The Mighty Cloudflare: Finding the people who do want to believe and be championed … and stop over…
The Mighty Cloudflare: Finding the people who do want to believe and be championed … and stop over analysing, and go for it …
I love innovation and innovative companies, especially those who have managed to disrupt the market, and where others thought they had little chance. And one of these is Cloudflare — a company that took on the Internet and won!
Introduction
There are some companies I just love because they do the right thing and look after their customers. They generally have a passion for what it is they do, and they love their business. For IBM, I love their history and how they have continually managed to always cope with changes in their market and came back on top. And, for Apple, well, their customer support is excellent, and I’ve only once been disappointed with their products (the horrible 2018 MacBook Pro with its butterfly keyboard, its weak screen, and unreliable graphics hardware). Overall, Apple don’t go chasing new markets but keep their customer base happy. A happy customer, is a customer that will return.
But, for me, one of the best technology companies around is Cloudflare. Why? Well, they sit in front of many of our IT infrastructures around the world and can cope with many attacks — along with buffering much of their content. And, if you want, the basic service is free. This service has led to the company achieving over $1 billion in revenue, and also stops billions of cyber attacks every single day. For my own site, we can see that Cloudflare managed to serve up nearly half of my content over the last month:
But where it gets most interesting is within the WAF (Web Application Firewall), and which breaks the connection between the client and my server and then can examine the traffic for virtually anything in the packets and/or session:
For the WAF, we can examine the URI in detail for any matching characteristic and then either block or challenge the client:
This is all free, for up to five rules. For cryptography, too, it is to Cloudflare that we can turn for the state-of-the-art, such as for their Fido 2 authentication for users, and which rids us of those pesky passwords.
The success of Cloudflare
I really can’t say how good Cloudflare are as a company. For AWS, I need to enable my Web site in different regions of the world, and deliver caches with endpoint, and then put a WAF (Web Application Firewall) in front of these — and then make it all dynamic to cope with network demand. With Cloudflare, it is a few clicks, and they now act as a proxy to my Web site and buffer some of the content as near to the customer as possible. This considerably enhances the quality of service. But, the main thing they do is do a stateful deep packet inspection, and can fight off those nasty bots, or Denial of Service attacks. Cloudflare makes the Internet a much better place.
In Figure 1, we see that Alice does not connect directly to Bob’s Web site. For this, her connection is with Cloudflare. This is delivered over an HTTPs tunnel and then decrypted by Cloudflare with their WAF. Cloudflare will then do a deep back inspection and either forward the packets through to Bob or challenge Alice with a JavaSript or CAPTCHA challenge to prove that she isn’t a bot. Otherwise, Bob might not like certain IP addresses or country domains and can set up rules to drop these connections. Then, if acceptable, Cloudflare will then check Bob’s Web site for new content; if it is just the same, then a good deal of content can be delivered from Cloudflare’s cache. These caches are placed around the world and are as near to Alice as possible. With a click of a button, DDoS defence is enabled too, and at no cost for the basic service. It’s genius!
But, many people didn’t think that Cloudflare could actually create a business model with their approach. The investment in cloud services around the world would be massive, and then the cost of being able to cope with massive DDoS and botnet activity was a phenomenal challenge.
And, so, the co-founder of the company (Michelle Zatlyn) has said that she faced many people who said the Cloudflare was too risky and too disruptive in the market — and would never work. For us, as a university team, we have managed to produce a number of great spin-outs, and which have been highly successful in the market. And along the way, we have had people saying that our ideas would never work, but we have proven them wrong. For this, I think she makes a great comment [here]:
You don’t need to win them over. Everyone comes around at some point, and your job is to keep winning on the field, gaining progress, gaining ground …, and finding the people who do want to believe and be championed. If you spend your time on that, you’ll be much happier and more productive for it.
And that there are no “magic bullets” to be successful:
I think if you’re a founder and you’re not sure, that’s OK. There are lots of ways to be successful. If you talk to a hundred successful founders, you will get a hundred different ways.
And, for timing, stop over analysing, and go for it …
People don’t take opportunities because the timing is bad, or the financial side is unsecure. Too many people are overanalyzing. Sometimes you just have to go for it.
Cloudflare as a leader
There are so many ways that Cloudflare has led in looking after their customers, especially in areas of privacy and in the move towards Post Quantum Cryptography. For this, they have invested a great deal into R&D, and have developed new user authentication methods that move away from usernames and passwords — and toward the usage of Fido 2 tokens. Along with this, they have research related to to Zero Knowledge Proofs to protect their customer’s privacy, and in Post Quantum Cryptography. If you are interested, here is there CIRL library:
https://asecuritysite.com/circl
and which now support the NIST-defined PQC standards of Dilithium (for digital signatures) and Kyber (for key exchange). And, here’s Nick Sullivan, the Head of Research at Cloudflare, and an international leader in TLS mechanisms:
Conclusions
I say again, I love Cloudflare as a company. They look after their customers. And, as Federico Charosky says, “We fight bullies!”. The Internet is a much better place with Cloudflare in it. DDoS is a blunt weapon against companies, and Cloudflare has significantly blunted it. Their WAF allows small businesses to cope with attacks in the way that only large ones can.
If you want to try their amazing CIRL library, do it here: