SlideShare a Scribd company logo

Zero trust for everybody: 3 ways to get there fast

Download as PPTX, PDF
Cloudflare
Cloudflare

The COVID-19 pandemic has exposed the weaknesses of the traditional ‘castle-and-moat’ security model. Remote work has expanded attack surfaces infinitely outwards, and more than ever, organizations need to start from the assumption that their ‘castle’ is already compromised. Zero Trust has emerged as a compelling security framework to address the failures of existing perimeter-based security approaches. It’s aspirational, but not unachievable. At Cloudflare, we’re making complicated security challenges easier to solve. Since 2018, Cloudflare Access has helped thousands of organizations big and small take their first steps toward Zero Trust. In this presentation, Cloudflare will share their perspective on what the most successful organizations do first on their journey to Zero Trust. We’ll cover: -The Zero Trust framework, and our recommended ZT security model -How 3 organizations of differing size and security maturity have implemented Zero Trust access -Cloudflare’s Zero Trust implementation and lessons learned

Internet
1 of 30
Agenda 1. The Zero Trust framework, and our recommended ZT security model 1. 3 quick wins for Zero Trust transformation 1. How 3 organizations of differing sizes are using ZT strategy to secure and accelerate their business
Problem: users and data live outside our walls Consequences for security teams: ● Excessive implicit trust to ‘insiders’ ● Defense in depth = increased complexity ● Limited visibility into data flows Business trends accelerating challenges: ● Rapid Cloud & SaaS adoption ● Geographically dispersed users ● Prevalence of mobile
Breaches: no such thing as a ‘trusted’ insider Baseline: 3,594 breaches confirmed by 629 security decision makers Source: Forrester Analytics Global Business Technographics® Security Survey, 2019 Nearly 46% of breaches of sensitive data were caused by internal actors (employees + 3rd party partners) And of these internal threats... ● 48% attributed to malicious intent ● 43% attributed to inadvertent misuse ● 9% attributed to a combination
Remote work straining already-challenged VPNs VPNs are engineered for implicit trust “Hacker leaks passwords for 900+ enterprise VPN servers” (Aug. 2020) VPN servers are under constant attack NSA advisory on VPN and IPsec-based access (July 2020) CISA: Continued Exploitation of Pulse Secure VPN Vulnerability (April 2020)
Solution: Zero Trust architecture Core principles: ● “Never trust, always verify” ● Access based on identity and context (not network location) ● Least privilege by default Key assumption: Your users and network are likely already compromised.
The Zero Trust buzz can be frustrating ...but it doesn’t have to be!
Our perspective
Help Build a Better Internet 9 25M+ Internet properties 42 Tbps Of network capacity 200+ Cities and 100+ countries 72B Cyber threats blocked each day in Q2 ‘20 99% Of the Internet-connected population in the developed world is located within 100 milliseconds of our network
Cloudflare’s promise: Zero Trust for Everyone Cloudflare for Teams makes Zero Trust security transformation radically approachable for all organizations, of any size and maturity. No Trade Offs Security + Performance Network Scale Shared Intelligence Ease of Use
How Cloudflare for Teams works Please see the Appendix for more information.
Zero Trust journey with Teams
...to apply “never trust, always verify” policies to all users and devices connecting to your resources. Zero Trust security journey with Cloudflare for Teams Implement ZT with Identity Extend Zero Trust with context Zero Trust for the Internet You need.... ...a standardized knowledge of “who is who” as a foundation to inform Zero Trust verification. ...to enable secure connections to the Internet for a distributed workforce. Key product capabilitie s ● Contractor access with multi- SSO integrations ● Granular policy controls ● Secure encrypted tunnel ● Device posture check ● Single pane-of-glass for visibility across your network ● Isolated browsing ● Inline inspection of outbound requests ● Data Loss Prevention via integration with apps 1 2 3 “Extend and enrich identity verification for internal and external users.” “Secure access to cloud and SaaS resources” “Isolate your users from attacks by ‘never trusting’ connections on the public internet”
Legacy Problem Cloudflare Solution Cloudflare Access
Access: Zero Trust Network Access Complete control of access to applications Enforce Zero Trust access for ALL applications on a per-user basis with easy- to-create and manage rules. Extend identity based security with more signal Improve security with context awareness such as device posture. Enforce more granular policies such as hard key requirements for your most sensitive applications. Deliver fast applications to devices anywhere Users get secure and seamless access to all applications faster from anywhere thanks to Argo Smart Routing. 15
16 Cloudflare for Teams Getting Started
Zero Trust for your Network 17 CONGRATS! WE JUST ADDED OUR FIRST APPLICATION ● A top secret gifts page ● igivecoolgifts.com ● /secretgifts NOW, LETS INTEGRATE OUR FIRST IDENTITY PROVIDER ● G Suite, GitHub, or OTP rules ● Exclude Antarctica LET’S SEE HOW OUR POLICY IS PERFORMING ● Blocked ● Authenticated ● Allowed ● Customized
How we do it
Legacy Problem Cloudflare Solution Cloudflare Gateway
Gateway: Secure Web Gateway Solution © 2018 Cloudflare Inc. All rights reserved. Complete visibility from a single pane of glass Log and monitor all internet traffic, on and off your network for unprecedented levels of granular visibility that can be viewed in the dashboard or integrated to your SIEM. Simplify internet security and compliance Easily apply DNS and URL filtering rules to protect your users on the open internet and enforce compliance. Eliminate threats on our edge not in your environment Gateways policy engine blocks threats on our network before they reach yours and you can leverage our proprietary threat intelligence to inform those policies. Deploys quickly and easy to manage Setup can be performed in minutes with easy to configure policies that do not require security expertise to operate. Never compromise on performance End-users get an amazing experience leveraging the world’s fastest public DNS resolver.
