All posts by Patrick Day

Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)

2023-09-25 Patrick Day

Post Syndicated from Patrick Day original http://blog.cloudflare.com/switching-cloudflare-cut-your-network-carbon-emissions-sbti/

Switching to Cloudflare can cut your network carbon emissions up to 96% (and we're joining the SBTi)

This post is also available in 简体中文, 日本語, 한국어, Deutsch, Español and Français.

Since our founding, Cloudflare has helped customers save on costs, increase security, and boost performance and reliability by migrating legacy hardware functions to the cloud. More recently, our customers have been asking about whether this transition can also improve the environmental impact of their operations.

We are excited to share an independent report published this week that found that switching enterprise network services from on premises devices to Cloudflare services can cut related carbon emissions up to 96%, depending on your current network footprint. The majority of these gains come from consolidating services, which improves carbon efficiency by increasing the utilization of servers that are providing multiple network functions.

And we are not stopping there. Cloudflare is also proud to announce that we have applied to set carbon reduction targets through the Science Based Targets initiative (SBTi) in order to help continue to cut emissions across our operations, facilities, and supply chain.

As we wrap up the hottest summer on record, it's clear that we all have a part to play in understanding and reducing our carbon footprint. Partnering with Cloudflare on your network transformation journey is an easy way to get started. Come join us today!

Traditional vs. cloud-based networking and security

Historically, corporate networks relied on dedicated circuits and specialized hardware to connect and secure their infrastructure. Companies built or rented space in data centers that were physically located within or close to major office locations, and hosted business applications on servers in these data centers. Employees in offices connected to these applications through the local area network (LAN) or over private wide area network (WAN) links from branch locations. A stack of security hardware in each data center, including firewalls, intrusion detection systems, DDoS mitigation appliances, VPN concentrators, and more enforced security for all traffic flowing in and out.

This architecture model broke down when applications shifted to the cloud and users left the office, requiring a new approach to connecting and securing corporate networks. Cloudflare’s model, which aligns with the SASE framework, shifts network and security functions from on premises hardware to our distributed global network.

This approach improves performance by enforcing policy close to where users are, increases security with Zero Trust principles, and saves costs by delivering functions more efficiently. We are now excited to report that it materially reduces the total power consumption of the services required to connect and secure your organization, which reduces carbon emissions.

Reduced carbon emissions through cloud migration and consolidation

An independent study published this week by Analysys Mason outlines how shifting networking and security functions to the cloud, and particularly consolidating services in a unified platform, directly improves the sustainability of organizations’ network, security, and IT operations. You can read the full study here, but here are a few key points.

The study compared a typical hardware stack deployed in an enterprise data center or IT closet, and its associated energy consumption, to the energy consumption of comparable functions delivered by Cloudflare’s global network. The stack used for comparison included network firewall and WAF, DDoS mitigation, load balancing, WAN optimization, and SD-WAN. Researchers analyzed the average power consumption for devices with differing capacity and found that higher-capacity devices only consume incrementally more energy:

The study noted that specialized hardware is more efficient per watt of electricity consumed at performing specific functions — in other words, a device optimized for intrusion detection will perform intrusion detection functions using less power per request processed than a generic server designed to host multiple different workloads. This can be seen in the bar labeled “impact of cloud processing efficiency” in the graph below.

However, these gains are only relevant when a specialized hardware device is consistently utilized close to its capacity, which most appliances in corporate environments are not. Network, security, and IT teams intentionally provision devices with higher capacity than they will need the majority of the time in order to be able to gracefully handle spikes or peaks.

For example, a security engineer might have traditionally specced a DDoS protection appliance that can handle up to 10 Gbps of traffic in case an attack of that size came in, but the vast majority of the time, the appliance is processing far less traffic (maybe only tens or hundreds of Mbps). This means that it is actually much more efficient for those functions to run on a generic device that is also running other kinds of processes and therefore can operate at a higher baseline utilization, using the same power to get more work done. These benefits are shown in the “utilization gains from cloud” bar in the following graph.

There are also some marginal efficiency gains from other aspects of cloud architecture, such as improved power usage effectiveness (PUE) and carbon intensity of data centers optimized for cloud workloads vs. traditional enterprise infrastructure. These are represented on the right of the graph below.

Researchers compared multiple examples of enterprise IT environments, from small to large traffic volume and complexity, and found that these factors contribute to overall carbon emissions reduction of 78-96% depending on the network analyzed.

One of the most encouraging parts of this study was that it did not include Cloudflare's renewable energy or offset purchases in its findings. A number of studies have concluded that migrating various applications and compute functions from on premises hardware to the cloud can significantly cut carbon emissions. But, those studies also relied in part on carbon accounting benefits like renewable energy or carbon offsets to demonstrate those savings.

Cloudflare also powers its operations with 100% renewable energy and purchases high-quality offsets to account for its annual emissions footprint. Meaning, the emissions savings of potentially switching to Cloudflare are likely even higher than those reported.

Overall, consolidating and migrating to Cloudflare’s services and retiring legacy hardware can substantially reduce energy consumption and emissions. And while you are at it, make sure to consider sustainable end-of-life practices for those retired devices — we will even help you recycle them!

Cloudflare is joining the Science Based Targets initiative (SBTi)

We're incredibly proud that Cloudflare is helping move the Internet toward a zero emissions future. But, we know that we can do more.

Cloudflare is thrilled to announce that we have submitted our application to join SBTi and set science-based carbon reduction targets across our facilities, operations, and supply chain.

SBTi is one of the world's most ambitious corporate climate action commitments. It requires companies to achieve verifiable emissions reductions across their operations and supply chain without the use of carbon offsets. Companies' short- and long-term reduction goals must be consistent with the Paris Climate Agreement goal of limiting global warming to 1.5 degrees above pre-industrial levels.

Once approved, Cloudflare will work over the next 24 months with SBTi to develop and validate our short and long term reduction targets. Stay tuned to our blog and our Impact page for updates as we go.

Cloudflare's commitment to SBTi reduction targets builds on our ongoing commitments to 100% renewable energy, to offset or remove historic carbon emissions associated with powering our network by 2025, and reforestation efforts.

As we have said before, Cloudflare's original goal was not to reduce the Internet's environmental impact. But, that has changed.

Come join Cloudflare today and help us work towards a zero emissions Internet.

