This post is also available in 简体中文, 繁體中文, 日本語, 한국어, Deutsch, Español and Français.
April 2024 will mark my one-year anniversary as the Chief Security Officer at Cloudflare. In the past year, we’ve seen a rapid increase in sophisticated threats and incidents globally. Boards and executives are applying significant pressure to security organizations to prevent security breaches while maintaining only slight increases to budgets. Adding regulatory scrutiny, global security leaders are under pressure to deliver on the expectations from executives to protect their company. While this has been the expectation for over 20 years, we have recently seen a significant rise in attacks, including the largest and most sophisticated DDoS attacks, and the continued supply chain incidents from Solarwinds to Okta. Along with more nation state sponsored attackers, it is clear security professionals – including Cloudflare – can’t let their guards down and become complacent when it comes to security.
This past year, I met with over a hundred customers at events like our Cloudflare Connect conference in London, Chicago, Sydney, and NYC. I spoke with executives, policy experts, and world leaders at Davos. And I've been in constant dialogue with security peers across tech and beyond. There is much consistency amongst all security leaders on the pain points and concerns of Chief Information Security Officers (CISOs), spanning every geography and industry, from startups to large Fortune 500s.
Over the course of this week we will announce new products inspired by these conversations that respond to common challenges faced by CISOs around the world. We will cover many aspects of these security concerns, ranging from application security to securing employees and cloud infrastructure. We will also be sharing stories of how we do things at Cloudflare, and some thought leadership blog posts.
My Cloudflare Journey
As a CSO for more than 20 years for some of the world’s largest and most complex companies, I was drawn to the rapid innovation, unique market position and the global network that Cloudflare offers. Looking back on my first year at Cloudflare, the discussions I have had with customers has shaped me into a better CSO. Sharing my own challenges and listening to others has expanded my own understanding of the complex issues that we, Cloudflare, can learn from and adopt.
The core pillars of my organization are to Protect Cloudflare, Foster Innovation, and share “How Cloudflare does it.” My team is customer zero: first to use Cloudflare products and collaborate on needs of security organizations. Innovation weeks are certainly a key feature of the Cloudflare way, and I’m extremely proud to be able to open Security Week 2024 by announcing a series of exciting new products and features.
Security Priorities in 2024
There are three key challenges that have emerged in my discussions with CISOs and security practitioners: responding to risks and opportunities from AI, maintaining visibility and control as cloud technology changes so quickly, and how to consolidate technologies to effectively manage the security and IT budget.
One of the key topics I heard at Davos is how global leaders can address urgent global issues. As a society, we are facing a number of challenges, ranging from the environment to the ongoing effort to keep democracies functioning. The role of the Internet has never been more crucial, and I believe it’s a shared responsibility to keep it functioning and improve its security.
Our product and engineering teams have been working to deliver an array of solutions aligned to these challenges, and ultimately helping build a better Internet.
Responding to opportunity and risk from AI
No surprise, AI is the number one topic of discussion. At Davos, AI was the common theme across all industries, with a core concern of how to secure and protect our investments. As a leader in AI inference, our engineering and product teams have been working hard on building a way to protect our own, and our customers', AI models and applications.
This week our product teams are announcing tools to safeguard applications in the era of AI as well as AI-powered features helping our customers simplify how they interact with our analytics.
As a CSO, securing data is a core capability that is only made more challenging as the workforce may choose to use open AI services without understanding the risks. We have some announcements this week aligned with preventing data leakage from AI, as well as how you can use AI to secure against AI-enhanced phishing.
Finally, we will also share our philosophy of how AI can be used to increase the level of defense and security against increasingly sophisticated attacks.
Maintaining visibility and control as applications and clouds change
Effective security programs keenly focus on reducing complexity, increasing visibility, and robust alerting capabilities. A resounding message of 2024 is security by design, rather than bolted-on security. Security by design sounds easy but is more challenging for those of us without a greenfield.
While most do not have the luxury of starting over, many are succeeding by eliminating legacy tooling, such as third party storage tools, and at the same time gaining visibility and control.
There are new ways to secure and connect multi-cloud environments with consistent policy management. Our team will be sharing many new releases they are working on, and a recent acquisition, all aligned to this challenge we all face.
Consolidating to drive down costs
Every year security leaders are asked to do more with less. With economic uncertainty persisting into 2024, budget constraints have each of us critically analyzing our security stack for value and simplicity. Everyone is looking for strategies that not only reduce costs, but reduce complexity and increase your posture by removing room for human error. The CISOs who I see succeed in this environment have built programs based on simplification. Cloud migrations and zero trust architecture implementations have many asking if those transformations delivered on the promise of simplification and scale. My own zero trust journeys have given me a deep appreciation for the Cloudflare approach in moving away from expensive and complex security architectures.
How can we help make the Internet better?
2024 will be a pivotal year for the Internet. Geopolitical conflict and the elections around the world are being heavily analyzed for impact across every industry. This week we will share how we can leverage our robust platforms to stand by our mission to help build a better Internet and protect global democracy and large scale international events.
Welcome to Security Week
Innovation weeks are a great tradition at Cloudflare. This is where we launch new capabilities and share new ways to solve the challenges we have heard from our customers. No surprise, Security Week will be my personal favorite. I hope you each walk away with something that makes your job just a little easier.