> Encrypted: As Cloudflare makes all connections secure with HTTPS there is no need for a VPN.<p>If Cloudbleed has taught us something, it's that cloudfare idea of "fully encrypted" doesn't fully include what's happening inside their own (virtual) walls.<p>Some may still consider the way they do it ok for websites. I don't, encryption between my customer and me, not between them and cloudflare, opening their data to another actor they have to trust without even knowing it, especially since most of my customers and myself are in Europe not the USA, so I don't want any US authorities to be able to intercept my stuff through them.<p>But for your company internal stuff ? I get that most companies don't really get pressured to take good care of users data because leak usually hurt the consumers themselves the most, not them, and they don't get blamed for it much. But surely it's not hard to see how opening your own internals is asking for troubles ...<p>You give all access to cloudflare, you give all access to bugs in cloudflare's software (like cloudbleed), you give all access to any authorities with influence over cloudflare, you give all access to hacker who can get inside cloudflare (even if they only get one small opening into where you data comes through), ... And this time it's not your customers' stuff, it's yours (not saying it doesn't matter when it's theirs, but it's easier to dismiss by Mr Bean Counting Project Manager).<p>If I am wrong in assuming this and the connection is made user to final endpoint without decryption at cloudflare level I couldn't see it when looking at that page.
For those interested by the idea but who need open source, we've been using <a href="https://github.com/bitly/oauth2_proxy" rel="nofollow">https://github.com/bitly/oauth2_proxy</a> for a while with great results.
I've never worked at Google but I thought BeyondCorp wasn't just about SSO auth. It included a reputation system, 2FA, and geofencing, among other things. This just looks like a fancy authentication facade with logging.
How does this compare to ScaleFT's zero trust web access product? Does Cloudflare do anything special beyond client certs to make authorization decisions after authentication? Seems like an easy pivot and nice accessory on top of argo and warp but there's little to no mention of logic used to detect on-device threats.
This only works for HTTP, and all systems are not HTTP nor should they be HTTP.<p>We've gone far, far backward in networked system capability and efficiency by trying to shoehorn all possible uses of a network into a massively overloaded document retrieval protocol.