Temple & Webster

Overcoming legacy challenges: Temple & Webster choose Cloudflare for a secure, performant, and compliant network transformation

Temple & Webster is Australia’s largest online retailer in the furniture and homewares market with over 200,000 products on offer from more than 500 suppliers, including direct sourcing capabilities through a private label division. Founded in 2011, Temple & Webster has changed the way people shop for furniture and homewares. They believe everyone wants to live more beautifully, and their vision is to make the world more beautiful, one room at a time.

Challenge: Finding a single vendor to update content delivery and application security, while providing secure Zero Trust employee access

As an online retailer, Temple & Webster is always striving to improve their website to make a memorable first impression, build their brand and drive sales.

“We create beautiful solutions and depend on beautiful imagery and galleries to help our customers find their perfect product,” says Mike Henriques, Chief Information Officer at Temple & Webster. “To make that happen, we have a fairly large technology team to optimise the customer experience.”

As part of Temple & Webster’s ongoing website optimisation efforts, the company wanted to replace their legacy content delivery (CDN) provider, which staff found difficult to configure and lacking in critical security capabilities.

“Our first goal was front-end optimisation. We wanted a consistent toolset to accelerate HTML and image delivery, and improve our caching,” says Henriques. “On the security side, we wanted to improve our WAF and bot management. As the market leader, we were conscious of the potential for high volumes of unwanted traffic on the site, but we needed more clarity than we were getting from our existing solution.”

Temple & Webster also recognised the need to modernise security for their hybrid workforce. With hundreds of employees going into offices three days per week, the IT and security teams needed to ensure consistent, high-speed and reliable protections across remote and corporate settings. Moreover, embracing best practices like Zero Trust would enable Temple & Webster to get ahead of forthcoming cybersecurity guidance and regulations from the Australian government.

Finally, Temple and Webster wanted to achieve the global standard for information security management best practices, ISO/IEC 27001 compliance. The company was looking for a centrally administered security and networking solution that would help simplify the certification process.

“With all the activity in the Australian cyber security space over the last 12 months, it was time to take a more mature, compliant approach to securing the business,” says Henriques. “The incumbent solution provided adequate functionality, but we knew it could not stand up over time. As our headcount and our applications grew, we needed to take better control.”

Solution: Out with the old — optimising performance, stopping bots, and maximising resources

To optimise performance and security for their websites and web applications, Temple & Webster replaced their legacy vendor with Cloudflare’s CDN and WAF. From the start, Cloudflare’s ease of use impressed the technology team.

“Cloudflare is very intuitive — the learning curve is negligible compared to other vendor’s solutions,” says Henriques.

Cloudflare improved the Temple & Webster website’s performance and equipped their developers with valuable insights for further optimisation.

“Cloudflare is multiple times better than our previous CDN — load times for our static assets have gone from 50-80ms to 20-50ms,” says Henriques. “With Cloudflare giving us more visibility than we have ever had into optimising JavaScript, load and execution times, and application response times, we can tweak and reduce the time it takes to deliver content to the customer.”

With Cloudflare WAF and Bot Management, Temple & Webster have also seen functional and performance improvements in website security. The SecOps teams now have far more detailed information and visibility about unwanted web activity and an automated system in place to manage defences. The result is an improved online security posture.

“From the Cloudflare dashboard, it didn’t take much effort to find the right balance to defend the site against unwanted traffic while optimising the experience for our customers and valid bots,” says Henriques. “It is a big step up from where we were.”

In with the new — streamlining employee access and accelerating compliance certification with Cloudflare Zero Trust

After onboarding Cloudflare to protect their public-facing websites and applications, Temple & Webster saw the potential to consolidate security for their hybrid workforce on the same platform.

“We quickly discovered that Cloudflare is more of an ecosystem than a specific product set,” says Henriques. “The more we learn about Cloudflare capabilities, the more new use cases we plan to tackle on our roadmap.”

Temple & Webster were interested in adopting identity-based Zero Trust policies for application access and started a proof of concept with a subset of users – specifically remote employees spread across Australia, their Philippines staff, and third-party technology partners. The successful proof of concept gave Temple & Webster confidence to roll out Zero Trust access for their entire workforce. The Cloudflare platform’s rapid implementation and ease of use were the deciding factors.

“We enabled Zero Trust access to our administrative and staging environments within hours,” says Henriques. “From a security and performance perspective, we eliminated the risks and overheads that came with our VPN solution. That put Temple & Webster on a path to replace all our legacy access models with Cloudflare Zero Trust.”

Switching to Cloudflare and deprecating legacy CDN, WAF, and VPN services has saved Temple & Webster significant time and resources.

“Cloudflare reduced the time our Operations and SecOps teams spent maintaining and optimising legacy software by up to 50%,” says Henriques. “Cloudflare self-manages. It doesn’t need constant observation. I used to spend several hours each week discussing employee access and security configurations, now I spend that time on more strategic work.”

Temple & Webster find the Cloudflare platform easy to use, allowing the company to delegate ongoing administration to more junior team members. This frees up senior SecOps and Operations staff to focus on strategic priorities like strengthening regulatory compliance.

Cloudflare Zero Trust has had ISO/IEC 27001 certification since 2019 and the platform’s robust security and data protection controls are essential to Temple & Webster’s compliance strategy.

“We are on the path to compliance and, because Cloudflare Zero Trust has been so easy to implement and administer, we will achieve certification much earlier than we expected,” says Henriques. “Because of Cloudflare, we've shifted our thinking about network design. We're looking at unifying access management across all of our systems and applications and moving away from VPNs and entangled network rules.”

Going forward, Temple & Webster will continue to modernise security for their hybrid workforce. The company has plans to collaborate closely with Cloudflare experts to strengthen security for their employees and customers alike.

“Cloudflare builds great products,” says Henriques “But, it is the support, collaboration, and deep understanding from Cloudflare’s people that make things happen in hours or days rather than months.”