ℹ️ Welcome to CIO Week
Presented by: Corey Mahan, James Chang
Originally aired on July 26 @ 10:30 PM - 11:00 PM EDT
Welcome to Cloudflare CIO Week 2023!
This CIO Week we’ll demonstrate how Cloudflare is helping CIOs keep data, devices and employees both safe and fast across hybrid and remote environments. We’ll show how Cloudflare accelerates digital transformation and modernizes networking and security towards a Zero Trust model.
In this episode, tune in for a conversation with Cloudflare's Corey Mahan and James Chang.
Tune in all week for more news, announcements, and thought-provoking discussions!
Read the blog posts:
- Welcome to CIO Week 2023
- Weave your own global, private, virtual Zero Trust network on Cloudflare with WARP-to-WARP
- Bring your own certificates to Cloudflare Gateway
- Cloudflare is faster than Zscaler
- Introducing Digital Experience Monitoring
For more, don't miss the Cloudflare CIO Week Hub
English
CIO Week
Transcript (Beta)
Hello, and welcome to another segment of Cloudflare TV, CIO Week 2023 edition. We're super excited to be here today to share more about what's coming the rest of this week during CIO Week.
My name is Corey Mahan and I work on our product team here at Cloudflare and I am honored to be joined by James Shane, who works in our product marketing team.
And today we're going to talk to you a little bit about the who, what and why of CIO Week, why we're doing this, and why we're so excited to share some announcements up ahead.
We're going to talk a little bit or tease a little bit about the announcements and the different themes that we're going to talk through during the week.
And then we'll conclude with how to follow along during the week.
There's lots of things going on.
So to stay up to date with the latest and greatest, we want to give you a preview and insight into that so you can follow along and in a channel that is most appealing for you.
So to kick us right off, we kind of jump right into it. I'll introduce James and then hit it over to him to start talking through kind of the who wouldn't want.
James, over to you.
Yeah. Thanks, Corey.
And so, as Corey mentioned, this week is dedicated to chief information officers.
And for us, the CIO, who's nearest and dearest to our hearts is Cloudflare's own, Juan Rodrigues, so let's meet Juan.
When our product and engineering teams think about building new capabilities, he is their most invested and one of their most demanding customers.
Juan and his CIO peers have a multifaceted job that requires them to balance an organization's needs for today versus the needs of the future.
And they are responsible for some of an organization's most mission critical challenges.
Every day, they're thinking about how technology can drive strategic priorities, like figuring out how to deploy data analytics and automation, how to create new digital products and services, how to move applications and data to the cloud, how to reimagine the customer experience.
Overall, these types of high stakes, highly cross-functional initiatives roll up to this pursuit of digital innovation.
Now everyone has their own preconceived notion of what digital transformation entails, and every organization has some sort of digital transformation initiative going on.
So I won't try to cover every angle, but basically we're talking about modernizing IT and security to meet the modern needs of workforces, customers and businesses.
So all the while all those systems need to just work, which sounds simple enough, right?
But of course it isn't.
Accelerating digital transformation not only requires money, but also blood, sweat and tears over a sustained period of time from so many teams.
Here are just a few of the reasons why being a CIO is one of the toughest jobs out there.
One, putting in new technology can be expensive. Two, security and privacy requirements are constantly changing.
And three, getting legacy tools to work together in ways that meet those requirements can be really complex and time consuming.
And for that problem is only compounded by the fact that CIOs are working with so many disparate ecosystems of vendors moving on.
Of course, these challenges are not inherently new, but they are playing out against the backdrop of 2023 when it looks like hybrid work is here to stay.
So whether users are working from the home office or their favorite local cafe.
IT and security teams are on point to deliver consistent protection and experiences across any location and device.
This work from anywhere model is demanding a complete paradigm shift in how organizations think about keeping their workforce safe and productive.
So moving on, let's take a look under the hood at how most organizations set up their IT and security today.
You'll likely see a complex scramble that resembles something like this.
Now this architecture reflects too many point solutions, too many different routes per traffic without any real consistency across offices, office users, remote users, or third party users.
Plus, there's been a huge reliance over time on location centric tools like VPNs, firewalls, IPV, IP based controls that we're focused on that required users to back all traffic through traditional on-prem security appliances that you can see scattered on this slide.
