Immerse Tallinn: Expert panel 2

So yeah, thank you for being here. Thank you guys for being here. So I hope you will enjoy the day. So yeah, let me just start with a short introduction. So let's start on the right, because I think with Estonian Railways, we do quite a bit of cool stuff. Sebastian just shared with us. We indeed, we do. I think we've started on all of the three pillars of cool stuff. So we obviously we do web, we do Zero Trust. I think we were number two in Estonia who did it. I think Priit is also now doing so I'm glad to see that. And we've started testing out on web. That's perfect. Perfect. Priit? Yes, my name is Priit. I'm chief technology officer at Delphi. And yeah, I know that most of the audience knows what Delphi is, but to maybe give an IT scale to the company is that we are running roughly 250 microservices. And that are used by roughly 10 million unique users over the politics. And this is all powered by the IT team of 52 people. Wow. 52. Cool thing. Yeah. My name is Alexejs Kordons from Latvian Mobile Telephone. We are a telco company running in Riga, Latvia. And I'm representing network and infrastructure team. Mainly I'm dealing with like infrastructure modernization journey and Cloudflare helps us in that path. Thanks. I'm Thomas. I'm from TV3 group and I'm working with a product, which some of you may know, it's Go3. So we are Internet television in Baltics and we have 600,000 customers and Cloudflare helps us. Yeah, that's perfect. So counting here, I see roughly 15 million customers in total. We combine all the things using our network. So that's amazing. Perhaps with Pete, so as a media company, so you, you're always under attack, I would say, and especially in these days. So what made, first of all, the choice of Cloudflare to use this also for your security stack and what are your experience in terms of attacks and the bad dark side of the Internet and the problems? So what are you facing every day and how do we help? Yeah, exactly that. So we are as a media company are quite a juicy target for cyber attacks and we used to have or still have basically weekly DDoS attacks, sometimes even daily. And additionally, all other types of attack vectors, starting from OAuth 10 and beyond. And yeah, we, prior to migrating to third party web application firewall, we hosted and managed our own like proxies and cache solution using HAProxy and Varnish. And we're investing a lot of time and effort into making sure that they keep, they are secure and they are well managed. And as fun as it sounds, it actually took much more effort than we were anticipating and constantly asking, should there be a more efficient and more secure way to do it? And yeah, after now migrated to Cloudflare web application firewall, basically only way we interface with DDoS attacks is through Slack seeing the notifications about mitigated DDoS attacks. Of course, that also gives now us more time to focus on proactively analyzing the logs, metrics, so forth and implement all kinds of rules. So yeah, definitely the cyber threats and actively fighting against it was the first push for us that maybe there are some vendors that we could use and reduce our own time. You talked about efficiency. So talking about that, have you seen how much impact has the change to Cloudflare in terms of really have you to look daily into the DDoS application or is it more or less a black box where you say, okay, it's doing the job and I don't have to think about it and it doesn't keep me awake at night to say, okay, is there a DDoS attack coming? Luckily, I don't deal with any part of that, but I know that the DevOps team definitely and the infrastructure team definitely spends, but this time is now spent more in terms of proactively analyzing the logs, metrics and so forth. So not anymore so much reactively reacting on ongoing attack campaigns, I would say. Okay, cool. Tromazir was always saying yes. So it seems that you're facing the same issues or challenges? Absolutely. We are from the same field as a media as well. We have media assets and this constant threat for malicious actors is constant. And the journey which Preet just told is, I saw reflected to it, it's like the same journey we are starting at first reactively looking for tools, Cloudflare steps in. Afterwards, when it is set up as a test setup now, we are getting into more proactive approach. So yes, Preet, I feel you completely on that. Yeah. You remember, John, you have faced a lot with bot attacks and also API is a big topic of yours. So how were we able to focus on that and solve that? Previously, a long time ago, it was usually like DDoS, which was the main vector of attacks. Now it's more that when we become more interesting to the malicious actors with our services, which we have, and probably the latest example would be Netflix and become part of Go3 sales proposal. We got very interest, very big interest from hackers, bad actors and so on. And they started to fine tune, not only to the attack, not only to our product, but as well to the Cloudflare. They were pretending to be real customers very well. But thanks to the Cloudflare tools, additional things, we managed to contain it. Okay, perfect. Alexei, coming to perhaps not really the old world, so being a traditional telco. So what are your priorities and how do you see it? So definitely DDoS is one of the things, but talking about telecommunication, I think we'd already talked about critical infrastructure in some