🚚 This Week in Net: GA Week edition

Hello and welcome to This Week in Net. This is a special edition about GA Week focusing on those products that are now Generally Available to everyone.

We started this program back in 2020 with our CTO John Graham-Cumming.

John is here with me now.

Hello, John. Hi, nice to chat with you and nice to resurrect This Week in Net.

Exactly.

We're giving it a new life starting today. Great because This Week in Net was actually one of the early shows that were on Cloudflare TV when we started it.

Some people don't know. We started Cloudflare TV during the pandemic back in 2020 as a way to communicate what Cloudflare is doing, technology things that are happening, and news about the Internet.

And I started doing a show called This Week in Net, and I'm glad that you're here helping getting it going.

It's a great title.

And back then it was all about reviewing stories that we mostly had on the blog.

May that be new products and technology, things affecting the Internet, outages, trends, new technologies, all of all sorts also.

So the idea is to continue that here in this program.

The other thing is that there's a slight joke in the title, which is obviously Net can be the Internet, but Net is also Cloudflare's ticker symbol on the New York Stock Exchange.

And so this is partly about Internet and partly about Cloudflare.

There's two sides of that word and it's a good word there for sure.

It was a busy week, GA Week, Generally Available product week.

There's the upcoming and our usual Birthday Week also.

So these will be two weeks of announcements.

But in this case, GA Week was more focused on those products that were on beta that were being tested and now will be available to everyone.

Right? Yeah, that's right.

I mean, if you think about Cloudflare's history, if we just go back to the beginning, 12 years ago, as you say, Birthday Week is coming up.

Birthday Week is next week.

It's always around September 27th, which was when Cloudflare launched in 2010 or 12 years ago, we are on our 12th birthday, and Birthday Week is always about forward looking announcements and things that are soon available, betas, new technologies, things that change how people think about Cloudflare, and also things that tend to give back to the Internet.

Internet.

So universal SSL, for example, in 2014, making a SSL free for everybody. But if you think about at the beginning, we didn't have a large number of products and we didn't do that many launches throughout the year.

And so there were a few GAs happening throughout the year.

But as the company increased in size and the number of products we producing is increased, obviously we're doing a lot more betas and a lot more GAs throughout the year.

And this year there was really a confluence of things that were becoming available all around the same time.

And so we decided what we would do is before Birthday Week, before we start doing the forward-looking side of things, we would wrap up those GAs and make products and services available to people and announce them all during one week.

That's what GA Week is really about.

It's about all the things that we had already talked about for the most part.

And now they are fully available to our customers. And this will be the 12th anniversary of Cloudflare But for those who don't know, we started Birthday Week, early in the beginning was a bit different because less products, but then it started to be a real thing.

Birthday Week first and then more innovation weeks like seven innovation weeks are usual for a full year by now.

What advantage do you see in even having like deadlines, having a full week of announcements, even for the team to prepare, to put things out there, to take risks and go for it?

I think that the key thing is that if you work at Cloudflare, one of the exciting things about working at the company is the scale of our operation.

Think about the 275 cities where we have hardware.

You think about our customer base. Think about the percentage of Internet traffic that flows through our network, the number of clients we're protecting around the world.

So when we ship something, it has a real impact.

And you see that in terms of new protocols and new technologies we ship and you see it in terms of features that our customers use.

And we have a huge customer base.

We value think we value shipping partly because it puts things in people's hands and that's very important and it tells the story of what Cloudflare is doing and it expands our total product set and our total platform.

But also from the team's perspective, it is extremely satisfying to get your thing out the door and get it into the hands of customers.

So although of course it's stressful to get something to a shippable form and get it out the door, it is also probably the most satisfying thing.

And one of the things people often ask me is "what do you like working at Cloudflare"?

I always say there are two things.

One is the impact of what we do is really tremendous and it's truly global.

And the second one is the team that I get to work with. And so these these innovation weeks, they tell a story to the public about what we're doing.

