“Endpoint security protects each endpoint on the network from potential threats, and network segmentation isolates different parts of the network to prevent the spread of security threats.”
Welcome to our Interview Series. Please tell us about your journey and how you arrived at Cloudflare?
Starting from the early days of my tech journey, I was drawn to the complexity and vastness of the Internet. My first hands-on experience came from obtaining an Internet shell account at the University of Texas at San Antonio, which instantaneously became a passion. To fill the void of quality Internet options in my hometown of San Antonio, I soon co-founded an Internet Service Provider (ISP). This venture significantly bolstered my skills and network, introducing me to future founders of Rackspace. I joined their team in 2000 and eventually rose to the position of the company’s first CTO, making substantial contributions to its growth and prosperity. It was during my tenure at Rackspace that I first became acquainted with Cloudflare, a then-emerging startup from Silicon Valley.
Post-Rackspace, my professional journey led me to NTT, the global telecommunications giant. There, I had the opportunity to work on global SD-WAN deployments for some of the world’s largest companies. This experience gave me insights into the emerging software-defined networking technologies and the importance of security devices in a cloud-hosted model. Post-pandemic, these experiences and my early fascination with the Internet led me to join Cloudflare in late 2021 as the leader of the Field CTO team.
At Cloudflare, our mission resonates with my own passion – to help build a better Internet for everyone. Having witnessed the transformative power of technologies like the cloud, mobile, IoT, software-as-a-service, and the Internet itself, I am eager to help companies as they navigate the ever-evolving tech landscape. This involves understanding and addressing the immense challenges they face in securing their services, maintaining data privacy, adhering to international compliance regulations, and delivering fast, reliable services to a global customer base. I believe Cloudflare’s global network is uniquely positioned to provide the fastest and most reliable application performance and cybersecurity service to protect against cyber threats and DDoS attacks. Coupled with Zero Trust and SASE services, email phishing protection, and Cloudflare Workers and R2, our serverless edge computing and storage platforms, Cloudflare is well-equipped to support businesses of all sizes on their digital transformation journey.And as we continue to expand our offerings and embrace technologies like machine learning and generative AI, I am extremely excited about the role we’ll play in shaping the future of Internet connectivity and cybersecurity.
Read More: CIO Influence Interview with Russ Ernst, Chief Technology Officer at Blancco
Information security and data protection policies are finally finding more voice in the overall IT industry. Could you please tell us about Cloudflare’s role in making these more prominent in the recent months?
With the cybersecurity landscape in a constant state of flux, marked by new threats and evolving tactics, the importance of information security and data protection has never been more pronounced. High-profile ransomware, DDoS attacks, and even a concurrent cyber war amid the kinetic war in Ukraine, where Cloudflare has been instrumental in defending frontline organizations digitally, exemplify the magnitude of cyber threats we face today.
At the forefront of this shift is Cloudflare, innovating through advanced application performance and security solutions. A testament to the capabilities of the Cloudflare network is our recent blocking of the largest reported DDoS attack at 71M requests per second, demonstrating our continual investment in infrastructure and technology to reinforce our customers’ security posture.
However, Cloudflare’s impact extends far beyond providing robust security products. We’re a driving force in shaping a safer cyberspace, emphasizing the importance of information security and data protection through our frequent contributions to global cybersecurity forums, our research sharing to raise awareness, and our involvement in policy dialogues to shape regulations and standards.
We’ve been staunch advocates for things like securing BGP with RPKI to bolster Internet reliability, enabling DNS over HTTPS (DoH) protocol for user privacy protection, and actively endorsing the development of industry standards like QUIC and HTTP/3 that balance performance with security. In preparation for the forthcoming era of quantum computing, we’ve introduced post-quantum encryption tools, and we’re integrating machine learning and AI to support companies in harnessing these technologies securely while defending against their potential misuse by cyber attackers.
In essence, Cloudflare is not just responding to the shifting threat landscape but actively shaping a safer, more secure, more reliable, and private Internet, setting the standard for what businesses should anticipate from their tech partners. Hopefully we’re living up to our mission of helping build a better Internet for everyone.