21 Cloudflare for Teams Getting Started
Zero Trust on the Internet 22 CONGRATS! WE JUST ADDED OUR FIRST NETWORK ● Kaizen ✌️ NOW, LETS INTEGRATE OUR FIRST POLICY ● Nine to Five ⌚️ ○ Security ○ Content ○ Custom LET’S SEE HOW OUR POLICY IS PERFORMING ● Overview ○ Top Allowed ○ Top Blocked
Zero Trust works for teams of all sizes Unique challenges Sample use cases Why start ZT now? Small business: ZT for Underdogs ● Limited IT / security resources to fight fires ● Expand remote access ● Secure BYOD programs ● Avoid legacy network security investments Growth & scaling stage: ZT for Scaling ● Growth expands attack surface without visibility ● Secure contractor access ● Secure DevOps ● Supports ambitions to scale in secure manner Large enterprise: ZT for Digital Transformation ● Pressure to transform complex, legacy IT stack ● Secure access for supply chain partners ● Support M&A integration ● Enables cloud migration ● Reign in control over sprawling IT
Customer stories
A small team of volunteers launches a free online classroom and resource hub for students. Cloudflare Access allows teachers and developers to build and QA lessons seamlessly. 220K daily visits 20M lessons delivered Oak National Academy: Zero Trust overnight 25 CHALLENGES ● Group of former school teachers set up an online school for children affected by COVID-19 school closings, to ensure “no child misses a lesson” during the pandemic ● Needed to provide a team of developers access to pre-production infrastructure across multiple sub-domains ● Large groups of teachers from different organizations needed to be able to log in to the platform to review and edit lesson plans SOLUTION Implemented Cloudflare Access for Zero Trust access to GCP infrastructure and internally developed apps - virtually overnight. VALUE ● Teachers can review and edit lesson plan materials by logging into the content management system with Google credentials ● Developers access pre-production environment without needing to use a VPN ● Scales seamlessly to the number of users needed
“[Access has] been amazing. [Our previous solution] was like trying to use a computer that froze every 10 seconds. Right now, support departments don’t notice any difference between accessing customer environments on-prem or through Access.” - Sybren van Wijk, Technical Product Owner, TOPdesk TOPdesk: Enabling 24x7 customer support 26 CHALLENGES ● Dutch service management SaaS with expanding workforce across 11 countries ● Customer support engineers needed 24x7 remote access to an on-premise remote support app; application was configured for office-only access due to GDPR ● Existing on-prem solution was slow, unresponsive, and designed when TOPDesk had 100 employees, not 750+ SOLUTION TOPDesk put Cloudflare Access in front of internal support apps to ensure technicians could address pressing customer needs at any time, from anywhere. Access integrates with Workers to ensures engineers can connect to only the customer environments they have specific permission to reach, in compliance with GDPR. VALUE ● Allowed TopDesk to supply true 24x7x365 support to customers ● Preparedness for remote work: Expanding Access usage in the weeks prior to the pandemic helped prevent interruptions in customer support ● Replaced slower, less secure VPN access with Zero Trust access to key dashboards
A large re-insurance firm CHALLENGES ● Massive European financial services firm with 25K+ global employees ● Over half of employees are contractors and rely on different identity providers ● Needed to improve security model by replacing IP-list and VPN controls with Zero Trust access KEY RESULTS SOLUTION Used Cloudflare Access to secure access to internal, legacy Customer Relationship Management (CRM) apps for 1,000 employees initially. They will expand their deployment to 20,000+ employees and contractors for countless applications by end of this year. VALUE Deploying Cloudflare Access helps the reinsurance firm move toward Zero Trust security to their corporate resources. They are able to simplify and secure the process of giving contractors, interns and other temporary employees (consultants) access to critical data with a more streamlined user experience. A global reinsurance firm relies on Cloudflare for Teams to move from legacy access controls and traditional network perimeter security to Zero Trust security, starting with their large contractor workforce.
Cloudflare Access: Our origin story CHALLENGES ● ‘On call’ engineers were fed up with clunky VPN login experience to access internal apps like Grafana during time-sensitive assignments ● Setting access control policies on the VPN was onerous for the IT team ● Our standalone VPN was becoming a performance bottleneck and a single point of failure for a rapidly expanding global workforce 28 SOLUTION Our engineers first built Access in 2015 to speed up their logins, and we have progressively shifted authentication for the majority of our internal applications onto our global network edge. Today, all employees onboard onto Access (not our VPN) and benefit from a fast and consistent login experience to every application. VALUE ● Get employees access to the resources they need without friction ● Modernize our security posture with Zero Trust best practices ● Improved employee productivity: ○ ~80% reduced time spent servicing VPN related tickets ○ ~70% reduction in ticket volume ○ 300+ annual hours of unlocked productivity during onboarding “As a CIO, I'm proud that I don't have to worry about our colleagues getting frustrated with reaching the basic tools they need to stay productive. With Access, Cloudflare does not have to make any trade-offs between improving security and creating an amazing user experience.” - Juan Rodriguez, Chief Information Officer
RECAP: Zero Trust with Cloudflare for Teams 1. Set up a Cloudflare for Teams account at cloudflare.com/teams-home - your first 50 users are free! 1. Start a Zero Trust Access pilot with a small group of users at your company. 1. Measure the impact on the business - and then keep going!
Thank you! Questions?

