Cloudflare: Our network is our product

With points-of-presence in 250 cities across the globe, Cloudflare runs a sprawling network that protects organisations against a variety of cyber threats, from distributed denial-of-service attacks to sophisticated ransomware campaigns.

The company, which was founded in 2009 to improve the delivery, performance and reliability of applications on the internet, has since expanded its portfolio to include network and security services.

Cloudflare’s product strategy, said the company’s chief product officer, Jennifer Taylor, is closely tied to the evolution of the internet and how the cloud has become a platform for enterprises to run business.

“When we step back and look at the world today, fundamentally you see more workloads shifting to the internet, but in many ways the internet was never built for what it has become,” said Taylor. “It was never built with security in mind and it’s a network of interconnected networks. So, it’s struggling with performance and reliability. And navigating that landscape can be a very complicated and fragmented experience.”

During a recent trip to Singapore, Taylor outlined Cloudflare’s product strategy, which she said is focused on enabling users of all types to take advantage of its platform to provide performance, security and reliability for applications and services. “At the heart of our product is fundamentally our network, and so I often say our network is the product,” she added.

Cloudflare’s network already spans major business hubs and markets where cloud adoption is high or emerging, but it is not resting on its laurels, even though its network can be reached within 50 milliseconds from 90% of the internet.

“From a performance perspective, we’ve yet to improve upon the speed of light,” said Taylor. “And so, we’re constantly thinking about how to bring our network closer to end-users so that we can extend to our customers and their customers a highly performant experience.”

Doing so also gives Cloudflare “unprecedented visibility” into cyber attacks as they unfold – and that insight is used to improve its products and roll out new capabilities in response to immediate threats.

For example, when the vulnerability in the Log4J logging service used by developers to monitor their Java applications first emerged, Cloudflare saw anomalies in its network traffic and logs, prompting it to deploy a security rule globally for all its customers, including those on free plans.

When it comes to innovation, Taylor said Cloudflare is not an organisation that spends a lot of time mulling over PowerPoint presentations or business plans. Instead, it has built an architecture internally that enables it to try new things and roll them out quickly for certain segments of its people to learn.

“In many ways, we build enterprise software in the same way that companies like Facebook build their platforms,” she said. “What I love about this is that it enables us to follow our curiosity and dig into problems we’re seeing and hearing from customers. And it takes the debate out of whether something is a good or bad idea; it lets the customers show us and guide us in the direction that we are going.”

While Cloudflare is doing well in markets where cloud adoption and awareness of cloud security is high, it sees opportunities in places where the faster pace of digital transformation spurred by Covid-19 has exposed the downsides of on-premise infrastructure.

“It’s very difficult to spin up a new box or firewall, or configure and manage security at scale remotely,” she said. “If you need to think about sending laptops to new employees or implementing, managing and scaling up your VPN [virtual private network], the limitations of some of those physical solutions start to show.

“I think it’s in those moments that we’re starting to see people become what I would call more cloud curious, or interested in thinking about ways in which they can leverage cloud security models,” said Taylor.