Introducing Cloudflare Access: Like BeyondCorp, But You Don’t Have To Be A Google Employee To Use It

The traditional security perimeter model used by most enterprises is flawed as it trusts all connections from within the network and distrusts those from outside. This strategy becomes ineffective once the firewall or VPN server is breached, granting attackers easy access to sensitive data. Furthermore, this approach requires employees to be physically present in the office or use a VPN, which can slow down work and expose users to various types of attacks. To address these issues, Google introduced BeyondCorp, a solution that eliminates the concept of an internal network by making applications accessible on the internet. Following this model, Cloudflare has launched Access, a perimeter-less access control solution for cloud and on-premise applications. Similar to BeyondCorp, Access ensures that every connection is authenticated, authorized, and encrypted. Cloudflare Access works as an unified reverse proxy, integrating with major identity providers like Google, Azure Active Directory, and Okta. It enforces access control by authenticating user credentials and ensuring the connecting device has a valid client certificate signed by the corporate CA. Access also allows administrators to easily modify access policies, session durations, and revoke existing user sessions. By using Cloudflare's global network of data centers, Access provides adequate redundancy, DDoS protection, and proximity to users or corporate offices. The solution is free for up to one user and costs $3 per seat per month for additional users, with bulk discounts available upon contacting sales.