I read blogs, as well as write one. The 'blogroll' on this site reproduces some posts from some of the people I enjoy reading. There are currently 51 posts from the blog 'CloudFlare.'
Disclaimer: Reproducing an article here need not necessarily imply agreement or endorsement!
During Impact Week, we've shared how Cloudflare is providing tools for our customers to minimize their environmental impact as well as what we, as a company, are doing to help society at large. But some critical stakeholders we haven’t talked much about yet are Cloudflare's more than 2,000 employees: who build our services, support and educate our customers, keep our finances in order, work through difficult policy issues, and empower us to accomplish everything we have.
Over the last year and a half, we've all challenged a lot of the assumptions about what it means to "work." Prior to the start of the pandemic, Cloudflare was very much a work-from-office culture. And so when, on March 13, 2020, we closed all our offices and asked everyone to work from home, the two of us were extremely nervous.
And then something unexpected happened: a lot of things got better.
As a company, productivity increased — when measured by our success selling our products, our pace of shipping new products, and even things like the time it takes for our finance team to close our books.
Other day-to-day things got better, too. We noticed a marked increase in participation in meetings by women, team members from whom English wasn't their first language, junior team members, and other traditionally underrepresented groups. It turns out, putting everyone in a Brady-bunch like box on a screen smooths out some of the other social cues that, when in-person, make some people less comfortable, willing, or able to fully participate.Virtually More Inclusive
It's not unreasonable to speculate that the increase in productivity was driven, in no small part, by the increase in overall participation by people who previously felt reluctant to do so. And this further aligned with job surveys that we conducted over the last year and a half which showed that while the things people wanted us to improve remained the same, overall satisfaction with jobs increased.
We also noticed that the diversity of the candidates that were applying to work for us increased as we allowed people to work remotely. We were now an option for people who did not live in, or could not move to, the cities we had offices in. At Cloudflare, we've always believed in having a diverse team. Not to look good in a government report, but because it's the right business strategy: more diverse teams win.
We all have different perspectives formed by our experiences that inherently give us insights and blind spots. If everyone on a team has the same insights and blind spots then there will be less unique and creative solutions proposed to whatever problems we face. Just as it’s important to have genetic diversity in a species, having diversity on every dimension in hiring makes us a stronger, more creative company. Prioritizing a diverse team is the right strategy if you're optimizing for innovation, like we are at Cloudflare.
But not everything got better when we switched to remote; some things definitely got worse. We're social creatures. We thrive through human interaction that is still difficult to replicate virtually. Even with improvements in video conferencing, online interactions still mute some of the social cues and make misunderstanding more likely. The osmosis for our team of learning by watching others is harder, especially for team members early in their career. And, unfortunately, for some the office is a refuge from difficult situations at home and so not having it as a place to get away can amplify those challenges.What We’ve Learned… So Far
So we've been thinking a lot about what the future of work looks like at Cloudflare and wanted to share publicly what we've been talking about for some time internally. Here are some things we think we know.
First, we don't know what the long term future of work will be like and so we've been hesitant to lay down broad proclamations. Instead, we expect that as we get past the pandemic and are able to work in-person safely again, we will do what Cloudflare has always done: run a number of experiments ourselves, watch what our peers are doing, and figure out what works for us. The one thing we feel pretty sure of is that wherever we start the experiment is highly unlikely to be exactly the place where we end up. The future of work won't be set in stone sometime in the coming months, but evolve over the coming years.
Second, no matter what, the future of work will be more flexible. There's no way we are putting the genie of remote work back in the bottle. Why would we want to if we've learned that we've been more productive and more satisfied with their jobs while we've been remote? Flexibility is the number one requested work benefit, and one of the silver linings of the pandemic for us has been that we ran a forced experiment that proved we could make it work.
Third, we are incredibly reluctant to impose arbitrary rules. Requiring team members to come in every Monday, Tuesday, and Thursday begs the question: why those days? Saying you need to come in if you're below a certain seniority level also seems weirdly arbitrary. Instead of rules, we're much more likely to start with general standards outlining what success as a member of the team at Cloudflare looks like and giving guidelines. We may need rules at some point, but we want to develop those rules over time based on what we learn.
Fourth, just opening offices and hoping for the best doesn't work. What we've seen ourselves, and confirmed with others, is that what makes working from an office great is getting to work side-by-side with your colleagues. But if Alyssa comes in on Monday, and Blake comes in on Tuesday, and Carlos comes in on Wednesday, and Deeksha comes in on Thursday, and Ellen comes in on Friday, and they all hoped that they would get to connect, then none of them has a good experience and none of them come in the following week. If in-person work is going to work, there needs to be some deliberate structure and planning.
Fifth, we believe more in carrots than sticks. We'd rather we create an environment where people want to come in than where they have to come in. Based on our internal surveys, about 10% of our team wants to come in every day. We want to make the environment such that 100% of our team wants to come in at least some days.
Sixth, a more flexible way of working will require a more flexible physical space. The base "lego brick" we used to design all our offices pre-pandemic was the 6-person conference room. And, while none of our offices started this way, they all evolved into a sea of white, adjustable desks in neat rows as we found spots for our growing team. That already feels anachronistic. We think we need to redesign spaces to accommodate teams coming together to collaborate as well as individuals looking for a quiet spot for heads-down work.
Seventh, mixed meetings suck. When some people are in-person and some people are virtual the experience is bad for everyone. Part of why we think the last year and a half has worked is because everyone is in the same boat. We believe part of the reason why hybrid work environments have traditionally not worked is because they, left to their own devices, will tend to devolve to an experience that's bad for everyone. The future of flexible work needs to acknowledge that most hybrid work experiments in the past haven’t worked.
Eighth, we're a very global company. We have team members in countries around the world and need to operate our business around the clock. One of the benefits of being fully remote over the last year and a half is that it made all our offices feel like they were on equal footing. That's something we believe is important for us to maintain.Navigating Through the Fog
So what's our plan? Again, we don't pretend to have all the answers. Instead, we expect that we'll start somewhere and experiment. So we're starting by being more flexible about where we hire people. We still believe that people will tend to cluster in hubs around cities where we have physical offices, but we are now open to hiring for nearly all of our roles in any location where we have a legal entity setup that allows us to hire.
We are tearing apart our offices in San Francisco and London to remake them into flexible work spaces. We're designing them to allow for teams of 10, 20, or 30 employees to get together and collaborate. We're also creating "Zoom villages" with one-person spaces and high quality AV equipment to let people jump on conference calls.
One of the few rules that we plan on starting with is that in meetings if any person is remote then everyone in the meeting is remote. We know that will create some awkward situations where some of our team will literally be sitting next to each other at desks talking on a video conference call. But we believe this is a rule worth having, in spite of our hesitation to impose strict rules, to help keep the playing field level for all our colleagues, wherever they're working.
We're going to rethink the purpose of the offices as spaces where teams can come together to collaborate. Internally, we're calling these "on-site off-sites" — though everyone agrees we need a better name. The idea being that teams can call an in-person meeting and reserve space in any of our offices to come together. We expect different teams will set different cadences of these meetings, but expect most people to have at least some time in an office at least once a quarter.
We're planning for what we've termed a “Czar of Serendipity” who will coordinate cross-group lunches and other activities to help facilitate teams who may not work directly together to have the opportunity if they want to meet colleagues they may not otherwise know. They'll also help arrange in-person speakers and other activities aligned with whatever teams or groups are physically in the office each week.
And we're hunting for carrots to encourage our team, and especially members who are earlier in their career, to come in. One we're working on is what we're calling Orange Card. We hope to turn every team member's ID into a charge card. The card will only activate after someone badges in for the day and will only work to purchase food at restaurants that are within a 10-minute walk from the office with pre-tax dollars.
It's in Cloudflare's interest to encourage people to come in physically to work. Across the industry, however, we think jobs that require in-person work will look increasingly anachronistic. We also believe that, rather than operating private cafeterias inside our own spaces, it's important for us to support local businesses near our offices — especially as so many of them were hit hard during COVID. If with Orange Card we can do this and find a way to let employees pay for lunches when they’re in the office at an effective discount, then it will check both boxes: giving employees a reason to come in and also supporting the local community.
We don’t know how many of these things will work, but it’s a sense of the experiments we intend to run as we try and find the future of work that works for our team.
In many ways we were fortunate that Cloudflare's product could be of specific help during an incredibly difficult time for the world. The superheros of the last year and a half have been the medical professionals and scientists who have taken care of the sick and looked for cures for this disease. But the Internet has been the faithful sidekick that has helped many continue to work, stay connected with loved ones, and keep ourselves entertained through this trying time. As one of the defenders of the Internet, our work at Cloudflare has been incredibly rewarding. We hope we can create a future of work that remains incredibly rewarding even long past the pandemic.
The thoughts above are just a starting place. We expect that we're going to learn a lot not only from our own experiments, but also from what we learn works (and doesn't work) at peer companies. We would have never tried this experiment in remote work but for the pandemic. Now, having realized that we can continue to execute in a more flexible work environment, we don't plan to forget the lessons we learned. We're hopeful that we, along with our peer companies, will continue to run experiments and, over time, develop a new future of work that is more flexible, more inclusive, and more productive.
Early in the life of most startups, there is a time of incredible hustle, creative problem solving, and making the impossible possible through out-of-the-box thinking and elbow grease. Grizzled veterans, who have lived through those days of running on coffee and shoestring budgets, look back on that time and fascinate the newcomers with war stories of back in the day, of adventures and first wins, when they kept the lights on by sheer force of will.
To help early stage startups get going, Cloudflare is giving away one year of the Startup Enterprise plan to all early stage startups in participating accelerator programs. That early stage time is special for product development, and entrepreneurs unlock worlds of possibilities when they have advanced tools on their hands, such as the power of the Cloudflare network.What’s included in the Startup Enterprise plan?
In addition to the core offerings in the Pro and Business plans (e.g., CDN, DNS, WAF, custom SSL cert, 50 page rules), when founders sign up for the Startup Enterprise plan they’ll get special access to:
- Cloudflare Workers: 50 million requests / month.
- Deploy serverless code instantly across the globe to give it exceptional performance, reliability, and scale.
- Cloudflare for Teams: 50 seats.
- Zero Trust security platform, unified network security as-a-service built natively into the Cloudflare network
- Cloudflare Stream: 500K min/month; 100K minutes storage.
- An affordable, scalable, on-demand video platform with simple, comprehensive APIs.
Additionally, when there are new Cloudflare products that are still in early access, participants on the Startup Enterprise plan can tell us about their use case for the product managers’ consideration for early access.What startups are eligible for the Startup Enterprise plan?
To be eligible for the Startup Enterprise plan, a startup must be currently enrolled in a participating accelerator program or be a recent graduate. Additional eligibility criteria will be listed on the vendor perk info page of the accelerator program.Get started
- If you are a founder in a participating accelerator program, find the Cloudflare perk from your program’s vendor perk page and follow the instructions there.
- If you are a founder in a program that is not yet a partner, drop us a line at email@example.com, or ask the folks who run the vendor perk program at your accelerator program to drop us a line at firstname.lastname@example.org.If you run or work for an accelerator program, or are friends with folks who do, do drop us a line at email@example.com. We’d love to make our tools available to your portfolio companies.
One theme we've prioritized this year at Cloudflare is how we can “level up” — level up service to our customers, level up the growth of our network, level up speed and creativity as we innovate.
In addition to our products and business, “leveling up” should also apply to the way Cloudflare gives back. Since our founding, giving back has been part of Cloudflare’s DNA, whether it’s through free services like Unmetered DDoS Mitigation or Universal SSL, giving gifts to the Internet every year during Birthday Week, or through free programs like Project Galileo that helps protect at-risk public interest organizations all over the world: for example, human rights activists and journalists. As the capabilities of our network continue to grow, we know there is more we can do. As we started to plan our first Impact Week, it seemed like the right time to figure out how we can level up how we give back to our communities.
To help us get there, I am excited to announce that Cloudflare is joining Pledge 1%. We're joining the more than 12,000 companies in 100 countries that are committed to making a tangible, positive impact in their communities. As part of Cloudflare's pledge to give 1%, we're committing to donate 1% of our products and 1% of our time to give back to our local communities as well as all the communities we support online around the world.Pledge 1%
Pledge 1% launched in 2014 with a mission to create a new normal where giving back is integrated into the foundation of companies at all stages of development, from startups to the Fortune 500. As part of the commitment, companies are encouraged to commit to donating to charitable causes one percent of any combination of their products, profits, time or equity.1% of Product
Part of Cloudflare's commitment to Pledge 1% will be to grow and expand our donated services programs. Donating free products and services is a part of Cloudflare's story. We started our company with the basic idea that high-end networking services like security, content delivery, and reliability features should be available for everyone.
In 2014 we launched Project Galileo with the simple idea that we could offer services to journalists and human rights activities around the world for free. Today, Cloudflare protects over 1,500 organizations in 111 countries, and has donated more than $8 million worth of services through that program alone. After the 2016 US election, we launched the Athenian Project to provide state and local governments with our highest level security and reliability services for free, to ensure voters would be able to access election and voter registration information. We now have 292 government entities across 30 states participating in the program, and just yesterday, we announced that the Athenian Project is now available globally.
