ℹ️ Why CIO’s choose Cloudflare One over the competition
Presented by: James Chang, Michael Keane, Corey Mahan
Originally aired on July 24, 2023 @ 8:30 PM - 9:00 PM EDT
Welcome to Cloudflare CIO Week 2023!
This CIO Week we’ll demonstrate how Cloudflare is helping CIOs keep data, devices and employees both safe and fast across hybrid and remote environments. We’ll show how Cloudflare accelerates digital transformation and modernizes networking and security towards a Zero Trust model.
In this episode, tune in for a conversation with Cloudflare's James Chang, Corey Mahan, and Michael Keane.
Tune in all week for more news, announcements, and thought-provoking discussions!
Read the blog posts:
For more, don't miss the Cloudflare CIO Week Hub
English
CIO Week
Transcript (Beta)
But. Everyone, thanks for tuning back into TV.
I hope you're enjoying CIO Week so far.
This week we're essentially announcing a bunch of new capabilities and new products and partnerships that essentially help organizations do their jobs better and faster and help CIOs realize how Cloudflare can help keep their teams productive and make their some of their technology a bit more efficient.
Whether they're thinking about step one of Zero Trust use cases kind of for the first time, or they're really thinking that grandiose long term vision for how to bring networking and network security together.
So regardless of which it is in this segment, we're excited to talk about similar themes that come up for why IT Organizations are excited to choose Cloudflare as they approach their goals.
So i'm michael keane.
I'm joined by my colleague james cheng.
We're both here a part of the Zero Trust team here at Cloudflare.
We're going to talk through some of the themes that come up over and over with organizations that choose to go with Cloudflare for modernizing their IT stack.
So step one, we just want to clarify some terminology.
If you hear us say Cloudflare one.
That is our Zero Trust network as a service platform for helping organizations either approach their security modernization with some of their beginning Zero Trust journey steps, or if they have that vision of a full, unified SASE or secure access service edge architecture.
It brings together our networking and network security products underneath under one unified hood.
And as part of prepping for CIO Week, we went back to some of the leaders of some of our largest customers and just wanted to understand why they went with Cloudflare in the first place.
And luckily it really seems to go beyond the classic feature checklists.
It seems like the feedback really kept getting organized into a few buckets and we kept hearing some of the bigger things over and over for how Cloudflare is just differently positioned than some of the other options out there.
More than feature check boxes and more than just a single user interface.
So we have six themes that kept coming up over and over, and we'd love to just step through those.
First is more complete security. So what we find when we talk to organizations is they probably have one thing in mind that's bugging them the most or it's the top of mind.
Maybe it's the VPN that they just can't wait to at least offload that first app from.
Or maybe they're extra concerned about all the headlines with phishing.
And there they're looking at maybe anti phishing solutions or implementing better, stronger MFA.
They're maybe looking at hard keys for the first time and how can I roll those out everywhere?
They probably have one thing in mind that's bringing them to these vendors in the first place, but they also know that after they accomplish that initial use case that security is never done.
You're never you never fully good to go and free to forget everything moving forward.
But there's this multiyear path and journey and series of use cases. And so we find organizations are looking at Cloudflare once they realize the not just the depth, but the breadth of what we're able to offer, they see a path to accomplishing a lot more with us in the future beyond just that initial proof of concept or that initial use case.
So there's a little bit of history on our Zero Trust platform and kind of how it's we've continued to add to it over time.
We really started several years ago building for ourselves first because at Cloudflare we were annoyed with our own VPN and we kind of just realized that we could use our own network to build something really cool and to build something like Zero Trust network access to accomplish similar outcomes to other XNA services.
But we thought that we could build it better and in a way that's probably just a bit faster as well.
So we started building out our Zero Trust Network Access Service and our Secure web gateway to protect our own internal resources and also keep our own employees safe as they were browsing the open Internet.
And we started talking about this with customers too for what we were doing and some of our customers using our long standing services, maybe our content delivery network or laugh, some of them that were using our application security and performance services started kind of getting interested in what we were doing for pivoting over to using our same network and creating products to protect our internal resources as well.
So we started with that ZTNA or Zero Trust Network Access use case.
Oftentimes it's because an organization is frustrated with a VPN, but it could also be figuring out efficient ways to protect the third party contractors or approach privileged access and protect their developers in a better or safer way, or lock down access as they continue to move more and more of their on prem resources to the cloud.
And how do we keep a consistent experience for end users?
We built out this ZTNA service and it was really important to build down.
Customizability for creating this contextual access and is never trust, always verify kind of bread and butter for any Zero Trust architecture.
