This post is also available in 简体中文, 日本語, bahasa Indonesia, ไทย.
CIO week has been packed with new product innovations to give CIOs the tools they need to secure, protect, and speed up their networks. At Cloudflare, we know that many of the things that matter to CIOs are not just new product announcements — but the improvements to the security and usability of the platform itself. They’re much less visible, but no less important to ensuring our customers can reliably use the growing set of services we provide in a standard and secure manner. While over time best practices and technologies change, we aim to ensure our platform meets the security needs and depth of control that our customers require. In that spirit, we have been busy over the past year delivering important updates to many of our platform services.
Improved SSO Onboarding
Customers need SSO to ensure they can securely control which applications employees can access. Our original iteration of SSO was manual and could be time consuming or error prone for customers to set up. We have streamlined the setup process by leveraging SaaS Applications in Cloudflare Access to allow customers to manage their SSO setup inside the Cloudflare for Teams dashboard. If you are an enterprise customer and are not yet getting the benefits of SSO, reach out to your account team so we can get you set up. Look forward to us further deepening control of user management when using SSO next year.
Zone Scoped Roles Beta
Many customers keep both production and testing/staging zones in one account. This provides benefits for managing configuration given everything is in the scope of one account. A common issue that customers would run into though was that they wanted to handle access to critical production zones differently than their other zones. We now have a beta program available for customers to try out setting up zone scoped roles for members in this account. With Zone Scoped Roles, users can be granted access to a subset of the zones in an account. This means edit access to production zones can be limited to only those who truly need it. At the same time, everyone else can retain read only access, so they are not blocked from investigations. Again, for customers who want to try Zone Scoped Roles out, reach out to your account team for getting access to the beta.
Terraform Improvements
Customers continue to invest in automation in order to streamline management of Cloudflare and other providers. For many, Terraform is their go to solution to give them a single way to manage the multiple services they use every day. Cloudflare continues to invest in Terraform support for our services to ensure customers’ success.
- In 2021, we added 10 new resources, growing the list to 51 resources.
- This included major additions to the platform like our ruleset engine which powers features like Transform Rules, Managed WAF Rulesets, and Managed DDoS Rulesets
- We released a major update to cf-terraforming, our library for quickly generating Terraform configuration and state for existing Cloudflare customers getting started with Terraform
- More resources are now supported and we re-worked the interface for easier use.
Notifications and Alerts
Cloudflare continues to invest heavily in giving customers the ability to know exactly what's happening as soon as it happens for their services behind Cloudflare. We have a great write up today on the improvements, but here is a quick list of the improvements:
- New Notification Types
- DDoS Alerts
- Firewall Alerts
- Workers CPU
- Origin 5XX Errors
- New Webhook Destinations
- DataDog, Discord, OpsGenie, and Splunk
- This is in addition to Slack, Microsoft Teams, Google Chat, and custom destinations.
- Alert History is now available via API and with UI support coming soon.
Again, if you’d like to see all the details of the improvements we’ve made, jump over here!
Data Protection and Locality
It’s been increasingly important for our customers to address requirements around data locality. We’ve built out capabilities that give customers control over where their data is processed and stored through the Data Localization Suite.
In the EU, the recent “Schrems II” decision resulted in additional requirements for companies that transfer personal data outside the EU. And a number of highly regulated industries require that specific types of personal data stay within the EU’s borders.
Cloudflare is committed to helping our customers keep personal data in the EU. This week, we introduced the Customer Metadata Boundary, which expands the Data Localisation Suite to ensure that a customer’s end user traffic metadata stays in the EU.
Logs
Cloudflare’s logs provide our customers with visibility into their network. This past year, we’ve expanded logging for more of our products, and given customers more control over where they can send their logs.
Recept expansions to logs include Firewall Events, Gateway, Spectrum. The most recent is Audit logs.
We’ve added the option for customers to store their logs on any platform with an S3-compatible API and partnered with major analytics providers to create integrations. This opened the doors for a lot of our customers to directly integrate with their log destinations of choice. Read more about the new products and destinations we support here. This week we announced that we’re building support for another log storage destination - R2!
The Dogfood Advantage
Whenever the opportunity arises, any products that we create for our customers, we’re first in line to use ourselves. It keeps us honest — if there are gaps in our solution, we’re going to have our own CIO, CISO, or engineering teams breathing down our neck!
Our public facing sites (including the blog that you’re reading this on) are secured with Cloudflare. We’re just as excited about the additional security provided by Zone Scoped Roles, as our customers are! Our security and IT organizations have adopted Terraform in order to manage the security and access control of our internal applications at scale, while giving developers the ability to self-serve request changes. Cloudflare’s security team also uses logs from our services behind Cloudflare to monitor and detect malicious behavior.
By doing things just like our customers do, we build empathy for the same kinds of problems our customers may face using our services. We continue to focus on not only innovating to solve unique problems for our customers, but also taking steps to build products that make our platform a better overall experience to use.