Episode 4: Connect and secure from any network to anywhere
Presented by: Simon Thorpe
Originally aired on October 12 @ 3:00 PM - 3:30 PM EDT
Build your new corporate network with Cloudflare, connecting any network into our modern SASE platform. In this video learn all the different methods of connecting networks to Cloudflare and what services can then be used to improve security and performance.
Chapters:
00:00 Introduction to SASE and the Need for Modern, Secure Corporate Networking
01:57 Using Cloudflare to Unify and Secure Corporate Networks Across Multiple Locations
02:47 Enabling Secure Remote Access for Distributed Teams with Cloudflare’s Zero Trust Approach
04:17 Integrating Private Networks and Data Centers using various methods
05:17 Cloudflare’s Connectivity Cloud: Security, Performance, and Simplified Network Management
Watch the rest of the videos in our series to learn more about Cloudflare's SASE platform.
And if you want one of our experts to do a deep dive workshop into how you can integrate Cloudflare into your existing environment, contact us: https://www.cloudflare.com/zero-trust/
English
Cloudflare
cloudnetworking
corporatenetwork
datacentersecurity
itsecurity
networkoptimization
remotework
sase
secureaccess
zerotrust
Transcript (Beta)
When looking at secure access service edge or SASE platforms, we often talk about a user getting remote access into some privately hosted application.
The focus is often user-to-application where the goal is network micro-segmentation, and a user can only access an application over a specific address and port.
But corporate networks exist to carry traffic in many other ways.
Let's take for example a retail coffee company with many coffee shops, each providing customers free access to the Internet with their guest Wi -Fi, but also connecting employees to internal applications.
Each shop also houses point-of-sale devices, security cameras and other network-enabled equipment that need access to the Internet, but also might require access to other private networks to backup data or be monitored by internal tools.
IT staff also need to remotely access these devices from a corporate office network.
A lot of this traffic is private and should only remain on the corporate network.
This is where Cloudflare's Connectivity Cloud really comes into its own.
The ability to mesh together different networks, applications and users no matter where they are.
Let's dive deeper into our coffee company example.
First, they have their main headquarters in Seattle. Most HQ employees live locally and about half travel into the office, with the other half working remote at home.
Second, they have around 40 coffee shops down the west coast of America, each with a few employees in each.
And then they have an internal company wiki, which is running in a virtual environment in Amazon Web Services, with its own virtual private network.
And then finally, the security cameras at all their coffee shops need to backup data to a central service that you've got running on servers that you run and host in a rack in a data center in San Jose.
You see how these network locations are all quite different. Cloudflare has a variety of ways all these networks can be connected together.
Let's start by connecting the headquarters network in Seattle.
We can use something called MagicWAN, which is our service that creates IP set tunnels from the headquarters office back to the Cloudflare network and assign a private network range to it.
This is using regular standard IP set protocols and can easily leverage functionality in a network router or firewall that exists at headquarters.
Next, let's look at each coffee shop.
You can ship out to each location a physical device running Cloudflare's MagicWAN connector.
It's essentially a lightweight appliance that can be plugged into the local ISP router.
Each connector creates an IP set connection back to Cloudflare and each device can be administered remotely via the Cloudflare dashboard.
Private network ranges can then be assigned to each coffee shop and now we have the beginnings of a new modern corporate network.
So IT admins in the Seattle office can now remotely access point-of-sale devices in each coffee shop location.
Also, because we want to provide customers in each shop free Internet access using the guest Wi-Fi, all traffic from that location is now routed through Cloudflare and we can use our secure web gateway to block any access to malicious websites.
And this keeps customers safe while they sip their cappuccinos.
But what about the IT staff working from home?
They're not connected to any of these networks.
No worries, they can use our device agent, which connects them to Cloudflare and in turn gives them access to this new corporate network as if they were connected in headquarters.
Now IT can manage the devices in each coffee shop no matter if they're on a plane, sitting in an office, or in a coffee shop.
When each network or user connects, it does so to the nearest Cloudflare data center which is a key feature of our network where we use any cast IP networking to ensure secure connections to users and offices are made to the geographically nearest Cloudflare data center so that traffic is then secured and optimized as close as possible to the user or to that network.
And we have data centers in over 300 cities and have over 12,000 network peer relationships allowing us to ensure fast connectivity from user to the network.
Think of it like having a coffee shop in every neighborhood so everyone doesn't have to walk far to get a cup of coffee.
But what about those camera backups?
Remember, the backup service is running in a data center in San Jose.
Most likely than not, Cloudflare is also running our own servers in the same data center and you can offer direct connections from Cloudflare to your network switches further extending your corporate network.
And even if your servers are not in the exact same data center we can create a virtual connection directly from your rack to the nearest Cloudflare data center.
Now we've got everything connected, let's add a new application to the mix.
Let's say the company is launching a new internal company wiki and they're running the service in AWS, Amazon Web Services.
We don't need to connect the entire AWS private network we just install a software agent on the wiki server that creates a secure tunnel back to Cloudflare and connects that application to the network that anyone on that network can now access the application.
Policies in Cloudflare control who can access the wiki ensuring users authenticate with valid credentials and are using secure devices.
You can see that Cloudflare is able to connect a wide variety of networks from the physical office locations to virtual application networks in the cloud as well as direct your servers running in your data centers.
So much of the complexity from legacy network architectures is abstracted into our connectivity cloud making life much easier for IT and network admins.
And once connected to Cloudflare, it's not just about routing traffic.
Firewalling, DNS, load balancing, protecting from denial of service attacks content caching and a lot more are all easily enabled.
Any traffic destined for the Internet can also be filtered to ensure only access to legitimate sites and blocking any unsafe transfer of company data.
The flexibility of Cloudflare's connectivity cloud allows you to connect all sorts of networks, applications and users.
It's possible to recreate your classic corporate network and then apply on top of it all the modern Zero Trust services to ensure high security without compromising the user experience.
Well, thanks for watching. This video is part of a series which explains how to build your new corporate network using Cloudflare SaaS platform.
Watch the other videos in this series to learn more.
Hi, I'm Simon from Cloudflare. Congrats on finding this video.
We also cover a wide variety of topics including application security, corporate networking and all the developer content the Internet can hold.
Follow us online and thanks for watching.