The Future of E-Societies & How E-Stonia's Leading the Way

Intro Music When we launched Cloudflare initially, you know, we were amazed at how international the service was right from the beginning. And we looked out to see what countries were responsible and disproportionately signing up. And one of the sort of mysteries to us was that from the very beginning, one of the places that on a per capita basis we were the most popular in the world was Estonia. And I didn't at the time know a lot about Estonia, but we just saw over time more and more of the citizens of the country signing up to use our service. And what is really amazing is that that's indicative of what Estonia has built, where today they are the most digital nation in the entire world. And I think a lot of that, almost the person who really inspired that for the country was our next guest here on stage. President Tomas Hendrik Ives is a really unique head of state. And for this audience, I think it can really be summed up in one sentence, which is he's a head of state. He's a president of the country who's actually a coder. And so I, which is, I mean, we certainly need more of that. And so it's a great honor to welcome him here and talk about what he's been doing in Estonia and how they have become the first truly digital nation. So President Ives, great to meet you. Thank you. So before we get started talking about Estonia as a digital nation, tell me just, just for those people in the audience that don't know a lot of Estonia, just tell us a little bit about the country and its situation, where it is. President Tomas Hendrik Ives Okay, well, it's a very small country, 1.3 million people. So it's a small city, but it's physically the size of the Netherlands. It's below Finland. And Finland has always played a very important role in our development simply because we're envious. And we have Russia to the east, which has always been historically always been a headache for us. And then so it's a small country, I don't know. And while we were occupied by the Soviet Union in 1940, and then by the Nazis, and then by the Soviet Union, and we became independent 1991. And I guess part what's relevant, I guess, for part of the story is that back before World War Two, Estonia and Finland, we have this mutually bizarre language, which we understand us, them, they understand us and no one else does. And we ended up well, there was having gone from being more or less the same level development, there was a 13-fold difference in GDP per capita. So we're really poor. And this is we ascribed all that to the Soviet Union, of course, which rightly so. And so we saw Finland, which at that time really was one of the leading tech countries in the world with Nokia and all kinds of other stuff. And so we wanted, one thing was clear, I think, to the population that we had to be, we had to move ahead. And that technology was one source of doing that. So in Estonia gains independence from the Soviet Union in 1991, and we were talking upstairs about, it's around that same time that the first browsers come out. Talk about what, how Estonia first thought about really emphasizing technology and prioritizing it back then. Okay, I mean, a number of things came together once, at least for me, from my point of view. I mean, one was, I mean, just because I had learned to program at age 13. And I did that in college too, to make a little money. What was, what were the, do you remember the first computers that you were programming? Well, the first thing I, I mean, I learned via teletype, basic, which was hooked up to a mainframe 50 miles away in 1968. When I went, I went to Columbia and there I worked. I had a PDP-8. It had 8K of memory, which is, I guess, an empty, empty email. But that was the computer and it was about the size of one of these things here, big. And so in order to program it, you had to do it in assembler and in hexadecimal. And so it was pretty, that was pretty wild. I mean, so I did, I had that background, but I'm not, I mean, I'm no, I'm no great math whiz or anything. He said, I could do it. And I said, well, that's one thing that, you know, I think most people could learn. Then there was this, I mean, the first web browser, you know, Mosaic came out in 93. You had this feeling, well, we're on a level playing field. I mean, all of this stuff that we didn't do for 50 years because of communism, I mean, sort of good streets, you know, nice roads and all the infrastructure stuff. Okay. That's going to take a long time to do anyway, but, but there was a level playing field technologically. And then I guess the third thing which was influential to me was reading a very Neo-Ludite book that came out at the time by Jeremy Rifkin called The End of Work. And when she argued that computerization is really bad because there'll be no jobs. I mean, this is a recurring argument. And recently McAfee made the same argument, but who's in the audience, I think, oh, okay. His book is much better, but, but the, but, but I read Rifkin and he brought this example of a, of a Kentucky steel mill that had 10, 12,000 employees. Then the Japanese bought it, automatized and computerized, and then they produced exactly the same amount of steel, but with 120 people. Now from Rifkin's point of view, that was terrible. If you're a country as small as ours, this, for me, this was, this is the way to go. We want to, if you want to increase the functional size of the country, then we should have as many things done by machine that, that, I mean, to liberate people to do creative things. So that's the kind of stuff we're, that started off with. And then one of the things that I pushed for was that we would get all schools online as fast as possible. So by 97, all schools in my country were online. The computer education part wasn't that advanced at the time. Now it's much better, but, but still you can see the effects of educational reform about 15, 20 years afterwards. And you, you always know, 3%, 3% or 4% of the people who have access will start taking the thing apart and will, and so when you, well, it doesn't apply to Skype, which is an Estonian company or was until it was bought up for 8 billion, but, but I