I think ZTNA commonly where everyone ends up starting.
But Zero Trust is not just about ZTNA.
Within this platform, we kept building.
We were helping customers that were looking at DNS filtering.
How do I achieve an initial really meaningful step for threat defense and how to how do I implement DNS filtering really quickly and really easily using Cloudflare's unique position on the Internet and everything that we know about threats on the Internet and how they change over time.
Then we built out more advanced secure web gateway features in our network firewall.
We helped customers start to load suspicious sites in an isolated browser running code in our global network instead of locally to really add this extra layer of protection, but do it in a way that was still usable, that had high enough performance so that sometimes customers can't even tell that it's there.
Then we start extending further and saying, All right, IT teams are really hating the lack of visibility and control they feel with their SaaS apps and SaaS apps are getting to be increasingly common and that trend is not going away.
So how can we build something like Cloud access security broker to help with Misconfigurations or anything else we're noticing with data at rest?
How do we protect sensitive data of any kind from leaving the enterprise?
And finally, think about SaaS apps and one of the most common SaaS apps, email security.
We used an incredible email security product at Cloudflare and we liked it so much that we acquired the company and we built it into our platform to extend the zero trust principles to protecting our email as well.
I think one of my favorite parts of this and one thing that our customers see and appreciate as well is this is such a comprehensive platform, but we believe in it so much that we use it every single day to protect Cloudflare ourselves, kind of call it dog fooding.
And that always reminds me when I was shopping for apartments many years ago, I always loved when the leasing agent actually lived at the complex.
I always thought, Hey, this apartment must be pretty good because this person actually lives here.
So it helps me believe them more. And I know when we're talking to customers every day, it's always helpful to just very transparently share our own experiences adopting this more complete security platform.
And our customers really appreciate it as well.
And this breadth is often one thing that gives them enough confidence to choose Cloudflare as they approach their use cases.
So for each of these themes, we also just want to get a quick example, even if we're not mentioning the specific company name, but in this case, with the regard of complete security, there is a large social media company that was evaluating multiple vendors for their Zero Trust journey and modernizing their access controls, and they saw a more clear path with us with Cloudflare do not just to the granularity of what they saw from our ZTNA service, but they saw the breadth and they kind of saw this path forward for being that long term partner.
So that was the first one.
And James, I'll pass it over to you for theme number two.
Yeah, thanks, Michael.
The second theme is about how Cloudflare helps make your team go faster.
And this is really motivated by this idea that the end user experience is really important to CIOs.
Now more than ever, having security that's always available, that never has any disruptions.
That's been the norm.
But increasingly those high speed connections are expected given that employees can be located anywhere and are everywhere.
So connecting to Salesforce needs to be fast.
Regardless of where you are in the world, whether you're working at an office or a cafe or at home.
I know we've all had that personal experience where we go to a website, it's it's spinning.
It wouldn't be a Cloudflare Protected website, but you quit because you're not interested in getting there.
And the same that same expectation carries over to employees when they're accessing the resources that they need to stay productive on a daily basis.
Now that those higher speed connections also helps administrators too, because they're going to deal with fewer and user complaints and they're going to have to triage fewer tickets.
And they also get their own work done faster.
As Michael mentioned, we develop Cloudflare Access or Aetna Service because our developers want to be able to log into different environments that they need to fix problems on an urgent basis.
And they were really frustrated with going through our corporate VPN.
Now, that combination of helping improve the experience for end users and administrators.
There was a recent IDC research report that said that 84 85% of IT Leaders agree that delivering an improved employee experience translates to higher revenue, so having employees be more productive with higher speed connections is a significant business differentiator.
One of the interesting posts from yesterday in CIO Week was we did some testing internally and with a third party provider to test our Zero Trust services against scaler one or the other Zero Trust security vendors in the space.
And we found that for secure web gateway types of use cases, outbound connections to the internet, we were 58% faster than C-scale or equivalent or access to internal applications.
With our ZTNA service we were 38% faster and with our Browser Isolation service we were 45% faster to reach applications.
And over time those experiences make a difference and can erode an organization and the CIO's interest in faith in work, continuing to work with the vendor.
So we really do prided ourselves on speed.
And in fact, speed was one of the key reasons we won a neutral deal I'll talk about, which is a partnership that we have with the US federal government in partnership with Accenture, Federal Services specifically.
We've been working with the Cybersecurity and Infrastructure Security Agency.
So CSA to provide DNS filtering security for all federal agencies and departments.
