Qualified DDoS protection: Cloudflare leads in security and privacy

Munich, Germany, 29 June, 2023 – Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today announced that the Federal Office for Information Security (BSI) has updated its list of qualified DDoS mitigation service providers. Cloudflare is one of the leading providers that meet all performance criteria.

Beyond the criteria of the BSI, Cloudflare is the first and only provider that meets all 37 performance criteria with cloud services declared adherent to the EU Cloud Code of Conduct. This code of conduct has been officially recognized under the European Union's General Data Protection Regulation (GDPR).

Stefan Henke, Regional Vice President DACH, explained: “Time and time again we hear from customers that they want a best-in-class solution with top performance and flexibility that also will handle personal data in a GDPR-compliant way. The direct comparison with our competitors in the updated BSI list, in connection with our existing certifications and the unrivaled mitigation performance of our global network, once again impressively proves that Cloudflare's DDoS protection meets these high expectations."

As the national cyber security authority, one of the tasks of the BSI is to advise and support operators of critical infrastructures (KRITIS) in securing their IT. After a multi-stage selection process, the Federal Office has created an overview of qualified DDoS mitigation service providers to help with prevention or in the event of an acute attack.

The features listed by the BSI cover the subject areas of service offerings, general information about the service provider, attacks and filtering options. The individual criteria range from 24/7 availability and ISO 27001 certification of the institution to the possibility to restrict the processing of network traffic to data centers in the EU or Germany.

Other examples include:

  • Service also for non-existing customers
  • Traffic redirection using DNS / BGP
  • Optional redirection in case of attack
  • Handling encrypted connections
  • DDoS filter to protect common services (web, email, VPN, DNS)
  • Filtering option on layer 7 and protocol level
  • Human user detection / CAPTCHA usage
  • Two-factor authentication for user platform

The EU Cloud Code of Conduct covers all levels of cloud services (IaaS, PaaS, SaaS). Following a positive assessment by the European Data Protection Board, the Code of Conduct has been fully recognized by the Belgian Data Protection Authority. These are now legally effective rules of conduct in accordance with Article 40 of the GDPR. Compliance with the code is confirmed and monitored by the accredited supervisory body SCOPE Europe. Combined with Cloudflare’s ISO 27701 and ISO 27018 privacy certifications, this certification underscores our commitment to the highest privacy standards in the world. An overview of all of our certifications and resources related to security and privacy compliance can be found on the Cloudflare Trust Hub.

Press Contact Information
Daniella Vallurupalli
+1 650-741-3104