🔒 Introducing the Descaler Program
Presented by: Corey Mahan, James Chang, AJ Gerstenhaber
Originally aired on August 1, 2023 @ 11:00 PM - 11:30 PM EDT
Cloudflare recently announced the Descaler Program – a streamlined and risk-free path to help organizations migrate from Zscaler to Cloudflare One, our SASE and Zero Trust platform.
The Descaler Program is designed to be simple and straightforward, with technical resources and strategic consultations to ensure a smooth transition that accelerates your organization’s strategic goals.
In this episode, members of the Cloudflare One team tell you what you need to know about the program.
Presenter by:
- Corey Mahan (Director of Product Management)
- AJ Gerstenhaber (Lead SASE Specialist)
- James Chang (Sr. Product Marketing Manager)
Read the blog post:
For more, don't miss the Cloudflare Security Week Hub
English
Security Week
Transcript (Beta)
<v James Chang> Hey everyone, welcome to Cloudflare TV. Thanks for tuning in. I'm James Chang, product marketer Cloudflare.
I'm joined by Corey Mahan, director of Product Management and AJ Gerstenhaber, one of our SASE.
Specialists. And we are all affiliated with our Cloudflare One Business our SASE and Zero Trust platform.
And today we're really excited to tell you about our recently announced Descaler program, a new initiative to help organizations modernize their security and transform their networks.
In this session, you'll learn what this new program is, how you can take advantage, and why we feel passionately that you should take advantage.
So with that, I'll hand it over to Corey to tell you about the program. <v Corey Mahan> Awesome.
Thanks, James. Well, everyone, thanks for tuning in. Yeah, we're really excited to tell you about Descaler.
And as the name kind of implies or can read between the lines, it's a journey about moving from a competitor of ours to Cloudflare One and doing so in a hassle free, frictionless manner that makes the experience, dare I say, enjoyable.
So what the program is, is it's a mix of business processes as well as technical tools to make sure that you're able to move all of your existing applications, services and configurations over to Cloudflare One.
Sounds very simple, but maybe we should start with what is Cloudflare One and why in the world would I want to do this?
To just give a little bit more backdrop, Cloudflare One is our SASE platform, our secure access service edge.
Think about this as a cloud based model that bundles software defined networking with network security functions and features for better control and visibility, speeding up your users connectivity and really encompasses all the Zero Trust principles into one.
We do this today with a variety of products into the wider platform that we call Cloudflare One.
You can think about that, things like your traditional secure web gateway or your cloud access security broker, both inline and via API.
All of the things and all of the services that you're using today to empower your business, to connect your users to where they need to go safely and fastly is what the Cloudflare One platform and suite of tools does.
So we're really, really excited to make this accessible not only for new customers that are on the SASE Zero Trust journey, but for those that are using a competitor that may want a better option of how to think about SASE.
So that's really at its core of what the Descaler program is.
But maybe, AJ, I'll ask you kind of first of what are the challenges that others may be seeing with their current provider and why Descaler makes a lot of sense for them or even if they haven't gotten started yet.
<v AJ Gerstenhaber> Yeah.
So so that's I think that's a great question. When I start to talk to customers who are either kind of beginning to go on this journey or engaging maybe halfway through, I really like to talk through the where we've been.
I think that's a really, really important thing to recognize.
All the changes that kind of occurred in the industry.
And the shorthand of this, right, is that if you look at the model on the left, you see a model that worked for a lot of businesses, basically all businesses for about the past 20, 30, 40 years.
I mean, when all of your users and all of your applications and all of your security services and all of your workloads and everything that you had was within the same data center, the same wide area network, and you could protect that at its sole kind of homogeneous perimeter with one single security stack.
The world was a much simpler place.
As the businesses have kind of shifted to adopting cloud technologies or SaaS technologies, which is obviously one of the greatest trends in business right now.
So this model starts to get kind of squishy, right? Because now things that used to exclusively happen in the corporate data center all this local network traffic is is now starting to traverse the boundary at a rate that it hadn't been before.
Then when you compound this with users starting to leave the bounds of the corporate perimeter and the remote work or the work from anywhere model, you start to see a lot of kind of cracks start to appear in this model.
But that doesn't mean that this model is inherently bad, right?
