Introducing a new Application Security experience
Presented by: Jessica Tarasoff, Pete Thomas
Originally aired on March 20 @ 11:30 AM - 12:00 PM CDT
Welcome to Cloudflare Security Week 2025!
During this year's Security Week, we are boosting security with AI-driven insights, better threat detection, and stronger protections against emerging risks. Our aim is to empower customers with more intuitive and user-friendly solutions to protect their data and applications in an increasingly complex environment.
In this episode, tune in for a conversation with Cloudflare's Jessica Tarasoff, Product Design Lead, and Pete Thomas, Senior Manager, Product Design.
We’re introducing a new Application Security experience in the Cloudflare dashboard, with a reworked UI organized by use cases, making it easier for customers to navigate and secure their accounts, APIs, and more.
Tune in all week for more news, announcements, and thought-provoking discussions!
Read the blog posts:
For more, don't miss the Cloudflare Security Week Hub
English
Security Week
Transcript (Beta)
Welcome, everyone. I'm Jessica. I'm lead designer for the application security team here at Cloudflare.
I'm talking to you from Lisbon, and I've been in Cloudflare for about three years with Pete, who is going to say hi.
Hello, everyone. Yeah, I'm Pete.
I'm a design manager here, and I work with our application security team and Jessica.
I'm based out of London. I've been working with Cloudflare for quite a long time now.
And yeah, this is not my first Security Week, but it is one that I'm super excited about.
And we're really excited to talk to everyone a bit more today about a big release, big experience improvement that we'll be rolling out.
So to set the scene a little bit more, we're both part of Cloudflare's product experience team.
So this is a team made up of product designers, of content designers, technical writers, either researchers and design system specialists as well.
And really, our team's mission is to make sure that Cloudflare's products are simple and intuitive.
And we do that really by working closely with our product partners and our engineering partners, speaking to customers, and yeah, working to bring great products to market.
One of the things that we really want to touch on today is, yeah, an exciting experience improvement, like I mentioned earlier.
And this is something that everyone will be able to test drive as part of this year's Security Week.
So before I dive into kind of what those changes are, and Jessica is going to take us through an awesome demo of what that looks like as well, just to set the scene a little bit about why we're doing this.
So yeah, over the years, as we've built out Cloudflare's application security product, we've added loads and loads of new features.
And this is really to make sure that we could meet the needs of the market, the application security market is ever evolving and changing.
And we needed to move rapidly to do that.
But one of the trade-offs that comes with that pace is that this rapid expansion can cause the product to get quite complex.
And that's something that we'd heard a lot from customers, and something that we really wanted to tackle.
The complexity that we'd gathered, this makes it really hard to combine features and capabilities and help customers get the right security posture.
So we listened to this feedback, we worked with our user research team as well, and customers have helped us to understand how they think about application security, and the boundaries are really removed for them when they're looking to get their job done.
And really, the job to be done that they have is ensuring the security of their applications and websites.
And to really do this effectively, they need a platform which allows them to combine all of these different capabilities and have a joined up experience, right, to make sure that they can really get that job done.
So fundamentally, what we sat down and came up with was that we really needed our product to be a shockingly simple and intuitive tool to use to secure all of your web assets.
And that's the experience that we're going to kind of demonstrate for you today.
Yeah, so Jessica, hopefully that sets the scene a little bit.
But yeah, do you think you could give us a quick overview of the updates that we've been working on?
Yeah, well, that's a lot to deliver, but let's see how it goes.
I'm going to share with you now a preview of what this looks like.
I'm not going to go into crazy detail because I also think everyone wants to have the chance to explore a little bit by yourself.
So let's suppose that I am here in one of my websites, and I'm very used to my security area here.
But this time, something looks a bit different. Apparently, there's a new Cloudflare security dashboard.
So you're inviting me to check it out. We would like to let you know that you don't need to.
If you have important tasks you need to fix right now, you can do it later.
But in this case, I want to check it out. So let's see what's happening here.
We have a brief introduction to where everything moved to.
So this new overview page is where you're going to quickly review your security posture, a broad overview of your security posture, and suggestions for you to improve your security configurations.
After that, you have all your analytics in one place.
So traffic data and security events are now together. So you can find your detailed security analytics fast without the need to open multiple tabs and keep switching from one place to the other.
Then we have this web asset discovery area where you can easily secure your web assets.
And this is basically page shield and API shield features now living together and allowing you to identify your web assets and improve their security and monitor resources running on your domains.
