Cloudflare One (SASE)

Transitioning away from P2S VPN and moving over to Cloudflare Zero trust allowed us to jump massively towards a highly available service. Setting up multiple tunnels and routes in depending on device status and user properties allowed a secure and highly redundant service without spending a fortune on firewalls.

I have recommended it in several companies now. When setting up for a new business it has a remarkably low barrier of entry for such a substantial service.

Its reverse proxies are less useful in the case of large web services however, due to the lower granularity of performance metrics vs a more specific web proxy service.

We use Cloudflare's Zero Trust service as an alternative to Business VPN services. We wanted to get secure tunneling to connect to our servers without compromising on security and network performance. Cloudflare's Zero Trust is very easy to set up and get started with. It provides secure VPN-like services to secure any device with its 1.1.1.1 apps, and It also provides Warp protocol along with zero trust, so we get great network performance as well. Overall, it fulfills our basic requirements.

I wanted to securely connect to my servers without getting tracked by malicious attackers, even though I was on public Wi-Fi. Security was my top priority, and I also wanted a setup that was easy and quick to start and provided great network performance. Cloudflare's Zero trust matches my criteria for becoming my first choice.

We use Cloudflare Services (WAF) for protecting University's site and inner restrictions in students' labs. Cloudflare gives us an option to make granular restriction rules with Magic Firewall.

For example, Cloudflare is a very good solution for ZTNA implementation. Cloudflare has Warp for propagating Gateway rules and checking device posture. Browser Isolation gives you more abilities to use internet resources without any restrictions and at the same time not put the company at risk. For example, if there is no DLP solution in place blocking the printing function can partly protect the company's sensitive data from intentional or intentional leakage through the online forms. A similar approach protects the end-user device from Zero-day threats and malicious software code. Moreover, Remote Browser Isolation technology protects not only the user's device but also the user himself from possible phishing attacks - for example, even if the user enters his username and password on the phishing website, bank card issuers, or other personal or confidential data, data will not go beyond the isolated cloud environment. Cloudflare Access gives company administrators a great opportunity to implement role-based access policies and make effect segmentation and diversification of company network groups.

In most scenarios Cloudflare Gateway is used with Cloudflare Access, actually, Gateway is a proxy that filters end-user requests to web resources. It keeps an organization's data safe from malware, ransomware, phishing, command & control, and shadow IT.

Cloudflare Gateway is well suited for users where organizations have no control over remote users, also there is a need for browser isolation.

Cloudflare is used for providing internal application access through Cloudflare tunnel and using Google IDP from WARP installed system. It was a replacement for VPN. Also used Cloudflare for DNS management to maintain domain records. Cloudflare provides cloud-based WAF to protect the internet-facing applications from external web-based threats. Deployment is very quick and gets good support.

Deployment is easy and simple for admins, Easily can migrate DNS for small and enterprise organizations. Gateway products provide secure web access for roaming users. Control the internet-based threats coming to the internal network. Agent visibility and report are good. The client installation file is lightweight and has also improved. Good for WFH.

Almost a turn-key solution for improved page load performance and security which was our fundamental use case. Subsequent fine-tuning and policy alignment of the security side was performed over the next few months although effective immediately. Their expansion into adjacent technology (Pages, Workers, Teams) have all [been] useful and are slowly entering the business as a tool. Albeit slow or more complex to deploy due to their nature. Each though solves real-world problems for us.

Cloudflare seems well suited regardless of size, with packages that match ambition regardless. It is very easy to bring in to solve a specific problem and adapt/grow as required. The typical entry point is website security/performance but there is far more to it. Zero trust is our focus now with Cloudflare, although the product suite seems to suit any modern/digitally focused firm.