If you’re part of a reasonably big company, chances are there are certain resources that are only available via the intranet, internal network, or whatever your company calls it. A common way to access these from outside company property is a VPN, but VPNs are rather a clumsy solution — one companies like Google and Amazon are leaving behind. Now (Battlefield alumni) Cloudflare wants you to do the same and use its new Access service instead.
The basic idea of a VPN is that instead of sending your network traffic directly to the website or service you’re trying to contact, be it Netflix or the company intranet, you send it to a trusted server. That server sends those packets on their way to the website or service, receives the responses, and sends them back to you.
VPNs limit the exposure of sensitive data to would-be snoops, but they often slow down traffic, and also reflect an outdated, internal-versus-external idea of securing data.
A few years back Google pioneered a new way of keeping things secure: essentially, trust no one and authenticate everyone. The burden of authentication becomes greater, but this is more than made up for by the simplicity of the security, which puts a wall in front of users and devices instead of resources and services. That means the latter can sit on the ordinary public internet, accessible (to those authorized of course) from anywhere.
Amazon did something similar, and now both their systems are available for administrators to use… if your service is hosted on their cloud platforms. But what if you’ve got a few of one, a few of the other, and a few of a third and fourth kind? You’re probably going to be stuck with a VPN.
It’s this last situation that Cloudflare is aiming at. Access, the new service, will work with identity and authentication companies like Okta, Google Auth, and so on, but provide access control and encryption across multiple platforms, including GCS and AWS.
The company claims it shouldn’t slow traffic down a whit; Cloudflare already has servers all over the place for its DDoS protection and CDN services, and Access will use those — so your requests to corporate don’t have to route through London or Tokyo or wherever.
Essentially Cloudflare is doing the important part of the VPN — inspecting certificates and traffic, establishing a chain of trust for packets — in a less clunky way and one that enables companies to let data live on cloud services instead of internal servers.
You can try it for free for one employee (generous!) but after that it starts costing $3 per head per month, with bulk discounts of course. You can find out more at the Cloudflare Access site.