More news from Cloudflare

I don’t know if I’ve seen this Cloudflare press release referenced in any post. To tell you the truth, I don’t know what to make of it. Will be glad to hear others’ thoughts.

Cloudflare Extends Zero Trust Security to Businesses’ Doorsteps

Plans to deploy equipment directly into over 1,000 of the most populated office complexes and multi-dwelling units in the world to help secure and connect their networks

…Cloudflare… today announced it will extend its network to iconic properties like Salesforce Tower in San Francisco, Willis Tower Chicago, John Hancock Tower in Boston, and 30 Hudson Yards, 4 Times Square & 520 Madison in New York, as well as the planned further expansion into thousands of other office buildings and multi-dwelling units globally. This dramatic expansion will allow businesses to easily connect to Cloudflare’s network from offices and co-working spaces instead of relying on costly, rigid hardware solutions. Now, enterprises will have one more way to connect to the Cloudflare One suite of SASE security solutions to help secure and connect employees across all the devices, applications, and networks they may use in a hybrid work landscape…


Infrastructure is likely a key ingredient to their expansion and success. Think of Directv back when they started. Their money was going to come from their services (recurring), not the relatively inexpensive equipment (1-time) they provided and installed for free. When you moved, you left the dish behind which made it easy for the next owner to simply continue to use what was available.

Cloudflare looks to be going after a larger sampling of customers, some who may not consider them without free access. The point is they are providing access. This is a step further, and likely less expensive than placing ads to sell their product.

This has potential to lead to higher customer growth. They are targeting high traffic areas with a congestion of suitable potential customers. You don’t sell oranges from your house in a quiet suburb neighborhood. You sell them at a busy freeway off ramp where there are plenty of people and plenty of opportunity.



Simply, a network might look like this:

Employee computer -> wireless hardware -> routing hardware -> firewall hardware -> routing hardware -> "the internet"

I think what they’re saying is this:

Employee computer -> wireless hardware -> Cloudflare hardware -> "the internet"

fdoubleol is right. It’s important to understand that no single company has a portfolio that covers the whole extent of Zero-Trust Security, it doesn’t matter what they say. It’s a growth field and all tech companies are developing solutions.
One thing that has been emerging for a couple of years is SASE (Secure Access Service Edge), which essentially means to take the access/security piece of your network from within it (router, firewall etc.) to its edge, where you use and pay as a service, instead of maintaining, patching, and securing all that tech gear. It’s an evolution of SD-WAN, which took care of the connectivity, now adding a bunch of security controls.
Then since all data goes through the SASE infrastructure, you can now assess these connections continuously, which is the basis of a Zero-Trust Architecture.

More about Zero-Trust Architecture – a NIST publication on a cybersecurity paradigm which moves defenses from static network based, to a focus on users, assets, and resources. Released in 2020, the market now says ‘Zero Trust’ for anything. Instead of trusting a device because it’s in network, it continuously evaluates its posture, trends, user activity, information that tries to access it, etc., and recalculates its risk all the time. Essentially, no one is trusted as a default.

Cloudflare seems to be positioning itself as an easy-to-adopt SASE provider (and adoption is EVERYTHING in SAAS), which is a part of Zero-Trust. Think of the resources that a large company has to protect its boundaries. They are substantial. But now they have to protect every user working remotely as well. Too many weak links in the chain. Not to mention the performance, which is all over the place, as well as smaller companies that are struggling to keep up with IT infrastructure investment. SASE helps with both performance and security, at scale. I have to think more about their initiative to place hardware in large office parks and how that gives them a competitive edge. But I have to assume they did their homework (and this type of hardware is not cheap).

Some SASE providers (the list changes a lot depending where you look, which is a sign of an immature market):
Cato Networks
Barracuda Networks
Perimeter 81
PaloAlto Networks
Akamai Enterprise Application Access


Granted that they can go ahead and put a $NET switch inside an office building, but the content on that switch still has to be synchronized with the rest of the $NET network worldwide. Putting a switch inside an office building doesn’t magically bring the entire Internet into the office building.

So you still need an ISP to get you from the office building to “the internet” don’t you?
Wouldn’t it be more like:

Employee computer → wireless hardware → Cloudflare hardware → routing hardware → firewall hardware → routing hardware → “the internet”

Unless the browser on the employer computer makes a request that is already cached inside the Cloudflare switch; in that case:
Employee computer → wireless hardware → Cloudflare hardware → wireless hardware → Employee computer

Not sure if you seen this exchange on twitter with Muji, Fish, and Prince plan may be to extend beyond headline.

