What are some of the practical advantages of your network for deploying a zero trust security strategy?

If you look at some of the solutions where you don’t have a network, what that means is you’ve got to pay somebody for that network at some level. What you end up doing is stacking, one on top of another, different solutions that provide part of the solution. What we’ve seen is that ends up being not only more complex, but also less secure — and significantly more expensive for customers to be able to administer. If you’ve got somebody who’s just doing your access controls, and somebody else is doing a gateway, and then you’re buying MPLS connections, and you’ve also got your ISP connections and you’ve got hardware that’s sitting in all the places just to connect all the bits together.

What’s powerful about Cloudflare is that we can do all of those things, and we can provide it as one service. We’re able to give people an even better experience, a unified control plane, and usually — if they adopt the entire Cloudflare suite around this — we’re able to save them about 50 percent over what they were spending by trying to cobble together multiple different solutions.

But even in the cases where someone like Zscaler that does run a network, and they have PoPs around the world — what is unique about Cloudflare versus a solution like Zscaler is just the scale that we’re able to operate at. We have about 100 times Zscaler’s published capacity across our network. And when you buy network capacity at a wholesale level and you buy a certain amount of out [traffic], you get an equal amount of in. Or if you buy a certain amount of in, you get an equal amount of out.

And so because we have this enormous business around DDoS mitigation and WAF and load balancing and everything else, we’ve paid effectively for that outbound capacity, but that frees up this enormous amount of inbound capacity to provide those zero-trust, forward-proxy services. So we could onboard 100 Zscalers on the existing network that we have, and we wouldn’t have to buy a single new machine. We have that capacity in place. And that’s really important for companies that sometimes today are having to wait a significant amount of time to get network capacity. Sometimes they’re being charged an enormous amount for that.

We also run our own backbone that spans the entire globe and connects most of that together. For our customers, if they’re going from their branch office across something like Cloudflare Magic WAN or Cloudflare Magic Transit, you are never even touching the public Internet. You’re passing across Cloudflare’s backbone end-to-end, in most cases. And that allows us to have a quality of service and a level of security that nobody else in this space can match.