Cloudflare Adds New Security and Streaming Services

As the company turns seven, unmetered DDoS, Geo Key Manager, Stream and Warp services debut.

Cloudflare Warp

Seven years ago, Cloudflare debuted with the goal of improving security and web content delivery. As part of the company's seventh birthday, Cloudflare announced a series of new product and service innovations, including unmetered distributed denial-of-service (DDoS) protection, geographic SSL/TLS key storage and the Warp origin masking service.

Over the course of the last seven years, Cloudflare has grown its customer base to more than 7 million from just a few hundred when the company began.

"The biggest change has been scale," John Graham-Cumming, CTO of Cloudflare, told eWEEK. "We've gone from a tiny company to one handling around 10 percent of all HTTP requests on the web."

Among the enhancements that Cloudflare announced as part of its seventh birthday is a gift of sorts to its customers. Rather than having a surge-based pricing model for DDoS protection that increases the cost based on the size of an attack, Cloudflare is now providing unmetered DDoS protection.

With the new approach, Cloudflare will not penalize its customers that are attacked by charging them more.

The company doesn't expect the change in DDoS pricing to impact its bottom line. "We are adept at handling DDoS already, and this will not have a significant cost for Cloudflare," Graham-Cumming said. "We already handle a new DDoS every three minutes."

Another new Cloudflare service is Geo Key Manager, which provides customers with the ability to choose where Secure Sockets Layer/Transport Layer Security (SSL/TLS) keys are stored. Some organizations are concerned about key placement, and with the new service Cloudflare is now providing a service to keep keys in a single geography.

Cloudflare is now also adding the new Stream video streaming service as it aims to provide advanced video content delivery to its customers. The Stream service is not the result of new hardware deployment at Cloudflare but rather is about making use of existing capacity to help optimize video delivery.

"We have ample capacity across our network to add this service as we follow the night around the world and use spare CPU and network capacity in locations where people are sleeping," Graham-Cumming said.

Warp

With a content delivery network (CDN), the origin location of a given application is something that many organizations want to keep hidden to help provide better security. Typically, the way that origin is masked with a CDN is via some form of tunnel or virtual private network (VPN) approach. With the new Warp service, Cloudflare is introducing its take on how to deploy applications with origin masked and lockdown built-in. Graham-Cumming explained that a small agent is installed by the customer near the origin server or in a container to enable Warp. The Warp service is based on the HTTP/2 protocol, with minor modifications to fit the Cloudflare network.

As opposed to using a VPN approach for masking origin, Graham-Cumming said Warp is about ease of deployment.

"The big difference is not about efficiency of the connection; it's about the ease of setting this up," Graham-Cumming said. "It automatically performs all configuration and load balancing setups, and it's a breeze to use in a traditional data center or with something like Kubernetes."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.