This week, we also announced our newest program: Project Pangea. Pangea will help community networks for underserved populations, including those in rural and developing locations, connect to the Internet for free.
We think we are only scratching the surface of how we can leverage one of the world's fastest, most secure, most reliable networks to help underserved communities access and stay safe online. We're excited to partner with Pledge 1% and all the great companies that are participating in the movement to help move us forward.1% of Time
Maybe the most exciting part about Cloudflare joining Pledge 1% is our new commitment to give one percent of our team's time. To meet that goal, Cloudflare is now offering all employees three days additional annual leave to volunteer in their communities.
Volunteering is an important part of our culture at Cloudflare. Prior to COVID, our team could dedicate one week every year to local volunteer efforts, which we called Cloudflare Cares. Coordinated across many of our large office locations, we would dedicate each day for a full week volunteering at employee-nominated, local non-profit organizations. Our participation pivoted to virtual during COVID, and it's been incredible to see the impact one can make in their communities virtually, as well as in person. However, like a lot of folks, we are excited to return to in-person as soon as we are able to. We are looking forward to leveraging our 1% initiative to take Cloudflare Cares to a higher level of community engagement, around all of our global offices.
Although 1% of time is a significant investment — we expect this to net out at somewhere in the order of 70,000 hours of Cloudflarian time dedicated to this initiative next year — we think it has the potential to bring our teams closer together, to bring our offices closer to their communities, and attract active and engaged people to come join our team. It's a big part of our mission to help build a better Internet.Moving Forward
We're incredibly proud to be joining Pledge 1%. Their goals are consistent with Cloudflare’s goals, and their methods will help us live up to those values consistently and intentionally. We’ve always been excited to find ways to build products that give back to the world. It is also great to find ways for our team building those products to give back to their communities.
We're just getting started.
At Cloudflare, we have our eyes set on an ambitious goal: to help build a better Internet. Today the company runs one of the world’s largest networks that powers approximately 25 million Internet properties. This is made possible by our 1,900 team members around the world. We believe the key to achieving our potential is to build diverse teams and create an environment where everyone can do their best work.
That is why we place a lot of value on the importance of diversity, equity and inclusion. Diversity, equity, and inclusion lead to better outcomes through improved decision-making, more innovative teams, stronger financial returns and simply a better place to work for everyone.
To become more diverse, equitable, and inclusive, we believe it’s important to focus on communities within and around our company.Building internal communities at Cloudflare
At Cloudflare, like most workplaces, there are built-in communities: your direct team, your cross-functional partners and (because we take onboarding very seriously) your new hire class. These communities, especially the first two, are important to help you get your job done. But we want more than that for our team at Cloudflare. We believe that community builds connection and fosters a sense of belonging.
Because of that, we have supported the growth of over 16 Employee Resource Groups (ERG’s). We use the term ERG broadly at Cloudflare. We have many ERG’s focused on traditionally under-represented groups in tech: Afroflare (Black, African diaspora), Latinflare, and Womenflare; groups that have been historically marginalized: Proudflare (LGBTQIA+), Cloudflarents (parents and caregivers); as well as interest and affinity groups like Mindflare and Soberflare. To read more about all of our ERGs, visit our diversity, equity, and inclusion webpage or read about them on our blog. In addition to creating a community of support and belonging, our ERGs also work to enhance career development of their members and contribute to the development of a more inclusive culture at Cloudflare.Building the skills to build communities
We define an inclusive culture as one where everyone feels safe, welcome and respected with a sense of belonging. We do not leave this to chance. We make investments in training and programs to develop and deepen the skills needed to nurture and preserve inclusive communities at Cloudflare.
One of our earliest offerings was Ally Skills training. The aim of this workshop is to help build awareness of the types of behavior and language which can be harmful to inclusivity at Cloudflare, and teach simple, everyday ways to support people who are targets of systemic oppression. During the workshop, team members share strategies on how to act as allies and how to create a long-lasting, inclusive culture at Cloudflare. As the program was being rolled out, the management team did the workshop together and quickly realized these were not skills reserved for ‘allies’ but it was our expectation that this was how all of our team members treated each other. These were necessary skills to be successful at Cloudflare. As a result, we reworked some pieces of the workshop and renamed it: How We Work Together.
We have also partnered with Paradigm IQ and Included to create a three-part Unconscious Bias Education Program. These workshops are a mix of eLearning and facilitated workshops where we learn about how to help mitigate unconscious bias and make our company a more welcoming and inclusive place for everyone. tEQuitable is an additional comprehensive resource which helps us create a safe, inclusive, and equitable workplace. They provide an independent sounding board where our employees may confidentially raise a concern, access a just-in-time learning platform, and get advice from professional Ombuds. They also help us identify systemic workplace issues and provide us with actionable recommendations for how to improve our workplace culture. What we especially love about tEQuitable is that it’s all about empowering our employees with tools and resources to address issues that may be impacting them, or they may witness impacting others, so we all play an active role in maintaining and nurturing our culture.
One other program worth highlighting is our Week On: Learning and Inclusion. This program came as a response to the murder of George Floyd in the US at the end of May 2020. Our Afroflare global leaders suggested we use Juneteenth as a full-day of deep learning from external experts on topics ranging from the history of race and racism to the psychological impact of racism on people of color. In 2021, we expanded it from a one-day program to a week full of programming with topics ranging from antiracism keynotes, inclusive people management workshops and inclusive recruiting practices.Holding ourselves accountable to an inclusive culture
Increasing awareness and skill-building is valuable, but it is not enough. We also have to hold ourselves accountable by analyzing data, setting goals and measuring progress objectively. Each year we set company-wide goals around our diversity, and for the last few years we’ve added individual goals for managers — one focused on building a more diverse team, and one focused on building an inclusive team culture.
We also place a high value on behaviors at Cloudflare. This is imperative because we believe that culture is defined by the behaviors we reward. So in order to have a healthy and inclusive culture, we must reward the behaviors that promote and preserve that. We have defined these behaviors as our Cloudflare Capabilities.
We screen for these Capabilities during our interview process, and they are used in performance and promotion conversations. We hold ourselves accountable by using a very simple formula: Performance = results + behaviors. Equally weighted.Our Recruiting Efforts
Speaking of interviewing, hiring is an important part of our diversity story. We believe that diverse teams win, and we put in a lot of effort to build diverse teams across the company. We have many team members who took unconventional paths into tech, and we believe that makes us stronger as a company. In fact, many of our job descriptions read: We realize people do not fit into neat boxes. We are looking for curious and empathetic individuals who are committed to developing themselves and learning new skills, and we are ready to help you do that. We cannot complete our mission without building a diverse and inclusive team.
In addition to an inclusive and expansive mindset around hiring, we also have interviews dedicated specifically to fit against our Capabilities, as well as leveraging technology and tools to help identify great talent who help to increase the diversity of our teams.
We have also made investments in events and partnerships that help support our diversity recruiting efforts. In August 2016, Cloudflare was one of the first companies to partner with Path Forward when it first launched its program in California. [Fun fact: that’s how I learned about Cloudflare and became interested in working here]. In Singapore, we have a similar partnership with Mums@Work.
We also engage with organizations and participate in events that help us reach talent from underrepresented groups. We have sponsored and spoke on stage at events like Lesbians Who Tech and Grace Hopper, where our co-founder, President and COO, Michelle Zatlyn, delivered the keynote in 2020. We regularly attend events and conferences hosted by AfroTech, Women Who Code, Girls Who Code, TAPIA, NSN, and more.Engaging with external communities
Our ethos is to support and connect with external communities as well. Prior to the pandemic, when our offices were fully open and social and professional events were a thing, we regularly hosted external organizations to host events in our communal spaces. One example of such an organization is Wu Yee Children’s Services, a San Francisco Chinatown-based nonprofit that connects parents and caregivers to affordable childcare options, offers payment assistance to low-income families, and other family and community services. We were honored to host their orientation session. Another organization we hosted was Women Who Code SF. We regularly hosted their “ algorithm and interview prep” workshops, which helped women coders gain the skills they need to land good jobs in the tech industry. Unlike many of our tech company peers, we did not offer free lunch five days a week. It was important to us that our team members got out of the office and supported local businesses and restaurants. It is important that we do not isolate ourselves, but rather are part of a larger community.
We also believe in giving back to our local communities. Prior to COVID, Cloudflare dedicated one week every year to volunteer efforts. Coordinated across many of our large office locations, we would dedicate each day for a full week volunteering at employee-nominated, local non-profit organizations. Our participation pivoted to virtual during COVID, but we are anxious to return to in-person giving when we can.
While we are proud of these efforts, it is in using Cloudflare products and services for good that is truly special. Cloudflare’s mission to help build a better Internet means we are in a unique position to help vulnerable websites, applications and services be safer, faster and more reliable online.
A few to highlight:Project Galileo
Organizations working in the arts, human rights, civil society, journalism, or democracy, may apply for Project Galileo to get Cloudflare’s cybersecurity protection, for free. Since 2014, we’ve been leveraging our services to support vulnerable public interest web properties including, but are not limited to: minority rights organizations, human rights organizations, independent media outlets, arts groups, and democracy and voter protection programs.
Our support of one of these organizations has blossomed over the years. We are proud to announce our partnership with The Trevor Project. Founded in 1998 by the creators of the Academy Award®-winning short film TREVOR, The Trevor Project is the leading national organization providing crisis intervention and suicide prevention services to lesbian, gay, bisexual, transgender, queer & questioning (LGBTQ) young people under 25. We support the organization through monetary donations, a partnership with our LGBTQIA+ Employee Resource Group, Proudflare, and free Cloudflare services through our Project Galileo Program.
Since 2017, we have donated about $8 million in cybersecurity tools under Project Galileo.Athenian Project
Cloudflare launched the Athenian Project in 2017 to provide our highest level of cybersecurity services for free to state and local governments in the United States that run elections. The project is designed to protect these websites tied to elections including information related to voting and polling places, voter registration and sites that publish election results. And voter data from cyberattack, and keep them online. During the 2020 U.S. election, we worked closely with civil society and government agencies to share threat information that we saw targeted against these participants and protected more than 292 websites in 30 states, including the Missouri Secretary of State, Solano County in California and The Colorado Department of State.
In recognition that election security is a global issue, we recently announced our partnerships with the International Foundation for Electoral Systems, National Democratic Institute and International Republican Institute to extend our cybersecurity protections to election management bodies around the world, as well as organizations that support free and fair elections. We look forward to continuing our work to protect resources in the voting process and help build trust in democratic institutions around the world.Project Fairshot
Around the world, governments, hospitals, and pharmacies are struggling to distribute the COVID-19 vaccine. Technical limitations are causing vaccine registration sites to crash under the load of registrations. At Cloudflare, we want to help. Cloudflare's Waiting Room feature allows organizations with more demand for a resource — be it concert tickets, new edition sneakers, or vaccines — to allow individuals to queue and then allocate access. Waiting Rooms can be deployed in front of any existing registration website without requiring code changes. As we watched the world struggle to fairly and efficiently distribute the COVID-19 vaccine we wanted to lend our technologies and expertise to help. Under Project Fair Shot, Cloudflare is providing Waiting Room to any government agency, hospital, pharmacy, or other organization facilitating the distribution of the COVID-19 vaccine for free until anyone who wants to be vaccinated can be, until at least 31-December 2021.
We all need to work together to get past this incredibly difficult time worldwide and are humbled to have helped so many different organizations around the world such as the County of San Luis Obispo, Verto Health, and the Ministry of Health for the Republic of Latvia, and more!Why we are publishing our diversity data
At Cloudflare, we believe in being principled, curious and transparent. Publishing our diversity report is aligned with these values.
We are Principled: One of the Cloudflare Capabilities is “Do the Right Thing” — that includes long-term thinking about how we build an innovative and sustainable workforce. We have a fundamental belief that fairness is the right thing. We believe that equity is the right thing.
We are Curious: Creating a more diverse and sustainable workforce is hard work. We want to draw lessons from the things we try, and we want to learn from what others are trying. Sustainable communities is not a zero-sum game, and we believe we can all benefit as an active part of the broader community.
We believe in Transparency: For many years, we have been transparent with our team about our diversity data and our goals, and we have measured our progress regularly. Now we are taking the step to share publicly because we believe in accountability and accept the responsibility to build a diverse and sustainable workforce.
You can check out our Diversity, Equity, and Inclusion webpage with our diversity report here.
While there is always more work to be done, we are grateful for the empathetic and curious team that makes Cloudflare what it is today. Together, we are optimistic we can build a better — and more inclusive — Internet.
Over the past few days, as part of Cloudflare’s Impact Week, we’ve written about the work we’re doing to help build a greener Internet. We’re making bold climate commitments for our own network and facilities and introducing new capabilities that help customers understand and reduce their impact. And in addition to organization-level initiatives, we also recognize the importance of individual impact — which is why we’re excited to publicly introduce Greencloud, our sustainability-focused employee working group.What is Greencloud?