way. So what do you see in your field? Yeah, the big thing regarding the telco, our company doesn't want to be only the bit pipe, transporting the bits from the radio side to the Internet and so on. But we are strategically looking for new business verticals to provide additional services. And it requires a lot of R&D work, working with the partners. And we have to provide secure, reliable access to our on-prem services through some sort of product. And we should do it fast, reliably and securely. And then the story of Cloudflare came. We started evaluating this SASE Zero Trust stuff. And we already did some real-life secure success stories. Because at the same time, we have two options, either to use the old set of tools, which will require a lot of time and effort. Like Kalik said, that using their own tools requires an effort. But then we tried SASE and in a matter of a few hours, we already exposed the service to the Internet and a partner was able to connect it and check the result. And it was really nice stuff. Then we explored it a bit deeper and provided additional configurations. And now this is our preferred way of accessing and exposing the apps. Yeah, perfect. So if you talk about partners, for example, I think that onboarding them is something which is really flexible. Or we need the flexibility. Perhaps one day you need to onboard a new partner directly, with some it takes a little bit longer. So especially the SASE platform helps you to have this flexibility? Yes, absolutely. Yes, I would combine it with additional tools like Microsoft Azure ID, MFA tool set. The onboarding process is quite fast. We provide instructions to the partner. He does his job in a few simple steps. Then he's able to connect. Of course, there's a background process on our side, but still. Yeah, absolutely. So I'm talking about traditional critical infrastructure. So we talk about railways. So not really. So I'm from Germany. So not something where we are proud of. Not anymore. So what about Estonia railways? So I see a lot of old technology, traditional OT stuff. And what's our impact in your environment? Well, Dennis didn't allow me to swear. But the reason why Cloudflare is this dot dot dot works. And this is really important also for railroads, because we need to keep working no matter the time. But on a more serious note, we're almost 155 year old company. I challenge anyone to beat us. Our average employee has been with the company for 17 years, and I challenge everyone to beat us on that. And the average age of an employee is 51. And I challenge everyone to beat us on that. So we are a very dynamic company. Over 155 years, we have managed to acquire more or less every and any brand there is, probably some brands I don't even know yet after a year and a half. So there is a huge diversity that for sure the company cannot manage. That's being really honest. So the idea was to reduce the complexity to minimize. And when I look at the office and the workforce and services, more or less, we've narrowed it down to Microsoft, because they were there already, and Cloudflare for the first opening statement, because it works. And putting it all together hasn't been a smooth ride, but it's been relatively smooth. Replacing traditional ways took us about eight months. So we got all of our workforce there. We got our external partners who do need to access, and some of them are great. They've introduced to some other customers of theirs ransomware. And this was also something where I wanted to mitigate those risks looking from our perspective. So this is part of the journey of modernizing a company which has so much legacy. Okay, interesting. So when I talk about OT, so there are always two fronts. So there's the blue front, the guy in the blue dress, which is really the worker and is longer in the company than Cloudflare exists, as you just mentioned. And there are the new guys, the new kids on the block with cloud and all this crazy stuff. So how were you able to bring these two worlds together? You know, a year ago, I was in a conference where one of the colleagues who is dealing with railroad standards was talking about innovations. They said that they transformed encryption from whatever it was to TLS. Brilliant. I asked from a colleague of mine, I wonder which version? He's like, probably the first. Because why should you rush and then looking at Cloudflare trying to push post quantum by the summer now, on basically from the end user down to the services level. I don't see any other way of building the bridges between what I see as legacy from the onset into what the modern world actually expects and requires. And if those standards are out of date, we need to find ways to work around that. And that also goes with the workforce. Like I said, you know, with those people, if you give them something to click, well, come on, links were made to be click, they will click. So if I design a system where it's like, they can click as much as they want, and I still can sleep during the night, I feel like I've done a pretty good job. Yep, true. So going from pretty good job to workers. So Pete, something here, you're using workers, I think we will hear the term workers, AI, and all where we say there's some magic powder, and suddenly it works, because it's really hard to explain it and all see all these changes. So how are you adapting workers in your environment and your setup with Cloudflare? And what was really the change at the end for