They help people understand better what we're doing, but they also give a chance to the team to celebrate having completed work and giving it to our customers.

That makes sense.

And again, I think it creates a momentum not only for the outside but also for the inside.

I think there's true value in that, actually, even yesterday.

Matt Silver, who did a bunch of things in this two weeks was saying exactly that: it creates the mantra.

Yeah, that's right.

And Matt's really been driving a lot of the work that's been happening in GA Week and Birthday Week next week.

There's a lot on his plate as one of the key drivers.

Obviously a huge team of people involved in making this kind of stuff work.

But he has he's been a he's been a key driver. And we're going to see some some blog posts from him personally next week as we start to announce some of the sort of surprising things that are going to come out in Birthday Week.

Going through the announcements we did this week.

A few of them have more momentum in terms of the way they can disrupt our customers.

Having some of these services already available, of course, R2 now generally available.

It's a really important thing.

Can you describe a little bit what is R2 all about and the process of taking it to general available status?

So R2 is a service we put into beta earlier this year designed to compete directly with S3; hence name R2.

It's S3, but backwards one in the alphabet and the numbers and why backwards?

Because it removes something which is egress fees.

We know from talking to our customers and we know from just the sort of general feeling on the Internet that it's a little bit surprising that if you store stuff in an object storage like S3, there's a charge to get it out again, which just somehow doesn't feel right.

And those charges can really rack up if you store stuff and have to get it out fairly regularly.

And over the years of building Cloudflare, we have really focused on not charging for that kind of egress because the key thing for our business is we've really heavily optimized our bandwidth costs, that's core to our business and it just doesn't make sense to charge egress on this stuff.

And the other providers have done the same thing, reducing their bandwidth costs but the price which they're charging to get data out is really egregious.

And so we felt there was a much fairer way to do this, which was to make a storage mechanism available S3-compatible.

So same API as S3, but without those fees.

That's a tremendous uptake since we launched it back in, back in May.

And now it is fully available to anybody.

So you can upload your objects onto the Cloudflare network and you will pay the storage, but you will not pay to read any of those objects and get them out.

For most companies, if you're you have a small company just getting started, this could make a real difference in terms of costs, in terms of making it easier.

An interesting case is that one of the sort of dangers with egress fees, is that the example where you're a small company getting started?

Those egress fees are actually tiny because you're not using it very much, but you kind of get punished for being successful.

So if your company is successful, you're growing, and you're now paying.

And the price of that, that data coming out of these services is ridiculously high.

And so it's almost sort of the how expensive bottled water is compared to tap water.

It's almost the same thing. And so I think that we really hope to change the economics of object storage and we know from the beta that tons of people are using it and people will be using it in association with our Workers platform as well.

This blog post you've got up on screen right now, which is about storing logs in our tools.

So. Actually log storage is a huge problem for companies.

This is something that we announced this week. Anything, any service you're using like Cloudflare is producing an enormous amount of logging information about events in the system and particularly security teams, but also people just doing operations they want to keep those logs so they can debug problems.

They can look for security vulnerabilities if something happens and the volume is enormous.

And so you have an enormous volume.

And we announced in this blog post that you could push your Cloudflare log directly into R2 and that makes it inexpensive to store them, first of all.

And if you then need to suck them out and put them into a scene or into a tool like Splunk for analysis, then it's inexpensive.

We are going to see the way in which the Cloudflare products work together become more and more obvious over time.

And so this is a great example, which is if you're generating a huge number of logs at Cloudflare, then don't pay someone else to store them.

We will store them for you and you can get them out for free. And in this case, like an ecosystem that we're creating, making it easier for people to use it in a centralized way, right?

That's right.

That's right. It also saves time because when it's all more easy at the same platform, in the same area, it saves you time dealing and doing stuff.

Absolutely.

Absolutely. Yeah. In terms of R2, when it was in beta, did you find anything interesting that we didn't know before?

Something that customers taught us?

