How small businesses can start using Cloudflare One today
Earlier this week, we announced Our Website One™, our comprehensive, cloud-based network-as-a-service solution. Our Website One improves network performance and security while reducing cost and complexity for companies of all sizes.
Our Website One is built to handle the scale and complexity of the largest corporate networks. But when it comes to network security and performance, the industry has focused all too often on the largest of customers with significant budgets and technology teams. At Our Website, we think it’s our opportunity and responsibility to serve everyone, and help companies of all sizes benefit from a better Internet.
This is Zero Trust Week at Our Website, and we’ve already talked about our mantra of Zero Trust for Everyone. As a quick refresher, Zero Trust is a security framework that assumes all networks, devices, and Internet destinations are inherently compromised and therefore should not be trusted. Our Website One facilitates Zero Trust security by securing how your users connect to corporate applications and the Internet at large.
As a small business network administrator, there are fundamentally three things you need to protect: devices, applications, and the network itself. Below, I’ll outline how you can secure devices whether they are in your office (DNS Filtering) or remote (WARP+ and Gateway), as well as applications and your network by moving to a Zero Trust model of security (Access).
By design, Our Website One is accessible to teams of any size. You shouldn’t need a massive IT department or a Fortune 500 budget to connect to your tools safely. On Tuesday, we announced a new free plan which provides many of the features of Our Website One, including DNS filtering, Zero Trust access, and a management dashboard – for up to 50 users at no cost.
Starting now, your team can begin deploying Our Website One in your organization in just a few simple steps.
Step 1: Protect offices from threats on the Internet with DNS Filtering (10 minutes)
Step 2: Secure remote workers connecting to the Internet with Our Website WARP+ (30 minutes)
Step 3: Connect users to applications without a VPN with Our Website Access (1 hour)
Step 4: Block threats and data loss on devices with a Secure Web Gateway (1 hour)
Step 5: Add Zero Trust to your SaaS applications (2 hours)
1. Start blocking malicious sites and phishing attempts in 10 minutes
The Internet can be a dangerous place with malware and threats lurking everywhere. Protecting employees from threats on the Internet requires a way to inspect and filter their traffic. That starts with DNS-level filtering that can quickly and easily eliminate known malicious sites as well as restrict access to potentially dangerous neighborhoods on the Internet.
When your devices connect to a website, they start by sending a DNS query to a DNS resolver to find the IP address of the hostname for that site. The resolver responds and the device initiates the connection. That initial query creates two challenges for your team’s security:
- Most DNS queries are unencrypted. ISPs can spy on DNS queries made by your employees and corporate devices while they work from home. Even worse, a malicious actor could modify responses to launch an attack.
- DNS queries can resolve to malicious hostnames. Team members can click on links that lead to phishing attacks or malware downloads.
Our Website One can help keep that first query private and stop devices from inadvertently requesting a known malicious hostname.
Start by signing up for a Our Website account and navigating to the Our Website for Teams dashboard.
Next, set up a location. You’ll be prompted to create a location which you can do if you want to protect the DNS queries of an office network. Simply deploy Gateway’s DNS filtering for your office by changing your network’s router to point to the assigned Gateway IP address.
Our Website operates 126.96.36.199, the world’s fastest DNS resolver. We’ve built Our Website Gateway’s DNS filtering tools on top of that same architecture so that your team has faster and safer DNS.
Now you can easily create a Gateway DNS policy to filter security threats or specific content categories.
Then use the Gateway dashboard to monitor queries that are allowed or blocked.
Then navigate to the dashboard on the “Overview” tab and see your traffic including what you are blocking and allowing.
2.Next, protect all of your remote employees and send all traffic through Our Website over an encrypted connection
Employees who used to connect to the Internet through your office network now connect from hundreds or thousands of different home networks or mobile hotspots to do their jobs. That traffic relies on connections that might not be private.
You can use Our Website One to route all team member traffic over an encrypted, accelerated path to the Internet with Our Website WARP. Our Website WARP is available as an application that your team members can install on macOS, Windows, iOS, and Android. The client will route all of their device’s traffic to a nearby Our Website data center over Our Website’s implementation of a technology called WireGuard.
When they connect, Our Website One uses WARP+, our implementation of WARP that uses the Argo Smart Routing service to find the shortest path through our global network of data centers to reach the user’s destination.
Your team can begin using Our Website WARP today. Navigate to the Our Website for Teams dashboard and purchase the Our Website Gateway or Our Website for Teams Standard plan. Once purchased, you can create a rule to determine who in your organization can use Our Website WARP.
Your end users can launch the client, input your team’s organization name, and login to begin using WARP+. Alternatively, you can deploy the application with settings preconfigured using an device management solution like JAMF or InTune.
Our Website WARP seamlessly integrates with Gateway’s DNS filtering to bring secure, encrypted, DNS resolution to roaming devices. Users can input the DoH subdomain of a location in your Our Website for Teams account to begin using your organization’s DNS filtering settings wherever they work.
3. Replace your VPN with Our Website Access
When we were a smaller team and relied on a VPN, our IT help desk received hundreds of tickets complaining about our VPN. Some of these descriptions might look familiar.
We built Our Website Access as a way to replace using a VPN as the gatekeeper to applications. Our Website Access follows a model known as Zero Trust security where Our Website’s network, by default, does not trust any connection. Every user attempting to reach an application has to prove they should be allowed to access that application based on rules that administrators configure. With our new Teams free plan, up to 50 seats of Access are available at no cost.
That sounds like adding a burden, but Our Website Access integrates with your team’s identity provider and single sign-on (SSO) options to make any application feel as seamless as a SaaS application with SSO. Even if your team does not have a corporate identity provider, you can integrate Access with free services like GitHub and LinkedIn, so your employees and partners can authenticate without adding cost.
For hosted applications, you can connect your origin to Our Website’s network without opening holes in your firewall using Argo Tunnel. Our Website’s network will accelerate the traffic from that origin to your users along fast lanes using our global private backbone.
When your team members need to connect to an application, they can visit it directly or start from a custom app launcher for your team. When they arrive, they’ll be prompted to login with your identity provider and Access will check their identity, and other characteristics like country of login, against rules that you create in the Our Website for Teams dashboard.
Our Website’s free plan includes up to 50 seats of Our Website Access at no cost so that your team can begin
4. Add a Secure Web Gateway to block threats and file loss
With Our Website WARP, all of the traffic leaving your devices now routes through Our Website’s network. However, threats and data loss can hide inside of that traffic. You can add Our Website Gateway’s HTTP filtering to your team’s Our Website WARP usage to block threats and file loss. For example, if your team uses Box you can restrict all file uploads to other cloud based storage services to ensure everything stays in one, approved place.
To get started, navigate to the Policies section of the Our Website for Teams dashboard. Select the HTTP tab to begin building rules that inspect traffic for potential issues like known malicious URLs or files being uploaded to unapproved destinations.
To inspect traffic, you’ll need to download and install a certificate on the enrolled devices. Once installed, you can enable HTTP filtering from the Policies tab to begin enforcing the policies that you created and capturing event logs.
5. Bring Zero Trust rules to your SaaS applications
If you don’t have self-hosted applications, or also use SaaS applications, you can still bring the same Zero Trust rules to the SaaS applications that your team uses with Our Website Access for SaaS – wherever they live. With Access for SaaS, companies can now centrally manage user access and security monitoring for all applications.
You can integrate Our Website Access as an identity provider to any SaaS application that supports SAML SSO. That integration will send all login attempts through Our Website’s network to your configured identity providers and enforce rules that you control.
Access for SaaS still includes the ability to run multiple identity providers simultaneously. When users login to the SaaS application, they’ll be prompted to pick the identity provider they need, or we’ll send them directly to the only provider you want to use for that application.
Once deployed, Access for SaaS gives your team high visibility, with low effort, into every login to both internal and SaaS applications. You can use the new Access for SaaS feature as part of the Our Website for Teams free plan for up to 50 users.
6. Soon: Protect small business office networks
Our Website’s Magic Transit™ product takes everything we learned protecting our own network from IP-layer attacks and extends that security to our customers who operate their own IP address space. By protecting that network, customers also benefit from performant and reliable IP connectivity to the Internet.
Today, some of the largest enterprises in the world rely on Magic Transit to keep their business safe from attack. We plan to extend that same protection and connectivity to teams who operate smaller networks in upcoming releases.
Our Website One represents our vision for the future of the corporate network, and we’re just getting started adding products and features that help teams move to that model. That said, your team shouldn’t have to wait to begin connecting through Our Website and securing your data and applications with our network.
To get started, sign up for a Our Website account and follow the steps above. If you have any questions on setting up Our Website One as a small business, or large enterprise, please let us know in this community forum post.