Over 10,000 new customers sign up for Cloudflare’s services daily. The tech start-up was founded in just 2010 and today serves more web traffic than Twitter, Amazon, Apple, Instagram, Bing, & Wikipedia combined from over 151 data centers worldwide. Each week, the average Internet user interacts with Cloudflare over 500 times. Nearly 10% of all requests for web pages go through its servers, which rapidly speeds the delivery of content. Its main role is still protection, providing a shield against DDoS attacks and offering a wide variety of other security functions.
The company has over 7 million customers from individual website owners who don’t pay for basic security services to Fortune 50 companies that guarantee 24 hour support by paying up to a million dollars a year for Cloudflare’s services.
So, how did an eight-year-old startup find itself in the position of taking on the established tech giants like Cisco, AWS and Akamai?
Cloudflare is not your typical CDN, or high tech company for that matter. And Matthew Prince, the eccentric billionaire, is not your typical CEO. If this were a movie, he would be more of a Bruce Wayne type than an Oliver Queens.
Who or what is Cloudflare exactly? That’s a hard question to answer as they don’t even always know who they are. If you follow Matthew Prince’s speeches over the years, the story as to what they do or what they offer continually changes. In fact, there is nothing wrong with that, as they are simply adapting to a constantly changing world.
Cloudflare is what you get when once separate legacy technology sectors and industries that have yet to exist collide. Cloudflare happens to be present at the right time and place, as the Fourth Industrial Revolution downs upon us.
The Early Days
Cloudflare traces its origins back to 2004 when co-founders Matthew Prince and Lee Holloway set out to answer the question, “Where does email spam come from?” They went on to build a system they called Project Honey Pot, which was a DIY tracking system that enabled anyone with a website to monitor how spammers were harvesting email addresses. It quickly became a success and thousands of websites from almost 200 countries signed up to participate.
In 2009, Matthew took a sabbatical in order to get his MBA from Harvard Business School. Michelle Zatyln, now Cloudflare’s Chief Operating Officer, was also studying there; the two became friends and one day began discussing Project Honey Pot. Michelle suggested that Matthew’s company not only offer ways to track spammers and other Internet threats, but also ways to stop them. He agreed and they began to work on a business plan to expand the company, deciding to rename it Cloudflare and finishing 2009 by closing its Series A financing, attracting substantial support from VCs at Pelion Venture Partners and Venrock.
In September 2010, the ten-employee strong company launched at TechCrunch, as planned, offering website security, website acceleration and site optimization.
In 2015, the company secured a $110 million round of private financing, spearheaded by Fidelity, and garnering support from numerous tech giants, including Google, Baidu and Microsoft. This bought its fundraising total to over $180 million and perhaps as importantly, demonstrated its growing strength to the world.
Cloudflare has gone on to launch dozens of products and hundreds of features, making it now one of the U.S.’ biggest and most innovative CDNs. By offering services that in the past were only available for the biggest Internet companies in the world to anyone online (its simplest plans still start free), Cloudflare is now the market share leader.
Cloudflare’s Product Offerings
“We make the Internet work the way it should.” No wonder Cloudflare describes its mission so broadly. The company, which describes itself as a next generation CDN already offers CDN, DNS, DDoS protection, other Internet security products and more. It regularly adds new products and features, and continues to be a hugely disruptive force because of its continued innovations.
Spectrum
Two months ago, Cloudflare added a new enterprise service it calls Spectrum, which extends the defenses it already offers to Internet services like websites and web applications to anything else a corporate customer might be running that is connected to the Internet, but is not part of the web – from email to IoT devices to gaming servers.
Cloudflare can customize Spectrum to add tailored VPNs or other connection channels, or help establish physical, fiber-topic links with clients to manage their defense.
At the time of launch, Wired described Prince’s approach as “finding a Band-Aid for legacy vulnerabilities that likely aren’t going to be solved another way”. Founder Matthew Prince has himself described his defining question as, “How could you go in and upgrade the parts of the Internet that, if we had the opportunity to do it again, we would have done it differently?”
Several of Cloudflare’s rivals, such as Akamai, Prolexic and CenturyLink, are already offering similar services to Spectrum that tend to offer more robust DDoS protection; and some have speculated that Cloudflare’s offering is best suited to small and medium-sized businesses only. However, the fact that Cloudflare is able to offer this kind of workaround solution is in itself worthwhile for organizations that are too big to completely upgrade their systems.
Other Recent Features Include:
Argo Smart Routing – When Cloudflare introduced Argo last May, it described it as a “virtual backbone” for the modern Internet, which “analyzes and optimizes routing decisions across the global Internet in real-time”. With its launch, Cloudflare released impressive figures for its 50,000 beta users: an average 35% reduction in latency, a 27% decrease in connection errors, and a 60% drop in cache misses, as well as improved reliability and less expensive bandwidth bills.
Latency and packet loss are directly related to BGP, the decades-old routing protocol that is typically still used to make routing decisions. These decisions don’t consider important network conditions, including congestion, peak use times, packet loss, and other significant metrics. BGP’s algorithm instead deploys a single metric–distance based on imperfect approximations.
Argo, by contrast, utilizes real-time information on the actual speed of network paths. It collects information about latency and packet loss from each request that passes through Cloudflare’s network (currently 10% of all HTTP/HTTPS Internet traffic), and Argo’s smart routing algorithm then draws on this information to route traffic across the fastest available paths and ensure open, secure connections that cut down latency imposed by connection setup. As the Argo caching technology uses Cloudflare’s own data centers to send out content, requests to servers are minimized and costs are kept low.