This castle-and-moat approach to security is particularly hard to maintain and introduces lots of excessive risk now that users are working well beyond that traditional corporate perimeter, plus managing all of these disparate networking and security appliances is pretty unwieldy and can hold CEOs and organizations back from delivering the digital experiences they need to stay competitive.
So moving on, the aspirational goal for many CIOs is to move towards an AI security model that looks something like this.
Here we have one unified control plane that connects any user, whether in the office, remote or third party, to any destination, whether in public cloud, private data centers or in SaaS environments to meet the modern expectations of employees and customers.
That control plane needs to be fast, reliable, secure, on-demand and consistent wherever you are in the world.
And whatever services are running in the middle of this diagram, they need to be composable so that they work seamlessly together in combination with each other and integrate effectively with any third party tools you're working with.
This type of architecture is simpler for administrators, delivers a safer and faster experience for end users, and ultimately is more cost effective for budget holders like CIO.
Helping CIOs achieve that vision is Cloudflare aspiration to.
We want to be that network, that control plan that organizations just plug into.
And once plugged in, we can secure, accelerate and connect all that traffic from any part of your hybrid workforce to any cloud destination.
So this is Cloudflare's overall goal and some way to transition back to Corey, who's going to tell you a little bit more about how the announcements and innovations we have in store for this CIO Week help us get in that direction.
So Corey, back to you.
Awesome.
Thank you so much. James, yeah, it's super good to understand kind of the who and the what they're exactly to James's point, the chief information officer and the many, many hats and balls they have to juggle all at once.
But, for this CIO Week, we're kind of talking to directly those CIOs.
And when I say talking to you, we have features, we have partner announcements, we have new beta versions of products, we have some customer wins we want to talk about.
So we have a lot of things that go into these weeks, these innovation weeks, and this week is all around the CIO.
So we're really excited to kind of talk through those four kind of offerings or vehicles for getting the news and information out there.
But all of that will be based around kind of three core tenets.
And so I want to drill in here of what you should expect for CIO Week this year in 2023.
And that's first, as James kind of mentioned previously, is we enable the simplest, fastest path to Zero Trust and SaaS, right?
The kind of the buzzwords of the world.
But what that really means is a single control plane to manage all of the things, making it super, super easy to not only deploy but to manage going forward so that you as the CIO and your IT administrators and your various teams have less overhead in setting this all up and managing it.
It's quicker and easier to use and you can do so from one single dashboard.
So we're really, really excited about a lot of the announcements coming to kind of tell this whole sassy vision and what it looks like to be a single vendor.
Sas here, what you can expect from single vendor, sassy single vendor, sassy vendor like Cloudflare.
Next, we're going to talk a lot about having the right channel and technology partners, and we think it's very, very important.
If you want to go far, you need to go together.
And so what we're excited to announce here is some big announcements, deeply integrating with a lot of partners, not only our own partner network and kind of the advancements that we're making there.
So if you're a customer, what it looks like to take advantage of those services, but from the partner or the wider ecosystem, right, how you can arrive at a Zero Trust journey using the technologies that you likely already use.
And so we'll have a lot of announcements geared towards deeper integration with Cloudflare Products along with those of some pretty staple players when it comes to security and operating systems, business suite tools, etc., etc..
So we're really, really excited to share more there.
And then lastly is helping you streamline your multicloud strategy.
Cloudflare is the fabric of the Internet and we want to be your neutral control point, whether you're in cloud provider A or B or C or it doesn't matter.
We want to make sure that your applications running in those services are fast.
You can connect to them easily and then all those connections are secure no matter where your users are coming from all across the planet.
And any time maybe they're in the car today, they're in the office tomorrow.
The coffee shop, as James mentioned, wherever they're coming from, we want that connection to be safe and fast, no matter where that application is.
So I have a lot of announcements about what that looks like East-West traffic, cell traffic, all of the things when it comes to connection and how Cloudflare can really help you streamline.
So each day we'll have a new series of announcements.
Today is Monday, we're announcing CIO Week are kind watching the week.
Today you'll see a lot of announcements around visibility and speed, how we're the fastest network when it comes to zero.
Trust and visibility, getting insight into the things that are happening to help you ensure that your end users are productive, that they're moving and doing everything safely, as well as being able to troubleshoot things in a certain area before they become widespread.
