've heard or share that can share or maybe within the internal team? Yeah. So it's kind of been three strands. I mean, the first one won't be a surprise based on the tone of this conversation is like, we love it. It's simple, it's easy, It's almost too good to be true. I think that the sort of second piece of feedback that customers are telling us that they're sort of like, Is there some catch to this? Is there some limit or something that I'm unaware of that you're not communicating clearly to me. And that's on the one hand, I think we need to continue to iterate on the way that we communicate these things and make sure that we're being really clear about what the expectations are for a customer. But on the other hand, I think it's a really good thing and it's a sign of how amazing a value this is for our customers. The third thing that we've heard from some customers is they'd love the ability not just to preview, but also to purchase. And so that's something that maybe you'll talk more about, but that's something that we're thinking about. But yeah, we love it too good to be true and we want to purchase it. Awesome. Awesome. So this is, like I said, completely new territory for us. And we know that this is just the beginning. So I know Nikki had mentioned a couple of products in the previous comments about what is being enabled, but we still have a handful of products that need this capability, like our you Cache Reserve image resizing. And I'm sure we're going to be playing catch up with the rest of the things that we have lined up for this year. There are some offerings that can't be completely self-service like China network and bringing an IP, but we want to reduce the back and forth that's happening between Cloudflare and the customer. So we definitely have opportunities for improvement there. Cloudflare registrars are evolving but won't won't be supported in this fashion. But in addition to just more product support, like Nick is saying, we do want to have more and more self-service capabilities for our contract customers and we want to be transparent by increasing visibility into what's purchased or how much is being used, because nobody likes a surprise like they could set. Customers are unsure what the gotchas are. There aren't any. We're not going to be giving you a surprise, Bill. So that's not our intention. We want customers to try out other products to see how they fit. And some things that we're evaluating is making the management of what's in a contract self-service and automated. So kind of like what Nick is alluding to, being able to purchase those different products themselves. We want it to be equivalent to what our pay as you go customers can do. I don't see any questions. Me Maybe chime in with one more piece of context on what you just said, Angie. So if I think about what you're saying, I think the broader vision here is we want to sell the way that customers buy, want to buy. And so in some cases, that's going to be a more traditional enterprise software approach that customers are maybe more used to for infrastructure products, applications, services, products. But in other cases. It'll be different. And so we want to have all the different the range of ways that a customer may want to purchase. We want to enable all of them. And so this the way that we tend to talk about contract customers and pay as you go customers, as you just sort of alluded to, that is a very binary way of thinking about a purchasing process and sort of the wall or the sort of the wall of that should sort of come down and the concept of pay as you go versus contract should really be the same thing. There may be some customers that want to buy everything through a contract. There may be some customers that want to buy nothing through contract or maybe some customers don't want to buy certain products through contracts and certain products pay as you go. And all of those possibilities should be OC and should be something that we enable for customers. Yeah, especially because we have customers that are going from the pay as you go cohort and graduating to the enterprise space. It should be a similar experience. It shouldn't be. So. So different. So yeah, we want to bring. You know, the same capabilities across regardless of the type of customer you are. Any other closing thoughts? Nothing for. me. All right. Well, thanks, Nick, for joining me. It's enlightening me here, what it's like for enterprise customers. And we are eager to see more and more adoption for those customers that have been leveraging this capability. Please, please, please share feedback with your sales contacts. Love it or hate it. What else can we improve on? We're always looking to evolve and iterate. And thanks so much to all those that are tuning in and look forward to all the other announcements that are going to come this week. So until then. Okay. Hi, Angie. Hi. be. Hi. We're Cloudflare. We're building one of the world's largest global cloud networks to help make the Internet faster, more secure and more reliable. Meet our customer, HubSpot. They're building software products that transform the way businesses market and sell online. My name is Kerry Muntz, and I'm the director of engineering for the Platform Infrastructure Teams here at HubSpot. Our customers are sales and marketing professionals. They just need to know that we've got this. We knew that the way that the HubSpot was growing and scaling, we needed to be able to do this without having to hire an army of people to