I think when you're in beta with something, you always find out interesting ways in which people use the product.

I remember very long time ago talking to a customer who made those, if you a Facebook user you may come across these surveys, which is like which burger are you or which Game of Thrones character are you?

And it turns out that's a funny thing, but you do the little survey and then you post it to your wall, and your friends laugh about which character you are.

And those things get stored in object storage and then they get read out.

And in fact, there's a tremendous amount of cost in doing that because, if ten of your friends read it and then the thing essentially gets discarded because you never really go back to that again.

And by putting that into a cheaper object storage and using caching as well, it means you're never putting it out of object storage or at least put it out once really makes a big difference.

But the other thing you find in betas is you just fix bugs.

You fix all sorts of different issues.

I was just reading one the other day about multiple uploads that we found during the beta and we fixed that.

So you'll see things come out where we hope through our betas to get to a really stable piece of software.

One of the sort of secret sauces at Cloudflare is we have a tremendous number of customers.

And if you look at the literally millions of websites and applications that use our service, some for free, some paid, there is an enthusiastic customer base who will help test anything all over the world and in all sorts of different ways.

And there really is nothing like that, the forged in hot fire kind-of-way of taking something and putting it into the hands of real users all over the place with their very varied use cases.

And so the beta is a super important to us.

And I and in particular I would, you know, shout out to all the free customers of Cloudflare because they often are the ones who are finding problems and helping us get make our software extremely stable and are important part of what we do.

So beta is about making it stable. To your point, it seems like a real collaboration, a real group effort.

You're a company and you also have customers that want to participate in the innovation, in the efforts, and that's like a bit like the spirit of a university.

So you'll have that collaborative spirit where everyone, if I'm helping this company, I'm also helping my business have better tools, more dedicated and personalized tools.

So it's also an ecosystem of sorts in terms of innovation, right?

That's right.

That's right. Another announcement this week was all about CASB.

It's Cloudflare's API-driven Cloud Access Security Broker.

It's now generally available. Can you explain what it does for customers?

If you get in the DeLorean and hit 88 miles per hour and go back in time, you will remember a day when you used to buy package software and install it on servers inside your business and everything was inside the firewall and you knew where your data was and all that kind of stuff.

That future died and it died because of a number of forces.

One of them was the rise of AWS and the ability to have your applications run outside your business or run in the cloud.

The other was the rise of SAS applications.

I think some way Salesforce was really the pioneer of this, having your CRM running on the Internet.

Even Hotmail in some ways was a pioneer, have your email running in a web browser that was completely revolutionary at the time.

So those those forces caused applications to no longer be in data centers, and they cause them to be outside the firewall.

The iPhone and other smartphones came along and said you can access everything from everywhere.

So suddenly what's happening is the corporate network has disappeared.

The installed applications inside businesses have disappeared or are disappearing.

So you have this incredibly complicated world where businesses are using SAS applications all over the place.

So each department is choosing which SAS applications they want to use and maybe the People team has got its HR management application.

The sales team is using its CRM. Imagine all of the vast number of applications that get used and all of those applications are storing data about employees, about customers and managing access to that data is really complicated.

In the old world, the Marty McFly world, in Back to the Future, that was all inside the firewall and you knew where it was, and things were a little bit clunky but you knew where your data was.

Now you don't. And so what these CASB things do is that they can monitor access to all of this vast number of cloud things, SAS things, and look for problems.

Look for things like PII data that shouldn't be there or a file file that is publicly accessible.

So the classic problem if somebody creates a document customer data available globally on Google because of the settings.

Actually managing that is tremendously complicated, figuring out who has access to what.

Is the access control appropriate on it?

So that's one thing that CASBs do. And you can see that in our in our interface files being shared or bad passwords or strange third party app or whatever.

But the other side is what we call Shadow IT, which is that most SAS applications you can sign up for really easily.

Slamming a credit card, get it going.

And so what happens in business is that going back to the future again, the IT department used to control everything you use.