So stay tuned for announcements on that.
Tomorrow, we're going to talk more on that single vendor success story.
Again, moving to a zero trust model, being able to connect all of your resources from one place for one vendor is what we want to achieve.
We want to make it very, very easy to use and save you money.
In the meantime.
Consolidation is the key here. We're going to talk about zero trust for CIOs explicitly.
What that means.
Talk a little bit about Cloudflare Security, how we've used some of our own tools and you'll hear from one tomorrow as well on some of the exciting things of what it's like to be Cloudflare CIO, but it's applicable to all CIOs out there.
This Thursday, as I mentioned, more on partnerships, really kind of stressing that Better Together story so that, you know, if you use one of our partners today that Cloudflare is no greater and vice versa.
So you get the most out of the most out of the technology that you already have.
And then when you're looking to expand to maybe do part of your digital transformation journey or migrate apps or services, you know where to go because it will work best with Cloudflare.
And then lastly, on Friday, we're going to talk about the cloud control plan, as I mentioned, kind of that fabric of the web of the Internet so that, you know, whatever you're connecting to, you know, that connection is going to be safe and it's going to be fast if you're using Cloudflare.
So we're really, really excited to Jim, all of these announcements, we have over 30 announcements this week for partners.
You'll see quotes and the like from fellow CIOs, fireside chats, et cetera, etc..
So a lot of a lot of things happening this week. We're very, very excited and we look forward to sharing more and more with you.
So there will be because there is so much there's lots of ways to kind of stay tuned and to find this information out.
And I'll hand it back over to James to kind of talk through how to follow along during the week.
Many different ways to follow along. The first and probably best way for you is to watch our hub page, which is going to be Cloudflare backslash CIO Week.
There you'll see all the latest blogs and popular TV segments, press releases that we're going to be talking about this week.
You can also follow along directly on our blog as well as tune in to Cloudflare TV for segments like this.
After the week is over.
Also, be sure to join us for a recap webinar where we're going to walk through a lot of the key announcements and what it means for your organization.
So that will be taking place January 18th at 10:00 AM Pacific and you can find details on Cloudflare dot com.
Before we end the segment, I'll just emphasize that one of the reasons we're so excited about this slate of innovation is that I feel that they really reflect Cloudflare's own journey as an organization since our founding in 2010.
Over the years, Cloudflare has grown to some over 3000 employees, and more recently we've shifted from a predominantly in-office culture to a largely hybrid model.
And the capabilities we're announcing this week help Cloudflare secure Cloudflare every day.
For example, our security teams need granular controls to help implement Zero Trust best practices, and our employees need to be safe fast.
And so when they access the tools that they use every day in their jobs.
So in our Welcome to CIO Week blog posts.
One talks about being customer zero for most of Cloudflare Products, and this means he is going to try everything first, giving lots of feedback and helping us improve them before shipping them to customers.
So our hope is that by the end of this week, the CI and those in your organization will view us as a trusted partner for your digital transformation, just like one does.
So thanks everybody for tuning in.
Really appreciate it.
And stay tuned for all the exciting stuff for CIO Week. We're betting on the technology for the future, not the technology for the past.
So having a broad network, having global companies now running at full enterprise scale gives us great comfort.
It's dead clear that no one is innovating in this space as fast as Cloudflare is.
With the help of Cloudflare, we were able to add an extra layer of network security control by alliance, including one of DOS Cloudflare users.
Cdn also allow us to keep costs under control and caching and improve speed.
Cloudflare has been an amazing partner in the privacy front.
They've been willing to be extremely transparent about the data that they are collecting and why they're using it, and they've also been willing to throw those logs away.
I think one of our favorite features of Cloudflare has been the worker technology.
Our origins can go down and things will continue to operate perfectly.
I think having that kind of a safety net provided by Cloudflare goes a long ways.
We were able to leverage Cloudflare to save about 250,000 within about a day.
The cost savings across the board is is measurable, it's dramatic, and it's something that actually dwarfs the yearly cost of our service With Cloudflare.
It's really amazing to partner with a vendor who's not just providing a great enterprise service, but also helping to move forward the security on the Internet.
One of the things we didn't expect to happen is that the majority of traffic coming into our infrastructure would get faster response times, which is incredible.
