Cloudflare floats cloud grand unification theory based on zero-trust access and security

Network infrastructure biz Cloudflare this week launched a service called Cloudflare One that combines various identity, access, and security offerings in an effort to make the unruly internet more like a tame corporate network.

Cloudflare One, not to be confused with Cloudflare 1.1.1.1, the company's DNS service, combines products for connecting users, devices, or locations to Cloudflare's edge network with products for defending the network.

It bundles the company's WARP (WireGuard-based VPN), MagicTransit (IP transit and protection), Cloudflare Network Interconnect (link branch offices via Cloudflare), and Argo Smart Routing (improved networking) with Cloudflare Access (Zero Trust access), Gateway (threat filtering and data loss prevention), and the forthcoming Magic Firewall (network layer filtering).

"Cloudflare One is a comprehensive, cloud-based network-as-a-service solution that is designed to be secure, fast, reliable and define the future of the corporate network," explained Matthew Prince, Cloudflare CEO, in a blog post.

"It replaces a patchwork of appliances and WAN technologies with a single network that provides cloud-based security, performance, and control through one user interface."

Cloudflare One fits into an emerging market segment that IT consultancy Gartner has dubbed SASE (Secure Access Service Edge), which combines wide-area networking and network security into a cloud-delivered service. It's an expansion on the idea of the zero-trust security model exemplified by Google's BeyondCorp where access control is moved from network perimeters to specific devices. And with so many people working from home during the COVID-19 pandemic, it's an idea whose time has come.

Other companies playing more or less in this space include Akamai, Cato Networks, Cisco, Palo Alto Networks, and VMWare to name just a few.

Prince describes Cloudflare One as a replacement for MPLS links, SD-WAN deployments, VPNs, interconnects, private networks, network firewalls, and web gateways.

Another way to think about it is that SASE operations aim to be the proxy or go-between for everything, which apparently has some appeal due to the challenges of connecting people in far-flung offices or homes over a common corporate network.

For Cloudflare, there's a certain logic in its intermediary aspirations, since the company began as a reverse proxy service that sat in front of web services and forwarded legitimate traffic along. It has become a go-between capable of handling traffic flowing to or from its customers, while also offering authentication and analytics.

The Cloudflare One announcement is being implemented via various product rollouts and revisions this week. On Tuesday, Cloudflare talked up a new Cloudflare for Teams pricing scheme that offers free access to up to 50 workers, the ability to protect SaaS applications with its Cloudflare Access service, and persistent Argo Tunnels.

On Wednesday, the subject is expected to be how customers can use WARP to proxy all employee traffic to Cloudflare. On Thursday, the biz plans to open its browser isolation product – a hosted browser for better security – to beta testers. And Friday should bring details of new APIs for Magic Transit.

"It’s going to be a busy week, but we’re just getting started," said Prince. ®