Tag Archives: Open for Business

Setting up Cloudflare for Teams as a Start-Up Business

Post Syndicated from David Harnett original https://blog.cloudflare.com/setting-up-cloudflare-for-teams-as-a-start-up-business/

Setting up Cloudflare for Teams as a Start-Up Business

Earlier this year, Cloudflare acquired S2 Systems. We were a start-up in Kirkland, Washington and now we are home to Cloudflare’s Seattle-area office.

Our team developed a new approach to remote browser isolation (RBI), a technology that runs your web browser in a cloud data center, stopping threats on the Internet from executing any code on your machine. The closer we can bring that data center to the user, the faster we can make that experience. Since the acquisition, we have been focused on running our RBI platform in every one of Cloudflare’s data centers in 200 cities around the world.

The RBI solution will join a product suite that we call Cloudflare for Teams, which consists of two products: Access and Gateway.

Those two products solve a number of problems that companies have with securing users, devices, and data. As a start-up, we struggled with a few of these challenges in really painful ways:

  • How do we let prospects securely trial our RBI platform?
  • How do we keep our small office secure without an IT staff?
  • How can we connect to the powerful, but physically clunky and heavy development machines, when we are not in that office?

Dogfooding our own products has long been part of Cloudflare’s identity, and our team has had a chance to do the same from a new perspective.

Managing access to our RBI service for early adopter customers and partners

As we built the first version of our product, we worked closely with early adopters to test the product and gather feedback. However, we were not ready to share the product with the entire world yet, so we needed a way to lock down who could reach the prototype and beta versions.

It took us the best part of six months to build, test and modify (multiple times) the system for managing access to the product.

We chose a complicated solution that took almost as much time to build as did features within the product. We deployed a load balancer that also served as a reverse proxy in front of the RBI host and acted as a bouncer for unauthenticated requests. That sat behind an ASP.NET core server. Furthest to the right sat the most difficult component: identity.

Setting up Cloudflare for Teams as a Start-Up Business

We had to manually add identity providers every time a new customer wanted to test out the service. Our CTO frequently burned hours each day adding customers manually, configuring groups, and trying to balance policies that kept different tenants secure.

From six months to 30 minutes

As we learned more about Cloudflare during the due diligence period, we started to hear more about Cloudflare Access. Like the RBI solution, Access applied Cloudflare’s network to a new type of problem: how do teams keep their users and resources secure without also slowing them down?

When members of the Cloudflare team visited our office in Kirkland, none of them needed a VPN to connect. Their self-managed applications just worked, like any other SaaS app.

We then had a chance to try Access ourselves. After the deal closed, we collaborated with the Cloudflare team on an announcement. This started just hours after the acquisition completed, so we did not have a chance to onboard to Cloudflare’s corporate SSO yet. Instead, the team secured new marketing pages and forms behind Cloudflare Access which prompted us to login with our S2 emails. Again, it just worked.

We immediately began rethinking every hour we had spent building our own authentication platform. The next day, we set up a Cloudflare Access account. We secured our trial platform by building a couple of rules in the Access UI to decide who should be able to reach it.

We sent a note out to the team to try it out. They logged in with our SSO credentials and Cloudflare connected them to the application. No client needed on their side, no multi-level authentication platform on ours.

We shut down all of our demo authentication servers. Now, when we have customers who want to trial the RBI technology, we can add their account to the rules in a couple of minutes. They visit a single hostname, login, and can start connecting to a faster, safer browser.

Protecting our people and devices from Internet threats

When we signed a sublease for our first office location, we found the business card of the building’s Comcast representative taped to the door. We called them and after a week the Comcast Business technicians had a simple network running for us.

We wanted to implement a real network security model for our small office. We tried deploying multiple firewalls, with access controls, and added some tools to secure outbound traffic.

We spent way too much time on it. Every configuration change involved the staff trying to troubleshoot problems. The system wound up blocking things that should not be blocked, and missing things that should be blocked. It reached the point where we just turned off most of it.

Another product in the Cloudflare for Teams platform, Cloudflare Gateway, solved this challenge for us. Rather than 30 minutes, this upgrade took about 10.

Cloudflare Gateway secures users from threats on the Internet by stopping traffic from devices or office networks from reaching malicious destinations. The first feature in the product, DNS-based security, adds threat-blocking into the world’s fastest DNS resolver, Cloudflare’s 1.1.1.1 product.

Setting up Cloudflare for Teams as a Start-Up Business

We created a policy to block security threats, changed our router’s DNS settings, and never had to worry about it again. As needed, we could log back into the UI and review reports that told us about the malicious traffic that Gateway caught.