Like Zendesk just got 50% faster for all of these customers around the world because we migrated to Cloudflare.
We chose Cloudflare over other existing technology vendors so we could provide a single standard for our global footprint, ensuring world class capabilities in bot management and web application firewall to protect our large public facing digital presence.
We ended up building our own fleet of proxy servers such that we could easily.
lose one and then it wouldn't have a mass effect.
But it was very hard to manage because we kept adding more and more machines as we grew.
With Cloudflare, we're able to just scrap all of that because Cloudflare now sits in front and does all the work for us.
Cloudflare helped us to improve the customer satisfaction.
It removed the friction with our customer engagement.
It's very low maintenance and very cost effective and are very easy to deploy and it improves the customer experiences big time.
And Cloudflare is amazing.
Culture is such a relief.
It's very easy to use its first Cloudflare to replace the first level of defense for us.
Cloudflare has given us peace of mind. They've got our.
Backs.
Cloudflare has been fantastic. I would definitely recommend Cloudflare.
Cloudflare is providing an incredible service to the world right now.
Cloudflare has helped save lives through Project Fair Shot.
We will forever be grateful for your participation in getting the vaccine to those who need it most in an elegant, efficient and ethical manner.
Thank you.
Q2 customers love our ability to innovate quickly and deliver what was traditionally very static old school banking applications into more modern technologies and integrations in the marketplace.
Our customers are banks, credit unions and fintech clients.
We really focus on providing end to end solutions for the account holders throughout the course of their financial lives.
Our availability is super important to our customers here at Q2.
Even one minute of downtime can have an economic impact.
So we specifically chose Cloudflare for their Magic Transit Solution because it offered a way for us to displace legacy vendors in the Layer 3 and their force space, but also extend layer seven services to some of our cloud native products and more traditional infrastructure.
I think one of the things that separates Magic Transit from some of the legacy solutions that we had leveraged in the past is the ability to manage policy from a single place.
What I love about Cloudflare for Q two is it allows us to get ten times the coverage as we previously could with legacy technologies.
I think one of the many benefits of Cloudflare is just how quickly the solution allows us to scale and deliver solutions across multiple platforms.
My favorite thing about Cloudflare is that they keep development solutions in progress.
They keep providing solutions. They keep investing in technology.
They keep making the Internet safe.
Security has always been looked at as a friction point, but I feel like with Cloudflare it doesn't need to be.
You can deliver innovation quickly, but also have those innovative solutions be secure.
The About you fashion platform has become the number one fashion platform in Europe in the Generation Y and Z.
It has been tremendously successful because we have built the technology stack from a commerce perspective, then decided to also make it available to leading fashion brands such as Marco Polo, Tom Taylor, the founded and many other.
And that's how scale was born.
What we see in the market is that the attack vectors are becoming increasingly more scaled, distributed and complex as a whole.
We decided to bring on Cloudflare to ultimately have the best possible security tech stack in place to protect our brands and retailers.
We use the Cloudflare Support management rate limiting and graph as an extra layer of protection for our customers by tackling the major cyber threats that we see in the market.
D'etats, attacks, Credential stuffing and scalping bots. What we see with a scalping bot here is that they're targeting high end products and then buying them up within a few seconds.
That leaves the customer dissatisfied.
They will turn away, purchase somewhere else the product, and thereby we have lost the customer generally before it could take maybe up to half an hour for a security engineer to handle those attacks.
Now we are seeing that Cloudflare could help us to stop that in an automatic way.
Cloudflare helps us to bring the site performance to the best and ultimately therefore create even more revenue with our clients.
Cloudflare access allows you to securely expose your internal applications and services, enforce user access policies and log per application activity all without a VPN.
This video will show you how to enable Cloudflare Access, configure an identity provider, build access policies and enable access at launch.
Before enabling access, you need to create an account and add a domain to Cloudflare.
If you have a Cloudflare account, sign in. Navigate to the Access app and then click Enable Access.
For this demo, Cloudflare Access is already enabled, so let's move on to the next step.
Configuring an identity provider. Depending on your subscription plan, Access supports integration with all major identity providers or IDPs that support IDC or Samuel to configure an IDP.
Click the add button in the login methods card, then select an identity provider.