Greencloud is a coalition of Cloudflare employees who are passionate about the environment. Initially founded in 2019, we’re a cross-functional, global team with a few areas of focus:
- Awareness: Greencloud compiles and shares resources about environmental activism with each other and the broader organization. We believe that collective action — not just conscious consumerism, but also engagement in local policy and community movements — is critical to a more sustainable future, and that the ability to affect change starts with education. We’re also consistently inspired by the great work other folks in tech are doing in this space, and love sharing updates from peers that push us to do better within our own spheres of influence.
- Support: Our membership includes Cloudflare team members from across the org chart, which enables us to be helpful in supporting multidisciplinary projects led by functional teams within Cloudflare.
- Advocacy: We recognize the importance of both individual and organization-level action. We continue to challenge ourselves, each other and the broader organization to think about environmental impact in every decision we make as a company.
Our vision is to contribute on every level to addressing the climate crisis and creating a more sustainable future, helping Cloudflare become a clear leader in sustainable practices among tech companies. Moreover, we want to empower our colleagues to make more sustainable decisions in each of our individual lives.What has Greencloud done so far?
Since launching in 2019, Greencloud has created a space for conversation and idea generation around Cloudflare’s sustainability initiatives, many of which have been implemented across our organization. As a group, we’ve created content to educate ourselves and external audiences about a broad range of sustainability topics:
- Benchmarked Cloudflare’s sustainability practices against peer companies to understand our baseline and source ideas for improvement.
- Curated guides for colleagues on peer-reviewed content, product recommendations, and “low-hanging fruit” actions we all have the ability to take, such as choosing a sustainable 401k investment plan and using a paperless option for all employee documents.
- Hosted events such as sustainability-themed trivia/quiz nights to spark discussion and teach participants techniques for making more sustainable decisions in our own homes and lives.
In addition to creating “evergreen” resources and hosting events, Greencloud threw a special celebration for April 22, 2021 — the 51st global Earth Day. For the surrounding week, we hosted a series of events to engage our employees and community in sustainability education and actions.Greencloud TV Takeover
You can catch reruns of our Earth Week content on Cloudflare TV, covering a broad range of topics:
A chat with Michael Aylward, Head of Cloudflare's Network Partners Program and renewable energy expert, about the carbon footprint of Internet infrastructure. We explored how the Internet contributes to climate change and what tech companies, including Cloudflare, are doing to minimize this footprint.
An interview with Doug Kramer, Cloudflare's General Counsel, and Patrick Day, Cloudflare's Senior Policy Counsel, on the overlap between sustainability, tech, and public policy. We dove into how tech companies, including Cloudflare, are working with policymakers to build a more sustainable future.
Thursday: Cloudflare and the Climate
Francisco Ponce de León interviewed Sagar Aryal, the CTO of Plant for the Planet, an organization of young Climate Justice Ambassadors with the goal of planting one trillion trees. Plant for the Planet is a participant in Project Galileo, Cloudflare's program providing free protection for at-risk public interest groups.
In addition, Amy Bibeau, our Greencloud Places team lead, interviewed Cloudflare's Head Of Real Estate and Workplace Operations, Caroline Quick and LinkedIn's Dana Jennings, Senior Project Manager, Global Sustainability for a look into the opportunities and challenges around creating sustainable workplaces. Like most companies, Cloudflare is re-thinking what our workplace will look like post-COVID. Baking sustainability into those plans, and being a model for other companies, can be game changing.
Friday: Personal Impact & Trivia
A panel of Greencloud employees addressed the challenge of personal versus collective/system-level action and broke down some of the highest value actions we’re working on taking in our own lives.
Finally, Greencloud took over Cloudflare TV’s signature game show Silicon Valley Squares with Earth Day-themed questions!Get engaged
No one person, group, or organization working alone can save our planet — the degree of collective action required to reverse climate change is staggering, but we’re excited and inspired by the work that leaders across every industry are pitching in every day. We’d love for you and/or your organization to join us in this calling to create a more sustainable planet and tell us about your initiatives to exchange ideas.
Employee resource groups (ERGs) are important to a company’s success. They foster community and a sense of belonging, help drive organizational change, and improve the overall quality of an organization’s culture. Most importantly, they help organizations become more diverse, equitable, and inclusive. I’d love to share the history of ERGs at Cloudflare, as well as how they function and help influence the company.The history of ERGs at Cloudflare
When I joined Cloudflare in 2017, one of the first things I did was search “LGBTQ” in our company chat. A chat room of a dozen or so employees titled “LGBT at Cloudflare'' popped up. There was evidence of some historic chatter in the room, and it was clear some employees had gathered for drinks after work before. I immediately introduced myself to the group, and asked if they would be okay with me setting up a meet & greet event. We booked a conference room, ordered lunch, found an article to discuss, introduced ourselves, and collectively decided we wanted to continue hosting such events. In our second meeting, we decided we should make things official by deciding on a name. This was the birth of Proudflare, our employee resource group (ERG) for LGBTQIA+ employees and our allies, and the first official Cloudflare ERG. I was honored to serve as Proudflare’s first global leader.
Cloudflare employees have founded and advanced fifteen other ERGs since 2017. Afroflare, our ERG for people of the African Diaspora, was the next ERG to form, later in 2017. The most recent is Flarability, our accessibility ERG. All of our groups are focused on fostering community, celebrating diversity, supporting career development, and educating those around us, but serve different communities. We decided early on that if each ERG focuses on education, celebration, and inclusion, we’ll be successful in supporting our underrepresented communities and stimulating positive change at our company. We have come a long way and still have a lot of change to make, but I can safely say that we have definitely helped make Cloudflare more diverse, inclusive, and equitable.
Scroll down to read the mission statements of each of Cloudflare’s ERGs. You may also read more about our ERGs through blog posts they’ve published at Cloudflare.What is an ERG?
Our definition: At Cloudflare, ERGs are employee-led and company-supported groups of underrepresented and/or marginalized employees or groups of employees who are focused on key Corporate Social Responsibility initiatives. These employees join together in the workplace based on shared characteristics, life experiences, or initiatives. ERGs are generally based on creating a community of support and belonging, enhancing career development of their members, and contributing to the development of a more inclusive culture at Cloudflare.
ERGs are led by passionate volunteer employees who serve in roles as global leaders, regional leads, initiative leads, communications leads, and executive advocates. We ERG leaders agreed early on to support each other in our work, so we formed an Inclusion Council. This council is made up of all ERG leaders as well as Cloudflare’s inclusion workshop facilitators and serves as a steering committee in order to surface and incite feedback on diversity, equity, and inclusion (DEI) topics. We meet monthly, in rotating time zones so we may include leaders from all regions. Some of our most successful ERG partnership initiatives were forged in our Inclusion Council meetings between Womenflare and Afroflare, Asianflare and Desiflare, Mindflare and Proudflare, Latinflare and Afroflare, and more.
Most ERGs leverage executive advocates to help gain support from our senior executives and help those executives become more involved in DEI initiatives. Advocates meet regularly with ERG leaders, review company-wide or external-facing ERG communications, amplify the voices and visibility of ERGs through written communications and participation in events, and advocate for the ERG at the executive level. An example of a successful partnership between an Executive Advocate and an ERG is our CTO, John Graham-Cumming and Womenflare. John has held several meetings with Womenflare members to listen to their needs and experiences, share company decisions, and find ways to better advocate for the women of Cloudflare. He also meets with Womenflare’s leaders biweekly to help with major initiatives and any roadblocks to progress.How do ERGs impact organizations?
The most important function of an ERG is to create a sense of belonging and community amongst their members and allies through chat room conversations and regular connection opportunities. ERGs typically also produce initiatives around global education and celebration opportunities such as Women’s Empowerment Month, Black History Month, Hispanic Heritage Month, etc. These initiatives include DEI discussion events, company-wide presentations, company-wide emails, blog posts, social media campaigns, Cloudflare TV segments, publication of antiracism resources, spotlighting of underrepresented and marginalized employees, advising Cloudflare teams on decisions such as inclusive benefits package selection and accessible office space construction, and helping to promote inclusion education programs.
Through these connection opportunities and initiatives, ERGs influence the overall organization. They attract more allies and encourage them to take DEI actions, help educate employees on systemic barriers to DEI, and help make the workplace more inclusive and enjoyable for everyone. I see ERGs as impactful grass-roots movements within a company and I’ve witnessed their positive impact firsthand.
Thank you for reading about Cloudflare’s ERGs. Sixteen ERGs is a good number, but I’m really looking forward to supporting the foundation and growth of even more, and helping our existing ERGs flourish. If you are interested in starting an ERG at your company or learning more about ERG best practices, I encourage you to check out the Human Rights Campaign’s article, Establishing an Employee Resource Group.Cloudflare ERG mission statements:Afroflare
Our mission is to help build a better Global Afro-community at Cloudflare and beyond. We support each other's growth, share our community’s stories, and help to make Cloudflare a more diverse and inclusive company.Asianflare
We provide a supportive environment for all employees of Asian and Pacific Islander heritage, work to create more awareness of the struggles our community has faced and continues to face today, and celebrate our rich shared cultures.Cloudflarents
We provide community and resources for parents and families, and welcome allies, people who are interested in becoming a parent, or who are family-oriented.Desiflare
We foster networking and build a sense of community amongst Cloudflare employees using the rich South Asian culture as a platform to bring people together.Flarability
We curate and share resources about disabilities, provide a community space for those with disabilities and our allies to find support and thrive, and encourage and guide Cloudflare’s accessibility programs.Greencloud: Sustainability Group
Greencloud is a sustainability-focused working group made up of Cloudflare employees who are passionate about the environment and addressing the climate crisis.Judeoflare
We provide a forum for the Jewish people of Cloudflare where we support each other and celebrate our shared heritage.Latinflare
The mission of Latinflare is to help create a more diverse workplace, create a sense of community + belonging for Latinx employees, and connect with the communities where we work.Mindflare
We provide the Cloudflare community resources around mental health, as well as increase awareness and destigmatize mental health more broadly throughout our communities.Nativeflare
With a shared goal of education, we recognize the heritage and cultural presence of Native American employees at Cloudflare and illuminate the historical impact of policies and racism that continue to fuel prejudice and injustice, even to this day.Proudflare
Our mission is to Educate and Celebrate, Globally! We find ways to support and provide resources for the LGBTQIA+ community and make sure that the Cloudflare community is a welcoming, inclusive place for all.Soberflare
Ensure the Cloudflare community is welcoming and inclusive to those abstaining from alcohol and/or drug use by increasing awareness and destigmatizing the decision to choose sobriety.Vetflare
We encourage the recruitment and retention of veterans of military service from any military around the world. We also provide a supportive environment and community space for those who have served to network.Women in Engineering
Our mission is supporting women's professional development and success within Cloudflare.Women in Sales
Our mission is to provide community experience and resources to help women in our sales organization to grow professionally and support each other collectively.Womenflare
Womenflare's mission is to create a community where all who identify as women feel supported and represented at Cloudflare.
Over the course of the past few years, we’ve seen a wide variety of different kinds of online threats to democratically-held elections around the world. These threats range from attempts to restrict the availability of information, to efforts to control the dialogue around elections, to full disruptions of the voting process.
Some countries have shut down the Internet completely during elections. In 2020, Access Now’s #KeepItOn Campaign reported at least 155 Internet shutdowns in 29 countries such as Togo, Republic of the Congo, Niger and Benin. In 2021, Uganda's government ordered the "Suspension Of The Operation Of Internet Gateways" the day before the country's general election.
Even outside a full Internet shutdown, election reporting and registration websites can face attacks from other nations and from parties seeking to disrupt the administration of the election or undermine trust in the electoral process. These cyberattacks target not only electronic voting or election technologies, but access to information and communications tools such as voter registration and websites that host election results. In 2014, a series of cyberattacks including DDoS, malware and phishing attacks were launched against Ukraine’s Central Election Commission ahead of the presidential election. These sophisticated attacks attempted to infiltrate the internal voting system and spread malware to deliver fake election results. Similar attacks were seen again in 2019 as Ukraine accused Russia of launching a DDoS attack against the CEC a month before the presidential election. These types of attacks that target electoral management agencies’ communication tools and public facing websites have been on the rise in countries ranging from Indonesia, North Macedonia, Georgia, and Estonia.
Three and a half years ago, Cloudflare launched the Athenian Project to provide free Enterprise level services to state and local election websites in the United States. Through this project we have protected over 292 websites with information about voter registration, voting and polling places, as well as sites publishing final results across 30 states at no cost to the entities administering them. However, due to the growing trend of cyberattacks targeting election infrastructure, election security is not a US-specific issue, and since we launched the Athenian Project in the United States many people have asked: why don’t you extend these cybersecurity protections to election entities around the world?Challenges, Solutions and Partnerships
The short answer is we weren’t entirely sure whether Cloudflare, a US based company, could provide a free set of upgraded security services to foreign election entities. Cloudflare is a global company with 16 offices around the world and a global network that spans over 100 countries to provide security and performance tools. We are proud to create new and innovative products to enhance user privacy and security, but understanding the intricacies of local elections, the regulatory environment, and political players is complicated, to say the least.