mean, it's an example of kids who learned young. And since then we have all kinds of kids who, when I asked them, they're no longer kids, but I asked them, how did you start? Why did you start? They said, well, we had this program in my school with computers and I started, got in trouble for making things break and so forth, but, but that's how it started. I think a lot of people in the audience can relate to, relate to that, that story. What, so what's it like to, what does it mean to be a digital nation? What is, what, what have you done in Estonia if you're a citizen that's, that's different than, you know, what, what you see in the rest of Europe or, or in a country like the United States? Well, I mean, I'll make a few strong claims here that probably will annoy people, but I mean, the thing I, in this era and especially now after, well, after the Office of Personnel Management hack and so forth, basically I would say that you cannot have computer security based on a simple password and email basis. I mean, we started very early, already in 1997, that, that we have a, we have a two -factor, two-factor authentication. And does, does every citizen, does every citizen have, have that just, what do you mean? What we did, what every person living in Estonia, you don't have to be a citizen if you visit us and if you, if you become a permanent resident, you get a card with a chip on it or you can, now we also have a mobile application. And so it's two-factor, it's independently verified by a certification center to make sure that you are you. And unless you do that, you're stuck with the, the old New Yorker cartoon on the Internet, no one knows you're a dog. That's the problem. That is actually the core problem for all hackings or break-ins is that no one knows, are you really you? But since we have this chip-based system, I mean, the chip, it could be either the chip in the card or the chip that's in your phone, which is then programmed to put, do part of the authentication. And then, I mean, here it can choose anything you want. I mean, we chose numbers. You can also choose fingerprints. I read yesterday 5.6 million federal employee fingerprints had been stolen in the OPM hackings. And maybe fingerprints may not in the future be the way to go, but in any case, so everyone has this thing. And by 2002, you have this authenticated system. The real issue is putting services behind this. I mean, it's fine, I mean, I can feel very happy that I have a way of being really validated with my card, but that becomes interesting with services. So what you can do as a citizen, you can basically, I mean, safely do bank transactions. You can sign legal documents, you know, digital signature law. We have, I mean, one thing we have is a digital prescription. So if you're, the doctor writes your prescription into the computer and then you go to any pharmacy anywhere in the country and you can get your prescription. And if you want to get it renewed, you don't need another piece of paper. You call up your doctor and say, look, I just ran out, and he'll go and put it in the computer. People do their taxes online. Again, people say, well, we have that too. But here, what our system, since everything is based up on this architecture, that in real time, companies report all of their expenses, including payroll. And so that when you, it's time to do your own taxes, it's all laid out there in front of you, how much you made, how much was deducted. I mean, this includes, I mean, you know, charitable donations. Everything is all there. And then you end up with this number that says how much you get back or, excuse me, how much you owe. And then you press enter and then it's gone. And then basically in a day or two, the refund is in your bank account. What's been, as you've digitized the nation, what have been some of the surprises, things that you didn't expect? I would imagine that, you know, you have all of these efficiencies turn into a number of different benefits that maybe you didn't anticipate. Well, I mean, there are all kinds of data you can use to do research. That's one thing, I guess. The other thing is that, well, since we have this service already, one of the things we added on to that was voting online, which we do using the same system. So voting participation has increased in the country. What do you have? What is the, what percentage of the nation votes? National election, 64, about one third of the votes are cast online. In the last three elections, it's been one third. One of the interesting things, because, you know, this is, since e-voting is controversial, all these people study it and study it. And certainly what we found out is the first, we've now had 10 elections online. I mean, because you have local elections, national elections, European Parliament elections, that initially there were differences in age and party preferences. Now all of that's gone. I mean, it's basically, there are no differences in the demographic voting in the traditional way or using online. So that's, but it has brought a lot of voters on, especially if you're a small country, a lot of people are very mobile, always traveling. I mean, you can vote, you know, I mean, you don't have to fill out an absentee ballot. You just go online and vote and do it. And that's, so far it's been quite successful. You know, I think one of the things when people talk about creating national identity cards or doing something where the government has this much visibility, one of the concerns is always around privacy. What are some of the things that Estonia has done in order to really ensure that citizens have privacy there? Well, the first thing is you, we have a law that says you own your own data. So, which is, it should be a no brainer, but if you don't have that law, then you're in trouble. So that means, and you can access all your own data and you also see who has tried to access your data. So that, I mean, for my case, you know, because of my job, I know that, I mean, every day the newspapers are looking at my financial records every single day and I go, OK, well, they're looking again, you know, see, they haven't found anything yet. But the other, I would say on the