As organisations attempt to carry out broad network transformations , moving to a Zero Trust architecture is a critical initial step . Mohit Bijlani , Head of UK / IRE at Cloudflare , tells Intelligent CISO ’ s Mrigaya Dham about how Cloudflare ’ s approach differs from other vendors and the most significant risks it helps to mitigate .

Zero Trust is widely discussed – what is Cloudflare ’ s understanding of this approach ?

Before discussing Zero Trust , we need to understand how traditional IT security paradigms operate or have operated . With the right traditional IP security models applied – what we recognise as the castle and moat concept – means the network perimeter is considered a relatively safe zone or the ‘ castle ’. Security controls were mainly applied to actors trying to gain access to resources and applications that resided within that network perimeter from the outside . In this case , those who were a part of

Mohit Bijlani , Head of UK / IRE , Cloudflare the organisation within that network perimeter were trusted implicitly and given free rein along with access to almost everything .

In contrast , Zero Trust security architecture implies you should trust no one and nothing implicitly – regardless of where actors are accessing applications or resources from and agnostic of where those resources or applications reside . It is important to understand that this is a common fallacy . People think that Zero Trust is a single product or piece of technology but that is not the case . Instead , it is a framework that comprises several different security principles and technologies with a Zero Trust network access , or zip DNA as it is commonly referred to , being the driving principle . The market invariably uses these two interchangeably .

How does Cloudflare ’ s approach to providing Zero Trust security differ from other vendors in the market ?

Firstly , a vendor landscape is typically two buckets – either vendors such as hardware appliance-based vendors , right point solution vendors , such as makers of VPNs , network firewalls or they could be cloud-based vendors who are essentially replicating the same functionality but , in a software-defined and SAS consumable mode , still points solution vendors .

Cloudflare ’ s approach is different in two ways , one being that we have one of the largest networks in the world to deliver security , with the content and resources being accessed by the users . This network spans 275 cities in over 100 countries , putting us within 50 milliseconds of 95 % of the world ’ s Internet-connected population . So , for context , the blink of an eye is 300- 400 milliseconds , it is quite fast and wide , enabling us to serve millions of customers and mitigate over 124 billion cyberthreats a day .

We have more insight into attack vectors but due to our network ’ s sheer volume and wide reach , we learn from these attack vectors using our artificial engines and Machine Learning engines to make real-time updates to our services . This puts us in a much better position than our peers to protect our customers versus zero-day vulnerabilities . Following that , our vast network reach ensures no latency in terms of security solutions .

Many have used VPN to log into services and we haven ’ t spoken to a single customer that enjoyed using VPN . The same applies to our software-defined

82 www . intelligentciso . com