Recommended

Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021
Cloudflare
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
YouAttestSlideshare
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Fight bad bot on the internet
Fight bad bot on the internetFight bad bot on the internet
Fight bad bot on the internet
Cloudflare
 

Recommended

Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021
Cloudflare
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
YouAttestSlideshare
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Fight bad bot on the internet
Fight bad bot on the internetFight bad bot on the internet
Fight bad bot on the internet
Cloudflare
 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
Hybrid IT Europe
 
Enterprise WAN Evolution with SD-WAN
Enterprise WAN Evolution with SD-WANEnterprise WAN Evolution with SD-WAN
Enterprise WAN Evolution with SD-WAN
Toshal Dudhwala
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with CloudflareClose your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with Cloudflare
Cloudflare
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
Okta-Inc
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
Guido Marchetti
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
Cisco Canada
 
A Software Defined WAN Architecture
A Software Defined WAN ArchitectureA Software Defined WAN Architecture
A Software Defined WAN Architecture
Open Networking Summits
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Zero Trust
Zero TrustZero Trust
Zero Trust
Boaz Shunami
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
Anthony Daniel
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyUnderstanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN Technology
Cisco Canada
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
AlgoSec
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate Training
NCS Computech Ltd.
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Bring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teamsBring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teams
Cloudflare
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - Kloudlearn
KloudLearn
 