whole privacy thing, I think we're getting a little carried away with the confidentiality side of the issue. And the real problem, I would say more broadly in the future, is not confidentiality of data, but rather data integrity. That if you, I mean, I've typed AB blood. I mean, I don't really care if someone knows I type AB blood, but I'd be pretty annoyed if my, I mean, I think I might end up being quite dead if someone is, in fact, changed my blood type. And that sort of sums up the difference between privacy and integrity is that, OK, so privacy or confidentiality is about someone knowing something about you. But I fear much more, especially with IOT, that someone may change data. I mean, let's keep in mind Stuxnet, Stuxnet was not malware that was changing anything. It was changing the inputs to a perfectly well functioning computer or set of computers. And Stuxnet then drove the computers to act rationally. But the inputs were irrational and it drove these centrifuges mad. Now, when we go, when we envision the future of IOT, I mean, data integrity will be the key issue there. No one's really going to care about what your refrigerator is saying to something, you know, somewhere else. But you are, you should, I mean, that's not a privacy issue. It's very much a data integrity issue. What, what is, what is Estonia done in order to ensure that someone doesn't say you have, you know, type A blood or, you know, B blood? How do you ensure data integrity on a system that is so digital? Well, for one, you can't access it without leaving a trace. So everything, every, every, every time someone accesses data, it leaves a mark. Now, I mean, there are also, I mean, there are also timestamp things we can do on sensitive data, which we do, in fact. We have, everything is also highly encrypted. I mean, our data is stored at, right now, at RSA 2048, given that the FBI or NSA could not crack LavaBit at RSA 520, then I make the joke that we could store all our data on NSA computers. But, I mean, we don't. The other thing that is crucial is the architecture, I would say, which is that being, we're very poor in the 90s and we, and so when we were designing the system, we realized that we have, okay, everyone has a server, but we're not, we're not going to build a big server to handle all this. And so we ended up using an enterprise service bus system that would then be, that all the, all servers are connected. They all have their own validation or system so that they can talk to one another. If you enter the system, you enter your system with your, with your ID two-factor, and then you can go to whichever system, whether you want to look at the land registry, you want to see, or you want to go into your health records. Those are all things that you are authorized to go to see your own data, but you can't see other people's data. And so far it's worked. So, I mean, the issue here is trust, and so far we have not had, we have not had any incidents where someone has actually abused this, then, I mean, this builds over time. So, I mean, we have, if we have some 300 million transactions, legal transactions done using this system of the basis of the legal signature law, that it is a legal transaction. And so far, nothing's happened. I mean, no one can ever say that you will never have an incident, right? You cannot do that. I mean, David Hume said, you don't know if the sun's going to rise in the east tomorrow. So you can say that, but we have, I mean, the system is fairly strong and robust. Other features we have is that allow, that the system, the architecture allows, and with the strong ID is something we call a once only law, which is that the government may never ask you for any information it already has. So you never have to write your address again in Estonia if you do, if you're dealing with the government. I mean, you may have to do it with private sector. But anyway, so the system works. People are happy with it. And usually they're surprised and appalled at the backwardness of other countries when they go there. And on the other hand, other people from other countries come there and they don't understand why it is like this. And there are other things we do, too. I mean, we've covered the country with Wi-Fi. I mean, so it's all there. What was the role? How much of this did Estonia, the government develop versus how much did you work with? There are a lot of entrepreneurs in the audience that are building companies. How much was the private sector involved in in building this infrastructure that has become sort of the digital nation today? Well, I mean, it was I mean, there's so much back and forth between the private and the public sector in this that that, you know, the private sector gets an idea. Then they want to go to the government and say, well, why don't we do this? The government, the governments, the administrations, I guess, in U.S. terminology since the early 90s have always been supportive or at worst. They go, whatever, do what you want. So the private sector in the form of banks were very much involved because they realized this was a far more secure system than the the the banking, whatever Internet banking exists elsewhere. So the banks were always supportive. In fact, the bank, we had a public private initiative between the government and the banks that to teach older people to to be able to use computers because the bank's interest was shutting down bank offices. I mean, we don't want to have all these branches and the government's interest was getting people online anyway. And so then there's this cooperative effort of teaching and going around in rural areas saying, OK, this is how this is a computer. This is how you use a computer because kids learn anyway. I mean, kids will just they just pick it up automatically. But but you want to get an older population, then you need something. You actually have to do more work at it. And. And then, of course, startups, sort of younger people are just I mean, one of the things they do, they come up with ideas on what to do and new new programs or new things we can do with the with the system that we have, because in many ways you can do things with a very strong, strong