On May 30th I wrote about PCI Compliant CDNs, and CloudFlare wasn’t on the list. Low and behold, a week later, CloudFlare announces they are now Level 1 PCI Compliant. Is that coincidence? Nah, I’m just on a roll 🙂 What does mean for CloudFlare customers and prospects? It means a lot, in that CloudFlare has taken a chunk of its CDN, and created a specially designated CDN dedicated to serving secured content. In another words, there is no mixing and matching of secured and non-secured content.
Qualys and OWASP SSL best practices states that it’s in the best interest to all parties involved to separate secure and non-secure content. Adding PCI Compliance on top of that, just makes it that much better, especially for ecommerce customers. What’s next for CloudFlare? I predict CloudFlare is going to announce some sort of DDoS Scrubbing Solution similar to Prolexic, Defense.net and Incapsula this month or next. CloudFlare has a DDoS solution in place, but it’s not a Prolexic or Incapsula type solution. Honestly, I don’t know what’s taking CloudFlare so long, they should have rolled it out last month.