More Related Content

What's hot

Close your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with CloudflareClose your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with Cloudflare
Cloudflare
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
AlgoSec
 

What's hot (20)

Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
 
Enterprise WAN Evolution with SD-WAN
Enterprise WAN Evolution with SD-WANEnterprise WAN Evolution with SD-WAN
Enterprise WAN Evolution with SD-WAN
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with CloudflareClose your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with Cloudflare
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero Trust
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
 
A Software Defined WAN Architecture
A Software Defined WAN ArchitectureA Software Defined WAN Architecture
A Software Defined WAN Architecture
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Zero Trust
Zero TrustZero Trust
Zero Trust
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyUnderstanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN Technology
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate Training
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 

Similar to Zero trust for everybody: 3 ways to get there fast

Bring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teamsBring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teams
Cloudflare
 
CipherCloud_Corporate Overview
CipherCloud_Corporate OverviewCipherCloud_Corporate Overview
CipherCloud_Corporate Overview
Scott Dierks
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Norm Barber
 

Similar to Zero trust for everybody: 3 ways to get there fast (20)

Bring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teamsBring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teams
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - Kloudlearn
 
Migrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdfMigrating to the Cloud - From Preparation to Operation copy.pdf
Migrating to the Cloud - From Preparation to Operation copy.pdf
 
How sdp delivers_zero_trust
How sdp delivers_zero_trustHow sdp delivers_zero_trust
How sdp delivers_zero_trust
 
Cybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platformCybersecurity | Meta Networks: Software defined perimeter platform
Cybersecurity | Meta Networks: Software defined perimeter platform
 
CipherCloud_Corporate Overview
CipherCloud_Corporate OverviewCipherCloud_Corporate Overview
CipherCloud_Corporate Overview
 
Faster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in awsFaster, simpler, more secure remote access to apps in aws
Faster, simpler, more secure remote access to apps in aws
 
Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Network Transformation: What it is, and how it’s helping companies stay secur...
Network Transformation: What it is, and how it’s helping companies stay secur...Network Transformation: What it is, and how it’s helping companies stay secur...
Network Transformation: What it is, and how it’s helping companies stay secur...
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
The 5 Biggest Data Myths in Telco: Exposed
The 5 Biggest Data Myths in Telco: ExposedThe 5 Biggest Data Myths in Telco: Exposed
The 5 Biggest Data Myths in Telco: Exposed
 
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
 
Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517Webinar remote access_no_vpn_pitfalls_111517
Webinar remote access_no_vpn_pitfalls_111517
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
 
Student Presentation on Cloud Computing (MCO-205)
Student Presentation on Cloud Computing (MCO-205)Student Presentation on Cloud Computing (MCO-205)
Student Presentation on Cloud Computing (MCO-205)
 
Case study fortune 500 final
Case study fortune 500 finalCase study fortune 500 final
Case study fortune 500 final
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the Cloud
 

More from Cloudflare

LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
Cloudflare
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)
Cloudflare
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
Cloudflare
 
It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?
Cloudflare
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
Cloudflare
 
Cloudflareのソリューションを使用して悪意のあるBot対策
Cloudflareのソリューションを使用して悪意のあるBot対策Cloudflareのソリューションを使用して悪意のあるBot対策
Cloudflareのソリューションを使用して悪意のあるBot対策
Cloudflare
 
Webinar - Cyber Security basics in Japanese
Webinar - Cyber Security basics in JapaneseWebinar - Cyber Security basics in Japanese
Webinar - Cyber Security basics in Japanese
Cloudflare
 
How to Plan for Performance and Scale for Multiplayer Games
How to Plan for Performance and Scale for Multiplayer GamesHow to Plan for Performance and Scale for Multiplayer Games
How to Plan for Performance and Scale for Multiplayer Games
Cloudflare
 

More from Cloudflare (20)

Why you should replace your d do s hardware appliance
Why you should replace your d do s hardware applianceWhy you should replace your d do s hardware appliance
Why you should replace your d do s hardware appliance
 
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
Don't Let Bots Ruin Your Holiday Business - Snackable WebinarDon't Let Bots Ruin Your Holiday Business - Snackable Webinar
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
 
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare data
 
Recent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respondRecent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respond
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
 
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS AttacksKentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
 
Stopping DDoS Attacks in North America
Stopping DDoS Attacks in North AmericaStopping DDoS Attacks in North America
Stopping DDoS Attacks in North America
 
It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?
 
