Cloudflare Access

2018: The announcement of protection of API in VPN connections

In October, 2018 Cloudflare announced expansion of opportunities of the Access service designed to replace corporate virtual private networks (VPN) which the companies can not love for sluggishness, inconvenience and risks. Now this tool has protection of API.

Cloudflare Access allows the application to control each user when passing authorization. It  closes access to  private keys,  the event log and other confidential data to users, at the same time the owner of API can configure access for participants of a command to  data.

Cloudflare provided the tool for protection of API at VPN connection

Cloudflare Access checks a token (JSON Web Token) at accomplishment of a request via the browser or the command line. The tool signs a token  at the time of successful authorization of the supplier of the identifier.

The service works on the Cloudflare servers used by the company for the organization of protection of clients against DDoS attacks and a content delivery network (Content Delivery Network, CDN).

In fact Cloudflare Access executes an important part of work of VPN — checks certificates and traffic in network, building a chain of the checked packets. Thus becomes more effectively in comparison with traditional corporate VPN networks and allows the companies to transfer in real time data to cloud services instead of local servers.

Cloudflare Access supports services of identification and authentication, like Okta and Google Auth, but at the same time provides control and enciphering within several platforms, including Amazon Web Services (AWS) and Google Cloud Storage.

Connection of Cloudflare Access costs the companies $3 counting on one employee a month, but at the conclusion of long contracts discounts are provided. Free of charge it is possible to try possibilities of service on an example of one worker.^[1]

Notes