With Shadow IT taking its toll on the CIOs and CISOs cloud security policies, how does Cloudflare mitigate these challenges for its customers?
Shadow IT refers to the unauthorized use of technology within an organization, which might include the use of software, hardware, or services without the approval or knowledge of the IT department. This can occur when employees find the official IT services to be slow, inflexible, or not innovative enough to meet their needs, leading them to turn to alternative solutions. While this can potentially offer short-term benefits in terms of productivity or convenience, it can also bypass established processes and protocols designed to maintain security and compliance standards.
Shadow IT presents significant challenges. It poses a security risk as unauthorized software and hardware aren’t subject to standard security measures, potentially creating exploitable vulnerabilities. It can also lead to compliance breaches, particularly if the organization is subject to data handling and storage regulations. Furthermore, Shadow IT can result in inefficiencies and increased costs due to the potential for duplication of tools and services, and the IT department’s lack of knowledge about these systems can cause issues in troubleshooting, potentially leading to downtime and productivity loss.
The cloud-based delivery model of Cloudflare’s application performance and zero trust security services radically simplifies the rollout and management process for IT and security teams compared to traditional on-premise or hardware-based solutions. This ease of use advantage directly counters the effects of Shadow IT, as it reduces the burden on these teams. With more time and resources at their disposal, they can better respond to requests from employees and the business, thereby preventing the need for unsanctioned IT solutions.
Additionally, Cloudflare can mitigate the challenges associated with Shadow IT by providing a range of technical solutions. These include the Shadow IT Discovery tool which is part of their zero trust SASE suite, Cloudflare One. This tool provides visibility into the SaaS applications and private network origins that end users are visiting. This information is then used to create identity and device-driven Zero Trust policies to secure users and data.
Cloudflare also suggests leveraging its Cloud Access Security Broker (CASB) to enhance the protection of cloud-hosted applications and services. Acting as a security gatekeeper, Cloudflare’s CASB allows organizations to extend their security protocols beyond their immediate infrastructure. Cloudflare’s CASB provides robust visibility and control over SaaS applications, thereby preventing potential data leaks and compliance violations. By implementing Zero Trust security with CASB, it aids in blocking insider threats, Shadow IT, dangerous data sharing practices, and malicious entities.
What are your thoughts about building a zero-trust ecosystem?
Zero Trust is an essential strategy in cybersecurity. However, it’s not a single product, but rather a combination of multiple technologies that create a Zero Trust environment, or ‘ecosystem’.
Building this Zero Trust ecosystem can be a difficult task. It often needs major adjustments to the existing security structures, thorough training for employees, and a significant financial investment. It’s a comprehensive process that includes the use of multiple technologies such as multi-factor authentication (MFA), encryption, identity and access management, endpoint security, and network segmentation. Implementing a Zero Trust approach requires numerous technical capabilities that can be provided by various cybersecurity tools from different vendors or from a single vendor SASE platform.
I strongly feel that companies should move towards Zero Trust security if they haven’t done so. If they are facing challenges, they need strong leadership to overcome the hurdles. In a blog post I wrote, I argued for the appointment of a ‘Chief Zero Trust Officer’ — a leader dedicated to steering the organization towards Zero Trust security. In my view, it’s extremely important for organizations to take this step.
Could you please tell us more about the Zero trust ecosystem, the key players and the kind of resources it might consume when you think of such a concept?
The elements of the zero trust Secure Access Service Edge (SASE) ecosystem are designed to ensure comprehensive security coverage from endpoint to data center. At the core is Zero Trust Network Access (ZTNA), which takes the position that no user, device, or system should be trusted by default, whether it exists inside or outside the network. The principle of “never trust, always verify” is central to ZTNA, and it is supported by other critical elements such as Secure Web Gateway (SWG) which enforces firm security policies on all w**********, and Identity and Access Management (IAM) which manages digital identities and their access rights.
Multi-Factor Authentication (MFA) introduces an additional layer of security by requiring more than one form of verification to prove user identity. Data encryption guarantees that even if a security breach occurs, the intercepted data remains unreadable. Endpoint security protects each endpoint on the network from potential threats, and network segmentation isolates different parts of the network to prevent the spread of security threats. Remote browser isolation provides a protective buffer to prevent any potentially harmful content from reaching the user’s device. Lastly, email phishing protection is essential given the high frequency of phishing attacks.