Cyber security fundamentals (simplified chinese)
Cyber security fundamentals (simplified chinese)Cyber security fundamentals (simplified chinese)
Cyber security fundamentals (simplified chinese)
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)
 
Cloudflareのソリューションを使用して悪意のあるBot対策
Cloudflareのソリューションを使用して悪意のあるBot対策Cloudflareのソリューションを使用して悪意のあるBot対策
Cloudflareのソリューションを使用して悪意のあるBot対策
 
Stopping DDoS Attacks In South Africa
Stopping DDoS Attacks In South AfricaStopping DDoS Attacks In South Africa
Stopping DDoS Attacks In South Africa
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
Webinar - Cyber Security basics in Japanese
Webinar - Cyber Security basics in JapaneseWebinar - Cyber Security basics in Japanese
Webinar - Cyber Security basics in Japanese
 
How to Plan for Performance and Scale for Multiplayer Games
How to Plan for Performance and Scale for Multiplayer GamesHow to Plan for Performance and Scale for Multiplayer Games
How to Plan for Performance and Scale for Multiplayer Games
 

Recently uploaded

在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
roncy bisnoi
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
SUHANI PANDEY
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Escorts Call Girls
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
Delhi Call girls
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
tanu pandey
 

Recently uploaded (20)

在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 

Zero trust for everybody: 3 ways to get there fast

  • 1.
  • 2. Agenda 1. The Zero Trust framework, and our recommended ZT security model 1. 3 quick wins for Zero Trust transformation 1. How 3 organizations of differing sizes are using ZT strategy to secure and accelerate their business
  • 3. Problem: users and data live outside our walls Consequences for security teams: ● Excessive implicit trust to ‘insiders’ ● Defense in depth = increased complexity ● Limited visibility into data flows Business trends accelerating challenges: ● Rapid Cloud & SaaS adoption ● Geographically dispersed users ● Prevalence of mobile
  • 4. Breaches: no such thing as a ‘trusted’ insider Baseline: 3,594 breaches confirmed by 629 security decision makers Source: Forrester Analytics Global Business Technographics® Security Survey, 2019 Nearly 46% of breaches of sensitive data were caused by internal actors (employees + 3rd party partners) And of these internal threats... ● 48% attributed to malicious intent ● 43% attributed to inadvertent misuse ● 9% attributed to a combination
  • 5. Remote work straining already-challenged VPNs VPNs are engineered for implicit trust “Hacker leaks passwords for 900+ enterprise VPN servers” (Aug. 2020) VPN servers are under constant attack NSA advisory on VPN and IPsec-based access (July 2020) CISA: Continued Exploitation of Pulse Secure VPN Vulnerability (April 2020)
  • 6. Solution: Zero Trust architecture Core principles: ● “Never trust, always verify” ● Access based on identity and context (not network location) ● Least privilege by default Key assumption: Your users and network are likely already compromised.
  • 7. The Zero Trust buzz can be frustrating ...but it doesn’t have to be!
  • 9. Help Build a Better Internet 9 25M+ Internet properties 42 Tbps Of network capacity 200+ Cities and 100+ countries 72B Cyber threats blocked each day in Q2 ‘20 99% Of the Internet-connected population in the developed world is located within 100 milliseconds of our network
  • 10. Cloudflare’s promise: Zero Trust for Everyone Cloudflare for Teams makes Zero Trust security transformation radically approachable for all organizations, of any size and maturity. No Trade Offs Security + Performance Network Scale Shared Intelligence Ease of Use
  • 11. How Cloudflare for Teams works Please see the Appendix for more information.
  • 12. Zero Trust journey with Teams
