Often we think of the cloud as a series of choices involving lots of use of the word ‘or”. You can have cloud agility OR security. You can have the ease of cloud applications OR easy freedom to move. Given that I’ve heard “or” so many times in the past, it’s exciting to hear a vendor shouting an “and” message. CloudFlare is one of those vendors. CloudFlare is a vendor that promises to speed organizations’ websites up. The company offers a cloud content delivery network alongside distributed domain names. The upshot of all that geekery is that CloudFlare does the impossible – overcomes the limitations of physics to speed up the internet. CloudFlare acts as a proxy between the outside world and an organization’s website.
One of the issues around using the cloud however has been that of SSL keys. SSL keys are cryptographic keys that allow secure connections between a web server and a browser. To anyone transmitting confidential information, SSL (or secure socket layer to the uninitiated) is a non-negotiable requirement. The issue is that SSL security, and the requisite keys that go alongside it, make it hard to use the cloud. To utilize services like CloudFlare, organizations need to turn over their SSL keys to the third party cloud provider. For a lot of regulated industries that’s a complete no-go.
What CloudFlare is introducing today is Keyless SSL. Keyless SSL is a server-side security technology that allows sites to use cloud services for SSL-encrypted HTTPS traffic, without giving up custody of their private keys.Keyless SSL works because the private key is used only during initial connection setup. The connection establishes a “session key”, and then encrypts future communication traffic with that session key. Because the session key is short-lived and only protects one user’s communications, it is not as sensitive as the long-lived private key. It’s an elegant solution to a Catch-22 problem.
It’s a great solution and a pretty big deal for CloudFlare who gets to remove the last barrier that regulated organizations had to using their service. It looks like being something that CloudFlare will be able to leverage to further grow its business.