Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
SSL for SaaS Providers
Fully managed HTTPS for custom vanity domains
// Agenda
• Housekeeping (2 Min.)
• Cloudflare Overview (5 Min.)
• SSL for SaaS Overview (10 Min.)
• SSL for SaaS Product ...
Patrick Donahue
Security Engineering Product Lead
Cloudflare
Brady Gentile
Product Marketing
Cloudflare
Speakers
Housekeeping
● Stay to the end to get presentation slides and recording
● Ask questions in the “Questions” chat box in Rea...
116
Data centers globally
Cloudflare’s Global Anycast Network
2x
Speeds up each
request by
10%Internet requests
everyday
5...
DDoS Protection
Cloudflare’s 10 Tbps global Anycast
network of 116 data centers across
57 countries is 10x bigger than the...
CDN
Moving content physically
closer to visitors with our CDN.
Website Optimization
Cloudflare lets you automatically
enab...
© 2017 Cloudflare Inc. All rights reserved.
SaaS
Provider
Challenges with serving branded domains
Unencrypted but Branded ...
© 2017 Cloudflare Inc. All rights reserved.
Challenging In-House Roadmap
HTTP-only
CNAMEs
Manually
upload
certificates
Man...
© 2017 Cloudflare Inc. All rights reserved.
Branded Visitor Experiences
Full brand recognition for end users through a
CNA...
// SSL for SaaS Product Demo
Configure Using Cloudflare Dashboard
Configure Using Cloudflare Dashboard
Configure Using Cloudflare Dashboard
Configure Using Cloudflare API
$ curl -X POST
"https://api.cloudflare.com/client/v4/zones/[zoneid]/custom_hostnames"
-H "X...
// Summary of Benefits
Benefits of SSL for SaaS for End Customers
Increased Performance
Browsers must connect over
TLS in order to advertise
supp...
Easy and fast customer
onboarding
No additional work is
required by your
customers. Once the
customer points their
domain ...
// Resources
● Industry Solution Information: Cloudflare for SaaS Providers
https://www.cloudflare/com/saas/
● Technical B...
// Q&A
Upcoming SlideShare
Loading in …5
×

SSL for SaaS Providers

2,128 views

Published on

Cloudflare’s SSL for SaaS offering provides SaaS providers the opportunity to extend the security, performance, and encryption benefits of Cloudflare’s network to their end customers. This includes management of the entire SSL certificate lifecycle for custom vanity domains.

View the slides to learn:
-The performance, security, and encryption benefits of Cloudflare for SaaS providers and their end customers.
-How SSL for SaaS manages the entire SSL certificate lifecycle for SaaS providers and their end customers, from purchase to renewal.
-The hurdles of building and managing an in-house SSL solution for custom domains.
-How SSL for SaaS seamlessly delivers encryption to custom domains.

Published in: Technology
  • Be the first to comment

SSL for SaaS Providers

  1. 1. SSL for SaaS Providers Fully managed HTTPS for custom vanity domains
  2. 2. // Agenda • Housekeeping (2 Min.) • Cloudflare Overview (5 Min.) • SSL for SaaS Overview (10 Min.) • SSL for SaaS Product Demo (10 Min.) • Q&A Session (10 Min.)
  3. 3. Patrick Donahue Security Engineering Product Lead Cloudflare Brady Gentile Product Marketing Cloudflare Speakers
  4. 4. Housekeeping ● Stay to the end to get presentation slides and recording ● Ask questions in the “Questions” chat box in ReadyTalk ● We’ll triage all questions at the end of the presentation ● All attendees are muted
  5. 5. 116 Data centers globally Cloudflare’s Global Anycast Network 2x Speeds up each request by 10%Internet requests everyday 5M Requests/second 6M+ websites, apps, & APIs in 150+ countries 2.5B monthly active visitors generating 1.3 trillion page views
  6. 6. DDoS Protection Cloudflare’s 10 Tbps global Anycast network of 116 data centers across 57 countries is 10x bigger than the largest distributed attack ever recorded. WAF Our web application firewall benefits from the collective intelligence of our entire network. SSL HTTPS is a must-have for modern websites, and Cloudflare makes it easy to configure SSL. Secure Registrar Registering your domain through Cloudflare is the most secure way to protect your trademark from domain hijacking. Dedicated SSL Certificates With a few clicks within the Cloudflare dashboard, you can easily and quickly issue new certificates, securely generate private keys and more. Rate Limiting Rate Limiting gives you granular controls to detect bad traffic, customized rulesets to ensure that your legitimate visitors are not impacted, and insights to improve your security posture as attacks evolve. “Thanks to the great support we received from the Cloudflare team, especially during our peak weeks in May, we’ve felt more secure that the sites would keep running smooth regardless of amounts of traffic—and they have.” Wouter van Vilet, Project Developer Eurovision Song Contest at EBU/EUROVISION
  7. 7. CDN Moving content physically closer to visitors with our CDN. Website Optimization Cloudflare lets you automatically enable the latest in web technologies. DNS Cloudflare is one of the fastest managed DNS providers in the world. SSL Modern SSL isn’t just for security—it can actually improve the performance of your website. Dedicated SSL Certificates With a few clicks within the Cloudflare dashboard, you can easily and quickly issue new certificates, securely generate private keys and more. Load Balancing Cloudflare Load Balancing provides load balancing, geo-steering, monitoring and failover for your Internet facing infrastructure enhancing service availability. “We were looking for a solution that would supercharge our website, load site content at lightning-fast speed no matter visitors’ location, shield us from web threats, and help us optimize our front and back-end systems.” Amanda Kleha, GM Online Business Unit Argo Smart Routing Argo improves performance by routing visitors through the least congested and most reliable paths using Cloudflare's private network.
  8. 8. © 2017 Cloudflare Inc. All rights reserved. SaaS Provider Challenges with serving branded domains Unencrypted but Branded Vanity Domain Custom vanity domains without SSL lack performance benefits of SSL and secure data transfer, making them vulnerable to snooping and content being modified or injected before reaching visitors. Challenging In-House Approach SaaS providers who recognize the benefits of encrypted branded custom domains can either manually manage SSL lifecycles, resulting in long deployment times and overhead costs, or build a complex automated in-house solution. ✕ http://support.customer.com SSL Encrypted but Unbranded Domain Domains which have SSL enabled through a SaaS provider lack a custom vanity domain, resulting in brand degradation and lower SEO rankings. https://customer.saascompany.com SSL https://support.customer.com Customer Vanity Domain Branded Customer using SaaS Provider Subdomain Non branded Customer Vanity Domain BrandedNo SSL SaaS Provider SaaS Provider
  9. 9. © 2017 Cloudflare Inc. All rights reserved. Challenging In-House Roadmap HTTP-only CNAMEs Manually upload certificates Manually manage certificate renewals Build and train customer contact team Custom API integration (e.g., using Let’s Encrypt ) Time Engineering Effort Autom ated Path Manual Path As # of websites grows Global certificate distribution network, protection from attack Manual outreach efforts to customers in advance of expiration Advanced challenges Securely handle and dynamically load encryption keys Ongoing code maintenance and continued support efforts Cloudflare Path Easy Cloudflare API / UI integration
  10. 10. © 2017 Cloudflare Inc. All rights reserved. Branded Visitor Experiences Full brand recognition for end users through a CNAME’d vanity URL. SaaS Provider Rapid SSL Deployments Cloudflare immediately transmits new certificate requests, propagating them to the edge and bringing HTTPS online in less than 2 minutes on average. Automated Lifecycle Management Cloudflare manages the entire SSL lifecycle for both SaaS providers and end users, requiring no ongoing effort by either party. Cloudflare SSL for SaaS Customer Branded Domain SSLSSL 1. Purchases SSL certificate from authority 2. Provisions and manages certificate for customer vanity domains 3. Automatically renews certificates for customer vanity domains Secure and Performant Website Secure the transmission of visitor data over HTTPS and offer end users the performance benefits of the HTTP/2 protocol, only available with SSL. https://support.customer.com
  11. 11. // SSL for SaaS Product Demo
  12. 12. Configure Using Cloudflare Dashboard
  13. 13. Configure Using Cloudflare Dashboard
  14. 14. Configure Using Cloudflare Dashboard
  15. 15. Configure Using Cloudflare API $ curl -X POST "https://api.cloudflare.com/client/v4/zones/[zoneid]/custom_hostnames" -H "X-Auth-Email: [email]” -H: “X-Auth-Key: [key]” -H "Content-Type: application/json" --data '{ hostname:"support.customer.com", ssl: { "method": "http", "type": "dv" } }’ HTTP/1.1 201 Created { id: "0d89c70d-ad9f-4843-b99f-6cc0252067e9", hostname:"support.customer.com", ssl: { id: "3d54c70d-0a96-1209-e6ba-821c70a505a1", method: "http", type: "dv" status: "initializing" } Initializing Pending Validation Pending Issuance Pending Deployment Active Demo link
  16. 16. // Summary of Benefits
  17. 17. Benefits of SSL for SaaS for End Customers Increased Performance Browsers must connect over TLS in order to advertise support for (and use) HTTP/2 and SPDY. With Cloudflare, these connections are terminated close to browsers, resulting in lower latency. No effort required With many providers, customers are on their own acquiring and uploading SSL certificates (and renewing when the certificate expires). With Cloudflare, there are no additional steps besides pointing their custom domain to the SaaS provider. Security and Privacy Without HTTPS, website operators have no guarantee that content is not being modified en route to visitors. HTTPS allows SaaS providers to protect the privacy of their users. Improved SEO Since August 2014, Google has given an SEO boost to sites that use HTTPS. Another factor in SEO (and conversions) is page load performance.
  18. 18. Easy and fast customer onboarding No additional work is required by your customers. Once the customer points their domain to you, Cloudflare handles the rest in 60-90 seconds. Benefits of SSL for SaaS for SaaS Providers Reduced risk related to private key handling Asking customers for their private keys can be risky, especially when these keys are used to issue wildcard certificates. Strict controls must be implemented to handle keys securely. Branded customer experiences Your customers have come to expect SSL for their custom domains, and look for this capability when selecting a SaaS provider. Protection of your shared infrastructure Attackers may not know (or care) they’re DDoS’ing your infrastructure that supports customers other than the target of their attack. Cloudflare protects your origin servers while reducing bandwidth costs.
  19. 19. // Resources ● Industry Solution Information: Cloudflare for SaaS Providers https://www.cloudflare/com/saas/ ● Technical Blog Posting: Introducing SSL for SaaS: A Brief Technical Overview https://blog.cloudflare.com/introducing-ssl-for-saas/ ● White Paper: A SaaS Provider Survival Guide: Performance, Security, and Encryption Essentials for Online Applications https://www.cloudflare.com/media/pdf/ssl-saas-white-paper.pdf
  20. 20. // Q&A

×