  • 13. ...to apply “never trust, always verify” policies to all users and devices connecting to your resources. Zero Trust security journey with Cloudflare for Teams Implement ZT with Identity Extend Zero Trust with context Zero Trust for the Internet You need.... ...a standardized knowledge of “who is who” as a foundation to inform Zero Trust verification. ...to enable secure connections to the Internet for a distributed workforce. Key product capabilitie s ● Contractor access with multi- SSO integrations ● Granular policy controls ● Secure encrypted tunnel ● Device posture check ● Single pane-of-glass for visibility across your network ● Isolated browsing ● Inline inspection of outbound requests ● Data Loss Prevention via integration with apps 1 2 3 “Extend and enrich identity verification for internal and external users.” “Secure access to cloud and SaaS resources” “Isolate your users from attacks by ‘never trusting’ connections on the public internet”
  • 14. Legacy Problem Cloudflare Solution Cloudflare Access
  • 15. Access: Zero Trust Network Access Complete control of access to applications Enforce Zero Trust access for ALL applications on a per-user basis with easy- to-create and manage rules. Extend identity based security with more signal Improve security with context awareness such as device posture. Enforce more granular policies such as hard key requirements for your most sensitive applications. Deliver fast applications to devices anywhere Users get secure and seamless access to all applications faster from anywhere thanks to Argo Smart Routing. 15
  • 17. Zero Trust for your Network 17 CONGRATS! WE JUST ADDED OUR FIRST APPLICATION ● A top secret gifts page ● igivecoolgifts.com ● /secretgifts NOW, LETS INTEGRATE OUR FIRST IDENTITY PROVIDER ● G Suite, GitHub, or OTP rules ● Exclude Antarctica LET’S SEE HOW OUR POLICY IS PERFORMING ● Blocked ● Authenticated ● Allowed ● Customized
  • 18. How we do it
  • 19. Legacy Problem Cloudflare Solution Cloudflare Gateway
  • 20. Gateway: Secure Web Gateway Solution © 2018 Cloudflare Inc. All rights reserved. Complete visibility from a single pane of glass Log and monitor all internet traffic, on and off your network for unprecedented levels of granular visibility that can be viewed in the dashboard or integrated to your SIEM. Simplify internet security and compliance Easily apply DNS and URL filtering rules to protect your users on the open internet and enforce compliance. Eliminate threats on our edge not in your environment Gateways policy engine blocks threats on our network before they reach yours and you can leverage our proprietary threat intelligence to inform those policies. Deploys quickly and easy to manage Setup can be performed in minutes with easy to configure policies that do not require security expertise to operate. Never compromise on performance End-users get an amazing experience leveraging the world’s fastest public DNS resolver.
  • 22. Zero Trust on the Internet 22 CONGRATS! WE JUST ADDED OUR FIRST NETWORK ● Kaizen ✌️ NOW, LETS INTEGRATE OUR FIRST POLICY ● Nine to Five ⌚️ ○ Security ○ Content ○ Custom LET’S SEE HOW OUR POLICY IS PERFORMING ● Overview ○ Top Allowed ○ Top Blocked
  • 23. Zero Trust works for teams of all sizes Unique challenges Sample use cases Why start ZT now? Small business: ZT for Underdogs ● Limited IT / security resources to fight fires ● Expand remote access ● Secure BYOD programs ● Avoid legacy network security investments Growth & scaling stage: ZT for Scaling ● Growth expands attack surface without visibility ● Secure contractor access ● Secure DevOps ● Supports ambitions to scale in secure manner Large enterprise: ZT for Digital Transformation ● Pressure to transform complex, legacy IT stack ● Secure access for supply chain partners ● Support M&A integration ● Enables cloud migration ● Reign in control over sprawling IT
  • 25. A small team of volunteers launches a free online classroom and resource hub for students. Cloudflare Access allows teachers and developers to build and QA lessons seamlessly. 220K daily visits 20M lessons delivered Oak National Academy: Zero Trust overnight 25 CHALLENGES ● Group of former school teachers set up an online school for children affected by COVID-19 school closings, to ensure “no child misses a lesson” during the pandemic ● Needed to provide a team of developers access to pre-production infrastructure across multiple sub-domains ● Large groups of teachers from different organizations needed to be able to log in to the platform to review and edit lesson plans SOLUTION Implemented Cloudflare Access for Zero Trust access to GCP infrastructure and internally developed apps - virtually overnight. VALUE ● Teachers can review and edit lesson plan materials by logging into the content management system with Google credentials ● Developers access pre-production environment without needing to use a VPN ● Scales seamlessly to the number of users needed