Cloudflare Workers is a new service that allows its customers to run JavaScript at the edge of its cloud. The company describes it as an “industry-first solution” that “makes Cloudflare the leader in edge computing”. The service is built on Google’s V8 JavaScript engine, and in reality is more of an intermediary between central cloud processing and local execution.
Workers was originally launched in beta mode in September 2017 and at that time, was envisaged for website operators using the service for code that was needed in certain locations operable only by Cloudflare’s own employees. However, the company made the service available for all users in March 2018, giving developers the option of deploying their code close to their customers.
“Prior to today, the only way to write code that ran at the edge of Cloudflare’s network was to be a Cloudflare employee. Cloudflare Workers opens the scale of our global network to any developer,” explained Matthew Prince in a press release. “By bridging the front-end and back-end with a third place to develop code, we’re excited Cloudflare Workers will empower a new class of applications that were previously impossible. I can’t wait to see what developers build.”
Cloudflare Stream was launched in September 2017 as a video streaming service that combines encoding, global delivery and a media player into a single package. The idea is to offer a simplified, more direct hosting and streaming service than is currently available. Pricing is also simplified. Instead of charging by variables as is the norm, Cloudflare charges for the amount of time that people consume the video itself and offers a single price for each step of the video streaming chain. Its target customers are websites and apps that want to build businesses, which host and stream video – similar to YouTube or Vimeo.
Following its launch, however, Cloudflare was sued by Swarmify, a startup that specializes in solving video buffering issues and streaming failures. Swarmify alleges that Cloudfare Stream contains trade secrets, IP, and proprietary techniques that were disclosed under NDA to Cloudflare during discussions the two companies had around acquisition and partnership opportunities over 2016 and 2017. Swarmify’s lawsuit called for a preliminary and permanent injunction to stop continued use of its technology.
The lawsuit is still pending in the U.S. District Court for the Northern District of California; however, in February 2018, the court denied Swarmify’s motion for a preliminary injunction. The court said that Swarmify’s trade secrets disclosure was overbroad and “ever-shifting”, adding it was a “blatant abuse of the system”. The final result of the case remains to be seen.
Cloudflare & Controversy
Cloudflare is no stranger to controversy. In March 2017, Keegan Hankes, an analyst at the Southern Poverty Law Center, wrote a blog post denouncing Cloudflare for “optimizing the content of at least 48 hate websites”. Among them was The Daily Stormer, an anti-Semitic Neo Nazi online publication founded in 2013 by a white supremacist called Andrew Anglin. Without the protection of Cloudflare (or an equivalent DDoS service), The Daily Stormer and other sites like it would likely have fallen victim to hactivists intent on taking down white supremacist propaganda online.
In August 2017, in an unexpected move, Cloudflare said it was terminating The Daily Stormer’s account (along with GoDaddy and Google). Until then, Prince had prided himself on the company’s unwavering commitment to free speech even though it has been widely criticized for many years for allegedly harbouring copyright violators, sex workers, ISIS, and various others.
In an interview with Bloomberg, Prince said that The Daily Stormer provided “the exception that proved we needed to rethink a lot of the rules”. He admitted that he was forced to take steps after learning that The Daily Stormer was harassing people who were submitting abuse reports through Cloudflare’s platform; the final straw came when The Daily Stormer bragged on its bulletin boards that Cloudflare’s senior leadership sympathized with its extremist views.
Despite kicking The Daily Stormer off its network, Price continues to believe that tech companies like his own that provide the infrastructure layer of the Internet should be neutral. He decided against his principles of defending the need for free speech in cutting off The Daily Stormer, but at the same time, thought that he could perhaps, “kick them off, and then talk about why that’s so dangerous. Maybe that can change the conversation”.
Pirate Bay Goes Down
Another controversial customer, Pirate Bay, “the galaxy’s most resilient BitTorrent site”, has recently been experiencing downtime issues. Last week, it was down for 48 hours. The 502 Cloudflare error message stated that a “bad gateway” was responsible for the downtime. Pirate Bay has already experienced several previous server outages this year; the same error message has appeared each time. This time it was down for longer than usual; the torrent site is normally back up and running within a few hours.
Several million people have also been blocked from accessing the popular torrent portal this year. In May, following a high court order in Singapore, several major ISPs blocked dozens of torrent and streaming sites, including Pirate Bay. The MPAA accused the sites of copyright infringement. Pirate Bay recently experienced a similar blow in its native Sweden with another ISP issuing a block on the torrent portal last month.
When is Big too Big?
Prince has made it clear that consolidation is a key aspect of Cloudflare’s primary goals. “Our business model is simple,” he says. “We’re always just trying to figure out how we can get more things to connect to our network.”
Robert Graham, CEO of cybersecurity firm Errata Security, has publicly questioned the amount of responsibility Cloudflare and its competitors have managed to assume… the bigger they become and the more systems they optimize and defend, the more they represent a single point of failure for the Internet. “While we should cheer on CloudFlare improving the internet on one hand, we should boo them for consolidating the internet”, said Graham.
What’s Next?
Matthew Prince prides himself on spending around a third of his time at the company on recruitment. He makes it a point to talk to every employee before they are hired at Cloudflare so that if they want to open a conversation with the CEO, they feel able to do so. Recruiting the top people is clearly a top priority for both Prince and Zatlyn in order to create “an environment and a culture where no matter who you are, you can feel comfortable”. They believe that the most innovative companies are those with the best talent drawn from the broadest possible pool. What will they do next? We don’t yet know, but we can be sure that they are already planning on the next disruption.