This Fortune 500 telecommunications company has emerged as a global leader in Information, Communications, and Technology (ICT) solutions since its founding. Among its services, it powers many 5G networks around the world, and ranks as one of the primary providers for 5G network infrastructure. Today, the company operates worldwide and employs over 100,000 people across Europe, India, and the United States.
Over the past few years, the company has incrementally adopted Zero Trust security across departments and regions. Modernizing how the company secures application and Internet access has been crucial in its efforts to shift controls from on-premise legacy environments to the cloud.
Following decades of technical innovation and growth, the company had developed a complex IT and security architecture that spanned over several hundred legacy applications. Maintaining on-premise infrastructure for a growing global enterprise was quickly becoming untenable, and the company started looking for ways to move to a more agile cloud environment.
But facilitating this process — while connecting and securing a massive, multi-continent workforce — presented a significant hurdle. Administrators juggled disparate security services, including several VPN configurations and Cisco Umbrella to protect users on the Internet with DNS filtering. This IT complexity was slowing down their ability to strengthen their security and implement Zero Trust best practices.
Relying on Cisco Umbrella was particularly burdensome. Policies were difficult to tailor to specific user groups, basic network access required extensive administrative oversight, and the threat protection it offered left gaps across the company’s architecture.
Ultimately, the company recognized that supporting its hybrid workforce and digital transformation ambitions would require gradually consolidating security onto a single cloud-based platform.
The company first adopted Cloudflare to secure application access back in 2018, when a developer group in the United States started a pay-as-you-go subscription with Cloudflare Access, a Zero Trust Network Access (ZTNA) service, for about 200 users. This group found that Access delivered faster, safer access to developer environments — particularly for the occasional remote work — than its previous VPN setup.
Shortly before the pandemic in 2020, the company’s centralized IT team in Europe began exploring opportunities across the wider organization to shift access controls to the cloud. Even before the pandemic forced remote work, the company was trying to think proactively about ways to deliver a more consistent user experience across regions and offloading traffic from its existing VPN appliances.
For an initial pilot, Cloudflare Access was selected to support Zero Trust access — first for 500 users, and later, 2,000. Although these users were based largely in a few northern European countries, Cloudflare appealed as a longer term partner for global adoption because of the breadth of its network, which today spans more than 275 cities in over 100 countries worldwide.
Onboarding the company’s Azure Active Directory onto Cloudflare was straightforward, and creating identity-based policies per application proved equally simple, enabling the company’s administrators to focus less on configuration and more on security posture. Moreover, throughout the pilot, the company and Cloudflare collaborated closely on new capabilities, and the IT team was impressed by Cloudflare’s ability to deliver its product roadmap with flexibility and speed.
As this initial pilot was winding down, the company saw an opportunity to consolidate controls for both application and Internet access with a single, cloud-based security platform.
In fall 2021, the company decided to invest in Cloudflare’s Zero Trust platform for its entire workforce. This allowed the company to address two strategic priorities at once:
Selecting a security partner to support the migration of applications from on-premise environments to AWS, Azure, and other cloud environments Replacing Cisco Umbrella with simpler, more cost-efficient DNS filtering
To address the first goal, the company has progressively rolled out Cloudflare Access to thousands of additional users across multiple departments and regions, while simultaneously applying authentication controls in front of a wider variety of applications.
Using the same management interface that Access provides, the company is now able to build policies around DNS filtering, which is delivered through Cloudflare’s comprehensive Secure Web Gateway. Gateway not only offers robust DNS filtering, but also protects users and devices from unwanted and harmful content like ransomware, phishing, and other threats on the Internet. Here, the company can leverage the same device clients deployed to secure application access and the same integrations with identity providers (like Azure AD) to create user-based policies.
Compared to Cisco Umbrella, the company’s administrators appreciate that policy building is more straightforward and that Cloudflare’s larger cloud network delivers faster and more consistent enforcement by being closer to its globally distributed users.
Bringing together security for application and Internet access is an important first step in this company’s ambitions to modernize its IT architecture. Already, its collaboration with Cloudflare has proved valuable, as administrators no longer need to juggle multiple policy-building interfaces for disparate VPN and Internet filtering services. Plus, centralized logging simplifies SOC incident response and any compliance audits.
As it continues to shift away from on-premise environments, the company views simplifying security in the cloud with vendors like Cloudflare as essential to long-term excellence in its industry.
Secure hybrid work for over 100,000 employees with unified controls for both application and Internet access
Cloudflare's simple, cost-efficient DNS filtering replaces Cisco Umbrella to protect from malware, phishing, and other threats
Identity-based, Zero Trust policies for hundreds of applications across AWS, Azure, and other cloud environments