EPAM leverages Cloudflare Workers, WAF and CDN to consolidate security and safeguard business applications

EPAM is a leading digital transformation services and product engineering company.

Since 1993, EPAM has used its software engineering expertise to become a leading global provider of digital engineering, cloud and AI-enabled transformation services, as well as a leading business and experience consulting partner for global enterprises and ambitious startups.

The Company addresses its clients’ transformation challenges by fusing EPAM Continuum’s integrated strategy, experience and technology consulting with their 30+ years of engineering execution to speed their clients’ time to market and drive greater value from their innovations and digital investments. EPAM delivers globally, but engages locally with their expert teams of consultants, architects, designers and engineers, making the future real for their clients, their partners and their people around the world. They believe the right solutions are the ones that improve people’s lives and fuel competitive advantage for their clients across diverse industries.

“Our Digital Platform enhances the agility within our business divisions, facilitating swift adoption and adjustment to the ever-changing business landscape. It’s designed to improve comprehensive business procedures across EPAM within days, not months,” said Valerii Nikitin, Senior Director of Delivery Management at EPAM.

EPAM wanted their experienced and skilled development teams to be flexible in their technical decisions, while ensuring high security and seamlessly integrating cutting-edge, off-the-shelf solutions, irrespective of the particular hyperscale platforms utilized.

Challenge: Enhance the performance and security of EPAM's digital ecosystem to keep pace with rapidly expanding global user base

EPAM strives to ensure that all users, regardless of where they are, receive services of the same high quality and speed. Considering all the complexity EPAM wanted to unify and strengthen the connectivity and security of its Digital Platform by leveraging Cloudflare's connectivity cloud.

“Our goal is to provide the best possible user experience to every end-user — an experience unaffected by geography or other factors,” said Dzmitry Naskou, CTO, Digital Platform, EPAM. “We always look ahead to tomorrow’s challenges, so as our user base became more globally distributed and more demanding, we decided to meet their expectations head-on by aligning ourselves with the latest advancements of the Cloudflare connectivity cloud and its global network.”

Solution: Enabling CDN and security on a connectivity cloud

Based on positive industry feedback, available capabilities and in-depth interactions with the Cloudflare team, EPAM selected the Cloudflare connectivity cloud to consolidate and securely expose their applications ecosystem.

“We began with the Cloudflare CDN and Cloudflare WAF, as well as Cloudflare Rate Limiting and DDoS Protection to enhance our user experience and overall application performance,” said Naskou. “Now the Cloudflare connectivity cloud covers our entire internal ecosystem — almost 200 applications and services with users worldwide — 24 hours a day, seven days a week.”

By enabling Cloudflare, EPAM saw page load times improve by 20%, however the improvement was more significant for the users located in more distant regions from EPAM’s collocated infrastructure.

“Our users across the Americas, EMEA and APAC saw the largest improvements with a cache hit ratio of over 45%,” said Naskou.

Using Cloudflare Web Application Firewall (WAF) to connect and secure its internal services EPAM has also simplified the administration and maintenance of EPAM’s Digital Platform under a centralized platform.

“We wanted a solution where a dedicated security team could manage, monitor, and analyze all our applications without embedding an expert into each of our development teams,” said Naskou. “The Cloudflare connectivity cloud allowed us to build a secure environment we can control from a single window.”

The Cloudflare platform allowed EPAM to expose applications and manage Web Application Firewall in one place, despite operating within a complex development ecosystem that spans all major cloud platforms as well as private cloud infrastructure.

After addressing that challenge, EPAM set its sights on further enhancing its digital platform’s performance, security and functionality.

Challenge: Provide secure access and the best user experience for all users regardless of their permissions, geographical location, and other factors

EPAM’s user base is diverse: employees, clients, business partners have access to EPAM digital ecosystem, as well as community members, students, public users. These users are part of EPAM business processes and thus they have fine-grained access to applications according to their roles.

Solution: Unified authentication gateway using Cloudflare Workers

“We see authentication service as microservice of each application that should run as close to the end user as possible to enhance our user experience regardless of the cloud provider, application platform or technology in use,” said Naskou.

Cloudflare developer platform provides flexibility to build custom solutions on top of Cloudflare Workers, Durable Objects, and Workers KV. With their help, EPAM has built a custom authentication gateway service and seamlessly integrated it with existing access management capabilities. It allows EPAM to enforce user authentication when necessary; manage, verify, refresh, and exchange JWT tokens; enhance user session management; control every single request to apps and between apps in a multi-cloud setup.

With all that said, using a built-with-Cloudflare solution, EPAM can now manage policies for all types of users, applications and services in one place, supporting formerly difficult hybrid user access models that provide appropriate levels of application security to its public and authenticated internal users alike.

Challenge: Enhance the performance of API calls

The majority of EPAM services are corporate business applications that provide highly personalized content, business and operational data to the served users. 85% of user requests are API calls with dynamic data that depends on user context such as roles, permissions, and other factors.

Solution: Application gateway with advanced caching capabilities

“Leveraging Workers and the Cloudflare cache API, we created a gateway that further improves the performance of our web applications,” said Naskou. “By utilizing Cloudflare Workers and the Cloudflare Cache API, we're able to constantly evaluate user requests and their specific contexts to anticipate subsequent queries. This predictive approach allows us to pre-fetch data and establish a private, user-specific cache and store dynamic data close to the user's location for optimal performance.”

EPAM boosted the performance of dynamic requests by an additional 15% by implementing API call prefetching, which anticipates and prepares responses for the subsequent API calls in advance.


“Engineering is at the core of what we do. By leveraging technology transformation, we guide our customers through successive waves of innovation, helping them thrive in the marketplace amid ongoing technological and social changes,” said Nikitin. “We partnered with Cloudflare not just for the high-quality services and robust capabilities it offers, but also because it gives us an excellent platform flexible for innovation and transformation.”

As an organization that strives to redefine technology and give its customers a technological advantage, EPAM expects the same drive from the solutions it partners with. EPAM and Cloudflare share a passion for innovation that works to their mutual benefit.

Casos prácticos relacionados
Resultados clave
  • Almost 200 internal business applications secured organization-wide

  • 10 to 45% improvement in page load speeds out of the box

  • 45% bandwidth cached, providing dynamic internal business information to the users across the globe

EPAM needed a flexible platform that we can not only customize, but also refine them by developing our own solutions to cover our use-cases. Cloudflare Developer Platform with Workers, KV store and Durable Objects, provided us the necessary flexibility to deliver scalable, reliable, and secure serverless microservices.

Dzmitry Naskou
CTO, Digital Platform