system with far smaller security concerns that would be very hard on something else. And then this means that we can take off in certain areas. I mean, we have I mean, I don't know if this one thing we have, for example, is we actually have I mean, we do our health care online and so not like health care dot gov. Well, I mean, the problem I mean, I'm just wary of a system that doesn't have a secure identity. That's that's that's my main problem with that. I mean, that's I mean, if it works, it works. But it's just as it crashes, it crashes. But yeah. But for example, what we can I mean, you you can I mean, traditionally. You have had the doctor on a pedestal, the patient is the supplicant has been like that ever since Hippocrates, while in Estonia, if you don't like they say, get a second opinion. Well, in Estonia, you can just authorize a different doctor to look at all your medical records and you authorize him and online, he can then go and look at your medical records and he can give you perhaps a different opinion based on what he sees there. I mean, this, in fact, is not yet, but I predict will be hugely disruptive to medical care in the future because you have real competition there. But these are things that we're discovering as we go along. The real big thing I would say that we're only beginning to see and not that we have answers. But if you think about the way societies and governments and administrations have been organized for. Five thousand years is a serial process, I mean, one example that we saw this very clearly is if you want to register a business, you have to fill out all kinds of paperwork and then at least in Europe and you have to go show that everyone on the board has paid their taxes. They are not criminals. They have not gone bankrupt. They pay their alimony. I mean, all of this stuff has to be done. So you take you fill out all these forms, you go to the whatever office and it goes to like one office. They look through, not a criminal. Another office has paid alimony. They're not gone bankrupt. And and then and then you end up out of the serial process, the decision, OK, you can start the company. Whereas if you do what we have, which is you just put these people there with their IDs, with their numbers and identifying numbers. All the data already exists. It goes in basically in parallel and you find out almost immediately has not gone bankrupt, has not committed a crime, doesn't owe taxes, has paid alimony. And so you end up in 15 minutes getting a business registered, whereas at least in one European country, I know it took 18 months until recently. I mean, from start to finish. When John on our team actually was telling me last night that he's applied to be an e -resident of Estonia, what do you mean? Why? What is that? And why would the people in the audience want to be e -residents of Estonia? Well, you you have access to a number of services that. That exists, I mean, where you can you can. You do. I mean, you can open a bank account, you can digitally sign legal documents that at least in the European Union are valid as legal documents. So we can I mean, if you have to I mean, basically, if there's so much business international, if you have to sign a contract and you have one guy in Singapore, one guy somewhere else in the third place and then otherwise you have to go out and flying around, sign these things or accept the facts. But a legal signature is a legal signature and it is considered a legal signature throughout the European Union. I mean, it'd be pretty amazing if Estonia's system of identity, if you were essentially the startup that solved the identity problem for for the rest of the world. It's I wouldn't pretend to do that. I think we have found a solution that works. But the identity problem I maintain will have to be solved one way or another. The current approach, I mean, say, you know, take Al Gore's analogy of the information highway. I mean, you have a you have a billion wide, billion lane highway. And right now, all the cars are driving on it without license plates. You don't have to have a license plate. I mean, you can do all the things we do in Estonia aside from where an identity is necessary. I mean, I still go and order like an idiot books from Amazon, where the only so-called security thing is a three digit number that in the back of my. On the back of my credit card, I mean, I don't think that's really that's it, but I do it anyway. I mean, we do all kinds of silly things. I mean, I have all kinds of apps that probably are being where all my data are being monetized as I sit here. But if you want to have something secure, then you have to have a system like this. And so here I would say this is the I mean, especially for all the libertarians, there are cases of market failure where, in fact, you have to have some body, some Hobbesian sovereign that, in fact, takes responsibility for what's going on. Now, you don't have to do it, but if you want to have secure security and things that are important to people, and just as a government is ultimately there to provide security and from war or to keep the streets policed. So, too, there has to be some authority that will, in fact, guarantee and provide the sovereign guarantee of the security of your data. This is not an issue before, but it is now. And that's this is where our government does this. We also have I mean, generally our government is taking a rather libertarian approach to everything. But when it comes to securing data, it is the guarantor. But I also see that objections to a an identity are so huge in certain countries that I don't see how they will this will ever take root. It is kind of ironic that the five countries that are most opposed to having a national identity are the UK, United States, Canada, New Zealand and Australia. But the ironic part is that those are what? They're also the five eyes. Right. I mean, the people that share that NSA shares data with. So who knows why? But in any case, that's where we are. What so so we're we're coming to the end. But tell us about what you know, Estonia, poor country in 1992, these initiatives and schools. Tell us about how how has the country changed as a