When we started the Athenian Project in 2017, we understood the environment and gaps in coverage for state and local governments in the United States. The United States has a decentralized election administrative system, which means that local election administrators may conduct elections differently in every state. Because of the funding challenges that come with a decentralized system, state and local governments in all 50 states could benefit from free Enterprise-level services. Fast-forward to more than three years after we launched the project, we have learned a great deal about what types of threats election entities face, what products election entities need for securing their web infrastructure, and how to build trust with state and local governments in need of these types of protections.
As the Athenian Project and Cloudflare for Campaigns grew in the United States, we received inquiries from foreign election bodies, political parties and campaigns on whether they were eligible for protection under one of these projects. We turned to our Project Galileo partners for their advice and guidance.
Under Project Galileo, we partner with more than 40 civil society organizations to protect a range of sensitive players on the Internet including human rights organizations, journalism and independent media, and organizations that focus on strengthening democracy in 111 countries. Many of these civil society partners work on election-related matters such as capacity building, strengthening democratic institutions, supporting civil society organizations to equipping these groups with the tools they need to be safe and secure online. These partners, many of whom have local representatives on the ground, understand the intricacies of the election landscape and delicate nature of trust building between local election administrations, political parties and organizations with personnel directly on the ground in many of these regions to provide direct support and expertise when it comes to safeguarding elections.
After many discussions and years in the making, we are excited to announce our collaboration with The International Foundation for Electoral Systems, National Democratic Institute, the International Republican Institute and to provide free Enterprise Cloudflare services to groups working on election reporting and to election management agencies to provide the tools, resources and expertise to help them stay online in the face of large scale cyber attacks.Partnership with International Foundation for Electoral Systems
As we work with civil society organizations on issues in the election space and extending protections outside the United States, we frequently heard organizations bring up IFES, the International Foundation for Electoral Systems, due to their expertise in promoting and protecting democracy. The International Foundation for Electoral Systems is a nonpartisan, nonprofit organization that has worked in more than 145 countries, from developing to mature democracies.
Founded in 1987, IFES’ work in promoting democracy and genuine elections has evolved to meet the challenges of today and tomorrow. IFES offers research, innovation and technical assistance to support democratic elections, human rights, combat corruption, promote equal political participation, and ensure that information and technology advance, not undermine, democracy and elections.
One of the many reasons we wanted to work with IFES on expanding our election offering was due to the organizations’ unique position in terms of technical expertise, understanding of the political landscapes in which they operate, and fundamental knowledge of the types of protections these election management bodies (EMBs) need in preparing and conducting elections. Building trust in the election space is critical when providing support to EMBs. Due to years of hard work from IFES assisting with the implementation of election operations as well as direct assistance to support democratic developments, and the trust IFES has correspondingly developed with EMBs, they were a logical partner.
IFES’ Center for Technology & Democracy, in collaboration with IFES program teams worldwide, provides cybersecurity and ICT assistance to EMBs and civil society organizations (CSOs). IFES uses leading cybersecurity and ICT practices and standards incorporated into its Holistic Exposure and Adaptation Testing (HEAT) methodology with the aim of increasing EMBs and CSOs digital transformation while mitigating associated risks.“Cloudflare has played an integral role in helping EMBs and CSOs protect their websites, prevent website defacement, and ensure that they are accessible during peak traffic spikes. This has allowed EMBs and CSOs to build internal and external stakeholder confidence while gaining access and building local capacity on cutting-edge cybersecurity solutions and good practices.”
— Stephen Boyce, Senior Global Election Technology & Cybersecurity Advisor at IFES.
As part of the partnership with IFES, Cloudflare provides its highest level of services to EMBs working with IFES and equips them with the cybersecurity tools for their web infrastructure and internal teams to promote electoral integrity and stronger democracies. Along with cybersecurity tools, Cloudflare will work closely with IFES on training and direct assistance to these election bodies, so they have the knowledge and expertise to conduct a free, fair, and safe elections. In the past, Cloudflare has worked with IFES to provide services in support of elections in Georgia, and we look forward to extending these protections to other EMBs in the future.Partnership with National Democratic Institute, the International Republican Institute and the Design 4 Democracy Coalition
The National Democratic Institute and The International Republican Institute are two of the many Project Galileo partners that we have worked with to provide cybersecurity tools to organizations that work building and strengthening democratic institutions and increasing civic participation all around the world. As we worked together on Project Galileo, our conversations often focused on the best way to extend these types of security tools to groups in the election space.
Cloudflare is excited to announce that we are partnering with the National Democractic Institute (NDI), the International Republican Institute (IRI) and the Design 4 Democracy Coalition (D4D) to expand our election support efforts. Through this initiative, Cloudflare will provide free service to vulnerable groups working on elections, as identified by NDI and IRI. Our combined expertise in cybersecurity and elections administration will enable us to be mutually beneficial in navigating this space. As part of protecting a new set of election groups, Cloudflare will work with NDI and IRI to understand the global threats faced by democratic election institutions.“Elections are being undermined by a wide range of malign actors. Through our partnership with Cloudflare, IRI has been able to ensure that the civil society and independent media organizations we support globally are able to defend themselves against cyber attacks and massive increases in web traffic - keeping them safe and online at the most critical moments for democratic integrity. We are excited to be working with Cloudflare, NDI, and the D4D Coalition to expand those offerings to election management bodies, political parties, and political campaigns - a critical step toward ensuring that political competition is fought in the sphere of policy and governance delivery, and not through information and cyber warfare.”
— Amy Studdart, Senior Advisor for Digital Democracy, Center for Global Impact at the International Republican Institute.
As part of our new initiative, when Cloudflare tests new products which would be particularly useful for election groups we will work with NDI, IRI and D4D to encourage these groups to adopt the new services. This might include passing along information and documentation on how to deploy them, offering webinars, and providing other specialized support. Piloting new products with this audience will also provide us with the opportunity to learn about needs and pain points for these groups.“Safe, reliable access to the internet is fundamental to a free, open, and democratic electoral process in the modern era. Cloudflare’s sophisticated protections against various forms of cyberattack have provided invaluable support to at-risk campaigns and civic organizations through NDI and the D4D Coalition. This new initiative will go further to supporting one of the most fundamental of human rights: the vote.”
— Chris Doten, Chief Innovation Officer at the National Democratic Institute. Extending Protection to State Parties in the United States with Defending Digital Campaigns
We didn’t forget our friends in the United States. I am excited to announce that we are extending our support to provide a suite of Cloudflare products to eligible state parties in the United States with our partnership with Defending Digital Campaigns (DDC). In January 2020, we announced our partnership with Defending Digital Campaigns, a nonprofit, nonpartisan organization that provides access to cybersecurity products, services, and information to eligible federal campaigns.
We have reported on the regulatory challenges of providing free or discounted services to political campaigns in the past. Due to campaign finance regulations in the United States, private corporations are prohibited from providing any contributions of either money or services to federal candidates or political party organizations. We partnered with DDC, who was granted special permission by the Federal Election Commission to provide eligible federal campaigns with free or reduced-cost cybersecurity services due to the enhanced threat of foreign cyberattacks against party and candidate committees.
Since the start of our partnership, we have provided products to protect Presidential, Senate and House campaigns with tools like DDoS protection, web application firewall, SSL encryption, and bot protection. We have also offered campaigns cybersecurity tools to protect their internal networks, offering Cloudflare Access and Gateway to more than 75 campaigns in the 2020 U.S. election.
After the 2020 U.S. election, DDC extended their offering to protect state parties in select states.
“One of DDC’s core recommendations for any campaign or an organization like a State Party is protecting their websites from attacks or defacements,” said Michael Kaiser, President and CEO of Defending Digital Campaigns. “Our partnership with Cloudflare is critical to bringing this core protection to eligible entities and protecting our democracy.”
We are excited to be furthering our partnership with Defendering Digital Campaigns to provide our free suite of services to eligible state parties to better secure themselves from cyber attacks.
For more information on eligibility for these services under DDC and the next steps, please visit cloudflare.com/campaigns/usa.To the future…
Recognizing the global nature of cyberthreats targeting election-related technologies, we are excited to be working with these groups to help players in the election space stay secure online. In addition to the goals already laid out, Cloudflare intends to build on these partnerships in the future. Eventually, we hope to assist with each of these partners’ programs as mentors and trainers, perhaps directly participating in assessments and training around critical elections. These groups' expertise makes them fantastic partners in this space, and we look forward to the opportunity to expand our work with their guidance.
Over the past few years, we’ve seen an increasing use of Internet shutdowns and cyberattacks that restrict the availability of information in communities around the world. In 2020, Access Now’s #KeepItOn coalition documented at least 155 Internet shutdowns in 29 countries. During the same period, Cloudflare witnessed a five-fold increase in cyberattacks against the human rights, journalism, and non-profit websites that benefit from the protection of Project Galileo.
These disruptive measures, which put up barriers to those looking to use the Internet to express themselves, earn a livelihood, gather and disseminate information, and participate in public life, affect the lives of millions of people around the world.
As described by the UN Human Rights Council (UNHRC), the Internet is not only a key means by which individuals exercise their rights to freedom of opinion and expression, it “facilitates the realization of a range of other human rights” including “economic, social and cultural rights, such as the right to education and the right to take part in cultural life and to enjoy the benefits of scientific progress and its applications, as well as civil and political rights, such as the rights to freedom of association and assembly.” The effect of Internet disruptions are particularly profound during elections, as they disrupt the dissemination and sharing of information about electoral contests and undermine the integrity of the democratic process.
At Cloudflare, we’ve spent time talking to human rights defenders who push back on governments that shut down the Internet to stifle dissent, and on those who help encourage fair, democratic elections around the world. Although we’ve long protected those defenders from cyberattacks with programs like Project Galileo, we thought we could do more. That is why today, we are announcing new programs to help our civil society partners track and document Internet shutdowns and protect democratic elections around the world from cyberattacks.Radar Alerts
Internet shutdowns intended to prevent or disrupt access to or dissemination of information online are widely condemned, and have been described as “measures that can never be justified under human rights law.” Nonetheless, the UN Special Rapporteur on the rights to freedom of peaceful assembly and of association recently reported that Internet shutdowns have increased in length, scale, and sophistication, and have become increasingly challenging to detect. From January 2019 through May 2021, the #KeepItOn coalition documented at least 79 incidents of protest-related shutdowns, including in the context of elections.
Cloudflare runs one of the world’s largest networks, with data centers in more than 100 countries worldwide and one billion unique IP addresses connecting to Cloudflare’s network. That global network gives us exceptional visibility into Internet traffic patterns, including the variations in traffic that signal network anomalies. To help provide insight to these Internet trends, Cloudflare launched Radar in 2020, a platform that helps anyone see how the Internet is being used around the globe. In Radar one can visually identify significant drops in traffic, typically associated with an Internet shutdown, but these trend graphs are most helpful when one is already looking for something specific.Radar chart for Internet Traffic in Uganda, showing a significant change for January 13-15
Internally Cloudflare has had an alert system for potential Internet disruptions, that we use as an early warning to shifts in network patterns and incidents. This internal system allows us to see these disruptions in real-time, and after many conversations with civil society groups that track and report these shutdowns, such as The Carter Center, the International Foundation for Electoral Systems, Internet Society, Internews, The National Democratic Institute and Access Now, it was clear that they would benefit from such a system, fine-tuned to report Internet traffic drops quickly and reliably. We then built an additional validation layer and a notification system that sends notifications through various channels, including e-mail and social media.“In the fight to end internet shutdowns, our community needs accurate reports on internet disruptions at a global scale. When leading companies like Cloudflare share their data and insights, we can make more timely interventions. Together with civil society, Cloudflare will help #KeepItOn.”
— Peter Micek, General Counsel, Access Now“Internet shutdowns undermine election integrity by restricting the right of access to information and freedom of expression. When shutdowns are enacted, reports of their occurrence are often anecdotal, piecemeal, and difficult to substantiate. Radar Alerts provide The Carter Center with real-time information about the occurrence, breadth, and impact of shutdowns on an election process. This information enables The Carter Center to issue evidence-backed statements to substantiate harms to election integrity and demand the restoration of fundamental human rights.”
— Michael Baldassaro, Senior Advisor, Digital Threats to Democracy at The Carter Center. “Internet censorship, throttling and shutdowns are threats to an open Internet and to the ability of people to access and produce trustworthy information. Internews is excited to see Cloudflare share its data to help raise the visibility of shutdowns around the world.”
— Jon Camfield, Director of Global Technological Strategy, Internews
Now, as we detect these drops in traffic, we may still not have the expertise, backstory or sense of what is happening on the ground when this occurs — at least not in as much detail as our partners. We are excited to be working with these organizations to provide alerts on when Cloudflare has detected significant drops in traffic with the hope that the information is used to document, track and hold institutions accountable for these human rights violations.
If you are an organization that tracks and reports on Internet shutdowns and would like to join the private beta, please contact firstname.lastname@example.org and follow the Cloudflare Radar alert Twitter page.
Last year, we announced our commitment to the UN Guiding Principles on Business and Human Rights, and our partnership with Global Network Initiative (GNI). As part of that announcement, Cloudflare committed to developing a human rights policy in order to ensure that the responsibility to respect human rights is embedded throughout our business functions. We spent much of the last year talking to those inside and outside the company about what a policy should look like, the company’s expectations for human rights-respecting behavior, and how to identify activities that might affect human rights.
