1. Going beyond the cloud to modernize
your banking infrastructure
Colin Murray, Solutions Engineer
Derek Yee, Director of Product Marketing

2. Colin Murray
Solutions Engineer
Cloudflare
Today’s speakers
Derek Yee
Director of Product Marketing
Cloudflare

3. We are entirely focused on moving to the public cloud.
Everything new we build new on AWS. We have been
migrating legacy applications.
Rob Alexander, CIO, Capital One

4. Forces of change in banking
Customers
Digital savvy,
multi-channel
customers
Competition
Smaller players
are often more
nimble and
competitive
Legacy apps
Many banking
applications are
dated
Automation
The need for
greater
efficiency and
agility

5. Modernizing architecture and infrastructure
On Prem Hybrid Cloud Native Multi CloudPrivate Cloud
Modern MicroservicesMonolithic Legacy Stacks

6. Flexibility
Elasticity
Scalability
Reliability
Agility
Why Cloud?

7. Challenges of cloud migrations
Integration
How to work with existing
systems, including legacy
or on-prem.
Complexity
How to balance the
benefits of an off the shelf
solution with bespoke
requirements.
Security/compliance
Security is ranked as IT’s top
concern when it comes to the
cloud.
Business alignment
IT and business need to work
hand-in-hand to determine
strategic goals.

8. We are building a
Global Cloud Network
where anything connected to
the Internet faster, more
secure, and more reliable.

9. Where Cloudflare sits in your network

10. Previous Generation
Applications
Network Edge
Store and
compute
NOW
Hardware / Software - Capital expenditures Services / Cloud - Operating expenses

11. 180Data centers globally
2.8BMonthly active visitors
generating 1.4 trillion
page view
8MRequests/second
websites, apps & APIs
in 150+ countries
16M+
2x
Speed up each
request by
Cloudflare’s Global Anycast Network
11

12. Customer: Large Global Bank
The customer is a long
established New York
based financial institution
with over $1.5 trillion of
assets under
management.
CHALLENGES
• Wanted to replace Akamai Prolexic.
• Required DDoS and infrastructure protection
• Spikes in DNS traffic that customer had not been aware of
• Needed to pass bank’s IT architectural review board
CLOUDFLARE SOLUTION
• Started with DNS
• Always-on, unmetered DDoS solution, no human intervention
required
• Application layer security

13. DNS performance and scale
Global Anycast network
• 180+ data centers
• 75 countries (including China)
• Over 1.5M queries per second
Record propagation
• Globally in seconds
• P99 < 2 minutes

14. Deployment models
DNS
Primary DNS
● Records managed via
API/Dashboard/Terraform
● DNSSEC Managed by
Cloudflare
Secondary DNS
● DNS Only
● Records managed via Zone
Transfer (AXFR/IXFR)
DNS Firewall
● DNS Only
● Records
managed/signed at
Origin server(s)
● Does not require NS
change

15. Cloudflare Load Balancing
Americas
• Health checks with fast failover
• Global and local load balancing
American
Consumers
European
Consumers
Origin pool
Asian
Consumers
Europe
Origin pool
Asia
Origin pool
Configuration made simple
Easy configuration in the Cloudflare
dashboard, or automation through a
powerful API.
DDoS resilient service
Anycast network that is 10X bigger
than the largest DDoS attack ever
recorded ensures traffic continues to
be routed even under stress.
Global DNS network
Health checks from each Cloudflare
data center enables fast failover
unbound by DNS propagation delays.

16. Security is everyone’s concern
SECURITY
Largest DDoS attack had
1.3 terabits/sec2
Brand Reputation
1 - Google study, 2 - Wired.com, 3- Forrester

17. Factors increasing exposure to security risks
Greater scrutiny by
government and media
around data, privacy
and security
Greater attack surface area
from more public APIs, moving
to the cloud, and increasing
third-party integrations
Stronger and more
sophisticated attackers

18. 18
Industry Legacy Scrubbing
● Long propagation times (up to 300 sec)
● Asynchronous routing
● Adds significant latency
● Typically requires manual intervention and
regular testing (config drift)
Always-On
● Zero propagation time
● Synchronous routing
● No added latency; ongoing perf. improvements
● Immediate, automated mitigation, with no
“cutover” required
Industry On-Demand vs. Cloudflare Always On

19. Cloudflare Security Summary
19
Cloudflare continues to
out-innovate the
market, driving growth
in security-only deals
The threat landscape is
exploding with the
growth in new platforms
and devices; security
solution use cases are
expanding to meet
them
Cloud-based solutions
reduce complexity,
improve time to
response and combine
performance and
security in a single,
integrated offering
Data-driven threat
intelligence dynamically
adapts our platform to
meet the ever changing
threat landscape

20. IDC MarketScape: WW DDoS Prevention Solutions
IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT suppliers in a given market. The research methodology utilizes a rigorous
scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. The Capabilities
score measures vendor product, go-to-market and business execution in the short-term. The Strategy score measures alignment of vendor strategies with customer requirements in a
3-5-year timeframe. Vendor market share is represented by the size of the icons.
Cloudflare is positioned as a
Leader
in the IDC MarketScape:
Worldwide DDoS Prevention
Solutions 2019 Assessment
According to IDC, Cloudflare Strengths are its
"unique architecture" and "rapid on-boarding
process which is considered one of the easiest
and fastest in the industry."
Source: IDC MarketScape: Worldwide DDoS Prevention Solutions 2019
Vendor Assessment, by Martha Vazquez, March 2019, IDC #US43699318
Report Link: here

21. CDN Web
optimization
Mobile
optimization
WAN
optimization
Traffic
monitoring
Apps
platform
Serverless
compute
Cloudflare Services
PERFORMANCE SECURITY RELIABILITY
PLATFORM
21
DNS
Anycast
network
Load
balancing
Always
online
Perimeter
security
WAFDDoS
IoT
security

22. Getting started with Cloudflare

23. Q&A