So when Gartner kind of coined the term SASE, I think it was two, three, maybe years ago, they envisioned a model that supported the shift to cloud and the shift to the Internet with cloud derived technologies usually delivered from edge networks that would provide a lot of the same security stack functionality that you relied on in your business, your traditional perimeter to protect your users and protect your workloads and get secure access to your applications.
But there's a lot that happens in between, right?
One of the things that we've seen major challenges from with customers is just the ability to enable remote work.
This is something that a lot of companies were forced to do a couple of years ago, but it still persists as a major challenge for businesses when they have to make hard tradeoffs between should we just split all of our traffic out to the Internet because we're not prepared to backhaul it and we don't have a cloud delivered kind of Internet Proxy or something to that effect?
Or how do we start thinking about securing individual access to each of our applications in a way that is identity aware and controllable or device posture aware without making major changes to our applications?
And now our applications are also moving from our data center to public cloud or private cloud.
And the homogeneity of of this kind of model on the left, the traditional corporate network, has been dramatically challenged.
And I think one of the biggest things that we've seen from customers is just looking for guidance on how do we get from this nice contained model on the left to the kind of big, scary, open ended model on the right while maintaining our security practices.
So I think at a high level, that's that's the main thing that think about.
<v Corey Mahan> Awesome, and kind of thinking about the you know, if you are kind of moving into the or you are more of the model on the right, that kind of, you know, the composable, the very modern kind of SASE view, it doesn't mean that you pick the right partner if you're working with someone else, which is a great kind of segue into to what Descaler exactly is and kind of how we want and think about SASE at Cloudflare and, in particular the details of this program to kind of help customers, you know, see that the grass is actually or can be greener on the other side, if you will.
And so I'd love to kind of spend this time talk a little bit more about the two kind of tracks that make up the Descaler program, what customers probably would care about most.
Um, there's a note on eligibility on the screen here around kind of who can participate today.
This can change in the future.
But right now, you know, organizations that have 1000 or more folks and using competing products to Cloudflare be at ZIA Internet, a Zscaler Internet Access, or ZPA, or both of the kind of the the Zero Trust network access and web filtering and secure web gateway like services.
So that's kind of the who's who. So if you're watching this and you fall into that category today or you're a net new customer thinking about SASE, we'd love to talk to you as well.
But let's kind of dig into the two tracks here.
So both of these run in parallel and, you know, as time permits.
But AJ, kind of on the technical side, when we talk about architecture workshops, you've participated in those pretty frequently.
What do you see in there?
What can customers come to expect? <v AJ Gerstenhaber> Yeah.
So this is this is honestly like one of the most fun parts of my job, right? Usually the way that we manage this is having the opportunity to go on site with the customer.
And the most important things that you can do in this case are to ensure that everyone in the room is kind of aligned on what the key goals are.
This is really an opportunity to define.
I know it's obviously focused on technical strategy and network migration tool, migration, etc.
But what really, really matters are the people behind those migration tools, right?
So having every single person in the room who has kind of a vested interest in what happens to your security stack or your network topology, it gives us an opportunity to tell kind of a consistent story across an organization and then drive consistent outcomes hand in hand with that organization, which I think is really exciting, like getting all these people in the room to kind of effectively define what everyone's shared goals are.
And then coming away from that with the ability to develop a migration plan for a business is something that is just super, super effective.
And it's actually, it's usually pretty easy, right?
Everyone has these goals that may not be written down or that may kind of exist in the ether, right?
Or vestigial from someone who left five years ago that maintains some software that does this one thing like that meme with the tiny little stick holding up the the enormous stack of blocks, right?
But getting to understand all those things before undertaking a migration to something that's so central to the way that your business operates, I think is absolutely critical.
But it's something that customers find a lot of value in typically.
<v Corey Mahan> Got it.
And I think just to drive it home, too. It's called an architecture workshop, not an architecture lecture, right?
This is two way. This is this is an interactive thing for from solution architects, you know, specialists in SASE and Zero Trust.
Engineers, sales engineers, solution engineers.
This is a very interactive session.
So I think customers will get a lot of value from this. And to your point of exactly setting where where they want to go, right?
It's great to come in and say, well, here's what perfect looks like.
And sometimes that's hard to achieve, but what can we do to get as close as we can?
And so making it very, very interactive. The other kind of key component of the technical track is the technical migration tools.
And so AJ and I have been talking a lot about this internally around, hey, how do we how do you copy and paste from one provider to another?
And so what we're talking about here is allowing the administrators at the end of the day that are the ones that having to make sure that this change rolls out smoothly and that all the configuration that they may have spent lots of time and effort in setting up can now be ported over to a to a more optimal or kind of easier to use solution.
And so that's exactly what this is the tool kit to kind of export import and then wow you kind of blink and it's there is exactly what we're talking about here.
Aj Anything you want to add on kind of how we think about the migration tool kit?
<v James Chang> Yeah.
I mean, this is something that I'm extremely excited about and obviously you both know that we've talked about that a lot, but having, having like set up the product with customers, I'd say bordering on close to 500 times at this point, not only do I know where all the sharp corners are and know what can be challenging for businesses, but I mean, fundamentally what I've learned is that this is hard for any organization.
It doesn't matter if we build the world's most intuitive, most easy to use platform and think in a lot of ways that we have.
Extensibility is a big thing, right?
Terraform Control is another big thing, but at the end of the day, there's still a lot of knobs and dials that need to get turned to move over any one thing to any other one thing and think that anything that we can do to streamline that for customers is something that I'm just super, super, super passionate about.
So I'm really, really, really excited to kind of guide this with you.
Corey to fruition and, and have tangible tools that customers can use that can mean literally cut their time into a quarter or 10% of what the output would be required to move from another vendor because like sunk cost fallacy is such a major, major thing in advanced security tooling because no matter what you use, you've put in a lot of time to get to that point.
And if you're not happy with it, it becomes really difficult to unwind.
And I think it should be really important for us not only to support a quick unwinding in this sense, but also to give customers confidence that that what we do is extensible enough that it can be used and reused in a lot of different ways.
So that's something that feel super passionate about.
<v Corey Mahan> Awesome.
Yeah. And you said it their best, I think as well, is that sometimes there's the human component to it as well.
Right? And so that's kind of the third bullet point is that a dedicated onboarding support, whether that be come in the form of some of our trusted partners that we work with and continuing to grow.
We have the authorized partner service delivery track, which is, you know, trained partners that we work with very closely, that go through kind of the rigorous testing of what it means to be, you know, kind of certified by Cloudflare or with Cloudflare so that you have a very they have a very firsthand knowledge and experience on this.
And in tandem using our own internal or working with our own internal teams to make sure that everything goes smoothly from a from a project plan perspective, from a hey, what should we do first perspective to all of those ancillary sites and services that may be potentially impacted?
The whole idea here is, you know, we call it descaler, but what we're really doing is de-risking a lot of this change because there are change always comes with risk and always comes with a little bit of unknowingness.
And the goal here, especially with the technical solutions, is to to eliminate as much, if not all of that, so that it becomes very, very easy to to to to make the move today, tomorrow, or any time in the future.
So we talked a little bit about the the technical side, the business side.
So this is for the hey, what's my ROI here? Hey, you know, where where does this make sense for me financially or for, you know, strategically or we have a consolidation effort or, you know, we're we're three years into a five year deal.
What about us? And so that's where the business success side of this really comes into play.
Um, maybe kind of James or AJ, any thoughts to kind of talk through these bullet points of one, you know, the business value model, like how are we helping customers here?
<v James Chang> I'll take that one, Corey.
Thanks. Oh, sorry. Something that I'm. I think that one of the most important things that we do at Cloudflare is to we use the phrase meet customers where they are.
You know, and a lot of what that means is helping businesses build business plans to make the changes that they want to make.
And we use we have a couple of really cool ROI return on investment calculators that we provide to customers.
But we also have like a long history of doing this, both in our core application protection and performance businesses and in our Zero Trust and Business to build compelling business plans hand in hand with customers so that when it's time to make a significant change or make a significant investment in a partner technology, you can do so with comfort.
So I think that one one part of that is kind of Business value Business case building, and that's something that we do with almost all of our customers don't ever want to be in the position of selling someone anything.
You know, why? Why would I by be pushing this on a customer if it wasn't something that made intimate sense to their business?
And if we can't justify that kind of everywhere that it would need sign off or buy in or approvals, whether that's kind of laterally within different organizations.
