Cloudflare for Teams: Our Story: Episode 2
A series where we discuss the journey we are taking to build, test and implement Cloudflare for Teams in our own organization.
Welcome to a new series, Cloudflare for Teams, Our Story, where we discuss the journey that we're taking as our own organization in implementing Cloudflare for Teams.
I'm delighted to have Juan Miguel Rodriguez-Estevez here, who is our CIO.
Juan, would you like to introduce yourself quickly and tell us what the CIO in Cloudflare does?
Yeah, absolutely. So, thank you for having me, David. So, CIO can mean different things in different companies.
So, in Cloudflare, I am responsible for internal infrastructure.
All of the employees at Cloudflare are my customers.
My job is to make them more productive, more efficient. I also run internal systems or backbone applications, and then I set up teams, a set of engineering teams around billing, provisioning, and other things.
So, I collaborate a lot with the engineering teams internally, and I also, which is one of the reasons why we're talking, is I try to be Cloudflare's first customer.
Yes, you do.
You do a great job of it. That's right. So, we use a term internally in Cloudflare called dogfooding.
I had a Puffer TV session about that earlier today, and so that's also one of the things that I'd like to say about my job and the role of the CIO is to be Cloudflare's first customer.
Great. What an interesting job, and on the dogfooding side, we always try to not surprise you, Juan, when we are rolling out our products for you and your team to help us beta.
So, thank you.
Thank you for that. So, before I get into our first question, I want to just tell everybody again quickly what Cloudflare for Teams is, and first of all, I'm David Harnett.
I joined Cloudflare six months ago when my company, S2 Systems, I was one of 10 employees, was purchased.
So, delighted to be part of the Cloudflare for Teams organization as Director of Product Management there.
So, what is Cloudflare for Teams?
Well, Cloudflare for Teams provides secure access to any application and the Internet from any device, anywhere.
We have two main products, Cloudflare Access, which is a Zero Trust platform, and we have Cloudflare Gateway, which is a secure web gateway.
So, that's what Cloudflare for Teams is.
So, Juan, before we get into the story of the company, can you tell us a little bit about your own story about getting to Cloudflare?
How did you get here?
Yeah, so, well, you know, my background, I'm originally from Spain. I've always worked in the software industry.
So, I'm a software, I've done different things inside of software companies, right?
I've been in engineering, I've been in product management, I run technical services, I've done a lot of deployments of things in customers, and I've also ended up, for different reasons, running IT organizations inside of software technology companies.
I always say that, you know, running IT in technology companies and in software companies, which is what I have experience on, is not the same thing as running IT in a bank, or IT in a manufacturing company, or things like that.
You know, there's all these, you know, software engineers that know a lot about technology, and in many cases, you know, they have more expertise or the interest in technology at a faster pace that the IT organizer.
So, it's a very collaborative model.
It's supposed to be a very collaborative model on how you run. So, I, in my previous company, I was, I did different things.
I started USAGE, which is a very large international software company.
I started there as CIO for North America, and then I moved back to Europe for a while to also run IT for Europe.
And then, in around 2014, sorry, in 2015, I got asked to create a new function inside of the company that had to do with basically running all our cloud services, right, as we were accelerating from a traditional software provider to a cloud provider.
And one of the things that we started using at that point was Cloudflare, right?
So, that's why my exposure started with Cloudflare.
So, it was around 2013 to 2014. And USAGE was a very distributed, decentralized organization.
So, every country almost separated, in many cases, very independent.
And we had services in many places.
And one of the things that I was trying to solve for was how to get basically more consolidated management of disability for things like the web application firewall, or infrastructure like that.
And at the time, Cloudflare was relatively new, you know, still at the game, right?
I mean, you know, Cloudflare started around 2010 or something like that.
So, it was a little bit like bleeding edge.
But one of the things that I've always liked, and I think it's part of also working on technology companies is that, you know, you are more willing to sort of bet and risk, you know, more around things like that, where like you're betting on companies or technologies that may not be entirely baked off.
But you can see that, you know, it's something that basically is going to drive potentially a paradigm shift.
So, we started using Cloudflare around that time. And then, you know, around the middle of 2019, I can't remember exactly when it was, maybe September, October, something like that.
This opportunity to basically, you know, for a Cloudflare CIO came around, and I got connected with our CFO and our recruitment, and I met Matthew and Michelle and, you know, just to see if it was something that it would be a fit.
And I had the pleasure to, you know, be offered the job and I joined in January of this year.
So, I've been here, you know, around six, seven months.