For Zero Trust security, my recommendation is to use a single-vendor SASE platform. This type of platform streamlines integration, making your security infrastructure more cohesive and easier to manage. An excellent example of this is Cloudflare One, Cloudflare’s own SASE platform. Cloudflare One brings a consolidated approach to Zero Trust security. Cloudflare One dramatically simplifies the management compared to leveraging various systems from multiple vendors, which typically have differing functionalities and separate management interfaces.
What sets a single-vendor platform apart is the unified visibility and control it provides over the entire security landscape. This unified approach enables faster detection and response to threats. Furthermore, a single-vendor platform, like Cloudflare One, can be more cost-effective. It removes the need for multiple licenses and support contracts, making your security management both simpler and more cost-efficient.
Read More: CIO Influence Interview with Lior Yaari, CEO and Co-Founder at Grip Security
What makes modern organizations so vulnerable? Is it the way Cloud and APIs are deployed at time of modernization or deployments?
There are several factors that make modern organizations vulnerable to security threats, and indeed, the deployment of cloud services and APIs can contribute to this vulnerability if not properly managed. The rapid pace of digital transformation often involves transitioning services and data storage to cloud environments, and if not carried out securely, this shift can lead to risks such as data leaks and unauthorized access due to the shared nature of these resources. Similarly, APIs, which are integral to the interaction between various software components, can be exploited if they lack robust security measures, like strong authentication protocols, rate limiting, and encrypted data transfers.
The growing complexity and breadth of digital infrastructures, alongside the movement of more services to the cloud, often results in a lack of comprehensive visibility into organizations’ IT environments, making threat detection and response more challenging. The vulnerability of modern organizations is also exacerbated by inadequate employee training in security best practices and the persistence of outdated security measures ill-suited to contemporary threats. While the adoption of modern technologies like cloud services and APIs can yield substantial benefits, it’s important for organizations to embed security considerations into the planning stages of their cloud deployment and operational strategies.
You were recently added to the 2023 Gartner Magic Quadrant for Security Service Edge (SSE). Please tell us the recent developments related to SSE that led to this recognition?
The Cloudflare One platform is designed to bolster security for hybrid work scenarios, effectively managing cyber risks, enhancing tech efficiency, and boosting team productivity. The recent acknowledgement of Cloudflare in the 2023 Gartner Magic Quadrant for Security Service Edge (SSE) is a significant honor for us. Of the 10 companies named to this year’s Gartner Magic Quadrant report, Cloudflare is the only new vendor addition. This recognition symbolizes our unwavering commitment to delivering top-tier security solutions for organizations of varying sizes.
Earning a place in the Gartner Magic Quadrant, despite being a relative newcomer in the SSE field, underscores the value of our dedicated efforts to consistently improve our Internet-native Zero Trust platform. Our inclusion in the prestigious quadrant acknowledges both our ability to execute and the completeness of our vision.
The recognition by Gartner is largely due to several substantial enhancements we’ve implemented in our Zero Trust platform. We’re confident that our strong track record of rapid innovation will allow us to navigate the complexities of this dynamic security market, thereby aiding our customers in hastening their digital maturity. Please be assured, this milestone is only the commencement of our ambitious journey to transform the security landscape.
DDoS and hyper-volumetric attacks are impacting big businesses. What were your findings from your report on DDoS threat attacks looming in 2023?
The recent report revealed several alarming trends in DDoS and hyper-volumetric attacks for 2023. High-profile hacktivist groups like Killnet and Anonymous Sudan have launched numerous campaigns targeting various sectors in the West, including banking, healthcare, and academia. While these campaigns were not particularly groundbreaking, they did underline the persistent threat posed by DDoS attacks and the importance of robust, proactive cyber defenses.
An even more significant development was the rise of hyper-volumetric attacks. These are exceptionally large DDoS attacks that outstrip the defensive capabilities of many networks. The largest observed attack peaked at an astounding 71 million requests per second, shattering Google’s previous record. These attacks are not isolated incidents; they form part of a broader trend of escalating cyber aggression. For instance, a South American Telecommunications provider faced a series of terabit-strong attacks, with the most severe attack reaching a peak of 1.3 terabits per second. Cloudflare was able to successfully mitigate these attacks, emphasizing the critical role of sophisticated cybersecurity measures in defending against this growing threat.
This escalation in the scale of DDoS attacks has been made possible by a shift in the composition of botnets. Botnets, which are networks of compromised devices used to conduct DDoS attacks, have traditionally consisted of Internet of Things (IoT) devices. However, a new generation of botnets composed of Virtual Private Servers (VPS) has emerged, capable of delivering far more substantial attack volumes. These VPS-based botnets can be 5,000 times stronger than their IoT counterparts, highlighting the extent of the challenge posed by this new threat.
Another alarming finding is the rise in ransom DDoS attacks. These are DDoS attacks conducted to extort ransom payments from the targeted organization. Our survey of Cloudflare customers revealed that 16% had received a ransom note in connection with a DDoS attack, a figure that has been rising steadily over time. January and March 2023 were particularly active months for ransom DDoS attacks, reinforcing the need for vigilance and effective countermeasures.
Your prediction on the role of Artificial Intelligence and Robotic Automation in validating end-to-end IT security policies and its monitoring of threats in real-time:
While AI has the potential to improve business operations across industries, it also opens up new avenues for cyber threats. The advanced capabilities of AI could enable cybercriminals to conduct more sophisticated and damaging attacks, from creating convincingly deceptive phishing emails to identifying and exploiting system vulnerabilities. The use of AI in cybersecurity, however, offers a powerful defense. It won’t be a silver bullet but AI will play an important role in cybersecurity. AI tools can help organizations monitor and respond to threats more effectively, potentially preventing breaches before they occur. For example, AI can analyze patterns in network activity to identify anomalies that may indicate a cyberattack. Additionally, AI can automate routine tasks, freeing up cybersecurity professionals to focus on more complex issues. By embracing AI and investing in appropriate safeguards, organizations can enhance their cybersecurity capabilities and better protect their data and systems. The key will be to balance the benefits of AI with the potential risks, ensuring that AI is used responsibly and ethically to support cybersecurity objectives.
Read More: CIO Influence Interview with Antoine Jebara, Co-Founder and GM, MSP Products at JumpCloud
A message to every CIO and CISO when it comes to understanding and preparing with DDoS Threat intelligence landscape: [What is the best way to access Cloudflare’s resources on Cloud and data threat intelligence?]
As a CIO or CISO, understanding and preparing for the threat landscape, particularly with regards to DDoS and bot attacks, is crucial. Fortunately, Cloudflare offers a wealth of resources to help you navigate this landscape.
Thank you, John! That was fun and we hope to see you back on cioinfluence.com soon.
[To participate in our interview series, please write to us at sghosh@martechseries.com]
John Engates joined Cloudflare in September of 2021 as Field Chief Technology Officer and is responsible for leading the Field CTO organization globally. Prior to Cloudflare, John was Client CTO at NTT Global Networks and Global CTO at Rackspace Technology, Inc. Earlier in his career, John helped launch one of the first Internet service providers in his hometown of San Antonio, Texas.
John is a graduate of the University of Texas at San Antonio and lives in Texas with his wife and two daughters. He is passionate about technology and enjoys mountain biking, snowboarding, and spending time traveling with his family.
Cloudflare, Inc is on a mission to help build a better Internet. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all traffic routed through its intelligent global network, which gets smarter with each new site added. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was recognized by the World Economic Forum as a Technology Pioneer, named the Most Innovative Network & Internet Technology Company for two years running by the Wall Street Journal, and ranked among the world’s 50 most innovative companies by Fast Company. Headquartered in San Francisco, CA, Cloudflare has offices in San Jose, CA, Austin, TX, Champaign, IL, Boston, MA, Seattle, WA, Washington, DC, London, Paris, Lisbon, Munich, Tokyo, Paris, Sydney, Brussels, and Singapore.