Even tho I think it’s a long shot and doesn’t make sense (in certain areas). This makes me wonder if
@Cloudflare will ever look into a product like this for consumers to buy to add to their home network.
Small potatoes (tho Palo Alto going that way…)
One path could be we build it. Other would be we partner. Exploring both. Stay tuned.

Along with todays news

Introducing the open beta of Stream Live, an end-to-end scalable live-streaming platform that allows you to focus on growing your live video apps, not your codebase. #BirthdayWeekBirthday cake

Cloudflare TV extending to all. You know with the Zoombombing and Alexa listening in, maybe home protection is going to be needed, you see what Zoom had to do to protect its users and it was not originally built to be as secure, maybe NET can protect these future platforms without the need for the service to have to build the protection themselves. Just a thought not a techie.

Long NET


Yes, zero-trust is the future of cybersecurity and Cloudflare wants in. Sounds like the are putting their edge device in densely populated buildings to increase speed and entice users to toss their old security equipment (e.g. Firewalls) and just pay a monthly subscription. Having their SASE device there also allows for land-and-expand possibilities.

As noted, not all zero trust solutions are the same. For our Gov system we can’t touch the internet so we had to build it out using lots of very expensive Palo Alto hardware. It was a nightmare and the customer puked a lung when they realized it was a subscription model so they would have to pay as much every year as they did the first year. The gov wants security until they see the cost. (the design also used Nutanix crap).

On the other hand, my company uses ZScaler and it is a dream. I don’t know the costs, but as I posted years ago when I first started using it (2017?), it was SOOOOO much better than our old VPN networks based on local hardware. It was fast and reliable. I think I just have an agent on my computer and it let’s me go to the internet or my company’s datacenter by first going through a ZScaler data center to verify I am allowed to do what I am trying to do. It of course encrypts along the way so nobody can see what is going on in your data stream and then figure a way to hack in.

Zero Trust would have prevented the Ransomware attack on Colonial pipeline. If some dufus clicks on an email link that launches ransome-wear, Zero Trust prevents it from spreading. ZT says “hey, you are trying to access this data server and you are not allows - DENIED!” and “Hey, this executable is trying to get off your computer and access a server, and it is not registered with me as being allowed to do that - access DENIED”. Thus they would have lost only one computer hard drive to ransome-ware and not everything in the company.

So, ZT is awesome, the pie is getting bigger, and if Cloudflare can start growing their piece of a growing pie, then it is a good thing.



I have a simply worded question about NET. Why are its revenues as low as they are?

Here is the longer version.

Raging bull case: NET offers a bunch of great products and, chiefly, has the potential to rival AWS by packaging private networking with zero trust security and thus supposedly the sky is the limit. If I get this correctly, the customer gets the best of both worlds: a decentralized and global yet also private and secure network. The market seems to agree considering how it prices NET.

But its revenue in Q2 was just 152 mln for 53%. The company seems to be firing on all cylinders but its operating performance and FCF trail the leaders.

Meanwhile, ZS is not fancy on the social media, lacks a flashy CEO, and is known for one thing. Supposedly, NET offers an equivalent zero trust alternative as just one of its so many excellent products.

Yet, “one-trick pony” ZS brought in 197 mln at 57%, generating positive non-Gaap operating income and positive FCF while also increasing its product offerings/revenue streams.

Jay Chaudhry suggests that CDNs are trying to expend simply because their core business is commoditized. “…lately Cloudflare has been making noise. I am yet to see them in any meaningful view in the field…it is a tough area for them [CDNs, including Akamai], very different architectural position…” He is a lot more annoyed at legacy vendors repackaging legacy solutions as pseudo ZT and keeping their customers than he is worried about NET.… at around 34-35 min mark.

Why is NET not growing faster off what is a pretty small base considering its plethora of products?

Is that because its legacy revenue lines are essentially worthless from a high-growth investor perspective?

I am a non-techie and I am not arguing or disputing the potential of NET. I am simply trying to grasp why the market trusts NET as much as it does. For example, I trust TWLO 2.0 which the market currently ignores because I saw what TWLO 1.0 managed (4X what NET did on the basis of something that sounds pretty meh to a non-techie). So if TWLO 2.0 wants to bundle first party data with marketers and developers, ok. They are growing pretty well just on the basis of the legacy product. They surely beat NET in every one of the last three quarters off a much higher base.

Does a company that brings in only 150 million in a quarter really have the capability of launching a plethora of supposedly groundbreaking products one after the other? Shouldn’t a CEO be focused on the best and greatest opportunity instead of worrying about my email or the Sears Tower?

Alexander the Great did conquer the AWS of his day with a tiny force but he kinda proceeded one battle at a time :slight_smile: