Cloudflare Leads in Security but Lags for Developers

## Cloudflare Leads in Security but Lags for Developers ETR Insights presents a panel discussion between senior IT executives, all broadly positive on Cloudflare’s offerings, including security, DNS management, and content delivery, but not uniformly so. Cloudflare helps administrators coordinate the decentralized and edge computing environments that were accelerated by the Pandemic, including for multi-cloud strategies and load balancing. Panelists criticize Cloudflare’s limited DevOps integration, developer platform capabilities, and lack of documentation, and find its advanced analytics and API security lacking. To that end, panelists see opportunity for Cloudflare within SSO and expanding capabilities in API security, potentially through strategic acquisitions, along with improving analytics and observability features for generative AI deployments. ... The group is less enthusiastic about Cloudflare’s developer platforms, where executives seek better documentation, development tools, and DevSecOps integration. One panelist, managing data center operations globally, notes that while enterprises use Cloudflare for critical functions like single sign-on, the company's developer platform is simply less prominent compared to Oracle and Amazon. *“Cloudflare is just not known for being super developer-friendly. I don't know if Cloudflare hasn't focused on going after * *that, if there are security risks there that haven't been identified in order to mitigate to customers like us in the idea of using them as a developer platform, or if it's just not something that they lead with.” … *ETR Research: Product category usage and evaluation plans. ... Panelists also point to limitations in Cloudflare's built-in capabilities for critical data metrics. *“We pipe a lot* *of our* *stuff into Datadog, * *and then turn around and use things like blocking IPs or obvious sort of security concerns for people being naughty, that Cloudflare is * *happy* *to pass.* *There* *are* *enhancements that* *we've* *had to* *build from* *an* *application logic standpoint* *using effectively* *a third* *party, * *because* *it's* *not* *specifically* *baked* *into* *the* *platform.”* … *ETR* * Research: Product spending share breakout. ... Operational challenges and complex licensing structures prompt IT leaders to consider alternative solutions in security; some executives are rethinking their reliance on Zscaler and Palo Alto Networks, with Cloudflare as promising for quicker and more seamless policy updates across international locations. *“Some of the difficulties that we’ve found in using Zscaler is the turnaround time for adding exceptions or various sites, ports, IPs, for the percolation to happen across our entire enterprise.* * Some of those users—especially some of the larger locations that are providing customer service to our clients—if they can't get to a site, or if we have to run something, God forbid, a custom macro or something bizarre to get around something, it feels like it's defeating the purpose of what the security was designed to do to begin with, for us to be able to add and remove easily.” … More than a year after Cloudflare introduced its Workers AI platform, our panelists complain of limited documentation and dubious practical benefit. At best, they are in evaluation mode. … *” Another executive is similarly skeptical. *“Cloudflare* *has* *a* *little* *bit* *of* *a* *problem* *with * *documentation or* *getting stuff to actually launch. The* *prototyping,* *we've run into problems in the* *past,* *and our developers sort of remember* *those* *pain* *points.” … Within cybersecurity and compliance, practitioners should keep an eye on market trends such as edge AI, API security, and privacy regulations. In particular, APIs have become prime targets for cyberattacks. … But * *they’re* *also* *creating* *either* *security* *loopholes,* *or* *just* *directly* *allowing* *data* *to* *go* *to* *places* *that* *it* * shouldn't be going to.”*