It's been an interesting six to seven months with the whole thing with the pandemic and all that stuff.
I don't know if I was envisioning changing jobs after 10 years, you know, with this kind of onboarding.
But, you know, it is what it is.
And we, I think we solved very interesting problems the past few months, you know, with our internal employees and everything.
So, yeah, so that's a little bit of my story and how did I end up here talking with you.
Well, what a great story. And I know, like you said, you're originally from Spain.
So, I'm originally from Ireland. So, I would know Spain from beating you in football or soccer a few times, of course.
You sure? Yes, of course, I'm sure.
Of course, I'm sure. Okay, well, that's great. It's great to hear your story, which, you know, like you said, started really on the bleeding edge of Cloudflare.
And you and I know a person who we spoke about before, Amit Mittal, who was involved with your previous employer.
Yeah, so that was, that's good to have that connection there too.
But a great company and delighted that we were able to steal you away to the CIO job over here in Cloudflare.
Okay, great. So next question is about user security and the types of security and performance that we can provide with Cloudflare for Teams.
What are the problems related to that area that you are dealing with in Cloudflare, a growing organization, like you said, which is very technology focused, on the bleeding edge.
So what are the types of issues and problems that you're dealing with before we go into the solutions?
Yeah, so I mean, many, you know, as I was mentioning, many of our, you know, a large part of, we, you know, we are a very engineering oriented company, right?
What does that mean?
Or engineering led? Basically, our internal engineering teams, you know, whether it's like, you know, our incubation organizations, or our like product engineering organizations, you know, are what I will consider, you know, some of the first class citizens, you know, from a customer perspective, in inside of Cloudflare.
And we live, you know, as an engineering led organization, basically to ship product, you know, out the door, right?
That culture of innovation, culture of basically delivering at a speed with quality, capabilities, and things like that is very much one of the things that is inside of Cloudflare.
So, at the same time, because of the type of, you know, products and services that we provide, we, security is incredibly important for us.
You know, we, a lot of significant amount of traffic for the Internet flows through our network.
You know, we have visibility, you know, without with many sensitive things, there's many companies out there that rely on us basically to provide security services from them.
So normally, you know, you have that conundrum of, you know, as much frictionless access to tools, you know, things like our wiki, JIRA, our software repositories, build repositories, we from the other side, you know, having to basically maintain an incredible amount of security and, you know, posture from an identity management, log visibility, and things like that, you know, to all those internal environments.
And traditionally, I mean, you know, in the past, I mean, something gives there and normally, you know, in typical IT organizations, because from compliance reason, normally the security and the friction part tends to win.
So in Cloudflare, you know, what we want is like, how can we basically have a little bit of our cake and eat it too, right?
How can we provide as little friction as possible for all these teams that need access to these tools with performance, reliability, without having to depend on, if you want to call it clunky VPNs, you know, that may work okay from a computer, but you know, from a cell phone or something that is totally unacceptable, you know, the experience for the most part, but that is, you know, the if you think about it, you know, in a nutshell, the problem, right?
Is that a sort of conflict between experience, low friction, speed, and all that stuff.
And then on the other side, this incredible amount of requirements, you know, from security, compliance, and everything and trying to basically merge those two.
And as I said, try to have our cake and eat it too.
You're on mute, David, I think.
I cannot hear you.
No, can you hear me?
Um, do you want me to talk about some of the other things that we had in the agenda?
What would you try to solve it? Yeah. So while David tries to solve his microphone issues.
So let me know.
Still cannot hear you. I hope it's not mine that like that, you know, that is not my speakers.
My speakers are fine.
So so um, one of the things that you know, that David and I were going to talk about is how did we try to try to solve for, you know, these situations as this dichotomy of, of low friction, speed, performance, and things like that.
And then you know, all these requirements around, around security and compliance and everything.
So Cloudflare tends to operate in what we call, you know, a Zero Trust environment.
If effectively, there's no, if you want to call it, you know, internal network and external network, right?
I mean, access to if you are in a if you're in a Cloudflare office, you know, is almost like if you were somewhere else from, from, you know, from an access point of view, you know, I'm not gonna say almost like if you were in a Starbucks, but you know, in a way, it's like a little bit of a glorified Starbucks, right?
I mean, if you wanted to access some of our stuff in our production service, and you were in an office, you will have to still VPN, right?
So and that's what it means Zero Trust, we don't really have a trusted network.
So what we try to do, basically, is we came up with this solution to the problem of coming up with this product, which is access, right?