result of that? What's the sort of the attitude of people there and and the impact? How have you seen that play out in the country over the last 20 years? Well, yeah, I mean, there are many things. I mean, Eric Schmidt says we're the ideal country. What do we do? I don't know what we did, but because we're a country of early adopters and every time we get some new thing, everyone wants to try it. Certainly the people's self-confidence has increased. The success of Skype, which were four kids who first first did Kaza and then after they avoided being jailed in the US, then went on to do voice over Internet protocol, which became sort of inspired, you know, lots and lots of people to young people to say that, well, this is a way out as a way to do something big. And so we have a lot of very tech savvy kids. So that's where we feel we're at. Well, at least I feel is that the problem is that the rest of Europe has not gone this route and Europe is very lagging far behind. And in Europe, Europe, as opposed to United States, we do not have. In the United States, I mean, goods go all across the country and it's just completely normal. It's true in the European Union as well. You know, take a bottle of wine from the Algarve in Portugal and you ship it up to Lapland. It's no problem. But in the United States, you also have free movement of services, digital services. We do not have that in Europe. I cannot buy an iTunes record for someone who lives next door to me if it's in another country. Digital services are all nationally based, so we can be as tech savvy and cool as we want in Estonia. Those things don't work across borders with the current level of legislation in the European Union. And as long as Europe does not solve this issue, it will fall more and more behind. And I think that is a fundamental problem we face in Europe. And I think there's a more even more broad problem we face. And I don't know if anyone here has read this wonderful essay from 1959 by a British scientist, C.P. Snow, called The Two Cultures. And in that essay, he talks about university culture, not world, in that he was a physical chemist who would sit around with the physicists and mathematicians at Cambridge, but he was also a literary novelist. So then he would go over at the faculty club and drink with the poets and with the Shakespeare professors. And he said these two tables didn't talk to each other and he was the only one. Well, that was about a university. I think in 2015, the problem is writ large across the world. And we have geeks who work at NSA or they work in whatever saying, oh, boy, look what I can do without really understanding where it fits into the sort of the sort of the Enlightenment era, democratic, liberal society view of things. And then on the other hand, you have people, lawmakers who often have no idea about anything. And when it comes to I mean, if there's a number, it's forget it. I gave a talk to a bunch of parliamentarians in Europe explaining to them that the next election they will be in, it will be in four point five years. That's three iterations of Moore's law. That means the computers will be two to the third times more powerful at your next election. And one of them asked me, what is two to the third? So I'm not kidding. So I mean, this is what we so we have this. I mean, it's it's no longer universities, we have society, we are our societies have people who are very technically savvy people who don't understand what Thomas Jefferson was about. And then we have people who maybe understand Thomas Jefferson, but they don't know. I mean, they can't add so. And this means those two worlds are going to be in greater and greater conflict. Well, I really appreciate you coming. I know that I admire you as a as as someone who's bridging those two worlds. And we think it's very important to bring together both technology and policy. And what you've done in Estonia is in Estonia is remarkable. And I think that there are a lot of governments around the world that that should be looking to to you and what you've done for for that. So thank you so much for coming and sharing the story with us here today. So the president wasn't the only politician who we reached out to to to come here. And while not all of them were able to be here in person, we got a number of them to record videos of what they think about the future of the Internet. And so at different points throughout the day, we're going to show you some of those videos. And the first one, which we're queuing up right now, actually comes from FCC chairman Wheeler, who who who I can't confirm whether or not he is, in fact, a dingo. But he has been very vocal in in network neutrality and and the policy around that. And he wanted to share a few thoughts about the FCC's role and their vision for for the future of the Internet. Zendesk is one of the world's premier customer service companies, providing its software suite to over one hundred twenty five thousand businesses around the globe. My name is Jason Smale. I'm the vice president of engineering at Zendesk. My name is Andrei Balkanashvili, I'm a technical lead in the Foundation Edge team at Zendesk. Zendesk is a customer support platform that builds beautifully simple software for companies to have a better relationship with with their own customers. We have over one hundred twenty five thousand businesses around the world all using Zendesk. And then within those businesses, there's hundreds of people whose day job is to sit in front of Zendesk and use Zendesk. For Zendesk, security is paramount. And when it came to safeguarding its network, Zendesk turned to Cloudflare. Web security is very important to our business. Our customers trust us with their information and their customers' information. So we need to make sure that their information is safe, secure. The initial need for Cloudflare came back a couple of years ago when we suddenly started to see a lot of attacks coming towards us and all of a sudden would get thousands of requests, hundreds of thousands, you know, like millions of requests coming at us from all over the place. So we needed a way to be able to control what came into our infrastructure. And Cloudflare were