Cloudflare’s commitment to the 2023 Summit for Democracy

2023-03-28 Patrick Day

Post Syndicated from Patrick Day original https://blog.cloudflare.com/cloudflare-commitment-to-the-2023-summit-for-democracy/

Cloudflare’s commitment to the 2023 Summit for Democracy

On Tuesday, March 28, 2023, the US Government will launch the Summit for Democracy 2023, following up on the inaugural Summit for Democracy 2021. The Summit is co-hosted by the United States, Costa Rica, Zambia, the Netherlands, and South Korea. Cloudflare is proud to participate in and contribute commitments to the Summit because we believe that everyone should have access to an Internet that is faster, more reliable, more private, and more secure. We work to ensure that the responsibility to respect human rights is embedded throughout our business functions. Cloudflare’s mission — to help build a better Internet — reflects a long-standing belief that we can help make the Internet better for everyone.

Our mission and core values dovetail with the Summit’s goals of strengthening democratic governance, respect for human rights and human rights defenders, and working in partnership to strengthen respect for these values. As we have written about before, access to the Internet allows activists and human rights defenders to expose abuses across the globe, allows collective causes to grow into global movements, and provides the foundation for large-scale organizing for political and social change in ways that have never been possible before.

What is the Summit for Democracy?

In December 2021, in an effort to respond to challenges to democracy worldwide, the United States held the first ever global Summit for Democracy. The Summit provided an opportunity to strengthen collaboration between democracies around the world and address common challenges from authoritarian threats. The United States invited over 100 countries plus the President of the European Commission and the United Nations Secretary-General. The Summit focused on three key themes: (1) defending against authoritarianism; (2) addressing and fighting corruption; and (3) promoting respect for human rights, and gave participants an opportunity to announce commitments, reforms, and initiatives to defend democracy and human rights. The Summit was followed by a Year of Action, during which governments implemented their commitments to the Summit.

The 2023 Summit will focus more directly on partnering with the private sector to promote an affirmative vision for technology by countering the misuse of technology and shaping emerging technologies so that they strengthen democracy and human rights, which Cloudflare supports in theory and in practice.

The three-day Summit will highlight the importance of the private sector’s role in responding to challenges to democracy. The first day of the Summit is the Thematic Day, where Cabinet-level officials, the private sector and civil society organizations will spotlight key Summit themes. On the second day of the Summit, the Plenary Day, the five co-hosts will each host a high-level plenary session. On the final day of the Summit, Co-Host Event Day, each of the co-hosts will lead high-level regional conversations with partners from government, civil society, and the private sector.

Cloudflare will be participating in the Thematic Day and the Co-Host Event Day in Washington, DC, in addition to other related events.

Cloudflare commitments

In advance of the 2023 Summit, the United States issued a Call to Action to the private sector to consider commitments that advance an affirmative agenda for democratic renewal. The United States encouraged the private sector to make commitments that align with the Presidential Initiative on Democratic Renewal, the Declaration on the Future of the Internet, and the Summit’s four objectives:

Countering the misuse of technology
Fighting corruption
Protecting civic space
Advancing labor rights

Cloudflare answered the United States’s call to action and made commitments to (1) help democratize post-quantum cryptography; (2) work with researchers to share data on Internet censorship and shutdowns; and (3) engage with civil society on Internet protocols and the application of privacy-enhancing technologies.

Democratizing post-quantum cryptography by including it for free, by default

At Cloudflare, we believe to enhance privacy as a human right the most advanced cryptography needs to be available to everyone, free of charge, forever. Cloudflare has committed to including post-quantum cryptography for free by default to all customers – including individual web developers, small businesses, non-profits, and governments. In particular, this will benefit at-risk groups using Cloudflare services like humanitarian organizations, human rights defenders, and journalists through Project Galileo, as well as state and local government election websites through the Athenian Project, to help secure their websites, APIs, cloud tools and remote employees against future threats.

We believe everyone should have access to the next era of cybersecurity standards–instantly and for free. To that end, Cloudflare will also publish vendor-neutral roadmaps based on NIST standards to help businesses secure any connections that are not protected by Cloudflare. We hope that others will follow us in making their implementations of post-quantum cryptography free so that we can create a secure and private Internet without a “quantum” up-charge. More details about our commitment is here and here.

Working with researchers to better document Internet censorship and shutdowns

Cloudflare commits to working with researchers to share data about Internet shutdowns and selective Internet traffic interference and to make the results of the analysis of this data public and accessible. The Cloudflare Network includes 285 locations in over 100 countries, interconnects with over 11,500 networks globally, and serves a significant portion of global Internet traffic. Cloudflare shares aggregated data on the Internet’s patterns, insights, threats and trends with the public through Cloudflare Radar, including providing alerts and data to help organizations like Access Now’s KeepItOn coalition, the Freedom Online Coalition, the Internet Society, and Open Observatory of Network Interference (OONI) monitor Internet censorship and shutdowns around the world. Cloudflare commits to working with research partners to identify signatures associated with connection tampering and failures, which are believed to be caused primarily by active censorship and blocking. Cloudflare is well-positioned to observe and report on these signatures from a global perspective, and will provide access to its findings to support additional tampering detection efforts.

Engaging with civil society on Internet protocols and the development and application of privacy-enhancing technologies

Cloudflare believes that meaningful consultation with civil society is a fundamental part of building an Internet that advances human rights. As Cloudflare works with Internet standards bodies and other Internet providers on the next-generation of privacy-enhancing technologies and protocols, like protocols to encrypt Domain Name Service records and Encrypted Client Hello (ECH) and privacy enhancing technologies like OHTTP, we commit to direct engagement with civil society and human rights experts on standards and technologies that might have implications for human rights.

Cloudflare has long worked with industry partners, stakeholders, and international standards organizations to build a more private, secure, and resilient Internet for everyone. For example, Cloudflare has built privacy technologies into its network infrastructure, helped develop and deploy TLS 1.3 alongside helping lead QUIC and other Internet protocols, improve transparency around routing and public key infrastructure (PKI), and operating a public DNS resolver that supports encryption protocols. Ensuring civil society and human rights experts are able to contribute and provide feedback as part of those efforts will make certain that future development and application of privacy-enhancing technologies and protocols are consistent with human rights principles and account for human rights impacts.