manage this. That's why HubSpot turned to Cloudflare. Our job was to make sure that HubSpot and all of HubSpot customers could get the latest encryption quickly and easily. We were trying to optimize SSL issuance and onboarding for tens of. Thousands of customer domains. Previously because of the difficulties we were having with our old process, we had about 5% of customers SSL enabled and with the release of version 68 of Chrome, it became quickly apparent that we needed to get more customers onto HTTPS very quickly to avoid insecure browsing warnings with Cloudflare. We just did it and it was easier than we expected. Performance is also crucial to HubSpot, which leverages the deep customization and technical capabilities enabled by Cloudflare. What Cloudflare gives us is a lot of knobs and dials to configure exactly how we want to cache content at the edge and that results in a better experience, faster experience for customers. Cloudflare actually understands the Internet. We were able to turn on TLS one three with zero round trip time, which click of a button. That's a there's a lot of technology behind that. Another pillar of HubSpot experience with Cloudflare has been customer support. The support with Cloudflare is great. It feels like we're working with another HubSpot team. They really seem to care. They take things seriously. I filed cases and gotten responses back in under a minute. The quality of the responses is just night and day difference. Cloudflare has been fantastic. It was really an exciting, amazing time to see when you have teams working very closely together, HubSpot on one side and Cloudflare on the other side on this mission to solve for your customers problems, which is their businesses. It really was. Magic with customers like HubSpot and over 10 million other domains that trust Cloudflare with their security and performance, we're making the Internet fast, secure and reliable for everyone. Cloudflare. Helping Build a Better Internet. We're betting on the technology for the future, not the technology for the past. So having a broad network, having global companies now running at full enterprise scale gives us great comfort. It's dead clear that no one is innovating in this space as fast as Cloudflare is. With the help of Cloudflare, we were able to add an extra layer of network security control by alliance, including DOS Cloudflare Users. Cdn also allows us to keep costs under control and caching and improve speed. Cloudflare has been an amazing partner in the privacy front. They've been willing to be extremely transparent about the data that they are collecting and why they're using it, and they've also been willing to throw those logs away. I think one of our favorite features of Cloudflare has been the worker technology. Our origins can go down and things will continue to operate perfectly. I think having that kind of a safety net provided by Cloudflare goes a long ways. We were able to leverage Cloudflare to save about 250,000 within about a day. The cost savings across the board is is measurable, it's dramatic, and it's something that actually dwarfs the yearly cost of our service With Cloudflare. It's really amazing to partner with a vendor who's not just providing a great enterprise service, but also helping to move forward the security on the Internet. One of the things we didn't expect to happen is that the majority of traffic coming into our infrastructure would get faster response times, which is incredible. Like Zendesk just got 50% faster for all of these customers around the world because we migrated to Cloudflare. We chose Cloudflare over other existing technology vendors so we could provide a single standard for our global footprint, ensuring world class capabilities in bot management and web application firewall to protect our large public facing digital presence. We ended up building our own fleet of proxy servers such that we could easily lose one and then it wouldn't have a massive effect. But it was very hard to manage because we kept adding more and more machines as we grew. With Cloudflare, we were able to just scrap all of that because Cloudflare now sits in front and does all the work for us. Cloudflare helped us to improve the customer satisfaction. It removed the friction with our customer engagement. It's very low maintenance and very cost effective and are very easy to deploy and it improves the customer experiences big time. And Cloudflare is amazing. Qatar is such a relief. It's very easy to use its first Cloudflare to replace the first level of defense for us. Cloudflare has given us peace of mind. They've got our. Backs. Cloudflare has been fantastic. I would definitely recommend Cloudflare. Cloudflare is providing an incredible service to the world right now. Cloudflare has helped save lives through Project Fair Shot. We will forever be grateful for your participation in getting the vaccine to those who need it most in an elegant, efficient and ethical manner. Thank you. This video will walk you through how to export excess logs to a third party SIEM and security intelligence platform using log push. For this demo we'll use an active Cloudflare domain with access enabled and a pre configured Google cloud storage account. To learn more about how to configure Cloudflare Access, please visit the developer documentation at developers. Cloudflare Backslash Access. The first step to exporting your Cloudflare Access Logs is to log into Cloudflare and choose an active domain that has Cloudflare Access