the only ones that could meet our requirements. It's been really impressive to see how Cloudflare's DDoS mitigation continues to evolve and morph. And it's definitely the best DDoS mitigation we've ever had. I think Cloudflare just gets you that and so much more. And you don't have to pick and choose and layer on all these different providers because it's just one and they're great at all of those things. It's easy. It's a no-brainer. By tapping into Cloudflare's unique integrated security protection and performance acceleration, Zendesk has been able to leverage Cloudflare's global platform to enhance its experience for all of its customers. Cloudflare is providing an incredible service to the world right now because there's no other competitors who are close. Cloudflare is our outer edge. It makes our application faster, more reliable and allows us to respond with confidence to traffic spikes and make our customers happier. Zendesk is all about building the best customer experiences. And Cloudflare helps us do that. With customers like Zendesk and over 10 million other domains that trust Cloudflare with their security and performance, we're making the Internet fast, secure and reliable for everyone. Cloudflare, helping build a better Internet. Welcome to Cloudflare. You're joining millions of creators and developers building amazing digital experiences. Our mission is to help build a better Internet. How do we do this? It's simple. We're a reverse proxy that lives at the network edge. That's the place on the Internet where your website and your users connect. And we built our massive network throughout the world so that it can help your customers no matter where they are. Our network helps you ensure that your sites, apps and mobile experiences are optimized to be fast. At the same time, we make sure you're always online by protecting against DDoS attacks, malicious bots and data breaches. Now that you're on Cloudflare, there's plenty more to explore. You can write code at the edge with workers, have lightning fast videos with stream or quickly add one of our hundreds of Cloudflare apps. We're always innovating and have your back so you can focus on the important things. Creating delightful digital experiences. Thanks very much. It's so great to see everybody out here today. So Andy and I are going to talk about how we work with customers in the region. And first, I just want to clear the air about something. Andy and I have North American accents. I can assure you we're British and we're also EU citizens still as of today. And yeah, needed to get a Brexit joke in there before we continued. So I'm just going to take you on a little evolutionary journey of Cloudflare and EMEA. Now, you've seen a lot of maps today. We love using maps of our network, but this is not a data center map. The maps that I'm going to show you are our customers in the EMEA region, starting with our very first customer. So our first customer reached out to us because they were enduring a lot of attacks and they had a crucial event that they needed. And I actually can't think of a better customer that sort of epitomizes the diversity of the region than, of course, Eurovision. So we still work with Eurovision today. And their solutions engineer, Stefan, was working with them just a few weeks ago, mitigating attacks on Sunday, just like we do every year. Because everyone, of course, passionately has their supporters for the song contest. And as it sort of went by through the years, we were adding more customers. And in 2015, this is when we decided to put a team actually on the ground to deal with our enterprise customers. We wanted to be close with them. We wanted to hear from them and we wanted to work with them more locally. At this point, or in 2016, we had less than 100 data centers. We didn't really have much of the product expanse that you see today. And then in 2017 and 2018, we were really experiencing a lot of phenomenal growth. We started getting so many more products, load balancing, rate limiting, workers. This is when we added our office in Munich as well to sort of enhance the region as well. So just at this point, I just wanted to thank you all for coming with us on this journey. It's been incredible to work with all of you and get feedback from you. You've beta tested. You've really just helped us. We can't do this without you. We really have this crazy idea of making a better Internet and we need all of our customers. So thank you so much for participating in that with us. So here we are in 2019 and we've got almost a thousand enterprise customers in the region. And one of the things that we do at Cloudflare for new starters is do fun facts. So I've actually got the registration list and I've got some fun facts about everybody here today. So first of all, your cash hit ratio is 92%. This is actually really good. This is above average, so well done. So you've also, 35% of you have written workers. And I think a few people were being shy earlier when John asked you to raise your hands because this is how many of you have written workers. You also did 500 billion requests last month, which is pretty impressive. So this is how we support such a diverse and innovative team. And this is with our EMEA customer facing team. They actually speak 29 different languages. So I'm going to talk about a couple of ways about how we work with you and how we support you. So first of all, we're your trusted advisors in your support system. If you've ever had something go critically wrong and reached out to our customer support team, you would have had an amazing empathetic response of a very skilled technical support engineer. I'm extremely proud of them. They really make our team look good. The other thing that we do is we're your trusted advisors. There's so many cool things that you can do with Cloudflare. These are just a few goals that we've heard of. We can help you into new markets. We can help you with DRM at scale. This is what our solutions engineers and customer success and customer facing teams will help you with on a one to one basis and work with you on. The next thing that we do is we're your Cloudflare insiders. So what does that mean? Jen