you in the business? Yeah, in addition to human workers, we do use Cloudflare Workers. And the tricky part, like in media, a lot of content and our site is quite well cashable, or it should be. But there are some tricky parts there. And one of the tricky parts to be solved is the authorization and the subscription side of it. And the way that we currently are trying to, or actually have solved it, is to push the decision of whether the user is a paid or non-paid user as close to the edge as possible. And for us, this is a Cloudflare worker decision or job to properly cash pool the users. And by that, reducing the compute and the origin bandwidth and so forth to get more answers directly from the cash layer than from the origin. So yeah. And obviously, there are other similar ways how we are using, not to mention, for example, images. That's a really good, efficient way to deliver and to crop cut and so forth, which is also really nicely doable in the Cloudflare workers. And if you would compare, so honestly, there was a time before Cloudflare and Cloudflare was there. So how did this change your daily work at the end and also the effort you have to take to do the stuff you do and also what changed on the user experience side? Yeah. Starting from then, the user experience, I think, is much, much faster and the content is delivered more instantly to the users more often as the cash is more efficient and the response rates from cash has increased a lot. And also, in terms of the logic of how the application works, we're much more, in terms of infrastructure, efficient and have less compute needed as the news that are trending are quite static and can be served quite nicely from the cash. But I'm not sure that from the software teams or developers' perspective, it changed much because basically, the modern workflows of development with all of the microservices, with all of the CICD pipelines and so forth, for the developers, it kind of is transparent. Although, yeah, they need to know the environment to take advantage of some of the aspects of the environment and especially the Cloudflare Workers as really special functionalities that it offers. But other than that, the life cycle of a software component either deployed to AWS with Kubernetes cluster or as a worker from the developer perspective is pretty much the same. Okay, cool. So we take workers, it's just not really a tiny part anymore, but looking overall about the challenges that we talked about, DDoS, protecting our infrastructure, I think our platform approach is one of the important things. Tomas, so talking about platform, so how are we able to help you really also to investigate stuff, to look into the stuff which is going on and at the end to make decisions because sometimes you have to block something and sometimes you don't? Absolutely, absolutely, absolutely. One of the main use cases which we used recently is the troubleshooting. When our alarms go that there is something suspicious happening, the Cloudflare is the first place where we are going for troubleshoot, like whole team, command the mode, what is happening. And really the transparency which we are having, which we understand how the traffic is hitting us, where it's coming from, what are the attack vectors, is one of the main tools which we are using at the current moment. So yes, it helps. Okay, this also helps you to not only to make predictions, but to say, okay, I use the Cloudflare platform to say, okay, where should I do more investments in terms of security? Because I always say you can't protect what you don't see, so you have to have the visibility and then you have to make wise decisions. If you invest more into our platform, if you say, okay, I need perhaps a lot of other stuff. Absolutely. As the platform by itself is multiple components and there are multiple layers, starting with the Cloudflare, AWS and so on, there's always this cost efficiency question, where we should put our money that we would be more resilient. And yes, so far Cloudflare kind of wins. So if someone is looking for this answer, this is my personal experience. Cool. Going back to the telecom provider world. So do you see the same stuff here? So means using this platform approach to gain visibility and how do you use these informations in your environment? Exactly. It's also true for the part. We really invest a lot to gain additional visibility and it's always great that there is already a tool that provides a broad set of capabilities to analyze how the traffic enters our network, what are the main URLs visited, what are the statistical reach, who are our top customers and so on. Okay, perfect. Tono, so we talk about platforms, that means even if we say as Cloudflare we live on the planet Cloudflare and we are able to solve everything in terms of security, I think there are barriers that we don't cross. So how important is it for you that we also work with third parties, so like Microsoft and integrating other systems into it? I mean, given the fact that we had Microsoft already in-house and you can say that it's not an ideal and then I challenge you what's better and when I look at all those things it's going to be a combination and I have yet to find one provider who can do all of that. The minimum I see is two. You can always build additional partners into the whole puzzle but that also makes the picture much more complicated and eventually you end up like working with integrations and stuff instead of