Microsoft recently highlighted a new capability associated with their popular Edge browser that provides a secure network connection for browsing the Internet. They are calling it the Microsoft Edge Secure Network and list the following functions and benefits to the user of this capability:
- Encrypts the connection. Data is routed from Edge through an encrypted tunnel to create a secure connection. This protects content exchanged over a HTTP connection and makes it harder for hackers to access data on a shared public network.
- Prevents online tracking. ISP’s won’t be able to gather data on browsing behavior like web sites visited.
- Obfuscates location data. The IP address of the user is replaced with a virtual IP and geolocation data is generalized. This prevents ad targeting and online tracking services from aggregating the user’s browsing activity around a single identity.
While this is all great for user privacy, the interesting aspect is that the capability is powered by Cloudflare. I was surprised initially to see this partnership, fully expecting a hyperscaler like Microsoft to just roll their own capability. This is similar to the iCloud Private Relay announced with Apple in March. With the Microsoft capability, this represents another case where a major Internet software infrastructure provider chose to partner with Cloudflare to power this capability. If it were straightforward to implement, they presumably would have rolled their own solution. However, given that these users could be located all over the globe, Cloudflare’s network provides inherent advantages in serving this kind of traffic cheaply and efficiently.
Additionally, the fact that Microsoft partnered with Cloudflare for this is even more intriguing. Of all the hyperscalers, Microsoft has developed the most stand-alone security offerings (identity and endpoint as examples). A partnership with Cloudflare on this feature might portend other collaborative efforts between the two. We know that Cloudflare has publicly positioned themselves against AWS (R2 and egress fees as examples). Microsoft may like that posturing and plan to leverage Cloudflare as a competitive counterweight against AWS. There may be other enterprise network connectivity and zero trust services for which Microsoft and Cloudflare could partner.
As I discussed in a recent deep-dive, we are seeing new relationships emerge between independent software providers and the hyperscalers. These collaborations are being formed in order to position one hyperscaler against another to round out product offerings to compete for enterprise cloud migration business. AWS has been the most prolific with these relationships. Microsoft may be looking to apply a similar tact.
These moves also highlight the strength of Cloudflare’s network and the unique position that their fully distributed architecture enables. Cloudflare just announced having presence in 275 (was 250+ previously) independent locations globally. They refer to these as “cities”, which translates into one or more data centers clustered around large population centers. The purpose is to provide a local onramp to Cloudflare network services with close geographic proximity to the majority of the world’s population.
The important aspect of Cloudflare’s architecture to appreciate is that all servers in every data center run the same set of Cloudflare services in parallel. This is contrasted with the hyperscalers’ approach, where different services may be located in each separate data center (whether one of the large central data centers or the newer “edge” locations). For application hosting, the hyperscaler customer has to designate a particular location or “availability zone”. With Cloudflare’s network, application code runs in every location in parallel. The world is the availability zone. Code and data reside in the network itself.
This total distribution of services is what allows Cloudflare to handle workloads like Microsoft’s Edge Secure Network very efficiently. It also provides performance advantages for applications that need high responsiveness. As Cloudflare adds more data storage solutions (KV, Durable Objects and now R2), new interesting use cases emerge for data distribution as well as supporting richer application features. With Cloudflare for Offices, the number of locations will magnify further. Even for these hyperlocal points of presence, Cloudflare intends to maintain the same run-everywhere architectural pattern.
While likely not a big revenue driver for Cloudflare, offering this capability to Microsoft Edge users has several follow-on benefits. These are all related to the additional network utilization gained by onboarding more users to Cloudflare’s network:
- Increased network utilization by users all over the world will generate more peering relationships with remote ISPs. New user onboarding provides demand signals for regional ISPs, who then reach out to Cloudflare to establish network connections to their backbone.
- As each user connects to Cloudflare’s network, they gain more data on possible security exploits and hacking tactics. These analytics can be funneled back into Cloudflare’s threat detection algorithms.
- As part of the service, Cloudflare is able to collect a limited amount of diagnostic and support data (which is anonymized and deleted within 25 hours). This data provides valuable insights into generalized Internet user behaviors that could drive future product offerings.
Granted, some of this is future-facing and requires use cases to evolve, but the architectural advantages are creating a competitive moat for Cloudflare that will be hard for competitors to bridge. We will get more details on their progress across these initiatives in the upcoming earnings report. I will be monitoring that closely for further evidence that Cloudflare’s architectural advantages continue to drive durable revenue growth.
NOTE: This article does not represent investment advice and is solely the author’s opinion for managing his own investment portfolio. Readers are expected to perform their own due diligence before making investment decisions. Please see the Disclaimer for more detail.