talked about a lot of different things that we're building at Cloudflare. There's so many different products and we want to make sure that we communicate to our customers what we're doing and what we're up to. So as you innovate and plan and build your own roadmaps, you know that we're there with you. There's a few ways that we do this, whether it's business reviews or one to one meetings. We also do webinars and we do a lot of meetups, maybe smaller events than this throughout Europe and throughout the region. One of the things that I get asked by candidates in interviews about all the time is what's the biggest challenge of working here and what's your favorite part about working here? They're actually the same answer. The biggest challenge is that we're shipping like crazy. But that's also the best part about working here because we're doing things that our customers want and we're really there for them. So next, we're your voice inside Cloudflare. I've worked at a SaaS company before. It was kind of a joke. Your feature request goes into the black hole. We had a form to fill out for customer feature requests, but we literally didn't know where they went or who dealt with them or who even saw them or if they were seen. But this is not the case at all at Cloudflare and your customer facing team really works with customers to communicate what you tell us. So an example of that is every Friday we collate all the feature requests that came in through the week and it's sent out to the entire company. So a thousand people see your feature requests every single week. And the exec team eagerly waits for this email on Fridays to learn about what our customers are saying. So another sort of quick story about that is, and we've been talking about this kind of all morning, is this feature of edge side code that we had a long time ago where you could write code. Actually, our solutions engineers would write code, deploy it every Wednesday. It would go to our edge nodes and do this sort of custom logic. Now, of course, it's not scalable to have a weekly release schedule and have our solutions engineers write the code. You couldn't really see it. You know, somebody else might have written it. And so when we started documenting these feature requests, actually, our third ever feature request from a customer was it's not written, you know, quite eloquently, but they need to be able to write and edit, tweak edge side code as a self service. This was in 2015. So you guys, you know, these kept coming in, kept coming in. And I think you know what I'm getting at. Like, you guys helped us prioritize workers. These feature requests that you've been writing in became Cloudflare workers. So that's an awesome thing that, you know, our customers really inspired us and pushed us to do. So, again, thank you so much for sticking with us throughout this whole journey that we've been on. So the last thing I wanted to leave you with is show you my Jira picture. So if I write a Jira ticket, this is my little Bitmoji icon. The reason that it's this is because I wanted you to know that whenever you give feedback to us, if it's a bug or a feature or a capability, there's someone on the customer facing team doing this inside Jira with our engineering and product team on your behalf. To make sure that your voice is being heard. So with that, I'm going to hand it over to Andy, who's going to go through with you a little bit more of the Cloudflare journey. The Cloudflare Web Application Firewall, or WAF, is an OSI Layer 7 intelligent and scalable solution to secure your web applications without changing your existing infrastructure or sacrificing performance. The Cloudflare WAF protects against a large number of web attack vectors, such as file inclusion, cross -site scripting attacks, SQL injections, and many other vulnerabilities. This video will highlight key features of the Cloudflare WAF, including how to use the WAF rule sets to protect applications, create your own custom firewall rules based on your security needs, and visualize and analyze threats with the firewall analytics. Before enabling the WAF, you need to create an account and add a domain to Cloudflare. If you have a Cloudflare account, sign in, select your domain, and navigate to the firewall app. Then, the managed rules tab, and toggle the WAF to on. The default WAF configuration is fine-tuned to reduce false positives to a minimum. The Cloudflare WAF contains three packages, Cloudflare managed rule set, OWASP mod security core rule set, and custom firewall rules that are created and accessed through the firewall rules tab. Each package monitors and identifies suspicious activity for HTTP requests and takes action based on your rule configuration. You can configure the Cloudflare and OWASP rules here in the managed rules tab. The Cloudflare managed rule set contains security rules written and curated by Cloudflare, including rule groups for CMSs, such as Drupal and WordPress. The Cloudflare specials group is a rule group that provides core WAF security against common attacks and zero -day vulnerabilities. After toggling the rule group to on, you can choose to use each rule's default action, or override it with your preferred action. The possible WAF actions include disable, which turns off the rule, simulate, which allows and logs the request in the WAF activity log, block, which blocks the request, and challenge, which will challenge your site's visitor with a capture challenge page. If you scroll down, you'll see the OWASP mod security core rule set, Cloudflare's implementation of the OWASP rule set. Each OWASP rule that matches a request will increase the threat score for that individual request. After the request exceeds a specified threshold, the WAF will trigger your chosen action. You can configure this rule set's threshold sensitivity, high, medium, low, or off, and the default action as simulate, challenge, or block. Each rule group can be enabled by toggling the switch to on. Individual rules can also be turned on or off as required. Cloudflare enables DDoS protection for each application. Details on which mitigations are applied automatically can be seen in the Cloudflare DDoS protection