And access, what we've done over over time is we started with people having to access basically our development tools environments, we host our own development environments, whether it's like JIRA, or, or the, or Confluence, or, or our, our wiki, and also our, our Git servers.
So we, we try to build basically these, these, what Sam, which is one of our programmers called these bouncer, that basically, you know, as you try to connect to with one of these, one of these, one of these environments, it will basically be able to check whether you are who you are, and then basically proxy you to our, you know, to that application that you're trying to connect to.
One of the things that you know, that basically we had with the VPN before is, you know, VPN concentrators live in defined environments, right?
So we have like something that is in San Francisco, we have like some stuff like also in Europe and on the West Coast, but that authentication, that connectivity layer is not close to the user.
I don't know if you leave, if you will disconnect this.
Because you're the host. David, just so you know.
So what we did is basically is build a solution that will run on the edge of the customer ourselves, like many of you know, right now we have about 200.
We have like over 200 locations for why we're like in about 100 countries. And the, the, the, the authentication happens basically at the edge, very close to the user.
Hi, Sam. Hey, Juan. I've been tagged in to ask some questions while David fixes his mic.
I'm trying to interview myself. No, I was enjoying it. But I do one thing in part interrupt, one thing I am really curious about is what kind of when you've been thinking about all of the users who are now all the conflict team members who started remote, and I'm working here, this background is imaginary.
I'm here in our Lisbon office, you're not even some of the challenges you've seen helping team members get online and securely connect and how we tried to address it as an organization now that we're all distributed.
Yeah, so one of the things that, you know, that, that I've hosted a couple of seminars, and just roundtables with other CIOs.
I mean, in the current environment that we have with a pandemic, I mean, the biggest issue that, you know, a lot of organizations are having is the fact that suddenly all the workforce is remote, right?
So, you know, outside of office walls.
And when you think about our environment, you know, in reality, the way that we have, you know, to begin with the Zero Trust network that we have, you know, from from an architectural perspective, when you're in office, you already are remote, right?
So we don't have like an intranet or anything like that. So and we leverage, you know, access, as I said, you know, versus a VPN to, you know, provide that authentication and access to service and things like that.
So as we had to go basically, remote to, you know, to to onboard our employees remotely to hire like in countries that were, you know, we didn't have before, or you don't have like people that, you know, that, that, that are displaced, you know, and couldn't go back to the local offices, it has played a lot to our advantage, right?
Because, you know, with with something like access, where authentication and the entry point is running, basically, close to all those, you know, locations that they might have, they, you know, these employees don't don't really have to deal with from a performance and accessibility perspective, I mean, having to come all the way to a VPN concentrator for for authentication, right?
We don't have to deal with installing VPN on their clients and things like that is something that you know, we have a hard key, we have like username and password, things like that.
And then, you know, they just basically are able to connect where they are, they connect to the closest Cloudflare access, pop that, that may serve them.
And they basically they have access to the tooling that we have.
I know for me, it's felt just like working in the office, I think we might have David back with audio on phone.
David, are you there?
I think you have to take your phone off mute.
Live TV. Okay, can you hear me now? We can.
Isn't that amazing? Juan, great to see you again. Thanks for answering my question.
Thanks Sam for jumping in to save the day. So I didn't have to interview myself.
Yes, I know. Thank you, Sam. Thank you very much, Sam. So Juan, I'm thinking you can hear me now.
Yes, sir, I can. Okay, that's great. That's excellent.
And I was listening in on your, you talking about Zero Trust and I thought that was all great.
So thank you for continuing going. My computer just stopped working.
And I had a lot of really nice support people trying to help get it to work in the background, but it just didn't work.
Yeah, we'll have to call IT on that. Yes, we will.
Who is the CIO of this company? No, he must not be doing a great job today.
I know, exactly. It's like a student sessions. Exactly. So where did we get to on our journey with Teams, Juan?
And then I can, I have a few more questions that I'd like to ask you about, you know, where do we still need to go?
But where did we get to on our journey?
Yeah, so right now, you know, just to, so we have access deployed for the vast majority of applications that we have internally.
And in fact, you know, if you are, you know, we don't install our VPN client or anything like that in our computers by default, it's more of an exception basis.
You know, most web applications that we have internally and services that people use on a day-to-day basis, they basically don't use VPN.
They just leverage access, you know, to to those.
We still have a few use cases that we're working with your team and the access engineering team to basically cover from, you know, more hardcore engineering perspective, right?
So we have certain things that we've been working on around access to Kubernetes control.