Our commitments to democratizing post-quantum cryptography, working with researchers on Internet censorship and shutdowns, and engaging with civil society on Internet protocols and the development and application of privacy-preserving technologies will help to secure access to a free, open, and interconnected Internet.

Partnering to make the Summit a success

In the lead-up to the Summit, Cloudflare has been working in partnership with the US Department of State, the National Security Council, the US Agency for International Development (USAID), and various private sector and civil society partners to prepare for the Summit. As part of our involvement, we have also contributed to roundtables and discussions with the Center for Strategic and International Studies, GNI, the Design 4 Democracy Coalition, and the Freedom Online Coalition. Cloudflare is also participating in official meetings and side events including at the Carnegie Endowment for International Peace and the Council on Foreign Relations.

In addition to the official Summit events, there are a wide range of events organized by civil society which the Accountability Lab has created a website to highlight. Separately, on Monday, March 27 the Global Democracy Coalition convened a Partners Day to organize civil society and other non-governmental events. Many of these events are being held by some of our Galileo partners like the National Democratic Institute, the International Republican Institute, Freedom House, and the Council of Europe.

Cloudflare is grateful for all of the hard work that our partners in government, civil society, and the private sector have done over the past few months to make this Summit a success. At a time where we are seeing increasing challenges to democracy and the struggle for human rights around the world, maintaining a secure, open, Internet is critical. Cloudflare is proud of our participation in the Summit and in the commitments we are making to help advance human rights. We look forward to continuing our engagement in the Summit partnership to fulfill our mission to help build a better Internet.

Independent report shows: moving to Cloudflare can cut your carbon footprint

2022-12-14 Patrick Day

Post Syndicated from Patrick Day original https://blog.cloudflare.com/independent-report-shows-moving-to-cloudflare-cuts-your-carbon-footprint/

Independent report shows: moving to Cloudflare can cut your carbon footprint

This post is also available in 简体中文, Français and Español.

In July 2021, Cloudflare described that although we did not start out with the goal to reduce the Internet’s environmental impact, that has changed. Our mission is to help build a better Internet, and clearly a better Internet must be sustainable.

As we continue to hunt for efficiencies in every component of our network hardware, every piece of software we write, and every Internet protocol we support, we also want to understand in terms of Internet architecture how moving network security, performance, and reliability functions like those offered by Cloudflare from on-premise solutions to the cloud affects sustainability.

To that end, earlier this year we commissioned a study from the consulting firm Analysys Mason to evaluate the relative carbon efficiency of network functions like firewalls, WAF, SD-WAN, DDoS protection, content servers, and others that are provided through Cloudflare against similar on-premise solutions.

Although the full report will not be available until next year, we are pleased to share that according to initial findings:

Cloudflare Web Application Firewall (WAF) “generates up to around 90% less carbon than on-premises appliances at low-medium traffic demand.”

Needless to say, we are excited about the possibilities of these early findings, and look forward to the full report which early indications suggest will show more ways in which moving to Cloudflare will help reduce your infrastructure’s carbon footprint. However, like most things at Cloudflare, we see this as only the beginning.

Fixing the Internet’s energy/emissions problem

The Internet has a number of environmental impacts that need to be addressed, including raw material extraction, water consumption by data centers, and recycling and e-waste, among many others. But, none of those are more urgent than energy and emissions.

According to the United Nations, energy generation is the largest contributor to greenhouse gas emissions, responsible for approximately 35% of global emissions. If you think about all the power needed to run servers, routers, switches, data centers, and Internet exchanges around the world, it’s not surprising that the Boston Consulting Group found that 2% of all carbon output, about 1 billion metric tons per year, is attributable to the Internet.

Conceptually, reducing emissions from energy consumption is relatively straightforward — transition to zero emissions energy sources, and use energy more efficiently in order to speed that transition. However, practically, applying those concepts to a geographically distributed, disparate networks and systems like the global Internet is infinitely more difficult.

To date, much has been written about improving efficiency or individual pieces of network hardware (like Cloudflare’s deployment of more efficient Arm CPUs) and the power usage efficiency or “PUE” of hyperscale data centers. However, we think there are significant efficiency gains to be made throughout all layers of the network stack, as well as the basic architecture of the Internet itself. We think this study is the first step in investigating those underexplored areas.

How is the study being conducted?

Because the final report is still being written, we’ll have more information about its methodology upon publication. But, here is what we know so far.

To estimate the relative carbon savings of moving enterprise network functions, like those offered by Cloudflare, to the cloud, the Analysys Mason team is evaluating a wide range of enterprise network functions. These include firewalls, WAF, SD-WAN, DDoS protection, and content servers. For each function they are modeling a variety of scenarios, including usage, different sizes and types of organizations, and different operating conditions.

Information relating to the power and capacity of each on-premise appliance is being sourced from public data sheets from relevant vendors. Information on Cloudflare’s energy consumption is being compiled from internal datasets of total power usage of Cloudflare servers, and the allocation of CPU resources and traffic between different products.

Final report — coming soon!

According to the Analysys Mason team, we should expect the final report sometime in early 2023. Until then, we do want to mention again that the initial WAF results described above may be subject to change as the project continues, and assumptions and methodology are refined. Regardless, we think these are exciting developments and look forward to sharing the full report soon!

Sign up for Cloudflare today!

Historical emissions offsets (and Scope 3 sneak preview)

2022-12-14 Patrick Day

Post Syndicated from Patrick Day original https://blog.cloudflare.com/historical-emissions-offsets-and-scope-3-sneak-preview/

Historical emissions offsets (and Scope 3 sneak preview)

In July 2021, Cloudflare committed to removing or offsetting the historical emissions associated with powering our network by 2025. Earlier this year, after a comprehensive analysis of our records, we determined that our network has emitted approximately 31,284 metric tons (MTs) of carbon dioxide equivalent (CO2e) since our founding.

Today, we are excited to announce our first step toward offsetting our historical emissions by investing in 6,060 MTs’ worth of reforestation carbon offsets as part of the Pacajai Reduction of Emissions from Deforestation and forest Degradation (REDD+) Project in the State of Para, Brazil.

Generally, REDD+ projects attempt to create financial value for carbon stored in forests by using market approaches to compensate landowners for not clearing or degrading forests. From 2007 to 2016, approximately 13% of global carbon emissions from anthropogenic sources were the result of land use change, including deforestation and forest degradation. REDD+ projects are considered a low-cost policy mechanism to reduce emissions and promote co-benefits of reducing deforestation, including biodiversity conservation, sustainable management of forests, and conservation of existing carbon stocks. REDD projects were first recognized as part of the 11th Conference of the Parties (COP) of the United Nations Framework Convention on Climate Change in 2005, and REDD+ was further developed into a broad policy initiative and incorporated in Article 5 of the Paris Agreement.

The Pacajai Project is a Verra verified REDD+ project designed to stop deforestation and preserve local ecosystems. Specifically, to implement sustainable forest management and support socioeconomic development of riverine communities in Para, which is located in Northern Brazil near the Amazon River. The goal of the project is to train village families in land use stewardship to protect the rainforest, as well as agroforestry techniques that will help farmers transition to crops with smaller footprints to reduce the need to burn and clear large sections of adjacent forest.

If you follow sustainability initiatives at Cloudflare, including on this blog, you may know that we have also committed to purchasing renewable energy to account for our annual energy consumption. So how do all of these commitments and projects fit together? What is the difference between renewable energy (credits) and carbon offsets? Why did we choose offsets for our historical emissions? Great questions; here is a quick recap.

Cloudflare sustainability commitments

Last year, Cloudflare announced two sustainability commitments. First we committed to powering our operations with 100% renewable energy. Meaning, each year we will purchase the same amount of zero emissions energy (wind, solar, etc.) as we consume in all of our data centers and facilities around the world. Matching our energy consumption annually with renewable energy purchases ensures that under carbon accounting standards like the Greenhouse Gas Protocol (GHG), Cloudflare’s annual net emissions (or “market-based emissions”) from purchased electricity will be zero. This is important because it accounts for about 99.9% of Cloudflare’s 2021 emissions.

Renewable energy purchases help make sure Cloudflare accounts for its emissions from purchased electricity moving forward; however, it does not address emissions we generated prior to our first renewable energy purchase in 2018 (what we are calling “historical emissions”).

To that end, our second commitment was to “remove or offset all of our historical emissions resulting from powering our network by 2025.” For this initiative, we purposefully chose to use carbon removals or offsets, like the Pacajai REDD+ Project, rather than more renewable energy purchases (also called renewable energy credits, renewable energy certificates, or RECs).

Renewable energy vs. offsets and removals

Renewable energy certificates (RECs) and carbon offsets are both used by organizations to help mitigate their emissions footprint, but they are fundamentally different instruments.

Renewable energy certificates are created by renewable energy generators, like wind and solar farms, and represent a unit (e.g. 1 megawatt-hour) of low or zero emissions energy delivered to a local power grid. Individuals, organizations, and governments are able to purchase those units of energy, and legally claim their environmental benefits, even if the actual power they consume is from the standard electrical grid.

A carbon offset, according to the World Resources Institute (WRI), is “a unit of carbon dioxide-equivalent (CO2e) that is reduced, avoided, or sequestered.” Offsets can include a wide variety of projects, including reforestation, procurement of more efficient cookstoves in developing nations, avoidance of methane from municipal solid waste sites, and purchasing electric and hybrid vehicles for public transportation.

Carbon removals are a type of carbon offsets that involve actual removal of an amount of carbon from the atmosphere. According to WRI, carbon removal projects include “natural strategies like tree restoration and agricultural soil management; high-tech strategies like direct air capture and enhanced mineralization; and hybrid strategies like enhanced root crops, bioenergy with carbon capture and storage, and ocean-based carbon removal.”

As the climate crisis accelerates, carbon removals are an increasingly important part of global net zero efforts. For example, a recent analysis by the U.S. National Academy of Sciences and the Intergovernmental Panel on Climate Change (IPCC) found that even with rapid investment in emissions reductions (like increasing renewable energy supply), the United States must remove 2 gigatons of CO2 per year by midcentury to reach net zero.

RECs, offsets, and removals are all important tools for individuals, organizations, and governments to help lower their emissions footprint, and each has a specific purpose. As the U.S. Environmental Protection Agency puts it, “think of offsets and RECs as two tools in your sustainability tool box — like a hammer and a saw.” For example, RECs can only be used to account for emissions from an organization’s purchased electricity (Scope 2 emissions). Whereas offsets can be used to account for emissions from combustion engines and other direct emissions (Scope 1), purchased electricity (Scope 2), or carbon emitted by others, including supply chain and logistics emissions (Scope 3). In addition, some sustainability initiatives, like the Science Based Targets Initiative (SBTi) Net-Zero Standard, require the use of removals rather than other types of offsets.

Why did Cloudflare choose offsets or removals to account for its historical emissions?

We decided on a combination of offsets and removals for two reasons. The first reason is technical and relates to RECs and vintage years. Every REC produced by a renewable generator must include the date and time it was delivered to the local electrical grid. So, for example, RECs associated with renewable energy generation by a wind facility during the 2022 calendar year are considered 2022 vintage. Most green energy or renewable energy standards require organizations to purchase RECs from the same vintage year as the energy they are seeking to offset. Therefore, finding RECs to account for energy used by our network in 2012 or 2013 would be difficult, if not impossible, and purchasing current year RECs would be inconsistent with most standards.

The second reason we chose offsets and removals is that it gives us more flexibility to support different types of projects. As mentioned above, offset projects can be incredibly diverse and can be purchased all over the world. This gives Cloudflare the opportunity to support a variety of carbon reduction, avoidance, and sequestration projects that also contribute to other sustainable development goals like decent work and economic growth, gender equality and reduced inequalities, and life on land and below water.

How did we calculate historical emissions?

Once we decided how we planned to offset our historical emissions, we needed to determine how much to offset. Earlier this year our Infrastructure team led a comprehensive review of all historical asset records to create an annual picture of what hardware we deployed, the number of servers, the energy consumption of each model and configuration, and total energy consumption.

We also cross-checked our hardware deployment records with a review of all of our blog posts and other public statements documenting our network growth over the years. It was actually a pretty interesting exercise. Not only to see the cover art from some of our early blogs (our New Jersey data center announcement is a favorite), but more importantly to relive the amazing growth of our network, step by step, from three data centers in 2010 to more than 275 cities in over 100 countries! Pretty cool.