card. Now, let's create a custom firewall rule. Cloudflare firewall rules allow you to construct expressions to match and filter HTTP requests and determine how the WAF should handle the matching traffic. Let's create a rule to block traffic with a specific user agent, the Pingdom bot, from accessing the homepage of our site. To create your own firewall rule, navigate to the Firewall Rules tab. Click Create a Rule, assign a name, add the Pingdom user agent, and add another criteria to match the URI equals to slash. When initially deploying the rule, you can run a test that will provide an estimate on the number of matches against historic traffic. You could also deploy the rule in log mode and monitor the analytics for some time to ensure no false positives. Once you're confident the rule's correct, you can deploy it in block or challenge mode. Now that we've created and tested our firewall rule, let's head to the Overview tab to review the firewall analytics. Details about security events are critical for monitoring and maintaining an optimal security configuration for your web application. Cloudflare firewall events allow you to better understand your threat landscape to identify, mitigate, and review attacks more effectively. Events are currently stored for up to 30 days, and the dashboard can be filtered on custom time ranges from 30 minutes to up to 72 hours. You'll see a count of firewall activity per action or per Cloudflare service, details of the traffic flagged or actioned, such as IP address, user agents, or country, and an activity log that provides a list of all recent firewall events organized by date to show the action taken, details about the request, and the Cloudflare security feature that matched. After the rule that we deployed earlier has been running for some time, we can now see the rule matching in our analytics. Let's reduce the time frame to the last 30 minutes, expand the filter to show the top 10 rules, find our rule, and click Filter. The dashboard is now showing data matching the rule filter only. We can see the matched user agent, the client IPs, the graph displaying the data over time, and also the ASN numbers from which the traffic is coming from. Finally, using the activity log, we can expand a single event and see all the related event details. In this demo, you've seen how to use the WAF rule sets, create your own custom firewall rule, and visualize threats with firewall analytics. Now, you're ready to get started with the Cloudflare WAF. To learn more about how the Cloudflare WAF can help you protect your applications, sign up for a Cloudflare account at Cloudflare.com. We're so glad you're getting started with Cloudflare. Let's walk through our key performance enhancing features that we recommend for all our customers. Cloudflare's network puts some of your static content as close as possible to your screen. Whenever you update it, we automatically store copies of certain content resources across cities worldwide. This is called caching. Then, when someone visits your site, we serve the resource from the nearest data center, so it loads as quickly as possible. When you've signed up for Cloudflare, we automatically enabled caching for your site, so you should already be experiencing better performance. Click on DNS in your dashboard to make sure there's an orange cloud next to the DNS records for web traffic. Optimize delivery of your JavaScript, CSS, HTML, and images in just a few clicks using the Cloudflare Speed tab. Let's explore these features. First is to minify your website's source code for data that doesn't need to be there, like extra spaces and developer comments. With these bits removed, there are fewer to push around. We recommend you check all three boxes for JavaScript, CSS, and HTML. Make your site load faster using Cloudflare's steady-of-the-art compression algorithm, Brotli. Compression takes data and makes it smaller without losing any information. When you enable Brotli, Cloudflare compresses your site wherever it can. Polish is a one-click performance booster for pro and business domains. It lets you compress your images with two quality options, lossless and lossy, that will improve your site's load time. Our lossless option removes some extra information about an image, also known as metadata, while keeping the essential data, enabling smaller file sizes. Lossy image compression reduces the file size of an image with an almost imperceptible loss of detail. This can lead to major bandwidth savings and load time improvements. And for sites where images aren't a main focus, your visitors likely won't notice anything except for your site's increased performance. Finally, with WebP, we can automatically deliver this new state-of-the-art, highly efficient image file format to any capable browser and reduce the transmission time to the minimum possible. We recommend turning it on. It's an easy performance win. By leveraging the many features and optimizations offered by Cloudflare, you can make a big difference to your site's performance. This means you're ensuring higher conversions, improved engagement, and reduced costs. Head to your Cloudflare dashboard today to enable all these features and more. Cloudflare Stream makes streaming high -quality video at scale easy and affordable. A simple drag-and-drop interface allows you to easily upload your videos for streaming. Cloudflare Stream will automatically decide on the best video encoding format for your video files to be streamed on any device or browser. When you're ready to share your videos, click the link button and select Copy. A unique URL can now be shared or published in any browser. Your videos are delivered across Cloudflare's expansive global network and streamed to your viewers using the Stream Player. Stream provides embedded code for every video. You can also customize the desired default playback behavior before embedding code to your page. Once you've copied the embed code, simply add it to your page. The Stream Player is now embedded in your page, and your video is ready to be streamed. That's it. Cloudflare Stream makes video streaming easy and affordable. Check out the pricing section to get started.