Today, we are releasing our first human rights policy. The policy sets out our commitments and the way we implement them.Why would Cloudflare develop a human rights policy?
Cloudflare’s mission — to help build a better Internet — reflects a long-standing belief that we can help make the Internet better for everyone. We believe that everyone should have access to an Internet that is faster, more reliable, more private, and more secure. To earn our customers’ trust, we also strive to live up to our core values of being principled, curious, and transparent. The actions that we have taken over the years reflect our mission and values.
From introducing Universal SSL so that every Cloudflare customer would be able to easily secure their sites, to developing protocols to encrypt DNS and SNI in order to protect the privacy of metadata, we’ve taken steps to make the Internet more private. We’ve sought to rid the world of the scourge of DDoS attacks with free, unmetered DDoS mitigation, and consistently strive to make beneficial new technologies available to more people, more quickly and less expensively. We’ve been transparent about our actions and our activities, publicly documenting the requests we get from governments, the difficult choices we face, and the mistakes we sometimes make. We’ve tried to think about the way products can be abused, and provide mechanisms for addressing those concerns. We’ve launched projects like Project Galileo, the Athenian Project, Cloudflare for Campaigns, and Project Fair Shot to make sure that vulnerable populations who need extra security or resources can get them for free.
Although being thoughtful about the ways the company’s actions affect people and the Internet at large is part of Cloudflare’s DNA, as we grow as a company it is critical to have frameworks that help us more thoroughly and systematically evaluate the risks posed by our activities to people and communities. The United Nations Guiding Principles on Business and Human Rights (UNGPs) were designed to provide businesses with exactly that type of guidance.UN Guiding Principles on Business and Human Rights
The UNGPs, unanimously endorsed by the UN Human Rights Council in 2011, are based on a framework developed by Harvard Professor John Ruggie, distinguishing the state responsibility to protect human rights from the business responsibility to respect human rights. The responsibility to respect human rights means that businesses should avoid infringing on the human rights of others and should address adverse human rights impacts with which they are involved. The UNGPs also expect companies to develop grievance mechanisms for individuals or communities adversely impacted by their activities.
So what are human rights? The idea, enshrined in the Universal Declaration of Human Rights that was adopted by the UN General Assembly in 1948, is that we all have certain rights, independent of any state, that are universal and inalienable. As described by the UN Human Rights Office of the High Commissioner, these rights “range from the most fundamental — the right to life — to those that make life worth living, such as the rights to food, education, work, health and liberty.” These interdependent rights must not be taken away except in specific and well-defined situations and according to due process.
Companies comply with their responsibility to respect human rights by stating their commitment to human rights, and by developing policies and processes to identify, prevent and mitigate the risk of causing or contributing to human rights harm. Consistent with the UNGPs, these policies typically require companies to conduct human rights due diligence to consider whether their business activities will cause or contribute to harm, to find ways to reduce the risk of any potential harms that are identified, and to remediate harms that have occurred. Companies are expected to prioritize addressing severe harms — meaning harms of significant scope or scale or harms that cannot be easily remedied — that are most at risk from the company’s activities.Developing Cloudflare’s Human Rights Policy
To develop our human rights policy, we’ve had conversations both within the company, so that we could better understand the scope of Cloudflare activities that might affect human rights, and with human rights experts outside the company.
From an internal standpoint, we realized that, because of our company culture and values, we had been talking for years about the aspects of the company’s business that could have significant implications for people, although we rarely framed our discussions through a human rights lens. Our goal in developing a policy was therefore to build on the good work that had already been done, and fill in additional gaps as necessary.
On the external expert side, the last few years have brought increasing recognition of the challenges and importance of applying human rights frameworks to digital technologies. In 2017, the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression prepared a report looking at the way certain actors in the technology sector, including content delivery networks, implicate freedom of expression. That report emphasized the importance of private actors as a “bulwark against government and private overreach” and specifically described content delivery networks as being “strategically positioned on the Internet infrastructure to counter malicious attacks that disrupt access.” The report provided recommendations on conducting due diligence, incorporating human rights safeguards like reducing the collection of information by design, engaging with stakeholders, and improving transparency, among other things.
Recognizing the significance of technology for human rights, the UN Office of the High Commissioner on Human Rights launched the B-Tech project in 2019 to develop practical guidance and recommendations on the UNGPs for companies operating in the tech sector. Cloudflare has benefited from participating in regular working groups with other companies in the ICT space through both the B-Tech project and through GNI on how to apply and advance the UN guiding principles, including sharing best practices and policies among similar companies. We also engage with our Project Galileo partners to discuss topical human rights issues, and how Cloudflare can apply its human rights policy to specific situations.
Cloudflare’s human rights policy is the first step in turning those discussions into something concrete. The policy formally states our commitment to the UNGPs and provides additional details on how we plan to implement our commitments. We will continue to refine this policy over time, and seek input on how to improve it.What’s next?
Building a human rights program is a dynamic process, and we anticipate that our policies will continue to grow and change. We look forward to continuing to learn from experts, engage with Cloudflare’s stakeholders, and refine our assessment of our salient human rights issues. A better Internet is one built on respect for human rights.
Cloudflare recognizes privacy in personal data as a fundamental human right and has taken a number of steps, including certifying to international standards, to demonstrate our commitment to privacy.
Privacy has long been recognized as a fundamental human right. The United Nations included a right to privacy in its 1948 Universal Declaration of Human Rights (Article 12) and in the 1976 International Covenant on Civil and Political Rights (Article 17). A number of other jurisdiction-specific laws and treaties also recognize privacy as a fundamental right.
Cloudflare shares the belief that privacy is a fundamental right. We believe that our mission to help build a better Internet means building a privacy-respecting Internet, so people don’t feel they have to sacrifice their personal information — where they live, their ages and interests, their shopping habits, or their religious or political beliefs — in order to navigate the online world.
But talk is cheap. Anyone can say they value privacy. We show it. We demonstrate our commitment to privacy not only in the products and services we build and the way we run our privacy program, but also in the examinations we perform of our processes and products to ensure they work the way we say they do.Certifying to International Privacy and Security Standards
Cloudflare has a multi-faceted privacy program that incorporates critical privacy principles such as being transparent about our privacy practices, practicing privacy by design when we build our products and services, using the minimum amount of personal data necessary for our services to work, and only processing personal data for the purposes specified. We were able to demonstrate our holistic approach to privacy when, earlier this year, Cloudflare became one of the first organizations in our industry to certify to a new international privacy standard for protecting and managing the processing of personal data — ISO/IEC 27701:2019.
This standard took the concepts in global data protection laws like the EU’s watershed General Data Protection Regulation (“GDPR”) and adapted them into an international standard for how to manage privacy. This certification provides assurance to our customers that a third party has independently verified that Cloudflare’s privacy program meets GDPR-aligned industry standards. Having this certification helps our customers have confidence in the way we handle and protect our customer information, as both processor and controller of personal information.
The standard contains 31 controls identified for organizations that are personal data controllers, and 18 additional controls identified for organizations that are personal data processors. The controls are essentially a set of best practices that data controllers and processors must meet in terms of data handling practices and transparency about those practices, documenting a legal basis for processing and for transfer of data to third countries (outside the EU), and handling data subject rights, among others.
For example, the standard requires that an organization maintain policies and document specific procedures related to the international transfer of personal data.
Cloudflare has implemented this requirement by maintaining an internal policy restricting the transfer of personal data between jurisdictions unless that transfer meets defined criteria. Customers, whether free or paid, enter into a standard Data Processing Addendum with Cloudflare which is available on the Cloudflare Customer Dashboard and which sets out the restrictions we must adhere to when processing personal data on behalf of customers, including when transferring personal data between jurisdictions. Additionally, Cloudflare publishes a list of sub-processors that we may use when processing personal data, and in which countries or jurisdictions that processing may take place.
The standard also requires that organizations should maintain documented personal data minimization objectives, including what mechanisms are used to meet those objectives.Personal data minimization objective
We’re also proud to have developed a Privacy by Design policy, which rigorously sets out the high-standards and evaluations that must be undertaken if products and services are to collect and process personal data. We use these mechanisms to ensure our collection and use of personal data is limited and transparently documented.
Demonstrating our adherence to laws and policies designed to protect the privacy of personal information is only one way to show how we value the people’s right to privacy. Another critical element of our privacy approach is the high level of security we apply to the data on our systems in order to keep that data private. We’ve demonstrated our commitment to data security through a number of certifications:
- ISO 27001:2013: This is an industry-wide accepted information security certification that focuses on the implementation of an Information Security Management System (ISMS) and security risk management processes. Cloudflare has been ISO 27001 certified since 2019.
- SOC 2 Type II: Cloudflare has undertaken the AICPA SOC 2 Type II certification to attest that Security, Confidentiality, and Availability controls are in place in accordance with the AICPA Trust Service Criteria. Cloudflare's SOC 2 Type II report covers security, confidentiality, and availability controls to protect customer data.
- PCI DSS 3.2.1: Cloudflare maintains PCI DSS Level 1 compliance and has been PCI compliant since 2014. Cloudflare's Web Application Firewall (WAF), Cloudflare Access, Content Delivery Network (CDN), and Time Service are PCI compliant solutions. Cloudflare is audited annually by a third-party Qualified Security Assessor (QSA).
- BSI Qualification: Cloudflare has been recognized by the German government's Federal Office for Information Security as a qualified provider of DDoS mitigation services.
More information about these certifications is available on our Certifications and compliance resources page.
In addition, we are continuing to look for other opportunities to demonstrate our compliance with data privacy best practices. For example, we are following the European Union’s approval of the first official GDPR codes of conduct in May 2021, and we are considering other privacy standards, such as the ISO 27018 cloud privacy certification.Building Tools to Deliver Privacy
We think one of the most impactful ways we can respect people’s privacy is by not collecting or processing unnecessary personal data in the first place. We not only build our own network with this principle in mind, but we also believe in empowering individuals and entities of all sizes with technological tools to easily build privacy-respecting applications and minimize the amount of personal information transiting the Internet.
One such tool is our 188.8.131.52 public DNS resolver — the Internet's fastest, privacy-first public DNS resolver. When we launched our 184.108.40.206 resolver, we committed that we would not retain any personal data about requests made using our 220.127.116.11 resolver. And because we baked anonymization best practices into the 18.104.22.168 resolver when we built it, we were able to demonstrate that we didn’t have any personal data to sell when we asked independent accountants to conduct a privacy examination of the 22.214.171.124 resolver. While we haven’t made changes to how the product works since then, if we ever do so in the future, we’ll go back and commission another examination to demonstrate that when someone uses our public resolver, we can’t tell who is visiting any given website.
In addition to our 126.96.36.199 resolver, we’ve built a number of other privacy-enhancing technologies, such as:
- Cloudflare’s Web Analytics, which does not use any client-side state, such as cookies or localStorage, to collect usage metrics, and never ‘fingerprints’ individual users.
- Supporting Oblivious DoH (ODoH), a proposed DNS standard — co-authored by engineers from Cloudflare, Apple, and Fastly — that separates IP addresses from DNS queries, so that no single entity can see both at the same time. In other words, ODoH means, for example, that no single entity can see that IP address 198.51.100.28 sent an access request to the website example.com.
- Universal SSL (now called Transport Layer Security), which we made available to all of our customers, paying and free. Supporting SSL means that we support encrypting the content of web pages, which had previously been sent as plain text over the Internet. It’s like sending your private, personal information in a locked box instead of on a postcard.
Cloudflare’s subscription-based business model has always been about offering an incredible suite of products that help make the Internet faster, more efficient, more secure, and more private for our users. Our business model has never been about selling users’ data or tracking individuals as they go about their digital lives. We don’t think people should have to trade their private information just to get access to Internet applications. We work every day to earn and maintain our users’ trust by respecting their right to privacy in their personal data as it transits our network, and by being transparent about how we handle and secure that data. You can find out more about the policies, privacy-enhancing technologies, and certifications that help us earn that trust by visiting the Cloudflare Trust Hub at www.cloudflare.com/trust-hub.
 The GDPR defines a “data controller” as the “natural or legal person (...) or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”; and a “data processor” as “a natural or legal person (...) which processes personal data on behalf of the controller.”
In February 2021, Cloudflare launched Project Fair Shot — a program that gave our Waiting Room product free of charge to any government, municipality, private/public business, or anyone responsible for the scheduling and/or dissemination of the COVID-19 vaccine.
By having our Waiting Room technology in front of the vaccine scheduling application, it ensured that:
- Applications would remain available, reliable, and resilient against massive spikes of traffic for users attempting to get their vaccine appointment scheduled.
- Visitors could wait for their long-awaited vaccine with confidence, arriving at a branded queuing page that provided accurate, estimated wait times.
- Vaccines would get distributed equitably, and not just to folks with faster reflexes or Internet connections.