Finally, we converted those annual energy totals to emissions using a global average emissions factor from the International Energy Agency (IEA).

Energy (kWh) x Emissions Factor (gCO2e/kWh) = Carbon Emissions (gCO2e)

In total, we estimated that based on total power consumption, our network produced 31,284 MTs of CO2e prior to our first renewable energy purchase in 2018. We are proud to invest in offsets to mitigate the first 6,060 MTs this year; only 25,224 MTs to go.

Scope 3 emissions — sneak preview

Now that we have a firm understanding, reporting, and accounting for our current and past Scope 1 and Scope 2 emissions — we think it is time to focus on Scope 3.

Cloudflare published its first company-wide emissions inventory in 2020. Since then, we have focused our reporting and mitigating on our Scope 1 and Scope 2 emissions, as required under the GHG Protocol. However, although Scope 3 emissions reporting remains optional, we think it is an increasingly important part of all organizations’ responsibility to understand their total carbon footprint.

To that end, earlier this year we started a comprehensive internal assessment of all of our potential Scope 3 emissions sources. Like most things at Cloudflare we are starting with our network. Everything from embodied carbon in the hardware we buy, to shipping and logistics for moving our data center and server equipment around the world, to how we decommission and responsibly dispose of our assets.

Developing processes to quantify those emissions is one of our top objectives for 2023, and we plan to have more information to share soon. Stay tuned!

35,000 new trees in Nova Scotia

2022-07-13 Patrick Day

Post Syndicated from Patrick Day original https://blog.cloudflare.com/35-000-new-trees-in-nova-scotia/

35,000 new trees in Nova Scotia

Cloudflare is proud to announce the first 35,000 trees from our commitment to help clean up bad bots (and the climate) have been planted.

Working with our partners at One Tree Planted (OTP), Cloudflare was able to support the restoration of 20 hectares of land at Victoria Park in Nova Scotia, Canada. The 130-year-old natural woodland park is located in the heart of Truro, NS, and includes over 3,000 acres of hiking and biking trails through natural gorges, rivers, and waterfalls, as well as an old-growth eastern hemlock forest.

The planting projects added red spruce, black spruce, eastern white pine, eastern larch, northern red oak, sugar maple, yellow birch, and jack pine to two areas of the park. The first area was a section of the park that recently lost a number of old conifers due to insect attacks. The second was an area previously used as a municipal dump, which has since been covered by a clay cap and topsoil.

Our tree commitment began far from the Canadian woodlands. In 2019, we launched an ambitious tool called Bot Fight Mode, which for the first time fought back against bots, targeting scrapers and other automated actors.

Our idea was simple: preoccupy bad bots with nonsense tasks, so they cannot attack real sites. Even better, make these tasks computationally expensive to engage with. This approach is effective, but it forces bad actors to consume more energy and likely emit more greenhouse gasses (GHG). So in addition to launching Bot Fight Mode, we also committed to supporting tree planting projects to account for any potential environmental impact.

What is Bot Fight Mode?

As soon as Bot Fight Mode is enabled, it immediately starts challenging bots that visit your site. It is available to all Cloudflare customers for free, regardless of plan.

When Bot Fight Mode identifies a bot, it issues a computationally expensive challenge to exhaust it (also called “tarpitting”). Our aim is to disincentivize attackers, so they have to find a new hobby altogether. When we tarpit a bot, we require a significant amount of compute time that will stall its progress and result in a hefty server bill. Sorry not sorry.

We do this because bots are leeches. They draw resources, slow down sites, and abuse online platforms. They also hack into accounts and steal personal data. Of course, we allowlist a small number of bots that are well-behaved, like Slack and Google. And Bot Fight Mode only acts on traffic from cloud and hosting providers (because that is where bots usually originate from).

Over 550,000 sites use Bot Fight Mode today! We believe this makes it the most widely deployed bot management solution in the world (though this is impossible to validate). Free customers can enable the tool from the dashboard and paid customers can use a special version, known as Super Bot Fight Mode.

How many trees? Let’s do the math 🚀

Now, the hard part: how can we translate bot challenges into a specific number of trees that should be planted? Fortunately, we can use a series of unit conversions, similar to those we use to calculate Cloudflare’s total GHG emissions.

We started with the following assumptions.

Table 1.

Measure	Quantity	Scaled	Source
Energy used by a standard server	1,760.3 kWh / year	To hours (0.2 kWh / hour)	Go Climate
Emissions factor	0.33852 kgCO2e / kWh	To grams (338.52 gCO2e / kWh)	Go Climate
CO2 absorbed by a mature tree	48 lbsCO2e / year	To kilograms (21 kgCO2e / year)	One Tree Planted

Next, we selected a high-traffic day to model the rate and duration of bot challenges on our network. On May 23, 2021, Bot Fight Mode issued 2,878,622 challenges, which lasted an average of 50 seconds each. In total, bots spent 39,981 hours engaging with our network defenses, or more than four years of challenges in a single day!

We then converted that time value into kilowatt-hours (kWh) of energy based on the rate of power consumed by our generic server listed in Table 1 above.

39,981 (hours) x .2 (kWh/hour) = 7,996 (kWh)

Once we knew the total amount of energy consumed by bad bot servers, we used an emissions factor (the amount of greenhouse gasses emitted per unit of energy consumed) to determine total emissions.

7,996 (kwh) x 338.52 (gCO2e/kwh) = 2,706,805 (gCO2e)

If you have made it this far, clearly you like to geek out like we do, so for the sake of completeness, the unit commonly used in emissions calculations is carbon dioxide equivalent (CO2e), which is a composite unit for all six GHGs listed in the Kyoto Protocol weighted by Global Warming Potential.

The last conversion we needed was from emissions to trees. Our partners at OTP found that a mature tree absorbs roughly 21 kgCO2e per year. Based on our total emissions that translates to roughly 47,000 trees per server, or 840 trees per CPU core. However, in our original post, we also noted that given the time it takes for a newly planted tree to reach maturity, we would multiply our donation by a factor of 25.

In the end, over the first two years of the program, we calculated that we would need approximately 42,000 trees to account for all the individual CPU cores engaged in Bot Fight Mode. For good measure, we rounded up to an even 50,000.