For the purposes of this demo.
We're going to choose Azure AD Follow the provider specific setup instructions to retrieve the application ID and application secret along with the directory ID toggle support groups to on.
If you want to give Cloudflare access to read specific SAML attributes about the users in your tenant of Azure ad and to the required fields, then click Save.
If you'd like to test the configuration after saving.
Click the test button.
Cloudflare Access policies allow you to protect an entire website or resource by defining specific users or groups to deny, allow or ignore.
For the purposes of this demo, we're going to create a policy to protect a generic internal resource on intranet to set up your policy.
Click Create Access Policy.
Let's call this application Internal Wiki.
As you can see here, policies can apply to an entire site, a specific path, apex domain subdomain, or all subdomains using a wildcard policy.
Session duration determines the length of time and authenticated user can access your application without having to log in again.
This can range from 30 minutes to one month.
Let's choose 24 hours.
For the purposes of this demo, let's call the policy just me.
You can choose to allow, deny, bypass or choose non identity.
Non identity policies enforce authentication flows that don't require an identity provider IDP login such as service tokens.
You can choose to include users by an email address, emails ending in a certain domain access groups which are policies defined within the Access app in the Cloudflare dashboard IP ranges.
So you can lock down a resource to a specific location or whitelist a location or your existing Azure groups.
Large businesses with complex Azure groupings tend to choose this option.
For this demo, let's use an email address.
After finalizing the policy parameters, click Save.
To test this policy, let's open an incognito window and navigate to the resource.
On intranet.
Cloudflare has inserted a login screen that forces me to authenticate.
Let's choose Azure AD log in with the Microsoft username and password and click sign in.
After a successful authentication, I'm directed to the resource.
This process works well for an individual resource or application, but what if you have a large number of resources or applications?
That's where Access App Launch comes in handy.
Access App Launch serves as a single dashboard for your users to view and launch their allowed applications.
Our test domain already has access app launch enabled, but to enable this feature, click the Create App Launch Portal button, which usually shows here in the Edit Access App Launch dialog that appears select a rule type from the include dropdown list.
You have the option to include the same types of users or groups that you do when creating policies.
You also have the option to exclude or require certain users or groups by clicking these buttons.
After configuring your rule, click Save.
After saving the policy, users can access the app launch portal at the URL listed on the Access App Launch card.
If you or your users navigate to that portal and authenticate, you'll see every application that you or your user is allowed to view based on the Cloudflare access policies you've configured.
Now you're ready to get started with Cloudflare Access in this demo.
You've seen how to configure an identity provider, build access policies and Enable Access App launch.
To learn more about how Cloudflare can help you protect your users and network, visit teams.
Cloudflare dot com backslash access.
Mindbody specifically focused on the health and wellness space and was built by people who were passionate about health and wellness.
We serve health and wellness businesses all over the world.
We allow our customers to spend more time focusing on the parts of their business that they love and less time worrying about scheduling, software and payroll and other day to day administrative work.
We want to protect customers from attacks that could hurt their business and their brand.
And at Mindbody, we're passionate about ensuring that our customers' data is secure.
When we first approached Cloudflare, we had a lot of different tools in our security stack and there was a lot of management overhead associated with all that kind of complexity.
I think at one point we had four different WAFs, a separate tool for bot management and two kinds, and we basically managed to consolidate all of that into using just Cloudflare without losing any of the functionality or any of the protections that we had in place.
It was the kind of tool I could hand to junior analysts or senior engineers, and they would all know how to manage it pretty quickly.
With our old environment, we were constantly fighting botnets and attempts to scrape our inventory Credential stuffing attacks.
When we moved Cloudflare, we were able to mitigate a lot of these kinds of attacks much easier and more consistently.
Using Cloudflare Management, we see a lot fewer false positives with actual valid end users using our application and being flagged as a bot.
We've gone from dealing with several per day to only a few per week.
With the Cloudflare access solution, we are able to provide Zero Trust access to sensitive internal applications to contractors and third party vendors.
It puts our internal applications behind strong authentication protocols and allows us to ensure that only authorized users are able to even see the service.
The health and wellness industry is only going to grow.
I think mindbody is going to be part of that rising tide that floats all boats.
Cloudflare will help us scale and grow and secure all those services as the industry expands.