What was on your laptop was on your desktop, what applications there were.

Suddenly with SAS the technical support department decides that it would be useful to have a chat application with their customers.

They just sign up with a credit card and suddenly you've got customer data potentially and some other application you didn't know about.

So we call this shadow IT. And one of the things that CASB can do is tell you about this.

It can identify applications that are in use and then bring them into control and make sure that what's in those applications is appropriate and that their use is authorized and the data isn't being shared inappropriately.

So that's really what this is. And we do it through the cloud, we do it through our Cloudflare One Zero Trust products.

And it's all about really if you think about the corporate network having disappeared and being diffused into the Internet, how do you how do you get a handle on that?

Well, you do that through things like Cloudflare One and the CASB product is part of it.

Exactly.

And this goes back also to Zero Trust as a way of protecting a company. But in this case, and we've seen this on the news over and over this year, I think this year is a really major year in terms of many countries having on the news attacks.

One of the things it seems this could do is to find before there's a problem some of those possible vulnerabilities.

It's preventative It's before you're encountering all sorts of problems, you have these types of solutions.

You're trying to you absolutely trying to get a handle on what's out there so that before some nefarious actor finds it.

You hear stories all the time about a hacker found an open bucket of data on S3, just downloaded it or some other document that had information in it.

This is what CASB tries to get a handle of. Another of the things we announced this week was the Data Localization Suite that will be available for more countries: India, Japan and Australia.

That's a trend for us since 2020, but really important in Europe.

But also it's now really important everywhere.

More legislation is coming in. Countries want to put their data inside their own country or region.

So this has a real world impact for what the Internet is right now and what will be in the future.

This is one of the great trends of the next five years: individual citizen privacy on the Internet in all its forms.

And I think as individuals, we are getting a little bit more used to thinking about this.

For a long time we thought about SSL and the little lock icon in the browser, because what we were worried about is "I'm accessing my bank account.

Is that secure?" So we were worried about the security of the connection.

"Is someone able to get into my bank account?" And now we all feel pretty good about using the Internet for banking.

And we're also becoming aware that there are privacy concerns about where is my data going, who is using it and why.

And the response to this obviously is on a personal level. People choosing particular products to use or not.

Look at the outcry around WhatsApp, trying to change how they were using data and what happened around that with individuals being upset about it.

But this is often seen as a European issue because GDPR, which was April 27, 2016, that went into effect, is seen as enshrining in law data protection and privacy within the EU for residents.

The reality is that was just one of many laws.

And if you look around the world, India and Brazil and Japan and Australia and China go on and on and on.

Every country is either legislating or going to the privacy of their citizens and how it's used on the Internet.

And what we can't have is the response that some companies had to GDPR.

You visit a US website and you get a message saying "You're a visitor from the EU.

We can't show you this web page because of GDPR". And what they're actually saying is "because we don't want to comply with GDPR".

That's why they don't show you.

They don't they don't want to do the work. Sometimes it's just because of the work.

Exactly. Yes, it's because of the work.

They don't want to do the work to deal with the fact that there are privacy implications.

And so they just say, look, you're a visitor from the EU.

I can't deal with you. But the reality is it's not about the EU. The whole world is doing this.

And so having that attitude or that kind of closed borders kind of attitude isn't going to work.

And it certainly isn't going to work for Internet-scale businesses, which fundamentally work by being available in lots of different places around the world.

And so we have for a long time, and we actually did an entire Innovation Week on this, had products that allow people to control how Cloudflare handles the data that flows through us.

So that can be in terms of where data is stored.

So that's what the jurisdictional restrictions do within the Workers platform.

So where if you're if you're building something on Cloudflare and there is customer data, where does that customer data end up?

And as data flows through our network, there are really two ways you can use Cloudflare.

One is what I would describe as a pass-through way, which is we don't know anything about the encryption of the connection, the SSL or whatever, and we will pass the data through us and hand it to the origin server wherever it is.

