Since we’ve been discussing CDN business models over the last week, it’s time to turn our attention to CloudFlare. CloudFlare is doing well, and staying active in the community. Not only have they recently beefed up announcements in the press, they are buying companies. After much consideration, I decided to break the CDNs into five tiers that represent 1) DDoS and WAF capabilities and 2) Target Market for those services. The tiers are not rankings, but just visualizations. Tier1: Akamai is the leader in CDN Security, and their products are being used by the Fortune 500, large enterprises, highly ranked Alexa websites, banks, governments, and companies with deep pockets. Tier 2: Incapsula operates in another tier, catering to the mid-market, Alexa ranked websites, governments and e-commerce.
Tier 3: CloudFlare caters to the SMB market, Alexa ranked websites, CMS customers, and companies with tighter budgets. Tier 4: Although we don’t recognize Yottaa as a CyberSecurity CDN yet, we do give them credit for their WAF product, and basic DDoS Mitigation Services at Layer3 and 4. Tier 5: Then we have the rest of the CDNs. Presently, these CDNs do not offer a WAF and comprehensive DDoS Mitigation Service. However, in 12-16 months that will change, and all CDNs will offer WAF and DDoS protection, either by building it in-house, or by using a security appliance with WAF functionality. When this happens, CloudFlare will be in the hot seat, because all CDNs will offer what CloudFlare does, thus, there won’t be any differentiation. The only way CloudFlare can counter this trend is to make a strategic acquisition, by buying a company that goes deep into security services. What kind of security company are we talking about? DLP, SIEM, endpoint security, networks security, mobile security, or something along those lines.