focusing on value and the content. So this is absolutely important, doing the integrations between Cloudflare and Microsoft, knowing that both are cloud and all you need to do is basically in principle plug in some API keys and allow the magic to happen. Of course it takes a few minutes of time and all of that, that's understandable. Doesn't everything happen in cloud like that? There is sometimes a small delay and you have to understand that. Also like when you provision like a new laptop it takes upwards of 15 minutes for the clouds to synchronize before all of the accesses are delivered. But I mean it's built there for a reason and of course we don't want an unknown device to enter into our corporate network without verifications and those do take time and it doesn't always work smoothly. There are occasional hiccups, let's be honest, but there hasn't been a case where we haven't been able to resolve it. So that's I think the most important thing and whatever services we try to put together with users we've managed to do that and actually across our network there is no such a thing as an internal network alone. All of the end users we have pushed to public Internet like you and I have at home or in Internet cafe or here and that also makes the user experience much more simple. All you need to do is open, connect, connect and voila everything now happens automatically. Automatically I think is one of the key things so that you have this disintegration. So perhaps if you, I don't think we do it as a final round and start with you, so if you think about the business impact that Cloudflare has today what do you expect first of all from Cloudflare as a vendor in the future and how do you plan the journey with us? Well what I do expect perhaps is for us to learn more on the development side because that we deliberately held back because we needed to get the fundamentals right and you know as other colleagues are attacked we are also attacked and it's not surprising that some of our close neighbors come and tickle us every now and then. I'm always happy to see them failing on the tickling part and actually it's surprising where I don't see those DDoS's anymore that the company suffered for a long time like two years ago and things like that which is sort of bad because not to invite them but I do need to understand if the defenses are effective or not and when the solutions are thwarting these attempts well you can say it's doing a hell of a good job. Pete? Yeah so there has been already a lot of talk about the security aspects which is definitely an important for us it's also regarding the resilience or reliability which is especially important now as was also mentioned that the IT landscape is ever yet so getting more complicated more nuanced more fragmented and so forth so it's increasingly difficult to ensure reliability and I think that especially for the company in media and publishing which is in the situation when there's new wars breaking out and so forth people will run with tons of effort or with tons of traffic in our hands and in those situations we need to be up and we need to be there for people to satisfy the information need that they have and the reliability part and efficient caching and making sure that the people do get the access to the news is something that we are super committed to and I won't at the moment I don't see how we could ensure that without using Cloudflare products. Yeah hope that the news will be better in the next months so Alexey? Yeah so we already have in our company a clear vision where we need to get with our infrastructure modernization for the next three years and the key part of it would be simplify the stuff like modernize the infrastructure and also like automate the most of the part and I see that Cloudflare will play one of the key roles we will continue our SASE journey like expand I do see that we will expand it to also for our internal workers like and also we will expand the usage of the core services like WAF, CDN, load balancing and other things and we'll standardize it as a package for developers. Service to adults and more. Okay last but not least Tomas? In last couple of years the main focus which we had with Cloudflare was resilience and cost effectiveness. The next step for us is speed which will be looking not the tools which we already have with our applications to our back office and so on but the Cloudflare has to be as well as the critical part of this decision making where exactly now we have to meet our customers and now as much we can push to the front ends to the front layer so the Cloudflare the better found because this will be the journey. Okay perfect so look on the screen say perhaps just because there's something other from television watching all these tv talk shows there's always the latter challenge complete a sentence so pretty simple one and so if you complete Cloudflare is business critical for us because if it doesn't work then our end users would not be able to connect to our services period. To make it work it's our responsibility Pete. It enables us to provide reliable secure sustainability it just works like an iPhone it's plain and simple but it's really important. But that's what our marketing team said it just works. It is already part of our whole product and this will stay. Cool perfect so thank you for your time for your feedback so I don't know if there are any questions let them come up otherwise Dennis I will hand over to you.