Cloudflare data localisation tools aim to keep data in-country and compliant with local laws
Cloudflare has taken the wraps off its Data Localisation Suite, which will allow its customers to control where data goes, and importantly, where it stays.
With countries around the world passing rules that citizen data not leave the country, and concerns of sensitive citizen data being vulnerable to laws of other nations thanks to offshore data stores, Cloudflare said its new tools will allow customers to set where data is encrypted, decrypted, and inspected, as well as in which geography the private keystore is held.
According to Cloudflare Australia chief Raymond Maisano, the way to solve the data sovereignty issue previously had been to have a data centre in that individual country -- which obviously is not economical for every business -- however that tends to lose the scaling benefits offered by the cloud.
"We're giving our customers the ability to manage privacy with technology, as opposed to by policy," Maisano told ZDNet.
"The great advantage of Cloudflare is we're in 200 points of presence around the world. We have facilities in so many of those countries, and this is really about giving our customers the tools to now be able to leverage those privacy controls and give them the ability to ... align to the government policy that states citizen data shouldn't leave."
The company already has the functionality to prevent data from transiting to a blocked list of countries, Maisano said, with Cloudflare now looking to offer finer controls than before to limit resources to a location based on a user interaction.
"It's taken us a while to be able to isolate those workloads ... It's ensuring that we're adhering to the government policy in the countries where we're operating," he said.
"Up until now, the policy piece has been handled in how we want to implement for the service that we have, and now we're actually deploying it for customers to be more broadly able to control that policy level."
In order to run its web firewall, Cloudflare said it needs to decrypt and inspect HTTPS traffic in its edge data centres to provide services such as DDoS protection, with customers now able to select where this happens.
Cloudflare added it was introducing its Edge Log Delivery service into early beta testing to allow customers to send logs directly to the point where they are processed, whether that is an on-premise server or a local cloud bucket.
"With this option, customers can still get their complete logs in their preferred region, without these logs first flowing through either our US or EU core data centres," the company said.
The company also said it was providing functionality to select where its workers would store durable objects.
"Durable objects provide globally consistent state and coordination to serverless applications running on the Cloudflare Workers platform," it said.
"Jurisdiction restrictions will make it possible for users to ensure that their durable objects do not store data or run outside of a given jurisdiction -- making it trivially simple to build applications that combine global
performance with local compliance. With automatic migration of durable objects, adapting to new rules will be as simple as adding a tag to a set of durable objects."
In October, the company released its free API Shield product for all its customers to protect APIs exposed to the internet.
Once configured for a server, the shield will deny all incoming connections if they don't provide a cryptographic certificate and key that the customer has generated.
A month earlier in September, Cloudflare teamed up with the Internet Archive to allow sites that use Cloudflare Always Online to have their pages automatically archived in the Wayback Machine.
When a site goes down, Cloudflare can retrieve the most recently archived version from Internet Archive so that a site's content can continue to be accessed by users.
According to Internet Archive, more than 468 billion web pages are available via the Wayback Machine to date.