enabled. After logging in Navigate to the analytics app in the Cloudflare dashboard, then click the logs tab. Here you can set jobs to push your logs outside of Cloudflare's platform. Cloudflare supports different destinations such as Amazon SE three, Google Cloud Storage, Sumo Logic and Microsoft Azure. For this demo we'll use Google Cloud Storage after choosing your preferred service, which in this case is Google Cloud, click next to configure the bucket path. The first step is to name the bucket. This name should be consistent with the bucket name in Google Cloud. The next step is to define a subfolder for Cloudflare to push your logs. You have the option to set daily subfolders, so let's choose. Yes. Cloudflare pushes the logs to date and subfolders. So it's very important to set the bucket permission to allow Cloudflare to push logs. Now that the bucket path is defined, you need to set the root copy the IAM user listed here. Now you need to head to Google Cloud storage to add that user. Navigate to Google Cloud Storage. Click Add members and paste the user from Cloudflare into the new member field. Select the storage object admin role which gives full control of Google Cloud storage objects. Click Save to complete. Now we need to head back to the log push configuration in the Cloudflare dashboard and validate the access. Click validate access. When clicked, Cloudflare sends a test file to your destination to validate the access and prove ownership. Now let's go back to Google Cloud. Click Objects. Here you see a new folder created with today's date. Click the folder and you should see the test file from Cloudflare. Click the file, then the link URL. And copy paste the ownership token into the LUG push configuration within the Cloudflare dashboard. Then click prove ownership. Now that the ownership has been validated, you need to choose a data set. I'm going to select the HTTP requests. You'll see a list of fuels to add to the logs, including cash, performance metrics, firewall, etc.. For now, I'll choose the default selection. If you click advanced settings, you'll see that you can set the timestamp format or choose to only send a random sample percentage of your logs to decrease the log value. Let's stick with the defaults and click save and start pushing to complete the log push configuration. Now that the log push configuration is complete, I need to use the log push API to import the data fields from Cloudflare to the Google Cloud platform. For this we'll use plus nine an API client that eases the work of doing API manipulation. The first step is to get the idea of the job I've just created. To do this, run the following API request. After sending the request to the API, you'll see the job ID. The second step is to update that job with the job ID from the previous API request. Take the job ID, add it to the end of the following API request and change the request to a put. After clicking send the same log push fields that you configured in the Cloudflare dashboard will be added to the Google Cloud platform with the request headers at the end. After sending the request confirm that there are no errors. The job has been updated with the same ID and the fields list is available, including the request headers. Now that the job has been updated, let's check the bucket for the logs. You should see the authenticated user aligned with the request. After reviewing, you'll see that for all of the requests, there are specific fields and request headers with the c f dash access dash users, which gives a list of authenticated users that have been granted access to the applications. This concludes the video walkthrough on how to export excess logs to a third party scene and security intelligence platform using log push. If you have any questions or want to use access to secure other applications or resources, visit teams. Dot Cloudflare dot com Backslash access. Q2 customers love our ability to innovate quickly and deliver what was traditionally very static old school banking applications into more modern technologies and integrations in the marketplace. Our customers are banks, credit unions and fintech clients. We really focus on providing end to end solutions for the account holders throughout the course of their financial lives. Our availability is super important to our customers here at Q2. Even one minute of downtime can have an economic impact. So we specifically chose Cloudflare for their Magic Transit Solution because it offered a way for us to displace legacy vendors and the layer three and layer for space, but also extend layer seven services to some of our cloud native products and more traditional infrastructure. I think one of the things that separates Magic Transit from some of the legacy solutions that we had leveraged in the past is the ability to manage policy from a single place. What I love about Cloudflare for Q2 is it allows us to get ten times the coverage as we previously could with legacy technologies. I think one of the many benefits of Cloudflare is just how quickly the solution allows us to scale and deliver solutions across multiple platforms. My favorite thing about Cloudflare is that they keep development solutions and products. They keep providing solutions. They keep investing in technology. They keep making the Internet safe. Security has always been looked at as a friction point, but I feel like with Cloudflare it doesn't need to be. You can deliver innovation quickly, but also have those innovative solutions be secure.