Originally aired on January 24 @ 2:30 AM - 3:00 AM EDT
Welcome to our weekly review of stories from our blog and elsewhere, from products, tools and announcements to disruptions on the Internet.
João Tomé is joined by our CTO, John Graham-Cumming. In this week's program, we talk about our first Innovation Week of the year: CIO Week 2023. We go over several of the announcements we did, thinking of those that try to keep their organizations safe and productive.
For the written recap of the blog posts of the week, you can check our
CIO Week 2023 Recap .
For more, don't miss the
Cloudflare CIO Week Hub Hello, and welcome to This Week in Net, our first one of 2023. So, happy 2023, everyone. I'm João Tomé, coming to you from Lisbon, Portugal, and with me I have, as usual, our CTO, John Graham-Cumming, also in Lisbon. Hello, John. Hello, good, well, good morning, but I guess good afternoon, good, wherever you are. Exactly. So, 2023, our first of 2023, and already with one innovation week, the CIO week. Why not just start, why CIO week, just to start the year already with some new features, new tools, mostly to help those who are trying to put companies at ease in terms of IT development and IT working tools, really, right? Yeah, well, I mean, I think that we have a tremendous number of customers who are CIOs, and what they are buying from Cloudflare is perhaps some of the things that people don't necessarily think of Cloudflare producing. So, often I think people think about Cloudflare in terms of CDN, in terms of DDoS, in terms of WAF, and things like that. And of course, Cloudflare actually has a very large business in networking as a service and in Zero Trust. And so, you know, I think that one of the things that's interesting about CIO week is sort of highlighting all the ways in which people use Cloudflare that are perhaps not the things they immediately think of. And so, you know, be that for, like you and I, when we get access to our things at work, right, we are going through Cloudflare Zero Trust solution. That's how we're logging in. That's how, you know, that's how we're getting access to resources. That's how those things are protected. And I think a lot of people don't necessarily realize we do that, and also a tremendous amount of stuff for networking as well. So, you know, as companies are replacing their MPLS networks, some of their WAN with the Internet with Cloudflare, then, well, here we are. So, the CIO week is going to highlight, you know, customers who have purchased our products and also announcements around what the product is all about. So, you know, welcome to CIO week. We're almost over at this point, but here we are. Exactly. Almost over at this point. We actually, the week started, I'm showing now my screen, the week started and everyone can follow up or all of our releases with a blog post from our own CIO, Juan and Corey Mayhan. So, it's all about what is the role of a CIO, making the systems work, and also explaining, like you said, what we have already in place and it's getting better in terms of making the machine of a company work. So, people just focus on their work, even while scaling and getting bigger, just focus on what they need to do to make good things faster, right? Yeah. I really love this SaaS name, Secure Access Service Edge, because I do, just learning, actually, I do because it's not an obvious one, to be honest. There's SaaS, there's SaaS, actually, they're too much similar. But in a sense, it explains a bit of what this architecture is all about in terms of Zero Trust, right? Well, yes, it does. Although, you know, there's all these terms, right? There's Zero Trust, there's SaaS or SaaS, however you want to pronounce it. There's all these different names, and then there's CASBs and all these things. So, I find the names a bit of a whirlwind of different names. Realistically, what we're talking about here is the old castle and moat model of corporate networking is going away, and for many companies, it's already gone away. For us, it certainly has. Others are going through a transformation where they're trying to move away from the network itself being considered to be secure. That's kind of what Zero Trust really means, and also move away from dedicated networking between the different parts of their organization. So, the Internet is becoming, I mean, look at you and I recording this thing right now. We're both using the Internet to do this, right? We authenticated and authenticated in through Zoom, through our own internal authentication, Cloudflare Access, which everyone can use, and we both have Cloudflare Warp on our devices, which is creating the on-ramp onto the Cloudflare network. So, that's what all of this is about, is really replacing the corporate network with something modern. True, and at the start of the week, we introduced digital experience monitoring, a new tool, but also we explained how Cloudflare is faster than Zscaler, and Zscaler is like a big player in this area. For us, it's really important to show how we are better in terms of speed and performance than the biggest players, right? Yeah, I really take this back to, well, back in the day, now quite a few years ago, where we launched 188.8.131.52, which is Cloudflare's public private DNS resolver. And overnight, it was the fastest resolver in the world, everywhere. And as much as you could say, well, the engineering team did a fantastic job building that, and they did, I mean, an absolutely fantastic job, the reality is the power of having such a large network, 275 cities worldwide, where we have our hardware, right? We're not built on someone else's cloud, we're not built on someone else's network, this is us, right? That enabled 184.108.40.206 to be the fastest everywhere. And the other part of our architecture is that we run everything on every server. So 220.127.116.11 got rolled out to every server globally. And the same thing happens with our Cloudflare 1 and Cloudflare Zero Trust solutions. So in many ways, to me, the fact that our Zero Trust solutions were more performant than Zscaler didn't actually surprise