It's something very specific that, you know, probably you're not going to run into many customers, but it's an important use case for us that we're in some cases, you know, we still cannot leverage something like access.
And then, you know, all the things that are more specific around accessing some of our calls directly.
But I believe that, you know, probably over the next, over the next three months, you know, probably like 80% of basically Cloudera will not have a need to use the VPN anymore.
And the idea is that, you know, we try to basically maybe leave it for something that is very specific or potentially break glass and just, you know, kill it completely on a day-to-day basis.
That's great. That's great. I'm still thinking it's hilarious that Sam, who's in Lisbon, Portugal, hops on to save the day.
So that's excellent. Thank you, That was a good, you know, just idea to just connect him.
Yes. Yeah. Eight hours ahead, middle of the night, but he still jumps in.
So Juan, let's talk a little bit about, and actually one thing I wanted to say when I was on mute there was, you remind us as first customer, but also as an advisor for us in the Teams organization about customer experience.
So a lot of people, when they look at Cloudflare for Teams, whether it's access or whether it's gateway, they think security.
And you always think security, speed of connection, what the people think about using the experience as well as security.
And it seems to be a theme that you carry through in your product jobs and your IT job.
Can you tell us a little bit more about that for the future? A hundred percent.
So, you know, my view, you know, as having worked as an IT consumer and also as an IT provider is if you make, you know, the experience poor for people, and this is even, you know, more blatant on technology organizations, people will not use the services that you're providing.
And, you know, I always say, you know, that for the most part, I mean, my default approach when like I see a team, you know, there's this term that I don't like called shadow IT.
Normally what I try to think is like when I see a team basically that is using something is because normally we're not providing something that they need, right?
I mean, people don't go, you know, and think it's like, hey, I'm going to start like my own IT department tomorrow, right?
You know, it's normally, you know, so one of the things that also can happen is to your point when you're providing a really poor experience, right?
You know, people are today are use, you know, home, their devices and things like that to have an incredible experience, you know, from access to applications and, you know, the expectation in many cases inside of the corporate environment is that, you know, at least needs to be as good as that.
So one of the things that I love about access is that every single time that we put a service behind access, the experience is, you know, incredibly improved.
I mean, immediately the feedback that we get, you know, internally from prison is like, wow, and there's no going back once you go on there and just want to use to the level of experience.
And I think that, you know, from one of the things that I always try to advise all the CIOs and I think it's like it's very important that you never lose sight of basically that experience that you are providing.
And again, you know, the thing with access is that you can have your cake around security, compliance, validation and all those things, but at the same time, also being able to provide, you know, an incredible experience from a performance, usability, reliability and things like that.
So, you know, it clicks a lot of boxes for me.
Mm -hmm. That's great. That's great. Thank you for that.
Okay, so we've got about three minutes left and I want to, we've spoken about this before offline, Juan, but your vision for the future as the CIO of Cloudflare and how teams as it evolves and, you know, you have the inside scoop on where we're going because we're always, like I said earlier, trying not to surprise you and get your influence on all our new products as first customer, but your vision for the future and how teams fits in.
Yeah, so we always, you know, my partner in crime, which is like Joe Sullivan, our CISO and myself, you know, we're always thinking about, like, you know, what is the next thing that we need to do basically to improve our posture and continue, you know, levering such mass access, you know, access from a centralized management and logging and visibility.
So things that we want to continue to do is, you know, leverage more hard key access, you know, everywhere for internal applications and services and things like that.
So obviously we're working with your team for on things like that.
And then, you know, also we want to, the same way that, you know, we try to build a lot of, as I said, from a centralized perspective, a lot of that identity perspective, you know, inside of access, one of the problems that we're trying to solve also as well is role-based access controls.
And so one of the things that we're working on is see how we can leverage also access, you know, basically from a centralized role-based perspective, your resource control engine, where we can define rules in there, groups, all those things, and leverage it across a set of internal, you know, applications or external applications.
So that's one of the things that we're very excited about working with your team, and we're looking forward to building all those capabilities together.
That's great. Well, Juan, thank you very much for being the star of episode two of Cloud Therapy Teams, our story.
Sorry to everybody for the little snafu we had, but looking forward to our journey ahead, and good luck to you for the rest of your day.
I know that you did another Cloudflare TV episode earlier, and you also hosted our weekly beer meeting, so you've had a lot of air time today.
But thank you very much to everybody, and thank you, Juan.
Thank you, David. Thank you everyone for watching. Bye.