We are proud that most of these trees are already in the ground, and we look forward to providing an update when the final 15,000 are planted.

A piece of the puzzle

“Planting trees will benefit species diversity of the existing forest, animal habitat, greening of reclamation areas as well as community recreation areas, and visual benefits along popular hiking/biking trail networks.”
– Stephanie Clement, One Tree Planted, Project Manager North America

Reforestation is an important part of protecting healthy ecosystems and promoting biodiversity. Trees and forests are also a fundamental part of helping to slow the growth of global GHG emissions.

However, we recognize there is no single solution to the climate crisis. As part of our mission to help build a better, more sustainable Internet, Cloudflare is investing in renewable energy, tools that help our customers understand and mitigate their own carbon footprints on our network, and projects that will help offset or remove historical emissions associated with powering our network by 2025.

Want to be part of our bots & trees effort? Enable Bot Fight Mode today! It’s available on our free plan and takes only a few seconds. By the time we made our first donation to OTP in 2021, Bot Fight Mode had already spent more than 3,000 years distracting bots.

Help us defeat bad bots and improve our planet today!

—-
For more information on Victoria Park, please visit https://www.victoriaparktruro.ca
For more information on One Tree Planted, please visit https://onetreeplanted.org
For more information on sustainability at Cloudflare, please visit www.cloudflare.com/impact

A Better Internet with UN Global Compact

2021-09-28 Patrick Day

Post Syndicated from Patrick Day original https://blog.cloudflare.com/cloudflare-and-un-global-compact/

A Better Internet with UN Global Compact

Every year during Birthday Week, we talk about what we mean by our mission to help build a better Internet. We release support for new standards and products that help the global Internet community and give things like unmitigated DDoS Protection away for free. We also think about our role as an active participant in the global community of individuals, companies and governments that make the Internet what it is.

In 2020, we decided to formalize our commitment to being an active partner in the global community by joining the UN Global Compact (UNGC) as a signatory. We share the view that achievement of the Sustainable Development Goals set out in the UN Global Compact are the blueprint for a better and more sustainable future. Today, we are proud to release our first Communication on Progress, which describes how we are integrating UNGC principles across our company and as part of helping build a better Internet.

Shared values, economy, and Internet

In 1999, then UN Secretary General Kofi Annan shared a sober message with business leaders gathered at the World Economic Forum in Davos. He argued that basic protections like human rights, environmental sustainability, and fair labor practices are not just good for the world or good for business, they are fundamental to the long-term stability of a free and open global market.

Mr. Annan also warned that failure to ensure these basic protections could have dire political and economic consequences. Specifically, if governments, non-governmental organizations, and corporations could not translate the same shared values underlying national markets to the newly-created global market, then the global economy would remain fragile and vulnerable. He described how people feeling victimized would be subject to exploitation, including from “all the ‘isms’ of our post-cold-war world: protectionism; populism; nationalism; ethnic chauvinism; fanaticism; and terrorism,” which prey on misery and insecurity.

More than twenty years later, it’s difficult to find issue with Mr. Annan’s message. In fact, we think that human rights, environmental sustainability, fair labor practices, and anti-corruption are not only fundamental to the global economy, but to building a better Internet as well.

A Global Compact

The UN Global Compact (UNGC) is the world’s largest sustainability initiative with over 14,000 members in 162 countries. The UNGC’s mission is to mobilize companies to align their operations and strategies with UN principles and values.

Participants are required to make three commitments: operating responsibly by adhering to the UN Ten Principles, taking strategic action to help advance the UN Sustainable Development Goals (SDGs), and providing annual public reporting on implementation.

The Ten Principles

The UNGC’s first requirement is that companies operate consistent with fundamental responsibilities embodied in the UN Ten Principles, which include human rights, environmental sustainability, labor protections, and anti-corruption. The principles themselves are derived from a series of related UN treaties like the Universal Declaration of Human Rights, the ILO Fundamental Principles on the Rights at Work, the Rio Declaration on Environment and Development, and the UN Convention Against Corruption.

Sustainable Development Goals

The UNGC’s second requirement is for participants to help advance the UN Sustainable Development Goals (SDGs). The SDGs are an urgent call to action for global development that was adopted by all 193 UN member states in 2015. It builds off a number of previous UN development initiatives, including the Earth Summit in 1992, the Millennium Development Goals, the UN Sustainable Development Summit in 2015, and the Paris Agreement on Climate Change. Each of the 17 SDGs includes a broad goal combined with specific targets and indicators, as well as progress reports and other metrics.

Cloudflare is committed to helping advance all the 17 UN SDGs. However, like many companies, we’ve focused our efforts and our COP reporting on the SDGs that are most relevant to our business.

SDG 5 is focused on achieving gender equality and empowering all women and girls. This goal is particularly relevant right now, given the pandemic’s disproportionate impact on women in the workforce. We have long believed in the importance of encouraging a diverse workforce, and have benefited from partnerships with returnship programs that provide opportunities to mothers or people who have taken a career break to care for a loved one. This year, we’ve also taken steps to begin reporting on pay equity and have signed multiple diversity charters like the EU Charter and UK Tech Talent Charter. In conjunction with International Women’s Day, Cloudflare also hosted a full month of events and programs designed to foster community and support the growth and advancement of those who identify as women.

By offering free services to protect organizations around the world that empower women from denial for service attacks (DDoS) and other online threats, Cloudflare’s Project Galileo also helps advance the goal of gender equality. Through Project Galileo, we’ve been proud to work with organizations like the Women in Media Initiative Somalia (WIMISOM), which works to empower female journalists in Somalia, as well as serving at the forefront of campaigns to end violence against women, girls, and children.

SDG 13 is focused on taking urgent action to combat climate change and its impacts. Although Cloudflare has always had efficiency at our core, we are also committed to reducing our environmental impact and making the Internet as a whole more environmentally friendly. To reduce our greenhouse gas emissions, Cloudflare has committed to power its network by 100 percent renewable energy, which we achieved in 2020. We are also committed to removing or mitigating all of our historic greenhouse gas emissions associated with powering our network by 2025.

Earlier this year, Cloudflare also released new products to help our customers reach their own climate and emissions goals. For example, Cloudflare is directing computing workload to locations on its edge network that result in better climate outcomes, providing customers with real-time information on their individual emissions footprints, and providing developers with the option to build webpages on infrastructure powered by 100 percent renewable energy.