Since February, we’ve seen a good number of participants in Project Fair Shot. To date, we have helped more than 100 customers across more than 10 countries to schedule approximately 100 million vaccinations. Even better, these vaccinations went smoothly, with customers like the County of San Luis Obispo regularly dealing with more than 20,000 appointments in a day. “The bottom line is Cloudflare saved lives today. Our County will forever be grateful for your participation in getting the vaccine to those that need it most in an elegant, efficient and ethical manner” — Web Services Administrator for the County of San Luis Obispo.
We are happy to have helped not just in the US, but worldwide as well. In Canada, we partnered with a number of organizations and the Canadian government to increase access to the vaccine. One partner stated: “Our relationship with Cloudflare went from ‘Let's try Waiting Room’ to ‘Unless you have this, we're not going live with that public-facing site.'” — CEO of Verto Health. In another country in Europe, we saw over three million people go through the Waiting Room in less than 24 hours, leading to a significantly smoother and less stressful experience. Cities in Japan, — working closely with our partner, Classmethod — have been able to vaccinate over 40 million people and are on track to complete their vaccination process across 317 cities. If you want more stories from Project Fair Shot, check out our case studies.A European customer seeing very high amounts of traffic during a vaccination event
We are continuing to add more customers to Project Fair Shot every day to ensure we are doing all that we can to help distribute more vaccines. With the emergence of the Delta variant and others, vaccine distribution (and soon, booster shots) is still very much a real problem to keep everyone healthy and resilient. Because of these new developments, Cloudflare will be extending Project Fair Shot until at least July 1, 2022. Though we are not excited to see the pandemic continue, we are humbled to be able to provide our services and be a critical part in helping us collectively move towards a better tomorrow.
Cloudflare started Project Galileo in 2014 to provide a set of free security products to a range of groups on the Internet that are targeted by cyberattacks due to their critical work. These groups include human rights defenders, independent media and journalists, and organizations that work in strengthening democracy. Seven year later, Project Galileo currently protects more than 1,500 organizations in 111 countries.
A majority of the organizations protected under Project Galileo work in independent media and journalism, and are targeted both physically and online as a result of reporting critical events around the world. From July 2020 to March 2021, there were more than seven billion cyberattacks against Project Galileo journalism and media sites, equating to over 30 million attacks per day against this group. We reported many of these findings for the 7th anniversary of Project Galileo’s Radar Dashboard.Global Cyber Alliance
We have reported on the cyber threats to independent journalists and media organizations in the past, with the goal of creating best practices on how to protect these groups online. As we shared these insights, we started to collaborate with organizations that provide support and resources to improve journalists’ cybersecurity capabilities and respond to threats. One of these organizations that we were excited to engage with was the Global Cyber Alliance.
The Global Cyber Alliance (GCA) is an international, cross-sector nonprofit dedicated to confronting systemic cyber risks and improving our connected world. GCA develops free, easy and accessible tools to a range of stakeholders on the Internet including small businesses, journalists and, election officials around the world. Each toolkit is curated with tools and guidance on managing passwords, encrypting your data, backing up data, secure email, and browsing, anti-virus, DNS Security and more.“As journalism increasingly, if not exclusively, relies on connected resources to investigate and report news, these capabilities offer tremendous benefit, particularly as newsrooms face budget constraints. At the same time, connected resources if not secured properly can unknowingly risk journalists, their sources, and the developments they cover,” said Megan Stifel, Global Policy Officer and Capacity & Resilience Program Director at the Global Cyber Alliance. “Resources such as Project Galileo play an important role in helping journalists protect themselves and their work, enabling them to report the news on their terms. GCA is pleased to add this resource to our free Cybersecurity Toolkit for Journalists, which is one of three toolkits available through our Capacity & Resilience Program.”Project Galileo and the GCA Cybersecurity Toolkit for Journalists
Cloudflare is thrilled to have Project Galileo included in the GCA Cybersecurity Toolkit for Journalists to provide the tools and resources for journalists in order to be safer online. The free tools in the toolkit include:
- DNS Security with WARP: Cloudflare VPN (WARP) on devices, or their router, to Cloudflare’s DNS Resolver (188.8.131.52) With 184.108.40.206 it automatically blocks known malware before your browser has a chance to load it.
- End-to-End Encryption with Cloudflare SSL: Trust is essential for journalists and their public facing websites as they are a source of truth to their audience. With Cloudflare SSL, they can ensure that information is private and secure for visitors who engage with these websites. SSL also stops certain kinds of cyberattacks as it authenticates web servers, which is important because attackers will often try to set up fake websites to trick users and steal data.
- Cloudflare for Teams products Access & Gateway: To assist media organizations, Cloudflare for Team’s products Access & Gateway makes remote works safer for teams around the world with protecting internal applications and DNS filtering to ensure that journalists keep their sensitive information secure and do not fall victim to a cyberattack. Read more on how a local news outlet in New Jersey uses Gateway to filter and block malicious attacks and phishing attempts.
We are excited to be working with the Global Cyber Alliance and look forward to further collaboration on guidance, tools, and resources to improve security for individuals and organizations.
Cloudflare is known for innovation, for needle-moving projects that help make the Internet better. For Impact Week, we wanted to take this approach to innovation and apply it to the environmental impact of the Internet. When it comes to tech and the environment, it’s often assumed that the only avenue tech has open to it is harm mitigation: for example, climate credits, carbon offsets, and the like. These are undoubtedly important steps, but we wanted to take it further — to get into harm reduction. So we asked — how can the Internet at large use less energy and be more thoughtful about how we expend computing resources in the first place?
Cloudflare has a global view into the traffic of the Internet. More than 1 in 6 websites use our network, and we observe the traffic flowing to and from them continuously. While most people think of surfing the Internet as a very human activity, nearly half of all traffic on the global network is generated by automated systems.
We've analyzed this automated traffic, from so-called “bots,” in order to understand the environmental impact. Most of the bot traffic is malicious. Cloudflare protects our clients from this malicious traffic and, in doing so, mitigates their environmental impact. If these bots were not stopped by Cloudflare, they would generate database requests and force dynamic page generation on services far less efficient than Cloudflare's network.
We even went a step further, committing to plant trees to offset the carbon cost of our bot mitigation services. While we'd love to be able to tell the bad actors to think of the environment and stop running their bots, we don't think they'd listen. So, instead, we aim to mitigate them as efficiently as possible.
But there's another type of bot that we don't want to go away: good bots that index the web for useful reasons. These good bots represent more than 5% of global Internet traffic. The majority of this good bot traffic comes from what are known as search engine crawlers, and they are critical to making the web navigable.Large-Scale Problems, Large-Scale Opportunities
Online search remains magical. Enter a query into a box on a search engine like Google, Bing, Yandex, or Baidu and, in a fraction of a second, get a list of web resources with information on whatever you're looking for. To make this magic happen, search engines need to scour the web and, simplistically, make a copy of its contents that are stored and sorted on their own systems to be quickly retrieved whenever needed.
Companies that run search engines have worked hard to make the process as efficient as possible, pushing the state-of-the-art in terms of server and data center efficiency. But there remains one clear area of waste: excessive crawl.
At Cloudflare, we see traffic from all the major search crawlers. We've spent the last year studying how often these good bots revisit a page that hasn't changed since they last saw it. Every one of these visits is a waste. And, unfortunately, our observation suggests that 53% of this good bot traffic is wasted.
The Boston Consulting Group estimates that running the Internet generated 2% of all carbon output, or about 1 billion metric tonnes per year. If 5% of all Internet traffic is good bots, and 53% of that traffic is wasted by excessive crawl, then finding a solution to reduce excessive crawl could help save as much as 26 million tonnes of carbon cost per year. According to the U.S. Environmental Protection Agency, that's the equivalent of planting 31 million acres of forest, shutting down 6 coal-fired power plants forever, or taking 5.5 million passenger vehicles off the road.
Obviously, it's not quite that simple. But suffice it to say there's a big opportunity to make a meaningful impact on the environmental cost of the Internet if we are able to ensure that any search engine only crawls once or whenever it changes.
Recognizing this problem, we've been talking with the largest operators of good bots for the last several years to see if, together, we could address the issue.Crawler Hints
Today, we’re excited to announce Crawler Hints. Crawler Hints provide high quality data to search engine crawlers on when content has been changed on sites using Cloudflare, allowing them to precisely time their crawling, avoid wasteful crawls, and generally reduce resource consumption of customer origins, crawler infrastructure, and Cloudflare infrastructure in the process. The cherry on top: because search engine crawlers now receive signals on when content is fresh, the search experiences powered by these “good bots” will improve, delighting Internet users at large with more relevant and useful content. Crawler Hints is a win for the Internet and a win for the Internet’s energy footprint.
With Crawler Hints, we expect to make crawling a bit more tractable by providing an additional heuristic to bot developers that will allow them to know when content has been changed or added to a site instead of relying on preferences or previous changes that might not reflect the true change cadence for a site.How will this work?
At its simplest we want a way to proactively tell a search engine when a page has changed, rather than having to wait for the search engine to discover a change has happened. Search engines actually typically have a few ways to tell them about when an individual page or group of pages changes.
For example, you can ask Google to recrawl a website, and they’ll do so in “a few days to a few weeks”.
If you wanted to efficiently tell Google about changes you’d have to keep track of when Google last crawled the page and tell them to recrawl when a change happens. You wouldn’t want to tell Google every time a page changes as there’s a time delay between requesting a recrawl and the spider coming to visit. You could be telling Google to come back during the gap between the request and the spider coming to call.
And there isn’t just one search engine and new search crawlers get created. Trying to keep search engines up to date as your site changes, efficiently, would be messy and very difficult. This is, in part, because this model does not contain explicit information about when something changed.
This model just doesn’t work well. And that’s partly why search engine crawlers inevitably waste energy recrawling sites over and over again regardless of whether there is something new to find.
However, there is an existing mechanism used by search engines to discover the structure of websites that’s perfect: the sitemap. The sitemap is a well-defined, open protocol for telling a crawler about the pages on a site, when they last changed and how often they are likely to change.
Sitemaps have some limitations (on number of URLs and bytes) but do have a mechanism for large sites with millions of URLs. But building sitemaps can be complex and require special software. Getting a consistent, up to date sitemap for a website (especially one that uses different technologies) can be very hard.
That’s where Cloudflare comes in. We see what pages our customers are serving, we know which ones have changed (either by hash value or timestamp) and so can automatically build a complete record of when and which pages have changed.
And we can keep track of when a search crawler visited a particular page and only serve up exactly what changed since last time. Since we can keep track of this on a per-search engine basis it can be very efficient. Each search engine gets its own automagically updated list of URLs or sitemap of just what’s changed since their last visit.
And it adds absolutely no load to the origin website. Cloudflare can tell a search engine in almost real-time about a page’s modifications and provide a view of what changed since their last visit.
The sitemaps protocol also contains a priority for a page. Since we know how often a page is visited we can also hint to a search engine that a page is seen frequently by visitors and thus may be more important to add to the index than another page.
There are a few details to work out, such as how a search engine should identify itself to get its personalized list of URLs, but the protocol is open and in no way depends on Cloudflare. In fact, we hope that every host and Cloudflare-like service will consider implementing the protocol. We plan to continue to work with the search and hosting communities to refine the protocol in order to make it more efficient. Our goal is to ensure that search engines can have the freshest index, content creators will have their new content optimally indexed, and a big chunk of unnecessary Internet traffic, and the corresponding carbon cost, will disappear.Conclusion
Crawler Hints doesn’t just benefit search engines. For our customers and origin owners, Crawler Hints will ensure that search engines and other bot-powered experiences will always have the freshest version of your content, translating into happier users and ultimately influencing search rankings. Crawler Hints will also mean less traffic hitting your origin, improving resource consumption and limiting carbon impact. Moreover, your site performance will be improved as well: your human customers will not be competing with bots!
And for Internet users? When you interact with bot-fed experiences — which we all do every day, whether we realize it or not, like search engines or pricing tools — these will now deliver more useful results from crawled data, because Cloudflare has signaled to the owners of the bots the moment they need to update their results.
Finally, and perhaps the one we’re most excited about, for the Internet more generally: it’s going to be greener. Energy usage across the web will be greatly reduced.
Win win win. The types of outcomes that bring us to work every day, and what we think of in helping to build a better Internet.
This is an exciting problem to solve, and we look forward to working with others that want to help the Internet be more efficient and performant while reducing needless energy consumption. We plan on having more news to share on this front soon. If you operate a bot that relies on content freshness and are interested in working with us on this project, please email email@example.com.Yandex prioritizes long-term sustainability over short-lived success, and joins the global community in its pursuit of climate change mitigation. As a part of its commitment to quality service and user experience, Yandex focuses on ensuring relevance and usability of search results. We believe that a Cloudflare's solution will strengthen search performance by improving the accuracy of returned results, and look forward to partnering with Cloudflare on boosting the efficiency of valuable bots across the Internet."DuckDuckGo is supportive of anything that makes search more environmentally friendly and better for end users without harming privacy. We're looking forward to working with Cloudflare on this proposal."