As I’m writing this post, none of us are working in that office. We’re staying home, but we still can use Gateway’s security model. Gateway now integrates with the 1.1.1.1 app for mobile devices; in a couple of clicks, we can protect iOS and Android phones and tablets with the same level of security. Soon, we’ll be releasing desktop versions to make that easy on every device.

Connecting to dev machines while working from home

Back at the office, we still have a small fleet of high-powered Linux machines. These desktops run 16 cores, 32 threads, and 32GB of DDR memory. We use these to build and test Chromium, but dragging these boxes to each developer’s house would have been a huge hassle.

We still had a physical VPN appliance that we had purchased during our start-up days. We had hired vendors to install it onsite and configure some elaborate syncing with our identity providers. The only thing more difficult than setting it up was using it. With everyone suddenly working from home, I don’t think we would have been able to make it work.

So we returned to Cloudflare Access instead. Working with guidance from Cloudflare’s IT and Security teams, we added a new hostname in the Cloudflare account for the Seattle area office. We then installed the Cloudflare daemon, cloudflared, on the machines in the offices. Those daemons created outbound-only tunnels from the machines to the Cloudflare network, available at a dedicated subdomain for each developer.

On the other side of that connection, each engineer on our team installed cloudflared on their machines at home. They need to make one change to their SSH config file, adding two lines that include a ProxyCommand. The setup requires no other modifications, no special SSH clients or commands. Even the developers who rely on tools like Visual Studio Code’s Remote SSH extension could keep their workflow exactly the same.

The only difference is that, instead of a VPN, when developers start a new SSH session, Access prompts them to login with Cloudflare’s SSO. They do so and are connected to their machine through Cloudflare’s network and smart routing technology.

What’s next?

As a start-up, every hour we spent trying to cobble together tools was an hour we lost building our product but we needed to provide secure access to our product so we made the time investment. The only other option would have been to purchase products that were way outside of the price range for a small start-up where the only office perk was bulk Costco trail mix.

Cloudflare for Teams immediately solved the challenges we had, in a fairly comprehensive way. We now can seamlessly grant prospects permissions to try the product, our office network is safer, and our developers can stay productive at home.

It could be easy to think “I wish we had done this sooner,” and to some extent, I do. However, seeing the before-and-after of our systems has made us more excited about what we’re doing as we bring the remote browser technology into Cloudflare’s network.

The RBI platform is going to benefit from the same advantages of that network that make features in Access and Gateway feel like magic. We’re going to apply everything that Cloudflare has learned securing and improving connections and use it to solve a new customer problem.

Interested in skipping the hard parts about our story and getting started with Cloudflare for Teams? You can use all of the features covered in this blog post today, at no cost through September.

Cloudflare for Teams Free for Small Businesses During Coronavirus Emergency

Post Syndicated from Matthew Prince original https://blog.cloudflare.com/cloudflare-for-teams-free-for-small-businesses-during-coronavirus-emergency/

Cloudflare for Teams Free for Small Businesses During Coronavirus Emergency

Cloudflare for Teams Free for Small Businesses During Coronavirus Emergency

There are a lot of people and businesses worldwide that are currently suffering, so I don’t want to waste any time in getting to the point.

Beginning today, we are making our Cloudflare for Teams products free to small businesses around the world. Teams enables remote workers to operate securely and easily. We will continue this policy for at least the next 6 months. We’re doing this to help ensure that small businesses that implement work from home policies in order to combat the spread of the virus can ensure business continuity. You can learn more and apply at: https://www.cloudflare.com/smallbusiness

We’ve also helped launch an online hub where small businesses can see technology services available to them for free or a substantial discount from multiple companies, during the Coronavirus Emergency: https://openforbusiness.org

To understand more about why we’re doing this, read on.

The IT Strain of WFH

We have a team at Cloudflare carefully monitoring the spread of the SARS-Coronavirus-2, which is responsible for the COVID-19 respiratory disease. Like at many other companies, we have heeded the advice of medical professionals and government agencies and are increasingly allowing employees to work from home in impacted regions in order to hopefully help slow the spread of the disease.

While this is prudent advice to help control the spread of the disease, employees working from home put a different load on a company’s IT resources than if they are working from the office. In-person meetings are instead held online, so you need to ensure your video conferencing systems are up for the task. Critical documents can’t be signed in person, so electronic signature systems need to be in place. There’s an increased importance on online chat and other communication tools.

