In January 2023, we announced support for Managed Service Providers (MSPs) and other businesses to create 'parent-child' and account-level policy configurations when deploying Cloudflare for DNS filtering. Specifically, organizations leverage the integration between our Tenant API and Cloudflare Gateway, our Secure Web Gateway (SWG) to protect their remote or office end users with web filtering and inspection. Already, customers like the US federal government, MalwareBytes, and a large global ISP take advantage of this integration to enable simpler, more flexible policy management across larger deployments across their end customers
Today, we're excited to showcase another similar story: Meter, a provider of Internet infrastructure, is leveraging the Tenant API integration for DNS filtering to help their clients enforce acceptable Internet use policies.
How Meter deploys Cloudflare to secure Internet browsing
Meter, headquartered in San Francisco and founded in 2015, provides Internet infrastructure that includes routing, switching, wireless, and applications. They help deliver faster, more efficient, more secure networking experiences for a diverse range of corporate spaces, including offices, warehouses, retail, manufacturing, biotech, and education institutions.
Meter integrates with the Cloudflare Tenant API to provide DNS filtering to their customers. With the Meter dashboard, Meter customers can set policies to block or allow Internet traffic to domains, categorized by security risks (phishing, malware, DGA, etc.) or content theme (adult, gambling, shopping, etc.)
Across this customer base, having parent-child relationships in security policies is often critical. For example, specific schools within an overall district may have different policies about what Internet browsing is or is not acceptable.
Cloudflare’s parent-child configurability means that Meter administrators are equipped to set differential, granular policies for specific offices, retail locations, or warehouses (‘child accounts’) within a larger business (‘parent account’). DNS queries are first filtered against parent account policies before filtering against more specific child account policies.
At a more technical level, each “child” customer account can have its own users and tokens to manage accounts. Customers of Meter can set up their DNS endpoints via Gateway locations and may be defined as IPv4, IPv6, DoH, and DoT endpoints. DNS policies can be defined for these Gateway locations. In addition to this, each customer of Meter can customize their block page and even upload their own certificates to serve their custom block page.
What’s next
MSPs and infrastructure companies like Meter play a vital role in bringing cybersecurity solutions to customers of all sizes and needs. Cloudflare will continue to invest in our tenant architecture to equip MSPs with the flexibility and simplicity they need to serve their end customers.
DNS filtering to protect users on the Internet is a valuable solution for MSPs to deliver with Cloudflare. But DNS filtering is just the first of several Zero Trust services that Cloudflare intends to support via our tenant platform, so stay tuned for more.
If you are an MSP or an Infrastructure company looking to deliver Cloudflare security for your end customers, learn more here.