Speed was one of the several differentiating factors in that deal.
We are known for operating the fastest public DNS resolver.
1.1.1.1, which you can download on the App store of your choice today and try it out.
And that really is the underpinning technology for our DNS filtering services.
Plus our presence across us and our ability to always deliver protections close to end users help give them confidence in our roadmap.
So that's a deal that you're going to that's a customer story that you're going to hear a lot about in the coming days in CIO Week and certainly down the line.
And with that, I'll turn it back to Michael.
Yeah.
So the third theme is around Cloudflare being easier to manage. And I know our product team loves this one.
We obsess over ease of use because we really think at the end of the day, you know, checking identity before someone logs into a resource is not particularly groundbreaking.
But the way to actually achieve that and set it up and manage it over time, there's a lot of different ways that can go.
And the, you know, the outcomes that all of these Zero Trust vendors are trying to achieve.
It makes sense that they're very similar because Zero Trust itself is just is just an abstract concept.
At the end of the day, it's really just a framework, a set of principles.
How do we verify everything with context and log it all along the way?
I think James and I have talked about this before of thinking of kind of cheesy examples of I sometimes think of zero trust in the security world is kind of like us as consumers being shouted at all these messages about trying to just achieve a healthy lifestyle.
And I always think, you know, there's so many Instagram ads and food choices and exercise programs and so many different vendors that are saying, Hey, choose us and you'll finally get to that healthy lifestyle.
But it's it's really up to the company and the way that you use those tools and how easy they are to use.
And we can't just trust the message, right?
You can't just say, Hey, buyer thing, healthy lifestyle.
Similarly to this.
You can't just say, Hey, buy this Zero Trust product, you'll have achieved Zero Trust.
I think those have been have done more research, realize that these tools are just tools and it's all about how you use them, how easy they are to use and what you can do with them over a period of realistically multiple years to get to whatever Zero Trust means to you.
And as that changes.
So there's basically infinite ways to get there.
And one of our design principles that's kind of lofty is we want to be able to enable the smallest startups that just need to protect their a couple of SaaS apps as they're protecting their, you know, 20 employees up through the largest enterprises that are protecting potentially hundreds of thousands of employees.
And while we can, you know, any cloud product can help prevent the main downsides of a hardware point solution where they're disparate and they're hard to manage, you're mandating them together.
They weren't designed to work together.
We're dealing with upgrades and manual maintenance even for cloud vendors.
You know, there's so many different software workflows that we can come up with over time as we stay close to our customers and as our product team especially just obsesses over that product feedback.
And so I just want to give one example of not only building in net new capabilities into our platform, but looking at existing ones and is constantly asking ourselves, how can we make this better?
With Zero Trust network access, it often starts with an app connector and connecting a resource to Cloudflare.
And while this is a very common workflow that our customers had to go through, if we were real with ourselves, it was it was a little hard sometimes and it kind of took some expertise and some research.
There are about 14 steps that someone had to go through to create an app connector, and if you spelled something wrong in the terminal or if you didn't know the exact order, sometimes it was it was a little difficult.
And so we last year took a look at that process and our team got very creative with a few steps that we could automate and we were able to reduce that process from 14 steps down to three.
And a lot of it is automated now.
It's a quick copy and paste and we offloaded that configuration management to Cloudflare.
Instead of expecting customers to manage something themselves or research and kind of know all the ins and outs for how this process should work.
So that's just one example. But we just our product team loves taking a look at not just what's the new the brand new feature that we can create next month, but let's look at everything we've already built and how can we make it even better?
Another thing is for scale and for companies that don't just have dozens of policies they're managing, but potentially hundreds, potentially thousands, it's important to Cloudflare to not just have a great UI but to provide API support for everything.
We also maintain a TerraForm provider for those kind of larger configuration as code management solutions.
And so as one example of for ease of use is we find in Zero Trust world that most companies are starting small with some kind of pilot, see how it goes internally, build momentum, build, buy in.
Maybe it's just their most important apps or a subset of users, and then they'll go big.
Then they'll kind of roll it out after they see that momentum and after they have maybe a few internal learnings of what goes well and what doesn't.
So with a large telecom provider, they started really small on just a self serve subscription.
They bought on a credit card, just a few seats of access, and they kind of were trying it out to start replacing their VPN or offloading an app at a time.
And then their DevOps team just got increasingly frustrated with the VPN.
They thought back to the pilot and how well it went and they, they went all in and today they scaled into over 100,000 employees, not just for protecting their internal resources, but.
Spanning their threat defense to the open Internet as well.