– Gabriel Weinberg, CEO and Founder, DuckDuckGo.Nearly a year ago (the Internet Archive’s Wayback Machine partnered with Cloudflare) to help power their “Always Online” service and, in turn, to have the Internet Archive learn about high-quality Web URLs to archive. That win-win partnership has been a huge success for the Wayback Machine and, in turn, our partners, as it has helped ensure we better fulfill our mission to help make the Web more useful and reliable by backing up, and making available for future generations, much of the public Web. Building on that ongoing relationship with Cloudflare, the Internet Archive is thrilled to start using this new "Crawler Hints" service. With it, we expect to be able to do more with less. To be able to focus our server and bandwidth resources on more of the Web pages that have changed, and less on those that have not. We expect this will have a material impact on our work. The fact the service also promises to reduce the carbon impact of the Web overall makes it especially worthwhile and, as such, we are proud to be part of the effort.
-- Mark Graham, Director, the Wayback Machine at the Internet Archive
Today we’re excited to announce Smart Edge Revalidation. It was designed to ensure that compute resources are synchronized efficiently between our edge and a browser. Right now, as many as 30% of objects cached on Cloudflare’s edge do not have the HTTP response headers required for revalidation. This can result in unnecessary origin calls. Smart Edge Revalidation fixes this: it does the work to ensure that these headers are present, even when an origin doesn’t send them to us. The advantage of this? There’s less wasted bandwidth and compute for objects that do not need to be redownloaded. And there are faster browser page loads for users.So What Is Revalidation?
Revalidation is one part of a longer story about efficiently serving objects that live on an origin server from an intermediary cache. Visitors to a website want it to be fast. One foundational way to make sure that a website is fast for visitors is to serve objects from cache. In this way, requests and responses do not need to transit unnecessary parts of the Internet back to an origin and, instead, can be served from a data center that is closer to the visitor. As such, website operators generally only want to serve content from an origin when content has changed. So how do objects stay in cache for as long as necessary?
One way to do that is with HTTP response headers.
When Cloudflare gets a response from an origin, included in that response are a number of headers. You can see these headers by opening any webpage, inspecting the page, going to the network tab, and clicking any file. In the response headers section there will generally be a header known as “Cache-Control.” This header is a way for origins to answer caching intermediaries’ questions like: is this object eligible for cache? How long should this object be in cache? And what should the caching intermediary do after that time expires?
How long something should be in cache can be specified through the max-age or s-maxage directives. These directives specify a TTL or time-to-live for the object in seconds. Once the object has been in cache for the requisite TTL, the clock hits 0 (zero) and it is marked as expired. Cache can no longer safely serve expired content to requests without figuring out if the object has changed on the origin or if it is the same.
If it has changed, it must be redownloaded from the origin. If it hasn’t changed, then it can be marked as fresh and continue to be served. This check, again, is known as revalidation.
We’re excited that Smart Edge Revalidation extends the efficiency of revalidation to everyone, regardless of an origin sending the necessary response headersHow is Revalidation Accomplished?
Two additional headers, Last-Modified and ETag, are set by an origin in order to distinguish different versions of the same URL/object across modifications. After the object expires and the revalidation check occurs, if the ETag value hasn’t changed or a more recent Last-Modified timestamp isn’t present, the object is marked “revalidated” and the expired object can continue to be served from cache. If there has been a change as indicated by the ETag value or Last-Modified timestamp, then the new object is downloaded and the old object is removed from cache.
Revalidation checks occur when a browser sends a request to a cache server using If-Modified-Since or If-None-Match headers. These request headers are questions sent from the browser cache about when an object has last changed that can be answered via the ETag or Last-Modified response headers on the cache server. For example, if the browser sends a request to a cache server with If-Modified-Since: Tue, 8 Nov 2021 07:28:00 GMT the cache server must look at the object being asked about and if it has not changed since November 8 at 7:28 AM, it will respond with a 304 status code indicating it’s unchanged. If the object has changed, the cache server will respond with the new object.
Sending a 304 status code that indicates an object can be reused is much more efficient than sending the entire object. It’s like if you ran a news website that updated every 24 hours. Once the content is updated for the day, you wouldn’t want to keep redownloading the same unchanged content from the origin and instead, you would prefer to make sure that the day’s content was just reused by sending a lightweight signal to that effect, until the site changes the next day.
The problem with this system of browser questions and revalidation responses is that sometimes origins don’t set ETag or Last-Modified headers, or they aren’t configured by the website’s admin, making revalidation impossible. This means that every time an object expires, it must be redownloaded regardless of if there has been a change or not, because we have to assume that the asset has been updated, or else risk serving stale content.
This is an incredible waste of resources which costs hundreds of GB/sec of needless bandwidth between the edge and the visitor. Meaning browsers are downloading hundreds of GB/sec of content they may already have. If our baseline of revalidation is around 10% of all traffic and in initial tests, Smart Edge Revalidation increased revalidation just under 50%, this means that without a user needing to configure anything, we can increase total revalidations by around 5%!
Such a large reduction in bandwidth use also comes with potential environmental benefits. Based on Cloudflare's carbon emissions per byte, the needless bandwidth being used could amount to 2000+ metric tons CO2e/year, the equivalent of the CO2 emissions from more than 400 cars in a year.
Revalidation also comes with a performance improvement because it usually means a browser is downloading less than 1KB of data to check if the asset has changed or not, while pulling the full asset can be 100sKB. This can improve performance and reduce the bandwidth between the visitor and our edge.How Smart Edge Revalidation Works
When both Last-Modified and Etag headers are absent from the origin server response, Smart Edge Revalidation will use the time the object was cached on Cloudflare’s edge as the Last-Modified header value. When a browser sends a revalidation request to Cloudflare using If-Modified-Since or If-None-Match, our edge can answer those revalidation questions using the Last-Modified header generated from Smart Edge Revalidation. In this way, our edge can ensure efficient revalidation even if the headers are not sent from the origin.
Smart Edge Revalidation will be enabled automatically for all Cloudflare customers over the coming weeks. If this behavior is undesired, you can always ensure that Smart Edge Revalidation is not activated by confirming your origin is sending ETag or Last-Modified headers when you want to indicate changed content. Additionally, you could have your origin direct your desired revalidation behavior by making sure it sets appropriate cache-control headers.
Smart Edge Revalidation is a win for everyone: visitors will get more content faster from cache, website owners can serve and revalidate additional content from Cloudflare efficiently, and the Internet will get a bit greener and more efficient.
Smart Edge Revalidation is the latest announcement to join the list of ways we're making our network more sustainable to help build a greener Internet — check out posts from earlier this week to learn about our climate commitments, Green Compute with Workers, Carbon Impact Report, Pages x Green Web Foundation partnership, and crawler hints.
When we started Cloudflare, we weren't thinking about minimizing the environmental impact of the Internet. Frankly, I didn't really think of the Internet as having much of an environmental impact. It was just this magical resource that gave access to information and services from anywhere.
But that was before I started racking servers in hyper-cooled data centers. Before Cloudflare started paying the bills to keep those servers powered up and cooled down. Before we became obsessed with maximizing the number of requests we could process per watt of power. And long before we started buying directly from renewable power suppliers to drive down the cost of electricity across our network.
Today, I have a very good understanding of how much power it takes to run the Internet. It therefore wasn't surprising to read the Boston Consulting Group study which found that 2% of all carbon output, about 1 billion metric tons per year, is attributable to the Internet. That’s the equivalent of the entire aviation industry.Cloudflare: Accidentally Environmentally Friendly By Design
While we didn't set out to reduce the environmental impact of the Internet, Cloudflare has always had efficiency at its core. It comes from our ongoing fight with an old nemesis: the speed of light.
Because we knew we couldn't beat the speed of light, in order to make our network fast we needed to get close to where Internet users were. In order to do that, we needed to partner directly with ISPs around the world so they'd allow us to install our gear directly inside their networks. In order to do that, we needed to make our gear as low power as possible. And we needed to invent network technology to spread load around our network to deal with spikes of traffic — whether because of a cyber attack or a sale on an exclusive new sneaker line — and to efficiently use all available capacity.Fighting for Efficiency
When back in December 2012, just two years after we launched, I traveled to Intel's Oregon Research Center to talk to their senior engineering team about how we needed server chips with more cores per watt, I wasn't thinking we needed it to save the environment. Instead, I was trying to figure out how we could build equipment that was power efficient enough that ISPs wouldn't object to installing it. Unfortunately, Intel told me that I was worrying about the wrong thing. So that's when we started looking for alternatives, including the very power-efficient Arm.
But, it turns out, our obsession with efficiency has made Cloudflare the environmental choice in cloud computing. A 2015 study by Anders S. G. Andrae and Tomas Edler estimated the average cost of processing a byte of information online. Even accounting for the efficiency gains across the industry, based on the study’s data our best estimates are that Cloudflare data processing is more than 19 times more efficient.Serve Local
The imperfect analogy that I like is buying from the local farmers' market versus the big box retailer. By serving requests locally, and not backhauling them around the world to massive data centers, Cloudflare is able to reduce the environmental impact of our customers on the Internet. In 2020, we estimate that our customers reduced their carbon output by 550,000 metric tons versus if they had not used our services. That's the equivalent of eliminating 635 million miles driven by passenger cars last year.
We're proud of that, but it's still a tiny percentage of the overall impact the Internet still has on the environment. As we thought about Impact Week, we set out to make reducing the environmental impact of the Internet a top priority. Given today more than 1 in 6 websites uses Cloudflare, we're in a position where changes we make can have a meaningful impact.We Can Do More
Starting today, we're announcing four major initiatives to reduce Cloudflare's environmental impact and help the Internet as a whole be more environmentally friendly.
First, we're committing to be carbon neutral by 2022. We already extensively use renewable energy to power our global network, but we're going to expand that usage to cover 100% of our energy use. But we're going a step further. We're going to look back over the 11 years since Cloudflare launched and purchase offsets to zero out all of Cloudflare's historical carbon output from powering our global network. It's not enough that we have less impact than others, we want to make sure Cloudflare since our beginning has been a net positive for the planet.
Second, we are ramping up our deployment of a new class of hyper-efficient servers. Based on Arm technology, these servers can perform the same amount of work while using half the energy. We are hopeful that by prioritizing energy efficiency in the server market we can help catalyze more chip manufacturers to release more efficient designs.
Third, we're releasing a new option for Cloudflare Workers and Pages, our computing platform and JAMStack offering, which allows developers to choose to run their workloads in the most energy efficient data centers. We believe we are the first major cloud computing vendor to offer developers a way to optimize for the environment. The Green Workers option won't cost anymore. The tradeoff will be that workloads may incur a bit of additional network latency, but we believe for many developers that's a tradeoff they'll be willing to make.New Standards and Partnerships to Eliminate Excessive Emissions
Finally, and maybe most ambitiously, we're working with a number of the leading search and crawl companies to introduce an open standard to minimize the amount of load from excessive crawl as possible. Nearly half of all Internet traffic is automated. The majority of that is malicious, and Cloudflare is designed to stop that as efficiently as possible.
But more than 5% of all Internet traffic is generated by legitimate crawlers which index the web in order to power services we all rely on like search. The problem is, more than half of that legitimate crawl traffic is redundant — reindexing pages that haven't changed. If we can eliminate redundant crawl, it'd be the equivalent of planting a new 30 million acres of forest. That's a goal worth striving for.
When we started Cloudflare we weren't thinking about how we could reduce the Internet's environmental impact. But that's changed. Cloudflare's mission is to help build a better Internet. And a better Internet is clearly a more environmentally friendly Internet.
All too often we are confronted with the choice to move quickly or act responsibly. Whether the topic is safety, security, or in this case sustainability, we’re asked to make the trade off of halting innovation to protect ourselves, our users, or the planet. But what if that didn’t always need to be the case? At Cloudflare, our goal is to bring sustainable computing to you without the need for any additional time, work, or complexity.
Enter Green Compute on Cloudflare Workers.
Green Compute can be enabled for any Cron triggered Workers. The concept is simple: when turned on, we’ll take your compute workload and run it exclusively on parts of our edge network located in facilities powered by renewable energy. Even though all of Cloudflare’s edge network is powered by renewable energy already, some of our data centers are located in third-party facilities that are not 100% powered by renewable energy. Green Compute takes our commitment to sustainability one step further by ensuring that not only our network equipment but also the building facility as a whole are powered by renewable energy. There are absolutely no code changes needed. Now, whether you need to update a leaderboard every five minutes or do DNA sequencing directly on our edge (yes, that’s a real use case!), you can minimize the impact of any scheduled work, regardless of how complex or energy intensive.How it works
Cron triggers allow developers to set time-based invocations for their Workers. These Workers happen on a recurring schedule, as opposed to being triggered by application users via HTTP requests. Developers specify a job schedule in familiar cron syntax either through wrangler or within the Workers Dashboard. To set up a scheduled job, first create a Worker that performs a periodic task, then navigate to the ‘Triggers’ tab to define a Cron Trigger.
The great thing about cron triggered Workers is that there is no human on the other side waiting for a response in real time. There is no end user we need to run the job close to. Instead, these Workers are scheduled to run as (often computationally expensive) background jobs making them a no-brainer candidate to run exclusively on sustainable hardware, even when that hardware isn’t the closest to your user base.
