Zero Trust

Protect your network by securing applications and users.

What is Zero Trust?

Zero Trust security is a model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter. More simply put: traditional IT network security trusts anyone and anything inside the network. A Zero Trust architecture trusts no one and nothing.

Why is Zero Trust important?

Zero trust castle spot illustration after

A Zero Trust approach helps organizations enforce processes that authenticate, authorize, and validate all users and devices that connect to the network. Amid the shift to remote work, many organizations are unaware of the relevant risks or lack the resources to afford security tools to protect their internal teams. With Zero Trust tools such as Access and Gateway, you can use trusted access controls and inspect, secure, and log traffic from employees’ and volunteers' devices.

Zero trust castle spot illustration after

Cloudflare Access

With Access, you can easily prevent unauthorized access to internal resources with identity- and posture-based rules to keep sensitive data from leaving your organization. It replaces a VPN client by securing SaaS and internal applications with a Zero Trust approach.

Access evaluates requests to internal applications and determines whether users are authorized based on defined policies. These policies and security rules are enforced when users connect to the Cloudflare network. Once the user is authenticated and authorized, they can access the internal resource.

Watch a 30-minute demo of Access.

Securing SaaS applications

SaaS applications consist of applications your team relies on that are not hosted by your organization. Examples include Amazon Web Services, Microsoft Azure, WordPress, and more. To secure SaaS applications, you must integrate Cloudflare Access with the SaaS application’s SSO configuration.

Securing self-hosted applications

Self-hosted applications consist of internal applications that you host in your own environment. These can be the data center versions of tools like the Atlassian suite or applications created by your own team. To secure self-hosted applications, you must use Cloudflare’s authoritative DNS and connect the application to Cloudflare.

What is a secure web gateway?

Teams gateway build for the cloud spot illustration

Secure web gateways (SWG) protect an organization's data and enforce security policies. SWGs operate in between an organization's employees and the Internet.

Like a water filter, which removes impurities from water so it is safe to drink, SWGs filter unsafe content from web traffic to stop cyber threats and data breaches. They also block risky or unauthorized user behavior.

Watch a 30-minute demo of Gateway.

Teams gateway build for the cloud spot illustration

Why is a secure web gateway important?

Teams gateway watch your data spot illustration

When a client device sends a request to a website or application on the Internet, the request travels through the gateway first. The gateway inspects the request and passes it along only if it does not violate established security policies. A similar process occurs in reverse: all incoming data is inspected by the SWG before it is passed along to users.

Because SWGs can run anywhere, they are helpful for managing remote employees and volunteers. By requiring remote workers to access the Internet through a secure web gateway, organizations can better prevent sensitive data from being stolen, as Gateway prevents users from clicking on malicious links, even if the organization does not have direct control over employee devices and networks.

Teams gateway watch your data spot illustration

Get started with Cloudflare Gateway

To start protecting your network with Gateway, we recommend the following workflow:

  1. Connect the devices and/or networks that you want to apply policies to.
  2. Verify that Gateway is successfully proxying traffic from your devices.
  3. Set up basic security and compatibility policies.
  4. Customize your configuration to the unique needs of your organization.
Read developer docs