Network as a service (NaaS) provider Cloudflare has one of the more diverse and unique cloud networking platforms in the market. It’s a content delivery network (CDN), security platform, and wide-area-network (WAN) all in one. The opportunity may have just gotten lot bigger this week with a series of product launches and a multicloud acquisition that will help push markets forward.
These are important moves to watch, because Cloudflare has a track record of being ahead of the curve and building new markets as a pioneer in secure NaaS. It’s been a huge win for investors. New bets on AI security and multicloud networking (MCN) are likely a response to demand created by the escalating needs for data, APIs, and AI connectivity. Companies are looking to build multicloud and hybrid cloud infrastructure and security services to service all these demands. These trends will only be accelerated by AI. As I pointed out here, I’m bullish on MCN as a key tool for multicloud.
Does this mean the game is over? Certainly not. Our research indicates the game in API security and MCN just getting started. Another public company F5, recently made similar moves into these same markets. Having two significant public companies ratify the market will help the handful of startups that have been building MCN market for many years. And more deals will be made.
“Does Cloudflare have all the pieces and tools in their network cloud to deliver a multicloud security platform? I think the answer is they don’t yet,” said Alex Henderson, a technology analyst with Needham & Co. who covers Cloudflare. “They have a lot of elements but not always the best alternative. But it’s extremely difficult to build what they have, which is a private replacement to the Internet.”
Targeting GenAI Security
Let’s dive deeper into all the news that Cloudflare dropped. First up, Cloudflare’s product news: The company announced a series of products. designed to protect information in generative AI (GenAI) applications.
“When new types of applications emerge, new types of threats follow quickly. That’s no different for AI-powered applications,” stated Matthew Prince, co-founder and CEO of Cloudflare, in a press release. Among these new threats are data injection, exfiltration, and the use of large language models (LLMs) to perform malefic, unauthorized actions.
The new products include the following:
· Firewall for AI, a web application firewall (WAF) described in a blog by Cloudflare group product manager Daniele Molteni as “a protection layer that can be deployed in front of [LLMs] to identify abuses before they reach the models.”
· Defensive AI, a general term for a handful of new functions that incorporate AI in security. API Anomaly Detection, for example, uses machine learning (ML) to learn normal API requests in an AI application and tag requests that deviate from that behavior.
· Security Analytics AI Assistant to respond to natural language queries within the Workers AI platform.
Cloudflare’s new security services point to an ongoing cycle geared toward AI and distributed data. API security big trend there, which we have tracked in our research, referred to as shift-left security.
Push Into Multicloud Networking
But wait, there’s more! After Cloudflare announced these AI and API security enhancements earlier in the week, it followed that up with the announcement that it is buying Nefeli Networks, a little-known company grown out of the labs in Berkeley, Calif.
In the announcement, Cloudflare said the purchase of Nefeli “fast tracks” its entrance into multicloud. It’s now officially a part of a product that Cloudflare calls Magic Cloud Networking. Nefeli had only raised about $10 million in funding.
Nefeli may not be well known, though members of its founding team have significant technical credibility. Nefeli cofounder and chairman Scott Shenker is a well-known researcher and professor at UC Berkeley who was once the CEO of software-defined networking (SDN) pioneer Nicira, which was purchased by VMware (now at Broadcom) in 2012.. Berkeley has been a hotbed of open-source technologies that later became commercialized, including SDN, Apache Spark, and eBPF (extended Berkeley Packet Filter). Shenker is also well known in Silicon Valley venture capital circles for his role at Nicira and as a cofounder of Databricks, yet another Silicon Valley unicorn.
Cloudflare’s purchase of Nefeli has generated some good chatter and elevated the importance of the MCN market, which is seeing demand because it solves the problems of maintaining visibility, control, and security over infrastructure that spans hybrid and multicloud environments, including both public cloud and private infrastructure. It makes sense that Cloudflare has seen the need to take a central role in developing MCN.
“What is multicloud networking? It’s the idea that users are connecting to SAAS applications and also to datacenters,” says Needham’s Henderson. “ How are you going to connect to those in a coherent fashion? You want something that has a logical connection to all of them… and Cloudflare is the one sitting between all of them. They have the connectivity tools to make all the connections to the cloud.”
In addition to Cloudflare and F5, the MCN startups have been busy as well. Aviatrix has built a strong visibility platform and is demonstrating return on investment (ROI) for its distributed cloud firewall. Prosimo has focused on the applications layer and recently added AIOps capabilities. Networking and security startup specialists such Arrcus and Versa are also adding MCN features to help manage connectivity of routing and underlay connectivity to clouds.
“Nobody’s ever heard of Nefeli, but this is fantastic,” said Steve Mullaney, the former CEO (now retired) of MCN pioneer Aviatrix, of Cloudflare’s purchase. “When a $33 billion market cap company jumps in, it’s great for the market.”
Chris McHenry, VP of product management with Aviatrix, also chimed in. He sent us this in an email that said, “… this is also another example of the growing convergence of networking and network security that’s being driven by enterprise requirements as they migrate to and expand in cloud(s).
Can Nefeli Make Multicloud Magical?
For its part, Cloudflare says that Nefeli is an MCN platform “focused on reducing the complexity of IT and DevOps teams by providing a unified network management layer for cloud infrastructure deployments.” By integrating Nefeli with Cloudflare, the company says it will be able to grow Cloudflare as a central platform to connect and manage any cloud network.
Enterprises are looking for MCN tools because most of the networking they use inside of public clouds is proprietary and opaque. They want to tie it — securely — to traditional enterprise networking and the Internet. MCN platforms help them build a connected logical network that can help control the way they connect to data and services inside of clouds. As AI, data, and APIs continue to scale, this will become more important.
One big question is which market Cloudflare will target with MCN, and how big the platform needs to be. Cloudflare made a similar move in the software-defined wide-area networking (SD-WAN) market, but its SD-WAN solution is targeted at small-media businesses (SMBs) and the midmarket, rather than large enterprises (in this analyst’s opinion). There is a lot of space in SD-WAN for companies to segment the market. That’s likely a similar story in MCN.
The potential feature set for MCN is large – including everything from managing application-level performance to managing cloud firewalls, cost management, Network Address Translation (NAT) and intra-cloud or intra-datacenter connectivity (often referred to as “East-West”).
Prosimo CEO Ramesh Prabagaran made reference to the Nefeli deal on LinkedIn, in which he said “I love that MCN (Multi-Cloud Networking) is becoming an exciting segment. We welcome all new entrants… “
Prabagaran also listed the many feature requirements for the market, implying that a complete platform will be needed to compete. He points to the need for a wide feature set such as cloud onramp, cloud-native orchestration, hybrid cloud networking, service mesh networking, and application-layer security.
Connecting public cloud networks to enterprise MCNs is a complex task. Network managers need to manage cloud firewalls, data transport costs, application policy, and the eccentricities of virtual private circuits (VPCs) function inside of clouds, such as VPC bandwidth limits (VPCs are often limited by arbitrary limits set by public clouds, rather extending to the largest possible bandwidth permitted by technology and physics, which currently run as high as 800 Gbit/sec). MCN technology will need to be big toolbox.
Cloudflare’s recent moves reinforce its role as a leader in evolving a flexible NaaS platform for multicloud connectivity and security. It’s also a sign that this market is just getting started. It’s going to be exciting to watch.