Moving Forward

As part of announcing what would ultimately become the UNGC, Secretary General Annan noted that the rise of transnational corporations had created unprecedented opportunities for private entities to move humanity forward. As Cloudflare celebrates another Birthday Week, we’re proud to share all the ways we are helping move toward a better Internet. And as always, we’re just getting started.

Cloudflare: 100% Renewable & Zeroing Out Emissions Back to Day 1

2021-07-27 Patrick Day

Post Syndicated from Patrick Day original https://blog.cloudflare.com/cloudflare-committed-to-building-a-greener-internet/

Cloudflare: 100% Renewable & Zeroing Out Emissions Back to Day 1

As we announced this week, Cloudflare is helping to create a clean slate for the Internet. Our goal is simple: help build a better, greener Internet with no carbon emissions that is powered by renewable energy.

To help us get there, Cloudflare is making two announcements. The first is that we’re committed to powering our network with 100% renewable energy. This builds on work we started back in 2018, and we think is clearly the right thing to do. We also believe it will ultimately lead to more efficient, more sustainable, and potentially cheaper products for our customers.

The second is that by 2025 Cloudflare aims to remove all greenhouse gases emitted as the result of powering our network since our launch in 2010. As we continue to improve the way we track and mitigate our carbon footprint, we want to help the Internet begin with a fresh start.

Finally, as part of our effort to track and mitigate our emissions, we’re also releasing our first annual carbon emissions inventory report. The report will provide detail on exactly how we calculate our carbon emissions as well as our renewable energy purchases. Transparency is one of Cloudflare’s core values. It’s how we work to build trust with our customers in everything we do, and that includes our sustainability efforts.

Purchasing Renewable Energy

Understanding Cloudflare’s commitment to power its network with 100% renewable energy requires some additional background on renewable energy markets, as well as international emissions accounting standards.

Companies that commit to powering their operations with 100% renewable energy are required to match their total energy used with electricity produced from renewable sources. The international standards that govern these types of commitments such as the Greenhouse Gas (GHG) Protocol and ISO 14064, are the same ones used by governments for quantifying their carbon emissions for global climate treaties like the Paris Climate Agreement. There are also additional industry best practices like RE100, which are voluntary guidelines established by companies working to support renewable energy development and eliminate carbon emissions.

Actually purchasing renewable energy consistent with those requirements can be done in several ways — through self-generation, like rooftop solar panels or wind turbines; through contracts with wind or solar farms via Power Purchase Agreements (PPA’s) or unbundled Renewable Energy Credits (RECs), or in some cases purchased through local utility companies like CleanPowerSF in San Francisco, CA.

The goal of providing so many options to purchase renewable energy is to leverage as much investment as possible in new renewable sources. As our colleague Jess Bailey described after our first renewable energy purchase in 2018, because of the way electricity flows through electrical grids, it’s impossible for the individual consumer to know whether they are using electricity from conventional or renewable sources. However, in order to allow customers of all sizes to invest in renewable energy generally, these standards and accounting systems allow individuals or organizations to track their investments and enjoy the benefits of supporting renewable energy, even if the actual power comes from the standard electrical grid.

According to IEA, in 2020 alone, global renewable energy capacity increased 45 percent, which was the largest annual increase since 1997. In addition, close to 50 percent of corporate renewable energy investment over the last five years has been by Internet Communications Technology (ICT) companies alone.

Cloudflare’s Renewable Energy

Cloudflare’s new commitment to power its network with renewable energy means that we will continue to match 100 percent of our global energy usage by purchasing energy from renewable sources. Although Cloudflare made its first renewable energy purchase in 2018, and matched its total global operations in both 2019 and 2020, we thought it was important to make a public, forward-looking commitment so that all of our stakeholders, including customers, investors, employees, and suppliers have confidence that we will continue to build our network on renewable energy moving forward.

To determine how much renewable energy to buy, we separate our total electrical usage into two types: network and facilities. For our network, we pull data from all of our servers and networking equipment located all over the world twice a year. For our facilities (or offices), per the GHG Protocol, we record our actual energy usage wherever we have access to utility bills. For offices located in larger buildings with multiple tenants, we use energy usage intensity (EUI) estimates calculated by the U.S. Energy Information Agency.

We also purchase renewable energy in two ways. The vast majority of our purchases are RECs, which we purchase through our partner 3Degrees to help make sure we are aligned with relevant standards like the GHG Protocol. In 2020, to match the usage of our network, Cloudflare purchased RECs, I-RECs, REGOs, and other energy attribute certificates from the United States, United Kingdom, Brazil, Chile, Columbia, India, Malaysia, Mexico, Hungary, Romania, Ukraine, Bulgaria, South Africa, and Turkey among others. Although Cloudflare has employed a regional purchasing strategy in the past, we also expect to be fully aligned with all RE100 criteria, including its market boundary criteria, by the end of 2021.

Removing our historic emissions

Cloudflare’s goal is to remove or offset all of our historical emissions resulting from powering our network by 2025. To meet that target, Cloudflare must first determine exactly how much carbon was emitted as the result of operating our network from 2010 to 2019, and then invest in carbon offsets or removals to match those emissions.

Determining carbon emissions from purchased electricity is a relatively straightforward calculation. In fact, it’s basically just a unit conversion:

Energy (KWH) x Emissions Factor (gC02e/KWH) = Carbon emissions (gC02e)

The key to accurate results is the emissions factors. Emissions factors are essentially measurements of the amount of GHGs emitted from a specific power supplier (e.g. power plant X in San Francisco) per unit of energy created. For our purposes, GHGs are those defined in the 1992 Kyoto Protocol (carbon dioxide, methane, nitrous oxide, hydrofluorocarbons, perfluorocarbons, and sulphur hexafluoride). To help ease reporting, the six GHGs are often expressed as a single unit “carbon-dioxide equivalent” or “CO2e”, based on each gas’ Global Warming Potential (GWP). Emission factors from individual power sources are often combined and averaged to create grid average emissions factors for cities, regions, or countries. Per the GHG Protocol, Cloudflare uses emissions factors from the U.S. EPA, U.K. DEFRA, and IEA.