The I work for the first time with a specifically with an endpoint detection response organization recently within within a large financial services company that is.
Pete had a really vested stake in this and had absolutely no idea what was happening with the project.
So getting getting buy in in that way, I think Business value building is just the most important way that we can do that.
But then separately, we have. Well, sorry, I'll leave it on that bullet point.
You can go ahead and continue. Corey. Yeah. <v Corey Mahan> So, yeah, sorry I missed my bullet points up there.
I was going to tackle one of those as we go, but yeah, exactly that as we don't want any of your current arrangements to prevent you from making a better choice.
And so we can get really, really creative when it comes to, you know, your current obligations and how we can help make it a no brainer to switch to Cloudflare from, you know, a few different angles.
And so you're the account team. And as you get to know more of the Cloudflare team, we'll be very creative and working with you on making this make sense so that you're not, you know, you're not tied to a sinking ship per se, or you're in something that you can't get out of.
There's lots of opportunity we have there today and going forward to make it make sense to switch to Cloudflare from a financial perspective as well.
And then to kind of add those two bullet points of where it really shines value to is is the last point here, which is around a Zero Trust roadmap assessment.
So as with the architecture workshops, very technical. Hey, here's what a migration can look like.
The Zero Trust roadmap shows, hey, how do I take my business to achieve, you know, kind of these these Zero Trust principles, right?
And this starts with, you know, kind of a phased approach. And what what would make sense for us?
What's the goal and the outcome of this and how hard is this really going to be?
And so I'll turn it over to RJ to really talk about kind of the goals of the Zero Trust roadmap and specifically the architecture around it and how we think about it for any new customer or existing Cloudflare customers.
<v James Chang> So when I started at Cloudflare almost four years ago, we won.
We had much less content and much less product.
And we have an amazing kind of iterative innovation capability that is vastly exceeded what I expected.
But I had one one constant between then and now, and it's that customers want to know where to start.
That's no matter where you are in your Zero Trust journey. And I've seen a number of security and IT leaders are constantly looking to vendors to provide some form of value in saying Where is my low hanging fruit?
What should I start with in order to be effective?
How do I get to value as quickly as possible? And I'm sure that's the case across across all sorts of different businesses, right?
But in this case, specifically, what I find really compelling about that is that I love that we've published this kind of genericized road roadmap to Zero Trust.
Right?
Because this this mirrors exactly how I think about driving value with businesses.
And I think the kind of the most salient points are that there are a lot of things that businesses can do with Cloudflare that take less than 20, less than 30 minutes to immediately change their security posture for the better.
<v AJ Gerstenhaber> But then in a phased approach, if we're thinking about phasing out one either one single legacy technology or to an enormous Web of legacy technologies, it takes time.
There's no sugarcoating that.
It doesn't matter how many people you throw at that problem, so understanding at which points are of which priority to anyone that you're working with is just is critical to driving success.
And I really like the way that we've phased it out here.
I think the kind of common approach of starting with Zero Trust application access for for.
Kind of major applications that drive Business forward is usually a really good start.
But from there it really depends on the business. And that's why love kind of the the architecture workshops that we do with customers, because it's the best way to understand what is critically important in this situation right now and how do we help you drive to those goals.
And they always, always fit neatly within these phases of the roadmap.
So something I use frequently. <v James Chang> Awesome.
Well, thank you, AJ. And so we've described for you what the program is and how it would work and how you engage would engage with stakeholders like RJ.
Um, and we want to help contextualize what we have heard from our customers who have made this switch and started to migrate from Cloudflare to Zscaler from other legacy vendors.
So when we talk to customers about about why they chose us over zscaler, a few common themes emerge and really they bubble up to a common sentiment, which is that organizations increasingly see Cloudflare as a stronger foundation to accelerate their security and networking goals, whatever that might be.
And I'd like to bring in some perspectives on these reasons with both AJ and Corey here.
But before I do, I feel like we should just level set on what we mean by some of the qualities you see here on the on the slide.
So the first quality here is reduced complexity.
Customers ultimately find us quicker to deploy and easier to manage.
And unlike with Zscaler, our administrators work within a single management interface to configure policies across Internet and application access.
The second quality is Enterprise agility.
Our services are optimized to be composable, interoperable and can integrate with your existing tech stack of identity, endpoint protection and other tools.
