back to article Cloudflare floats cloud grand unification theory based on zero-trust access and security

Network infrastructure biz Cloudflare this week launched a service called Cloudflare One that combines various identity, access, and security offerings in an effort to make the unruly internet more like a tame corporate network. Cloudflare One, not to be confused with Cloudflare 1.1.1.1, the company's DNS service, combines …

  1. whitepines Silver badge
    Boffin

    Can anyone explain how this "zero trust" concept is supposed to work? From my admittedly comfy work from home chair it seems that one has to trust:

    ...the device hardware / firmware / OS (closed source, hardware vendor controlled)

    ...the service provider and its software (closed source, provider controlled with a smattering of hardware vendor control underneath)

    ...the distribution system for updates to above closed components

    ...governments not to require backdoors in any of the above

    ...all over a public WAN, where any flaw in any of this could compromise the entire network / organization

    Compare to the relatively small, known border of a traditional VPN solution (especially one built on open source software), where there is at least a tiny bit of defense-in-depth, and I see a ton of additional risk flags. In fact something smells distinctly snaky and feels oily about this...

    1. Mike 137 Silver badge

      The concept of trust

      In ancient times (actually until a mere few decades back), trust was something you voluntarily awarded on the basis of your own judgement (and, ideally, exhaustive research). Now however, "trust" is something you're forced to assign to unknown parties and services that it's impossible to research to the standard required to be able to genuinely trust them in the old way. This is not a recent outcome of "cloud" - indeed its seeds were apparent in the US DoD Orange Book of 1983, where trust was assigned on the basis of "clearance" rather than behaviour. What it means though is that there is in reality no way to trust - everything is a leap into the dark. If you want the service you have to blindly accept unknown and unquantifiable consequences.

    2. reGOTCHA

      The future is now, old man

      By network as a service they mean you route ALL your endpoints to somewhere on the internet through a fat pipe.

      They will do routing/firewalling/segmantation/security for you with the most advanced AI/BigData/MachineLearning.

      Zero trust I'm not certain, but I guess it relates to trust and the service they provide...

    3. heyrick Silver badge

      Zero trust is about right. Yet more steps in the link between here and there, yet more opportunities to surreptitiously sniff what users are up to.

  2. LDS Silver badge

    And people laughed at the "Microsoft Network"....

    .... be ready for the Azure Network, next, and the balkanization of the internet....

  3. Cynic_999 Silver badge

    Skynet

    Subscribe now.

    1. Mage Silver badge
      Black Helicopters

      Re: Skynet

      Then eventually there will be "No Silver Lining" once everyone is outsourcing everything to a handful of so called Clouds.

      Zero Trust is a better name than they imagine!

  4. Anonymous Coward
    Anonymous Coward

    How aptly named..

    Let's proxy everything through a service in the jurisdiction of world's best financed global espionage agency.

    Rarely has been a service so accurately named.

  5. fidodogbreath Silver badge

    One network compromise to rule them all.

    1. TReko

      ... and in darkness bind them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021