Then we have something we are very excited about, the security rules all aligned in one single page.
So here you can control how Cloudflare mitigates your traffic.
All of your security rule types now can be created and managed in one single place.
So it's easier for you to see how Cloudflare is mitigating the incoming traffic.
And finally, you have the settings page where you can configure Cloudflare detection tools.
So this is what Cloudflare is, what are the signals that Cloudflare is detecting on your traffic, all of our regularly updated managed rules, everything is grouped together as detections that you can view and configure in this area here.
This all, of course, you can always switch between dashboards back and forth here to the previous experience.
And we really welcome your feedback.
This all looks very cool, but I think where it really clicks and what we have really given a lot of attention to is how this defines your experience in context when you're trying to solve your day to day jobs, as Pete mentioned.
So I'm going to switch here to one of my different websites and you're going to see that it looks a little bit different because in this case, I have just been a victim of a Doze attack.
So I see an alert flashing right in front of me because it's something I should really pay attention to.
I can review the traffic. It takes me to events where I see this page filtered by the specific problem that I am addressing.
And I can continue my exploration here with the tools that we already know.
Nothing of this is new functionality. This is just things we already provide to you.
But we heard the feedback that if this is important, I want to be able to see it contextually and address it right now.
And if it's not important, I want to be able to archive it and continue with my journey.
I think those are the key points.
Hope I didn't forget anything. No, I love it. I think it's great.
Yeah, that overview page that you demonstrated there as well, I think was one of the key pieces that we learned about as well, wasn't it?
Like when we spoke to customers and teams internally, it became like super clear that what was important for us to do as a product was to be able to give customers more of that information in one place upfront where it was easily actionable for them.
So they weren't having to click around the dashboard and look in all these different areas to kind of find the solutions to their problems.
So yeah, I think I'm really excited about that page going out especially.
Awesome. So yeah, I think this was a pretty big undertaking for the whole team, right?
Getting to the stage where we could rethink the application security product in this way.
And yeah, I mean, I know a little bit about how we worked through this having worked with you on it, but I think it'd be interesting for us to talk a little bit about the process that we went through, especially from the from the design angle.
So yeah, I'm interested, Jessica, like, yeah, what was this process like?
How did you kind of take on such a big challenge here?
And yeah, how did we get to this stage of being able to preview it for customers?
Well, Pete, as you know, Cloudflare is a very technical product. I don't know if you as a designer have heard some jokes from your friends about joining Cloudflare and what the designers even do there.
But actually, we do a lot here and we are very thankful for all of the collaboration that we have in understanding such a complex problem with the help of our engineering partners.
And proposing all of these UX improvements really requires us to understand what is what are the objects that we are working with, how these technical systems work, and making sure that we can abstract all of this complexity and make it simple and intuitive to our customers.
So first thing is that our relationship with engineering and product was very critical to make this work.
And secondly, I guess the key thing here was listening to our customers, right?
Because people really like Cloudflare and they really like the products that we offer.
We have a lot of very robust products.
But at the same time, sometimes just using these different products in a flow could be improved.
So we were trying to find out what were the right improvements for us to prioritize.
So we learned a lot about the way that our customers, for example, are using our analytics and our rules products together.
And we found out a lot of improvements, UX -driven improvements that we could make to make these workflows easier and smoother.
And I guess the last thing that we should always mention is that we really had a lot of input from our user research team and our product content experience teams, because as much as all of this was driven by a very strong design discovery process, we also wanted to make sure that multiple prototypes were tested and put in front of people early enough so that we could catch things that were not making sense and make sure that we arrived at a stage that we are confident enough that most of the tasks are going to be easier and not harder with this change.
Yeah, awesome. I love that. I think, yeah, all three of those points are just critical to how we deliver products across the platform, but especially in this change, the collaboration was really important, listening to customers, understanding what everyone needed, and then, yeah, really how to kind of keep iterating and testing on those changes until we could until we could find success.
Yeah, we're absolutely looking for feedback as this rolls out as well.
We really hope everyone enjoys using it. And we really would like to say thank you for letting us talk to you about these updates as well.
We're really excited for this.
It's the first of many enhancements and changes that we're going to be making across application security in the coming months.
So yeah, we encourage you to check out the new experience, visit the dashboard, enable the navigation and experience changes, and let us know what you think, right?
You can leave us feedback, share in the community.
And yeah, follow along with the blog, because there's going to be lots more announcements for application security during the whole of security week.
Yeah, thank you so much. Thank you.
