Continuing its path toward a full enterprise network-as-a-service model, Cloudflare this week announced Magic WAN, a cloud-based service that provides fast, secure connectivity for traffic from all devices and locations.
Standing on its own, Magic WAN has the benefit of working within Cloudflare’s global network, which the company has spent years building up. This allows offices, data centers, software-as-a-service (SaaS) applications and devices to configure public and private routing policies to get traffic where it needs to be efficiently and securely. The goal, said Cloudflare CTO John Graham-Cumming, is for Magic WAN to be a viable alternative and replacement to older connectivity solutions.
Christopher Rodriguez, research manager for cybersecurity at IDC, said this approach is a valid solution for organizations still stuck with legacy connectivity options, such as Multiprotocol Label Switching (MPLS), which were not designed to support an increasingly distributed workforce and escalating demands of mission-critical applications.
Toward a SASE Future
Magic WAN is the most recent of a spate of announcements Cloudflare has made over the past few years. In 2019, the company announced Magic Transit, a service-based offering that detects and mitigates DDoS attacks at the network edge by securing IT subnets. Next up was Cloudflare Network Interconnect, which enables organizations to interconnect branch offices and data centers directly with Cloudflare.
The next major announcement came this past October with Cloudflare One, a Secure Access Service Edge (SASE) platform designed to replace legacy networks with a flexible, secure, software-based alternative. The idea is to provide secure, fast connectivity across the world. Cloudflare does this by securing, routing and filtering traffic over a backbone that uses real-time intelligence to protect against threats and route traffic around bad spots.
In conjunction with the Cloudflare One announcement, the company introduced WARP Gateway clients for the desktop and mobile to help send remote users’ traffic more securely and privately, and Magic Firewall, a service-based firewall that runs in the Cloudflare network. Designed to replace firewall hardware, it gives administrators fine-grained control over which data is allowed in and out of a network by setting and applying policies that apply to an organization’s entire network. For example, administrators can make rules for allowing or blocking based on protocols, source or destination IP and port, packet length or bit field match.
With the introduction of Magic WAN, Cloudflare has again built out its SASE platform. Together, these components constitute a fairly complete network-as-a-service solution. For example, Magic WAN securely connects traffic sources to the Cloudflare network, where administrators can configure routing policies. Magic Firewall integrates with it to allow businesses to define security rules for the network from a central dashboard.
“This is the foundation of Cloudflare One and easily allows businesses of any size to shift to a zero-trust approach, where organizations do not automatically trust any requests to corporate data or resources, and instead verify every request before allowing them access,” Graham-Cumming said.
It’s an ambitious plan, and one that other vendors are embracing as well. Cloudflare’s advantage may be in the slow and steady way it has gone about building its network-as-a-service solution, Rodriguez said. “They have been building up their cloud architecture for some time, with a focus on making sure their data centers have the same software, operating system and capabilities. They also have been very aggressive in offering free services and have a lot of web properties under their belt now.”