  • 26. “[Access has] been amazing. [Our previous solution] was like trying to use a computer that froze every 10 seconds. Right now, support departments don’t notice any difference between accessing customer environments on-prem or through Access.” - Sybren van Wijk, Technical Product Owner, TOPdesk TOPdesk: Enabling 24x7 customer support 26 CHALLENGES ● Dutch service management SaaS with expanding workforce across 11 countries ● Customer support engineers needed 24x7 remote access to an on-premise remote support app; application was configured for office-only access due to GDPR ● Existing on-prem solution was slow, unresponsive, and designed when TOPDesk had 100 employees, not 750+ SOLUTION TOPDesk put Cloudflare Access in front of internal support apps to ensure technicians could address pressing customer needs at any time, from anywhere. Access integrates with Workers to ensures engineers can connect to only the customer environments they have specific permission to reach, in compliance with GDPR. VALUE ● Allowed TopDesk to supply true 24x7x365 support to customers ● Preparedness for remote work: Expanding Access usage in the weeks prior to the pandemic helped prevent interruptions in customer support ● Replaced slower, less secure VPN access with Zero Trust access to key dashboards
  • 27. A large re-insurance firm CHALLENGES ● Massive European financial services firm with 25K+ global employees ● Over half of employees are contractors and rely on different identity providers ● Needed to improve security model by replacing IP-list and VPN controls with Zero Trust access KEY RESULTS SOLUTION Used Cloudflare Access to secure access to internal, legacy Customer Relationship Management (CRM) apps for 1,000 employees initially. They will expand their deployment to 20,000+ employees and contractors for countless applications by end of this year. VALUE Deploying Cloudflare Access helps the reinsurance firm move toward Zero Trust security to their corporate resources. They are able to simplify and secure the process of giving contractors, interns and other temporary employees (consultants) access to critical data with a more streamlined user experience. A global reinsurance firm relies on Cloudflare for Teams to move from legacy access controls and traditional network perimeter security to Zero Trust security, starting with their large contractor workforce.
  • 28. Cloudflare Access: Our origin story CHALLENGES ● ‘On call’ engineers were fed up with clunky VPN login experience to access internal apps like Grafana during time-sensitive assignments ● Setting access control policies on the VPN was onerous for the IT team ● Our standalone VPN was becoming a performance bottleneck and a single point of failure for a rapidly expanding global workforce 28 SOLUTION Our engineers first built Access in 2015 to speed up their logins, and we have progressively shifted authentication for the majority of our internal applications onto our global network edge. Today, all employees onboard onto Access (not our VPN) and benefit from a fast and consistent login experience to every application. VALUE ● Get employees access to the resources they need without friction ● Modernize our security posture with Zero Trust best practices ● Improved employee productivity: ○ ~80% reduced time spent servicing VPN related tickets ○ ~70% reduction in ticket volume ○ 300+ annual hours of unlocked productivity during onboarding “As a CIO, I'm proud that I don't have to worry about our colleagues getting frustrated with reaching the basic tools they need to stay productive. With Access, Cloudflare does not have to make any trade-offs between improving security and creating an amazing user experience.” - Juan Rodriguez, Chief Information Officer
  • 29. RECAP: Zero Trust with Cloudflare for Teams 1. Set up a Cloudflare for Teams account at cloudflare.com/teams-home - your first 50 users are free! 1. Start a Zero Trust Access pilot with a small group of users at your company. 1. Measure the impact on the business - and then keep going!