me, because of the power of our network and because we run the same software everywhere. But the blog post is interesting, because it talks about how we did the testing to try and understand, because the thing about Zero Trust solutions is they're an intermediary between you and getting work done, right? Like you and I, every day we log into, or we use, for example, we use the Atlassian suite, and the Atlassian suite is behind our authentication mechanism, it's behind Cloudflare Zero Trust. And we don't want any roadblocks to that, right? And so you want that performance to be extremely good, and it is. And we also use our gateway product, right? When you and I browse the web from our corporate devices, we're going through warp, through a gateway and out to the Internet. And because of the scale of our network, we're always connecting to something local. You and me, we're connecting to the Lisbon data center, right? Exactly. It's closer. It's closer, right? And I have to be in Switzerland next week, and I'm going to be connecting to a data center in Switzerland when I do that. And you might go to the UK and connect in London, for example, or Manchester. And so I think that global scale really helps us be the fastest in all of these areas. And then lastly, the other thing that's in that blog post is around our browser isolation technology. And this is another area where we really shine because, again, rolls out all over the world, uses the incredible network so that the remote browser is running locally to you. And second of all, we have some really clever technology around how that remote browsing actually operates, which makes it just... I mean, it is seamless. You really don't understand that you're using a remote browser. And one of the really nice things we announced this week is this thing called email link isolation, which... So we have an email product called Area Ones. Now, imagine that an email comes in into Area... No, you send me an efficient link. Somebody sends me an efficient link. And that's pretty common in these days. It's very common. It happens all the time, right? So now, for the most part, Area One will just delete it because it's like, oh, I know that's phishing. But let's suppose there was some doubt. Well, what the product can do is it can actually change the links in the email to something that will then go to browser isolation. So even if I click on it, I'm suddenly using an isolated browser. And I won't even know. Like, oh, and then if I'm falling for phishing, then I'm doing it in such a way that it's in an isolated browser. And of course, because we use Cloudflare Access with hardware keys, it doesn't matter if I fall for phishing. So I think it's not just speed, but it's also completeness of vision and integration that really is making our Cloudflare One and Cloudflare Zero Trust stuff really exciting. Yeah, and it makes sense. This is all the work of a CIO that tries to put the IT, the part of how a company works to the test, right? And speed, I think, is really important. Anyone that uses the experience of a VPN and remote work, as you have to be outside the office a lot of times, is not a good experience. When things take a long time, you get frustrated, you work worst. So making it faster, I think, is important in terms of experience. And that tranquility of pushing a link, oh my gosh, push this, it's probably phishing, this is probably someone just trying to fool me. Being aware of, hey, nothing will happen because of damaging a company's systems is really important in terms of confidence. Just not thinking about it in your mind is really important, I think. Exactly, exactly. So what else have we been up to this week? It's been quite a lot, right? Quite a lot. In the beginning of the week, we have a few more things. For example, why do CIOs choose Cloudflare 1? I think that's a good one, Sam Rae wrote. Yeah, Sam Rae wrote that. And I think that's a really interesting post. And it's worth reading through to get an understanding. It gives you an understanding of what the Cloudflare suite looks like and why people decide to use it. I mean, we talked a little bit about performance. I also think just the very heavily integrated nature of our network and our products, which you can use. You can be using what we call application services, which is if you think about WAFs and DDoS and CDN and stuff like that. You can be using those alongside Zero Trust as we do ourselves internally. And by the way, everything that Cloudflare produces, Cloudflare uses. So we protect Cloudflare with Cloudflare. And so we stand by this because this is what we use to protect the network. And we can talk to you about that protection. And a great example of this is that there's this group called the Octopus Group, who did a phishing campaign against quite a large number of companies. One of them was Cloudflare. And Cloudflare was the only one that didn't have a problem. And the reason for that was that we use our suite and we enforce the use of hardware keys for authentication. And that completely eliminated the fact that there was a phishing campaign that was happening. And because I think what a lot of people don't really realize is that phishing, if you go up against them, if somebody has a phishing campaign against you where you are ultimately using Google Authenticator or something like that, that can be phished. That's not phish-proof. And so, you know, hardware keys and enforcing those hardware keys in your Zero Trust platform is really, really important. And big companies were impacted by that. Actually, Matthew wrote in the summer, anyone who can see the blog post Matthew wrote in the summer about that, just stating how we were resilient in a very large and big attack. Yeah, absolutely. And in terms of Cloudflare 1, I'm amazed. It's like a bundle, in a sense, because it's adding a bunch of things to a protection that is Zero Trust, but it's more than Zero Trust, like you said. We can add a lot of things, different products that we have, and make use of our enormous network to make things be faster, work better, and in a sense also be protected, completely protected in a sense. Yeah, exactly. And in fact, one of the things we announced this week is the ability for anyone to try out, if you're a contracted customer of Cloudflare and want to try out some other product that Cloudflare has, you can just do it in the dashboard. You don't have to call us. You don't have to get a contract going with us or something like that. You can just go into the dashboard and say, hey, I want to try out this Cloudflare product. And then we can talk to you later about what you want in terms of the actual product. So I think lots of stuff this week, if you're interested in Zero Trust solutions. There's also this really great website, zerotrustroadmap.org, which is a vendor -neutral thing where we talk about what it looks like to go towards Zero Trust and what the steps might be. So lots of stuff this week, definitely worth reading. I think about 30 blog posts. Yeah, we have that one. I was trying to find it. Here it is, actually. And it's vendor, so you can see all the vendors. So more things to talk about. We announced also Magic One Connector, right? What is Magic One Connector all about? It's really, really about how do you connect to the Cloudflare network? And there are various different ways to do that. And what we've announced is an open source piece of software that you can either install on hardware that you currently own, or you can go to one of our partners and you can buy it pre-configured on a hardware device. And the idea being that you can use your own machine or drop in a machine that allows you to connect into the Cloudflare network. And obviously, the Cloudflare network is close to wherever you are. And the real goal here is replace a bunch of MPLS circuits and other things like that with our network being in the middle. Actually, there's a nice little diagram, which is like, well, why do you just connect everything into the Cloudflare network? And the advantages of doing this is it's not just a network, right? It's not just, oh, this is like layer three or layer four networking. It's DLP, it's internal firewalling, it's email protection, it's browser isolation. So once you connect into that network, you get a load of benefits from being on the network. And this is where you get to talk about SASE again, since you like it so much, because this is sort of a path to getting into, a secure path to getting into a network like that. We don't often talk about edge networks, but the SASE thing actually talks about edge. We think of it as our global network, which is everywhere. You can think of it as an edge network, if you like that term. The idea is you're going to connect to something which is close to you, wherever you are. In a sense, we also discussed this before, the super cloud term, because it's a super cloud, but it is a super cloud close to you. So it's as super as local, right? It's a little bit of both, in a sense. That's right. It should be super local to you. And it should just look like, well, look, there's this big global network, which we ourselves make out of. Think about what we do. We have all those machines around the world. We have a bunch of software that links it all together into one seamless network. And we also have fiber optic connections in many places to actually link the actual data centers together. But the idea is, yeah, this is a great list. It's all this stuff, which is like, if you connect into our network, you can get all these things as part of it. So it was definitely the case that I think magic one connector, either get it from one of the partners. If you're buying from a particular vendor, we will have SKUs with them. So you can buy a pre -configured Cloudflare device, if you like, or it's open source, download it, put it on the hardware of your choice. But this is all just about getting you onto the Cloudflare network. Exactly. And it's a lightweight software package anyone can install in a physical or cloud network. So it's all about making it simpler and automatic to connect, to steer, to shape any IP traffic. Actually, you made an important point there, which I hadn't mentioned, which is that, yes, it could also just be run as a VM within your existing cloud provider or whatever. So if you have a big cloud thing, you want to connect that, then you can use this as well and get it all set up. There's advantages there, and anyone who wants to see it and try it out can read the blog post. There's also early access here, a submission. Sign up for early access. This is coming very, very soon, and we'd like to get people on it now to try it out. Another thing we discussed, for example, Cloudflare's data loss prevention service now offers the ability to create custom detections. There's a bunch of things there. And also, we announced Cloudflare expands relationship with Microsoft in this case. What should we tell everyone about this? Well, I think Cloudflare and Microsoft had quite a long relationship. I mean, we've done stuff around bandwidth alliance with Azure, and actually Microsoft gave us an award not very long ago as a cybersecurity vendor. The big thing here really is the integration between Cloudflare 1, so all the stuff we've been talking about, and Azure Active Directory, which so many businesses use. If you're a big Microsoft shop, you use Azure Active Directory. And this is just a really nice integration now, so that you can deploy, if you're using Azure AD, you can deploy our Zero Trust solutions without any code. Basically, you can integrate directly. I think part of this is that there's this other thing called a SCIM, which is the system for cross-domain identity management. And SCIM is really interesting because prior to SCIM existing as a way for these identity systems to talk to each other, there was a lot of manual work to kind of synchronize stuff. And so, we actually separately announced that we're supporting SCIM in Cloudflare Access, and that will integrate with Azure AD, so everything gets synced automatically. And an example of that, like if we use Azure AD and we added you to the used to be journalists group, right, at Cloudflare. Let's imagine that was a group in our identity system, that would get synchronized automatically right into there. Or maybe you need to be added to the Cloudflare TV group, so we add you to that. And so, this automatically happens without there being any work. And also, this also works with the government cloud stuff in Azure for what's called secure hybrid access, which allows government customers to keep their traffic off the public Internet. So, this is a real deepening of a relationship that we've had a long time in Microsoft, and it's great to be part of really integrating with Azure AD because Azure AD is such a commonly used service. True. And you already discussed before the email security isolation that we put generally available. There's a trend there that I think is quite huge in terms of numbers as related to Area 1, is that in 2022, Cloudflare Area 1 identified and kept almost 2.3 billion unwanted messages out of customer inboxes. So, that's a very large and big number that also shows the relevance of this area in terms of numbers of a lot of messages. I mean, if you think about phishing, phishing is absolutely the number one threat that businesses face in terms of the initial vector by which bad things get into organizations. It's just one of those situations where it's like you have to have some phishing protection. And that's, I think, why the numbers are so large here. You get these sort of spray and pray kind of phishing, you get targeted spear phishing where you're going after individuals or organizations. In the Octopus stuff, they had created a site that looked just like the Cloudflare login site. And so, these things just become incredibly important to have. And the numbers are crazy. Unfortunately, email is easy to send and you have to have some way to defend. I don't know if some of the announcements of today want to highlight. We're recording in the morning, so the announcements will be published this Friday afternoon. Friday the 13th, actually. Friday the 13th, yes. Any of the announcements for today that you want to highlight? Well, yeah. I mean, obviously, there's going to be a wrap-up blog post where if you've missed half of the things this week, there's a wrap-up at the end of the week, which will give you information about what's out there. There's a few different things. I mean, one of the things is Cloudflare Zero Trust for managed service providers. So, if you are a managed service provider and you want to provide Cloudflare Zero Trust to your customers, but also manage them, that actually, I think, is a really interesting announcement because you will be able to manage your customers' use of the Cloudflare Zero Trust solution for them. And it has a concept of a hierarchy of accounts. So, you can operate on those things on behalf of your customer. So, that one's an interesting one. We're going to announce the fact that you can use application services. We talked about that, the DDoS and the WAF and all that kind of stuff as part of the entire Cloudflare One suite that gets put in there. There's some new alerting features that are going to come out, which we'll talk about. So, you can really get granular alerts on stuff that's happening within the network as you set it up on Cloudflare. So, yeah, lots of cool stuff coming out. And then that'll be CIO. First innovation week of the year will be over. And we also, why not just mention this, we also have this CAS, another of the terms CAS and DLP work together to protect data, but also data in email. So, both of them. Right. Yeah. Well, I mean, the big problem is people have got data that's all over the place, right? It's in email, it's in cloud provider. You just think about that. Yeah. Maybe it's in Google Docs or it's in Box or it's in Salesforce. I mean, there's all this data all over the place. And so, we're going to go out and we're going to help protect that, figure out what's maybe exposed to the public and then do data loss prevention on this stuff. So, yeah, there's definitely a very, very large amount that the suite does. Before we go, we also published our DDoS Threat Report for Q4 of 2022. Want to highlight some highlights there in terms of DDoS. DDoS continues to be important and relevant, of course. There's continuing growth throughout the year in 2022, in this case, in the last quarter of the year with the shopping season, November. Want to highlight some of those trends there? You know, what I really think about DDoS is I worked in anti-spam at one point. And, you know, the thing about DDoS is that it just isn't going away and everybody gets DDoS. And I think if anything, what this report really highlights is that, you know, just the wide variety of things that get attacked and also the scale now. It's like common for us now to see, you know, terabit level attacks. They're just commonplace. So, you know, you read all about it. I mean, you can read about your industry or your country and you're going to find that, you know, DDoS is definitely, definitely here. It's true. And there's a Radar report also for people to browse. There is, absolutely. If you don't know about Radar, you should be going to And there's the report. Of course, there's another, a lot of stuff to see on Radar, but the report is there and people can browse through countries. There's sections to see different trends and some of them will top attack industry by region. So a lot of data here, just even for people to interact and browse and see different attacks. Ransom DDoS, it's also a thing for the past few years. A lot of trends, I would say here, this is the selector for different countries, different parts of the world people can do. Those are, continue to be important and seeing the trends shows us the impact worldwide in different areas. Yeah, absolutely. Yeah. Go check it out on Radar. And of course about the CIO week, you can go to our Clothar.com site or the blog to see all of the announcements we did. There's a lot of them you can browse and see. That's the wrap. Thank you. All right. See you next week. Welcome to 2023.