And, importantly, the systems that ensure online authorized access to these tools can no longer use the physical location of an employee as evidence they are authorized to use a service.

WFH Strains IT Security

We’ve seen some large companies struggle in ways both serious and silly with increased loads on their traditional firewall and VPN infrastructures over the last week.


Large organizations, undoubtedly, can work through these issues by either increasing the number of licenses for their firewalls and VPNs or moving to a more modern, cloud-based solution. What’s been concerning to us is the number of small businesses that don’t have the ability to quickly provision the resources they need to support their employees when they’re not physically in the office.


What We’re Seeing

The story that hit home to me came last week when I heard about a small business who had reached out to us. The company has approximately 100 employees in a region hard-hit by viral infections and thousands of partners who use their platform. They, responsibly, allowed their employees to work from home. Unfortunately, their small office VPN was limited in terms of the number of simultaneous users as well as capacity. Their outsourced IT team said getting a new one up and running would take at least a week. And, at a time when travel bookings were already waning, the owner was legitimately concerned that his business would not survive this crisis.

I happened to be sitting with a group of our sales engineers over lunch last week when I heard this story. They were proud that we’d been able to offer Cloudflare for Teams as a solution to quickly replace the travel agency’s VPN. And that’s great—the owner of the travel agency was thrilled—but it still felt like we should be doing more.

I spent some time digging into recent inquiries for Cloudflare for Teams coming from small businesses and found that the travel agency was hardly alone. Small businesses around the world are struggling to maintain some semblance of business continuity as increasingly their employees aren’t physically coming into the office. While firewalls and VPNs were hardly their only concern, the limitations they imposed were becoming real threats to business continuity.

The Fragility of Small Businesses

Small businesses are the lifeblood of most countries’ economies. In the United States, for instance, small businesses employ half of all non-government employees. They are responsible for the creation of two-thirds of net new jobs. Unfortunately, they are much more vulnerable to even minor interruptions in their operations. Oftentimes their margins are so thin that any significant new expense or reduction in revenue can cause them to fail.

Today Cloudflare makes most of our money selling to large enterprises. But serving small businesses has always been in our DNA. We began as a small business ourselves and spent our early years providing the tools previously available only to the big guys to every individual developer and small business. We wouldn’t be the company we are today if small businesses hadn’t trusted us in our early years.

So while the impact of the Coronavirus is being felt by businesses large and small, I am worried the impact on small businesses could be especially devastating. Small businesses have always been there for us and we want to be there for them during this time of increased strain, therefore today we’re announcing two initiatives:

Free Cloudflare for Teams

First, we are making Cloudflare for Teams available to small businesses worldwide for free for at least the next six months. We will evaluate the situation in six months and make a determination about whether we will extend the length of the free offer.

We are using the US Small Business Administration’s definition of a small business to define what businesses qualify, but the offer is not limited to US companies. The Coronavirus is an issue for small businesses globally and we have an extensive global network that can serve customers worldwide.

To apply, visit: https://www.cloudflare.com/smallbusiness

Our team is standing by and will move quickly evaluating applications.

Moreover, since small businesses often don’t have sophisticated IT teams, Cloudflare team members from all over the world have volunteered to host onboarding sessions to help small businesses get setup quickly and correctly. We’ve worked hard to make Cloudflare for Teams easy for any business to be able to use, but we understand that it can still be intimidating if your expertise isn’t IT. Our team stands ready to help.

The Open for Business Hub

Second, we realize that Cloudflare for Teams solves only one little part of a small business’ challenges as their employees increasingly work from home. They also need communication, video conferencing, collaboration, document management, and other IT resources. We don’t provide them all, but we know the leaders at a lot of companies who do.

Cloudflare for Teams Free for Small Businesses During Coronavirus Emergency

I spent the weekend talking with other companies that I admire and that provide cloud-based solutions that could help solve the challenges many businesses are currently facing. Many shared the same concerns that we had about the fragility of small businesses and wanted to help. Together we are helping launch a hub of resources for small businesses working to ensure business continuity over the months to come: https://openforbusiness.org/

The hub features free and deeply discounted services for small businesses from several technology companies. And I expect more will step up to this challenge over the days to come. To request inclusion, companies can email: [email protected].

We’re In This Together

The news of the spread of the Coronavirus has made it clear it is no longer business as usual for any business worldwide. Every responsible business leader spent the weekend worried about how they’re going to get through the weeks and months ahead: ensuring their employees’ safety, delivering for their customers, and protecting their business. I believe we have a duty to step up where we can to help each other out during times of stress like the one we’re in. Together, we can get through this.