So ease of use is very important to us and we'll stay that way with how we develop our products.
So, James, what's number four? Yeah.
Number four is that five, four, one products work there together. And with this theme, we're not just talking about getting different products to integrate with one another.
We're talking about design services that are greater than the sum of their parts.
We talk a lot about getting one plus one equals three, internally.
And the problem we're really trying to solve here is that for many organizations, they're trying to replace on the fly a collection of way too many point solutions.
And those point solutions reflect an older era. When the corporate office and the data center were the center of gravity and they reflected that perimeter that need to be defended.
That castle-and-moat model.
SASE, right, is the aspirational architecture to fix that.
The idea that traffic can flow from anywhere through a unified cloud based platform and then get that traffic with all the controls in place to any destination.
But the reality is that a lot of vendors are stitching together older solutions, things that transitioning on prem services to the cloud and are acquiring new maybe cloud based services and stitching them together to try and get that sassy platform to work.
Now for customers in the process of implementing these kind of stitched together versions, they're going to run into interoperability challenges.
Administrators are going to be switching between multiple interfaces.
You're going to be managing different subscriptions.
There's just a lot of hidden overhead and bugs that you're going to encounter with those types of stitch together platforms.
By contrast, a lot of the feedback we've gotten from customers is that they really like how our services are designed to be composable and interoperable.
Administrators work within one interface, whether they're setting policies for access to internal applications or Internet filtering protections or setting isolation policies as their users go off into the web and that traffic is going to be inspected in a single pass, with security controls delivered close to end users across all of Cloudflare network.
I mean, architecturally, one of the things we've always prided ourselves on is that every service is designed to run in every data, every data center, in every box across our Cloudflare global network, which spans 275 plus locations in 100 over 100 countries.
So stay tuned, because tomorrow you're going to see a lot of announcements for how our Zero Trust security services are coming together in new and powerful ways, the ways in which email security can be used in combination with Browser Isolation, for example, and some forward looking ideas for how newer services like CASB and DLP can work in combination.
One of the stories I like to share in this space is around having our services work better together is that we've worked with a Fortune 500 American energy company that spent some six eight months trying to integrate different Zscaler services, including, in this case, their RBI and Zero Trust Network Access Service.
The organization was really frustrated with the time and effort spent on getting those products to work together and ultimately just decided to rip out Zscaler and migrate towards Cloudflare.
And when we were running POCs, not only was that administrator experience a lot easier for folks, but as I was talking about earlier, we were able to deliver that faster experience, which everyone really appreciate.
So that's the number four.
So what's the number five, Michael?
All righty.
This one is around cost efficiency with our comprehensive offering.
And I like this one because it kind of fits that theme of this is not any just feature checkbox or a thing you can find on a data sheet, but this is kind of representing who Cloudflare is and the giant network that we've built out over the last 12 years.
I think any cloud vendor will help with kind of the more obvious cost benefits with CapEx and not as they relate to hardware or discontinuing various licenses or maintenance costs over time for hardware.
But I think the not so secret secret with these other cloud vendors is because they run these dedicated appliances or rely on public cloud providers behind the scenes.
Since, you know, the end of the day, it's all got to run somewhere.
They're sort of at the mercy of those public cloud vendors.
And as those vendors increase costs over time, they have to keep up and they have to increase their costs.
And at Cloudflare, we're just we're fundamentally different because we're in control.
We run commodity hardware in the exact same configuration that we are in full control of, and we run all of our services, whether it's Zero Trust, application services, developer, network services, everything runs on every server.
So our infrastructure team just obsesses over computing efficiency.
We're also not just as Zero Trust vendor.
We started as an application performance and security vendor, and today we run roughly 20% of the Internet.
Meaning of those Internet properties use Cloudflare in some way.
And so any traffic spikes that a Zero Trust vendor might need to accommodate really are unnoticeable compared to what we've originally been built for, where we're able to handle a huge percentage of the internet as a whole and have mitigated with our network capacity some of the largest DDoS attacks in history.
So on an enterprise security front and the number of requests that those involve, it's kind of nothing for us to handle those traffic spikes because at the end of the day, no one else has a network that was developed for what we originally developed it for.
We feel like we started with the really, really hard work by making our network awesome.
And then over time we found these new cool things. We could build on it like our Zero Trust services.
Last point would be this be it's not just about our network and how many data centers we're in.
We also partner with thousands and thousands of smaller networks and Internet service providers, and because they're able to use Cloudflare as well, there's some really cool contractual and fun cost savings that we're able to get there and then pass those on to our customers as well.
