If Cloudflare's Teams platform is starting to looking suspiciously SASE, that's because it is.
Best known for its distributed denial of service (DDoS) protection, security, and domain name system (DNS) services, Cloudflare dipped its toes into the secure access service edge (SASE) waters in January with the launch of Cloudflare for Teams. The premise of the platform was simple: provide access to the applications customers rely on from anywhere without compromising on security or performance.
While Teams attempts to solve the same fundamental problems as other SASE vendors, Cloudflare has been slow to adopt the label. However, CTO John Graham-Cumming admitted, in an interview with SDxCentral, the company is very much treading in those waters.
Coined by Gartner in its 2019 Hype Cycle report, SASE ties together elements of SD-WAN, managed security, and edge computing into a single cloud-managed platform.
And in that regard, Cloudflare's offering alone doesn't constitute a SASE. Instead, the company is approaching the market more like Zscaler, which argues that SASE vendors don't need to own the SD-WAN to compete. Cloudflare allows customers to pair their existing SD-WAN deployments with its massive private network, security functionality, and access controls.
Cloudflare for TeamsCloudflare for Teams is built around two products: Access and Gateway.
Access is the company's zero-trust network access platform. Access integrates with existing authentication platforms, like Okta, to provide customers with secure access to applications regardless of whether they're running on-premises or in the cloud.
Gateway is Cloudflare's secure web gateway, and in its most basic form it provides secure access to the rest of the internet, including software-as-a-service (SaaS) applications. To do this, the vendor leverages one of its marquee features: DNS security to filter unwanted content and malware.
Cloudflare takes this a step farther with its pro tier, which adds advanced threat protection, cloud sandboxing, bandwidth controls, and deep packet inspection and data loss prevention. Finally, large enterprise customers also have the option of integrating existing SD-WAN and security information and event management platforms.
A Network First ApproachHowever, Cloudflare for Teams is only part of the story.
SASE encompasses three key components: advanced routing, security, and the service edge, the latter of which is comprised of a distributed network of points of presence (PoPs). Many early SASE vendors approached the market from either the SD-WAN or the security space, building out their network as they went. For example, Palo Alto Networks used public cloud resources to roll out a service edge quickly and cost effectively.
Cloudflare is approaching this problem from the other direction. It already has a large private network reaching more than 100 countries and more than 200 cities around the world.
"I think we are the largest of all of the SASE vendors," said Graham-Cumming.
What's more, Cloudflare's role as a content delivery network means that many of the apps, websites, and services customers are accessing are already being cached and in some cases run in the company's data centers.
Room to GrowAs mentioned earlier, Cloudflare isn't trying to deliver the full SASE software stack as it's defined by Gartner, at least not just yet. The vendor does offer firewall-as-a-service with its web application firewall, but it isn't currently directly integrated into Cloudflare for Teams. The vendor also lacks a cloud access security broker (CASB).
"We've had web application firewall for many years as part of our main product line and we could configure that as part of Teams if that's what somebody wants, but in many ways that's what Gateway is meant to do," said Graham-Cumming.
When it comes to CASB, Graham-Cumming said Cloudflare has investigated this as a concept but has remained focused on the network strengths.
Remote Browser Isolation that Doesn't SuckAccording to Graham-Cumming, Cloudflare's large private network gives it an advantage when it comes to remote browser isolation (RBI). Cloudflare announced plans to bring RBI to Teams after the purchase of S2Systems in January.
"We're pretty confident in the technology we have being a game changer," he said. "The performance we're getting out of it is very, very good compared to some of the other browsers."
Graham-Cumming argues that RBI has gotten a bad wrap over the years due to poor implementation.
"There are kind of two ways of approaching remote browsing. One is the remote-desktop style in the browser, that tends to be a kind of horrible experience," he said. "The other way is actually by this HTML rewriting, and that tends to be a sort of an ugly experience from a compatibility experience."
Cloudflare argues that by integrating S2Systems' RBI into its private network it has the potential to deliver higher performance than a native browser could because the apps and websites users are accessing are apt to be cached right there in the PoP.
Cloudflare plans to bring its RBI offering to Teams later this year.
A Changing LandscapeThe influx of remote workers due to the ongoing pandemic has helped to accelerate SASE adoption thanks to its relatively low barrier to entry.
"Companies are looking for ways to give employees access in a secure fashion, where they are," said Graham-Cumming.
And while Cloudflare for Teams may not appeal to every enterprise use case, the company has a long tradition of successfully courting small to midsize businesses (SMBs) with generous free tiers and self-service portals, explained Graham-Cumming.
Shortly after launching Cloudflare for Teams in January, the vendor made the platform free to use until September in a bid to help struggling businesses address the changing remote work landscape.
And beginning in September, businesses with fewer than three locations and 50 employees may not have to pay anything for the service.
So while Cloudflare may not offer the most comprehensive SASE stack out there, its pricing model may help to undercut larger competitors, especially in the SMB space.