And we can do some things: we can protect against certain types of DDoS attacks.

We can do some acceleration across the Internet, but you lose a lot of functionality if you can't look inside the encryption.

So you use Web Application Firewall, you use certain types of rate limiting on and on and on.

So most customers use Cloudflare's configuration with SSL termination, that is to say the packets are decrypted by Cloudflare.

We do the work to protect, make sure it's not a bad request and make sure nothing nefarious is going on and then re-encrypt the good stuff and send it to the real server.

Well, controlling where that decryption happens is also part of this, which is you could have an organization in Argentina which says, I only want decryption to happen inside Argentina, in which case Cloudflare would pass the data through untouched to our data center in Buenos Aires, where the decryption would happen and that would allow the data to stay purely within a particular country.

And we can still use the acceleration of the Cloudflare network, the DDoS protection of the Cloudflare network but because the encryption keys for that particular customer aren't outside of Argentina, there's no way for us to decrypt it somewhere else and the data is safe everywhere.

This trend is a really big deal and it's going to be something we're going to see over the next five years.

And it is something that companies are going to deal with they are dealing with today as they think about global operations, even regional operations.

I mean, depending on your industry, there may be a difference even within Europe between, your healthcare provider and your operating in a simple example is a website for scheduling an appointment with a dentist.

Well, I suppose you build that at a European level. GDPR certainly applies because you're in Europe and your customers are probably Europeans, but there's actually going to be a difference in the law between France and Germany.

And so you're going to have to face these layers and layers of data protection.

And this is what our product suite is there to help you achieve.

We also launched Stream Live is now generally available.

It was on beta.

We did a bunch of tests with high profile live events and now it's for everyone who wants to give it a go.

Yes.

So traditionally Cloudflare didn't do much with video and over time we built a product called Cloudflare Stream, which is for streaming video.

Initially it was for on demand video.

So you got loads of videos. You could build your own Youtube. You uploaded a load of videos, you put them on Cloudflare Stream, you made them available and very simple pricing plan for that.

And we would deliver it.

We would do all of the transcoding to get it to the right formats and the right bit rates for you.

And more recently, we built a product called Stream Live, which allows you to stream something live.

So a live event.

We use it internally for our own company meetings so we can stream all across our employees everywhere.

And then it's been used by for some quite large music events online, etc.

So this was in beta for a while and is now ready for anybody who wants to do really low latency streaming of a live event to essentially unlimited users because we can stream it across the Cloudflare network to wherever those end users are around the world.

And it just makes a point about the incredible global scale of Cloudflare network.

275 cities worldwide and continuing to grow.

That gives us the ability to roll out something like Stream Live and give great performance no matter where people are.

Just to remember everyone that all of these announcements are in our blog.

Here it is.

There's also a GA Week tag and we also have our cloudflare.com GA Week page. You can see our CEO welcoming you to GA Week, Matthew Prince.

This was recorded in Singapore, given that he is in Asia Pacific right now.

Loads of stuff worth looking at because we've mentioned really sort of three major product areas in this conversation.

But I mean just looking here at like around APIs, around log pushing, lot of things have have become GA.

In this page we have all of the announcements.

I also want to highlight Advanced DDoS Alerts.

This is something that we already have now generally available.

And also we introduced this week Cloudflare Adaptive DDoS Protection.

A new traffic profiling system for mitigating DDoS attacks.

DDoS attacks are really important these days. CLoudforce One is also generally available.

So we have a lot to explore here.

I invite you all to see. We also have a dedicated page for all of the segments we did about GA Week on Cloudflare TV.

You can also learn a lot of customer stories.

And so we did GA week and now we're at the end of it and looking forward to doing Birthday Week next week.

Birthday Week is coming and it's already on Sunday.

So new announcements to come for sure.

This was great. John, thank you so much. Thanks for having me.

And by the way, we also have Iran's Internet Disruption blog post this week.

So something for people to see there for sure.

And that's a wrap.