So just so many reasons why we're able to be more in control and more intentional and more cost efficient, which helps both us and the folks that go with us.
For Zero Trust as another example, a South African infrastructure company had a zscaler renewal coming up and they got a little frustrated with the cost increases that they were seeing there.
So they, despite whatever effort they had already put in, they decided it was worth it in the long run to rip and replace with Cloudflare since they already used us for some other internet properties and some of their Layer seven stuff and they decided they trusted us more moving forward.
So they ripped them out and went with our more cost efficient model.
So James closes out with the last one.
Yeah, I think this last one dovetails really nicely with what you've been talking about so far.
We've been talking mostly about SASE, which has its own slew of associated technologies Aetna, CASB, RBI, etc.
But there is a even wider and deeper acronym Soup Ocean beyond Workforce Security that Sassy largely covers and juggling so many vendors adds a lot of explicit costs.
Whether we're talking about those contracts and capital investments that Michael was talking about or hidden costs that we've touched on, like those headaches administrators are facing.
So for a lot of customers, they see an opportunity to make Cloudflare their single security vendor.
A lot of us, a lot of them know us from our strength in protecting public facing websites and applications where you're the leading loss mitigation service and we protect so many Internet properties in use across the world.
So there is this.
There is this drive for simplification that CIOs are always in search of that can tie.
But the vendor that can tie all their security together. And the example that I like to share here is about a US based research analytics company that has over 10,000 employees.
Poplar had been helping them with load balancing for some of their applications, as well as preventing DDOS attacks on their public facing websites.
So after becoming familiar with our platform and our approach to how to set policies are our pace of innovation, our track records in customer support, they saw a benefit to take advantage of all the qualities that we've been talking about today and rethink how they secured access to their internal resources.
At the time, they were using a hodgepodge of different VPNs previously and ultimately selected Cloudflare or have a Zero Trust approach to secure access across their global workforce over Zscaler and Cisco.
So tie everything all together.
For anyone listing one or two of the themes that we've talked about might have resonated with you more than others.
And that's really great.
We'd love to hear more from you about what's important to you and how you can help.
If you'd like to toss your discuss your Zero Trust or sassy needs with one of our specialists and see how we might be able to help, please reach out.
You can find a form submit through our blog site or if you're more hands on nearly every feature, nearly pretty much everything you see on this slide is available at no cost for up to 50 users, and your teams are free to play around and let us know what questions they might have, whether they're interested more, and starting with securing access with our service or protecting SaaS apps with our CASB service, or protecting users from ransomware phishing with email security and their DNS filtering and suite capabilities.
So thanks again for watching.
There's a whole lot more coming with CIO Week.
You can follow along with all the fun at the links you see here.
Cloudflare Calls Backslash CIO Week.
And stay tuned for more announcements that have hit on those themes that we've talked about today.
So thanks again for watching. Thanks, Michael.
Have a great CIO Week. Hi.
We're Cloudflare. We're building one of the world's largest global cloud networks to help make the Internet more secure, faster and more reliable.
Meet our customer, Wong Nai.
An online food and lifestyle platform with over 13 million active users in Thailand.
To is a lifestyle platform. so we do food reviews, cooking recipes, travel reviews, and we do food delivery with Lineman and we do POS software that we launched last year.
Wongnai uses the Cloudflare Content Delivery Network to boost the performance and reliability of its website and mobile app.
The company understands that speed and availability are important drivers of its good reputation and ongoing growth.
Three years ago we were expanding into new services like chat bot for generating images dynamically for the people who are using the chat bot.
Now when we generate images dynamically, we need to cache it somewhere so it doesn't overload our server.
We turn it into a local city and provider.
that can give us caching service in Thailand for a very cheap price, but after using that service for about a year, I found that the service is not so reliable going into Cloudflare and for the one year that we have using Cloudflare, I would say that they actually have the reliability goals that we are expecting for coffee.
We can cache everything locally and so it would be a much faster one.
I also uses Cloudflare to boost their platform security.
Cloudflare has blocked several significant DDoS attacks against the platform and allows Wong Nai to easily extend protection across multiple sites and applications.
We also use web application firewall for some websites that allow us to run open source CMS like WordPress and Drupal in a secure fashion.
If you want to make your website available everywhere in the world and you want it to load very fast and you want it to be secure, you can use Cloudflare.
customers like Wong Nai and over 25 million other Internet properties that trust Cloudflare with their performance and security, we're making the Internet fast, secure and reliable for everyone.
Cloudflare.
Helping Build a Better Internet.