For our annual inventory report, which we are also releasing today, Cloudflare calculates carbon emissions scores for every single data center in our network. Cloudflare multiplies the actual energy used by the equipment by the applicable grid average emissions factors in each of the more than 100 countries where we have equipment.

For our historical calculations, we have data on our actual carbon emissions dating back to 2018, which was our first renewable energy purchase. Prior to 2018, we are combing through all of our purchasing, shipping, energy usage, and colocation agreements to reconstruct how much energy we consumed and when. It’s actually a pretty cool exercise to go back and watch our network grow. Although we do not have a final calculation to share yet, rest assured we will keep everyone posted, particularly as we get to the fun part of starting to work with organizations and companies working on carbon removal efforts.

Where we are going next

Although we’re proud of the steps we’re taking as a company with renewable energy and carbon emissions, we’re just getting started.

Cloudflare is also exploring new products and ideas that can help leverage the power of one of the world’s largest networks to drive better climate outcomes for our customers and for the Internet. To see a really cool example, check out our colleagues blog post from earlier today, on Green Compute on Cloudflare Workers, which is helping Cloudflare’s intelligent edge route some additional workloads to renewable energy facilities, or our Carbon Impact Reports, which are helping our customers optimize their carbon footprint.

Cloudflare and Human Rights: Joining the Global Network Initiative (GNI)

2020-08-26 Patrick Day

Post Syndicated from Patrick Day original https://blog.cloudflare.com/cloudflare-and-human-rights-joining-the-global-network-initiative-gni/

Cloudflare and Human Rights: Joining the Global Network Initiative (GNI)

Consistent with our mission to help build a better Internet, Cloudflare has long recognized the importance of conducting our business in a way that respects the rights of Internet users around the world. We provide free services to important voices online – from human rights activists to independent journalists to the entities that help maintain our democracies – who would otherwise be vulnerable to cyberattack. We work hard to develop internal mechanisms and build products that empower user privacy. And we believe that being transparent about the types of requests we receive from government entities and how we respond is critical to maintaining customer trust.

As Cloudflare continues to expand our global network, we think there is more we can do to formalize our commitment to help respect human rights online. To that end, we are excited to announce that we have joined the Global Network Initiative (GNI), one of the world’s leading human rights organizations in the information and communications Technology (ICT) sector, as observers.

Business + Human Rights

Understanding Cloudflare’s new partnership with GNI requires some additional background on how human rights concepts apply to businesses.

In 1945, following the end of World War II, 850 delegates representing forty-six nations gathered in San Francisco to create an international organization dedicated to preserving peace and helping to build a better world. In drafting the eventual United Nations (UN) Charter, the delegates included seven mentions of the need for a set of formal, universal rights that would provide basic protections for all people, everywhere.

Although human rights have traditionally been the purview of nation-states, in 2005 the UN Secretary-General appointed Harvard Professor John Ruggie as the first Special Representative for Business and Human Rights. Ruggie was tasked with determining whether businesses, particularly multinational corporations operating in many jurisdictions, ought to have their own unique obligations under international human rights law.

In 2008, Ruggie proposed the “Protect, Respect and Remedy” framework on business and human rights to the UN Human Rights Council. He argued that while states have an obligation to protect human rights, businesses have a responsibility to respect human rights. Essentially, businesses should act with due diligence in all of their operations to avoid infringing on the rights of others, and remedy any harms that do occur. Moreover, businesses’ responsibilities exist independent of any state’s ability or willingness to meet their own human rights obligations.

Ruggie’s framework was later incorporated into the UN Guiding Principles on Business and Human Rights, which was unanimously endorsed by the UN Human Rights Council in 2011.

Cloudflare + Human Rights

With Cloudflare’s network now operating in more than 100 countries, with more than a billion unique IP addresses passing through Cloudflare’s network every day, we believe we have a significant responsibility to respect, and a tremendous potential to promote, human rights.

For example, privacy is a protected human right under Article 17 of the International Covenant on Civil and Political Rights, which means that the law enforcement and other government orders we periodically receive to access customer’s personal information affect the human rights of our customers and users. Twice a year, we publish a Transparency Report that describes exactly how many orders, subpoenas, and warrants we receive, how we respond, and how many customers or domains are affected.

In responding to law enforcement requests for subscriber information, Cloudflare has relied on three principles: due process, respect for our customer’s privacy, and notice for those affected. As we say often, Cloudflare’s intent is to follow the law, and not to make law enforcement’s job any harder, or easier.

However, as Cloudflare expands internationally, relying on due process and transparency alone may not always be sufficient. For one thing, those kinds of protections are dependent on good-faith implementation of legal processes like rule of law and judicial oversight. They also require a government and legal system that carries some political legitimacy, like those established through democratic processes.

To improve the consistency of how we work with governments around the world, Cloudflare will be incorporating human rights training and due diligence tools like human rights impact assessments into our decision-making processes throughout our company.

We recognize that as a private company there are limits to what Cloudflare can or should do as we operate around the world. But we are committed to more formally documenting our efforts to respect human rights under the UN Guiding Principles on Business and Human Rights, and we’ve partnered with GNI to help us get there.

Cloudflare and Human Rights: Joining the Global Network Initiative (GNI)

Who is GNI?

GNI is a non-profit organization launched in 2008. GNI members include ICT companies, civil society organizations (including human rights and press freedom groups), academic experts, and investors from around the world. Its mission is to protect and advance freedom of expression and privacy rights in the ICT sector by setting a global standard for responsible decision making and serving as a multistakeholder voice in the face of government restrictions and demands.

GNI provides companies with concrete guidance on how to implement the GNI Principles, which are based on international human rights law and standards, and are informed by the United Nations Guiding Principles on Business and Human Rights.

When companies join GNI, they agree to have their implementation of the GNI Principles assessed independently by participating in GNI’s assessment process. The assessment is made up of a review of relevant internal systems, policies and procedures for implementing the Principles and an examination of specific cases or examples that show how the company is implementing them in practice.

What’s Next?

Cloudflare will serve in observer status in GNI for the next year while we work with GNI’s staff to implement and document formal human rights practices and training throughout our company. Cloudflare will undergo its first independent assessment after becoming full GNI members.

It’s an exciting step for us as a company. But, we also think there is more Cloudflare can do to help build a better, more sustainable Internet. As we say often, we are just getting started.