New top story on Hacker News: Ask HN: Why is there not more concern about the physical security of Cloudflare?
Ask HN: Why is there not more concern about the physical security of Cloudflare?
27 by dtquad | 23 comments on Hacker News.
Using Hetzner and Azure, we trust that our unencrypted in-memory data and business logic are housed in professional data centers with strong physical security measures. However, Cloudflare has built its Workers and serverless offerings on top of its Cache/CDN and anti-DDoS infrastructure, which operates out of questionable ISP and IXP colocation facilities in various jurisdictions with dubious standards. As an EU-based company, whenever we ask Cloudflare about the physical security of their edge locations, they consistently refer to encryption in transit and at rest—measures that do nothing to address threats like RAM interception or other physical security vulnerabilities in these questionable facilities. Moreover, when we raise these concerns, they attempt to upsell us on their Enterprise EU/FedRAMP offerings. Cloudflare has also deliberately restricted our ability to block non-Enterprise Workers, KV, and R2 from specific regions, leaving us with limited control over where our data is processed.
27 by dtquad | 23 comments on Hacker News.
Using Hetzner and Azure, we trust that our unencrypted in-memory data and business logic are housed in professional data centers with strong physical security measures. However, Cloudflare has built its Workers and serverless offerings on top of its Cache/CDN and anti-DDoS infrastructure, which operates out of questionable ISP and IXP colocation facilities in various jurisdictions with dubious standards. As an EU-based company, whenever we ask Cloudflare about the physical security of their edge locations, they consistently refer to encryption in transit and at rest—measures that do nothing to address threats like RAM interception or other physical security vulnerabilities in these questionable facilities. Moreover, when we raise these concerns, they attempt to upsell us on their Enterprise EU/FedRAMP offerings. Cloudflare has also deliberately restricted our ability to block non-Enterprise Workers, KV, and R2 from specific regions, leaving us with limited control over where our data is processed.
No comments