Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Cloudflare Releases a Cloud-Based Network-as-a-Service Solution: Cloudflare One

Cloudflare Releases a Cloud-Based Network-as-a-Service Solution: Cloudflare One

This item in japanese

Cloudflare, an American web-infrastructure and website-security company, recently introduced a cloud-based network-as-a-service solution for the enterprise workforce called Cloudflare One. The solution provides secure, fast, reliable, cost-effective network services, integrated with leading identity management and endpoint security providers.

Today enterprises will need to rely more on the internet to facilitate their employees as interaction with mobile devices, SaaS applications and public cloud keep increasing. Moreover, with the current COVID-19 pandemic, working remote and online is the norm, which means old networks not designed for remote access are becoming obsolete and also less secure. Hence, enterprises will start looking to adopt a new network based upon a zero-trust model – which means any device requesting access to resources is not trusted and scanned by default. Currently, Cloudflare offers such a zero-trust solution with Cloudflare One. 

The new Cloudflare solution consists of several components such as WARP Gateway Clients for desktop and mobile, Access for SaaS solution, a browser isolation product, and Cloudflare's next-generation network firewall and intrusion detection system.


WARP Gateway Clients for desktop and mobile is one of Cloudflare's existing products that route all connections leaving a personal device through Cloudflare's network - where the solution encrypts and accelerates it. And with Access, another existing Cloudflare service, enterprises can enable verification of login requests to their systems leveraging third-party security services that Cloudflare partners with such as OneLogin, Okta and Ping Identity. In a blog post detailing Cloudflare One, the author Matthew Prince, Cloudflare chief executive officer, stated:

Cloudflare One does not require you to standardize on just one identity provider.

And, Holger Mueller, principal analyst and vice president at Constellation Research Inc., told InfoQ:

It is good to see the partner ecosystem approach, and CxOs will welcome that they can bring their own identity provider. Now we have to see how well and fast enterprises will endorse the software-defined WAN future.

Next to securing login requests, Cloudflare One also has a browser isolation tool that will enable workers to visit websites without downloading web pages onto their machines. This isolation tool provides a layer of separation between users and the public internet – thus reducing the risk of malware infections.

Also, Cloudflare One includes integrations with popular endpoint protection products such as VMware Inc.'s Carbon Black, allowing customers to centralize around a single vendor for device integrity. Or the customer can mix and match with Cloudflare One to create a consistent control plane, according to the same blog post by Prince. Furthermore, to help customers with backend infrastructure, the vendor also includes a new intrusion detection system with Cloudflare One capable of detecting unauthorized access attempts, and an upcoming firewall product dubbed Magic Firewall that will filter malicious firewall traffic.


A respondent on a Hacker News thread summarizes Cloudflare One as:

From what I can tell, this is a bundling of a number of existing / new Cloudflare products. Traditionally, companies used a VPN to allow remote access to their network. If an attacker breached that VPN, they would have unfettered access to the internal network. The idea here is that companies are going to use a "reverse VPN" (not sure if that's the proper term..) where they tunnel all server traffic through Cloudflare's network, and then people needing remote access to whatever service, which would in the past be an "internal" product, can connect over the plain old internet (or using Cloudflare's WARP VPN). Cloudflare Access, which is a product that works with various identity providers, sits in the middle and ensures that only people with the proper roles can access the "internal but now external" app/services. Basically, route all enterprise traffic through Cloudflare and let Cloudflare make sure only people who should have access do. There seems to be a bunch of ancillary services on offer too, like integration with services that provide apps that live on phones/laptops and "ensure" that they haven't been compromised/rooted, which then report back to Cloudflare who then allows/denies access based upon that information.

Also, Mueller told InfoQ:

The corporate network was changing even before the Covid-19 pandemic - but is now challenged and changing even more at a faster rate. Secure networking has become even more paramount for enterprises, and Cloudflare is bringing its extensive network into play. 

Lastly, the components of Cloudflare One are set to become available gradually over the coming week, according to the blog post by Prince.

Rate this Article