This helps organizations stay agile, adapt to changing requirements and make progress at their own pace.
The third quality is our network resiliency.
We talk about our network a lot and the Cloudflare network is built with end to end traffic automation for reliability and performance that customers trust.
And ultimately, unlike Zscaler, which operates multiple fragmented clouds, we offer one cloud network and one control plane.
With that intent.
Traffic automation built in for consistent protection. The fourth quality is user experience.
We really pride ourselves on delivering fast, streamlined security that's unintrusive to end users.
And that fifth quality is innovation velocity.
Ultimately, customers trust in Cloudflare track record of rapid innovation and value that our architecture is flexible enough to build quickly and help them stay ahead of the curve.
So with that, let's dig into some of those reasons and a bit more depth.
And Corey, I'm curious, based on your collaborations with execs and other senior leaders, what do you see as the most common reasons that customers choose us over some of our peers?
<v Corey Mahan> Yeah, I think from probably the most recent conversations I've had all kind of come back to, we can summarize it as easy, easier to use, reduce complexity, all of those kind of terms.
But what it means is that when when a CIO or a CSO signs up and they're on board with Cloudflare and their teams are engaging hands on keyboard, it's genuinely easier to to manage and deploy.
And when I say that, well, what does that mean?
It means that, yeah, we have a single interface, one control plane for everything, right?
We have API support for all the Cloudflare One features. We have a TerraForm provider that you can deploy and set up how you want your account to structure.
We have options to be able to disable settings so you can't manage anything via the admin console and the GUI.
Right? All of these things matter so that whenever you're, you know, rolling out something that can be complex, that it's easy as possible for the administrator.
Whether the administrator has been dealing with networking for, you know, decades or this is the first time they've ever seen anything like this.
And so one thing that we see is continually from CISOs and CIOs is, oh, wow, like my team was up and running very quickly and they were able to deploy this in a in a pretty streamlined fashion.
That continues to be a theme that we see over and over.
And it's something that we focus on too. Being from the product lens is, you know, we want time to value to be very, very quick.
And we also want to try to take very complex ideas and concepts and make them as simple as possible so customers can get the most value the quickest.
<v James Chang> Thank you.
And you mentioned you set the product hundreds of times. I'm curious, what are some common use cases that you see organizations tackle first, particularly when they're making migration from Zscaler or other Zero Trust types of vendors?
And what do customers customers learn about during the early stages of that migration?
<v AJ Gerstenhaber> Yeah, think that's a really good question.
I mean, so I did allude to this a little earlier on, but honestly, Cloudflare is unique for a whole bunch of reasons in this market, and I think it's really easy to kind of abstract those reasons away and talk around them because a lot of SSE or SASE vendor messaging looks the same.
But at the end of the day, what Cloudflare provides is completely unique.
The ability to deliver streamlined Zero Trust application access for Web services is almost always the first place that customers start because there is nothing else like it on the market.
And we actually mean we just announced a couple of months ago that we're going to be integrating it with our browser isolation technology to isolate internal web apps.
And I just saw an internal demo of that the other day and it's amazing.
But but all that to say it's most businesses rely on private web applications to drive some amount of their business.
And we've actually done studies that show that the amount of technical users that rely on a VPN relative to the amount of non-technical users that have to rely on a VPN to do their job and the vast majority is non-technical work going over the VPN.
So breaking that traffic out is one of the most impactful things that we've seen very early on for customers.
But then separately, layering on the ability to deploy the client to cover a lot of the existing legacy VPN use cases that customers rely on while kind of seamlessly integrating inline Zero Trust security controls, things like identity awareness and device posture awareness and contextual awareness of some kind is probably the next thing that we see.
But once you've done that, you're already immediately able to deliver all of the either filtering or filtering or DLP functionality.
So what we've seen is that it kind of snowballs right after you do 1 or 2 things, you realize that you've already done a lot of the pre-work required to do some of the much more advanced things.
And then you can you can kind of consume everything. And it's just tuning to make sure that all of your users have access to all of the right things.
Before before I stop talking, I want to put a finer point on something that Corey said because I thought it was really, really interesting.
I think that what we've seen or what I've personally seen from security leaders and leaders in the last six months is really, really, really starting to lean in to programable and composable architecture.
This idea of of security, DevOps or Devsecops is really it's been top of mind for a couple of years now, but it's really starting to take hold as it relates to the market.
And I think that's another place that we've seen a lot of kind of immediate uptake, right?
People want to know how do you use the API for this?
How do you how do you use the TerraForm provider for that? And even just doing that as a first pass means that a customer is already so much more empowered to make big sweeping changes because it's so much easier than poking around in the UI, I think is really, really, really important.
<v James Chang> So yeah.
Thank you.
And you alluded to something earlier, which is that one of the experiences that stands out, particularly early on is how fast and streamlined and frictionless that experience is for for end users.
And we really do pride ourselves on that because modern employees expect it and we want them to stay productive without security getting in the way.
And so recently we ran tests that proved that clouds that Cloudflare was faster than zscaler across several of our Zero Trust security services.
So specifically our Cloudflare Gateway our secure web gateway is 58% faster than ZIA in our test.
Cloudflare access, our ZTNA service is 38% faster than ZPA worldwide.
Their equivalent and our Browser Isolation service is 45% faster than Zscaler's version worldwide.
And you can read about these tests on our blog. And we validated the results with a third party research firm recently called Mercom.
Um, so with that, Corey, do you want to let people know what the sign up process could look like?
<v Corey Mahan> Yeah, totally.
So it's, it's as simple as a form to, to get started the link here on the screen.
And if you, if you use your favorite search engine of the day and search for Cloudflare Zscaler it's quite unique.
You'll get this as the top result. You don't have the ability to jot down the URL here, but but it's really just a quick intake form looking to understand what you use today.
The first step is you'll have someone from the Cloudflare team reach out and and really work to get into that kind of workshop scenario that we talked about earlier with some of our team to understand where you are and then where you want to go.
And then from there, using all the tools available to to go, you know, in the direction that makes the most sense for your business, whether that be kind of kickstarting on the business side of things or wanting to get up and running.
As fast as possible to move into a posse.
Really, we have all of these toolkits and that's why we call it a program.
We have all these tools at our disposal now to make this super easy for anyone to get started.
So it's as simple as following the link there. You'll you'll have a very short signup form.
We'll ask a few questions about what you use today, and then we'll engage in a conversation to kick start from there.
We're really, really excited about this and think that's the that's one of the really, really cool things is this is just the beginning of this program to as we add more partners to the program, as we add more internal professional like services to the program, right?
Everything from, hey, run this to hands on keyboard deployment to manage partner, whether that be a new partner or an existing partner to working with excellent humans such as.
Aj We're really, really excited about all the things that the scalar program has to offer and where we build on it from here.
So there's a few other things on the screen here for the rest of security week.
This is one of many announcements during the security week that's ongoing now, but we're really, really excited about the program the rest of the week and we really, really hope to see everyone sign up that is looking to make a switch to to Cloudflare One.
<v Joshua Peña> Q2 customers love our ability to innovate quickly and deliver what was traditionally very static old school banking applications into more modern technologies and integrations in the marketplace.
<v Jordan Hager> Our customers are banks, credit unions and fintech clients.
We really focus on providing end to end solutions for the account holders throughout the course of their financial lives.
<v Joshua Peña> Our availability is super important to our customers here at Q2.
Even one minute of downtime can have an economic impact.
So we specifically chose Cloudflare for their Magic Transit solution because it offered a way for us to displace legacy vendors in the layer three and layer four space, but also extend layer seven services to some of our cloud native products and more traditional infrastructure.
<v Jordan Hager> I think one of the things that separates Magic Transit from some of the legacy solutions that we had leveraged in the past is the ability to manage policy from a single place.
<v Joshua Peña> What I love about Cloudflare for Q2 is it allows us to get ten times the coverage as we previously could with legacy technologies.
<v Jordan Hager> I think one of the many benefits of Cloudflare is just how quickly the solution allows us to scale and deliver solutions across multiple platforms.
<v Luis Placeres> My favorite thing about Cloudflare is that they keep developing solutions and products.
They keep providing solutions. They keep investing in technology. They keep making the Internet safe.
<v Joshua Peña> Security has always been looked at as a friction point, but I feel like with Cloudflare, it doesn't need to be.
You can deliver innovation quickly, but also have those those innovative solutions be secure.