Cloudflare’s massive global network is logically one distributed system with all the parts connected, secured, and trusted. Because our network works as a single system, as opposed to a system with logically isolated regions, we have the flexibility to seamlessly move workloads around the world keeping your impact goals in mind without any additional management complexity for you.
When you set up a Cron Trigger with Green Compute enabled, the Cloudflare network will route all scheduled jobs to green energy hardware automatically, without any application changes needed. To turn on Green Compute today, signup for our beta.Real world use
If you haven’t ever had the pleasure of writing a cron job yourself, you might be wondering — what do you use scheduled compute for anyway?
There are a wide range of periodic maintenance tasks necessary to power any application. In my working life, I’ve built a scheduled job that ran every minute to monitor the availability of the system I was responsible for, texting me if any service was unavailable. In another instance, a job ran every five mins, keeping the core database and search feature in sync by pulling all new application data, transforming it, then inserting into a search database. In yet another example, a periodic job ran every half hour to iterate over all user sessions and cleanup sessions that were no longer active.
Scheduled jobs are the backbone of real world systems. Now, with Green Compute on Cloudflare Workers all these real world systems and their computationally expensive background maintenance tasks, can take advantage of running compute exclusively on machines powered by renewable energy.The Green Network
Our mission at Cloudflare is to help you tackle your sustainability goals. Today, with the launch of the Carbon Impact Report we gave you visibility into your environmental impact. The collaboration with the Green Web Foundation gave green hosting certification for Cloudflare Pages. And our launch of Green Compute on Cloudflare Workers allows you to exclusively run on hardware powered by renewable energy. And the best part? No additional system complexity is required for any of the above.
Cloudflare is focused on making it easy to hit your ambitious goals. We are just getting started.
Cloudflare has millions of free customers. Not only is it something we’re incredibly proud of in the context of helping to build a better Internet — but it’s something that has made the Cloudflare service measurably better. One of the ways we’ve benefited is that it’s created a very strong imperative for Cloudflare to maintain a network that is as efficient as possible. There’s simply no other way to serve so many free customers.
In the spirit of this, we are very excited about the latest step in our energy-efficiency journey: turning to Arm for our server CPUs. It has been a long journey getting here — we started testing our first Arm CPUs all the way back in November 2017. It’s only recently, however, that the quantum of energy efficiency improvement from Arm has become clear. Our first Arm CPU was deployed in production earlier this month — July 2021.
Our most recently deployed generation of edge servers, Gen X, used AMD Rome CPUs. Compared with that, the newest Arm based CPUs process an incredible 57% more Internet requests per watt. While AMD has a sequel, Milan (and which Cloudflare will also be deploying), it doesn’t achieve the same degree of energy efficiency that the Arm processor does — managing only 39% more requests per watt than Rome CPUs in our existing fleet. As Arm based CPUs become more widely deployed, and our software is further optimized to take advantage of the Arm architecture, we expect further improvements in the energy efficiency of Arm servers.
Using Arm, Cloudflare can now securely process over ten times as many Internet requests for every watt of power consumed, than we did for servers designed in 2013.
(In the graphic below, for 2021, the perforated data point refers to x86 CPUs, whereas the bold data point refers to Arm CPUs)
As Arm server CPUs demonstrate their performance and become more widely deployed, we hope this will inspire x86 CPUs manufacturers (such as Intel and AMD) to urgently take energy efficiency more seriously. This is especially important since, worldwide, x86 CPUs continue to represent the vast majority of global data center energy consumption.
Together, we can reduce the carbon impact of Internet use. The environment depends on it.
As we announced this week, Cloudflare is helping to create a clean slate for the Internet. Our goal is simple: help build a better, greener Internet with no carbon emissions that is powered by renewable energy.
To help us get there, Cloudflare is making two announcements. The first is that we're committed to powering our network with 100% renewable energy. This builds on work we started back in 2018, and we think is clearly the right thing to do. We also believe it will ultimately lead to more efficient, more sustainable, and potentially cheaper products for our customers.
The second is that by 2025 Cloudflare aims to remove all greenhouse gases emitted as the result of powering our network since our launch in 2010. As we continue to improve the way we track and mitigate our carbon footprint, we want to help the Internet begin with a fresh start.
Finally, as part of our effort to track and mitigate our emissions, we're also releasing our first annual carbon emissions inventory report. The report will provide detail on exactly how we calculate our carbon emissions as well as our renewable energy purchases. Transparency is one of Cloudflare's core values. It's how we work to build trust with our customers in everything we do, and that includes our sustainability efforts.Purchasing Renewable Energy
Understanding Cloudflare's commitment to power its network with 100% renewable energy requires some additional background on renewable energy markets, as well as international emissions accounting standards.
Companies that commit to powering their operations with 100% renewable energy are required to match their total energy used with electricity produced from renewable sources. The international standards that govern these types of commitments such as the Greenhouse Gas (GHG) Protocol and ISO 14064, are the same ones used by governments for quantifying their carbon emissions for global climate treaties like the Paris Climate Agreement. There are also additional industry best practices like RE100, which are voluntary guidelines established by companies working to support renewable energy development and eliminate carbon emissions.
Actually purchasing renewable energy consistent with those requirements can be done in several ways — through self-generation, like rooftop solar panels or wind turbines; through contracts with wind or solar farms via Power Purchase Agreements (PPA's) or unbundled Renewable Energy Credits (RECs), or in some cases purchased through local utility companies like CleanPowerSF in San Francisco, CA.
The goal of providing so many options to purchase renewable energy is to leverage as much investment as possible in new renewable sources. As our colleague Jess Bailey described after our first renewable energy purchase in 2018, because of the way electricity flows through electrical grids, it's impossible for the individual consumer to know whether they are using electricity from conventional or renewable sources. However, in order to allow customers of all sizes to invest in renewable energy generally, these standards and accounting systems allow individuals or organizations to track their investments and enjoy the benefits of supporting renewable energy, even if the actual power comes from the standard electrical grid.
According to IEA, in 2020 alone, global renewable energy capacity increased 45 percent, which was the largest annual increase since 1997. In addition, close to 50 percent of corporate renewable energy investment over the last five years has been by Internet Communications Technology (ICT) companies alone.Cloudflare's Renewable Energy
Cloudflare's new commitment to power its network with renewable energy means that we will continue to match 100 percent of our global energy usage by purchasing energy from renewable sources. Although Cloudflare made its first renewable energy purchase in 2018, and matched its total global operations in both 2019 and 2020, we thought it was important to make a public, forward-looking commitment so that all of our stakeholders, including customers, investors, employees, and suppliers have confidence that we will continue to build our network on renewable energy moving forward.
To determine how much renewable energy to buy, we separate our total electrical usage into two types: network and facilities. For our network, we pull data from all of our servers and networking equipment located all over the world twice a year. For our facilities (or offices), per the GHG Protocol, we record our actual energy usage wherever we have access to utility bills. For offices located in larger buildings with multiple tenants, we use energy usage intensity (EUI) estimates calculated by the U.S. Energy Information Agency.
We also purchase renewable energy in two ways. The vast majority of our purchases are RECs, which we purchase through our partner 3Degrees to help make sure we are aligned with relevant standards like the GHG Protocol. In 2020, to match the usage of our network, Cloudflare purchased RECs, I-RECs, REGOs, and other energy attribute certificates from the United States, United Kingdom, Brazil, Chile, Columbia, India, Malaysia, Mexico, Hungary, Romania, Ukraine, Bulgaria, South Africa, and Turkey among others. Although Cloudflare has employed a regional purchasing strategy in the past, we also expect to be fully aligned with all RE100 criteria, including its market boundary criteria, by the end of 2021.Removing our historic emissions
Cloudflare's goal is to remove or offset all of our historical emissions resulting from powering our network by 2025. To meet that target, Cloudflare must first determine exactly how much carbon was emitted as the result of operating our network from 2010 to 2019, and then invest in carbon offsets or removals to match those emissions.
Determining carbon emissions from purchased electricity is a relatively straightforward calculation. In fact, it's basically just a unit conversion:Energy (KWH) x Emissions Factor (gC02e/KWH) = Carbon emissions (gC02e)
The key to accurate results is the emissions factors. Emissions factors are essentially measurements of the amount of GHGs emitted from a specific power supplier (e.g. power plant X in San Francisco) per unit of energy created. For our purposes, GHGs are those defined in the 1992 Kyoto Protocol (carbon dioxide, methane, nitrous oxide, hydrofluorocarbons, perfluorocarbons, and sulphur hexafluoride). To help ease reporting, the six GHGs are often expressed as a single unit "carbon-dioxide equivalent" or "CO2e", based on each gas’ Global Warming Potential (GWP). Emission factors from individual power sources are often combined and averaged to create grid average emissions factors for cities, regions, or countries. Per the GHG Protocol, Cloudflare uses emissions factors from the U.S. EPA, U.K. DEFRA, and IEA.
For our annual inventory report, which we are also releasing today, Cloudflare calculates carbon emissions scores for every single data center in our network. Cloudflare multiplies the actual energy used by the equipment by the applicable grid average emissions factors in each of the more than 100 countries where we have equipment.
For our historical calculations, we have data on our actual carbon emissions dating back to 2018, which was our first renewable energy purchase. Prior to 2018, we are combing through all of our purchasing, shipping, energy usage, and colocation agreements to reconstruct how much energy we consumed and when. It's actually a pretty cool exercise to go back and watch our network grow. Although we do not have a final calculation to share yet, rest assured we will keep everyone posted, particularly as we get to the fun part of starting to work with organizations and companies working on carbon removal efforts.Where we are going next
Although we're proud of the steps we're taking as a company with renewable energy and carbon emissions, we're just getting started.
Cloudflare is also exploring new products and ideas that can help leverage the power of one of the world's largest networks to drive better climate outcomes for our customers and for the Internet. To see a really cool example, check out our colleagues blog post from earlier today, on Green Compute on Cloudflare Workers, which is helping Cloudflare's intelligent edge route some additional workloads to renewable energy facilities, or our Carbon Impact Reports, which are helping our customers optimize their carbon footprint.
At Cloudflare, we are continuing to expand our sustainability initiatives to build a greener Internet in more than one way. We are seeing a shift in attitudes towards eco-consciousness and have noticed that with all things considered equal, if an option to reduce environmental impact is available, that’s the one widely preferred by our customers. With Pages now Generally Available, we believe we have the power to help our customers reach their sustainability goals. That is why we are excited to partner with the Green Web Foundation as we commit to making sure our Pages infrastructure is powered by 100% renewable energy.The Green Web Foundation
As part of Cloudflare’s Impact Week, Cloudflare is proud to announce its collaboration with the Green Web Foundation (GWF), a not-for-profit organization with the mission of creating an Internet that one day will run on entirely renewable energy. GWF maintains an extensive and globally categorized Green Hosting Directory with over 320 certified hosts in 26 countries! In addition to this directory, the GWF also develops free online tools, APIs and open datasets readily available for companies looking to contribute to its mission.What does it mean to be a Green Web Foundation partner?
All websites certified as operating on 100 percent renewable energy by GWF must provide evidence of their energy usage and renewable energy purchases. Cloudflare Pages have already taken care of that step for you, including by sharing our public Carbon Emissions Inventory report. As a result, all Cloudflare Pages are automatically listed on GWF's public global directory as official green hosts.After these claims were approved by the team at GWF, what do I have to do to get certified?
If you’re hosting your site on Cloudflare Pages, absolutely nothing.
All existing and new sites created on Pages are automatically certified as “green” too! But don’t just take our word for it. With our partnership with GWF and as a Pages user, you can enter your own pages.dev or custom domain into the Green Web Check to verify your site’s green hosting status. Once the domain is shown as verified, you can display the Green Web Foundation badge on your webpage to showcase your contributions to a more sustainable Internet as a green-hosted site. You can obtain this badge by one of two ways:
- Saving the badge image directly.
- Adding the provided snippet of HTML to your existing code.
Cloudflare is committed to helping our customers achieve their sustainability goals through the use of our products. In addition to our initiative with the Green Web Foundation for this year’s Impact Week, we are thrilled to announce the other ways we are building a greener Internet, such as our Carbon Impact Report and Green Compute on Cloudflare Workers.
We can all play a small part in reducing our carbon footprint. Start today by setting up your site with Cloudflare Pages!"Cloudflare's recent climate disclosures and commitments are encouraging, especially given how much traffic flows through their network. Every provider should be at least this transparent when it comes to accounting for the environmental impact of their services. We see a growing number of users relying on CDNs to host their sites, and they are often confused when their sites no longer show as green, because they’re not using a green CDN. It’s good to see another more sustainable option available to users, and one that is independently verified.” - Chris Adams, Co-director of The Green Web Foundation
Today, as part of Cloudflare’s Impact Week, we’re excited to announce a new tool to help you understand the environmental impact of operating your websites, applications, and networks. Your Carbon Impact Report, available today for all Cloudflare accounts, will outline the carbon savings of operating your Internet properties on Cloudflare’s network.
Everyone has a role to play in reducing carbon impact and reversing climate change. We shared today how we’re approaching this, by committing to power our network with 100% renewable energy. But we’ve also heard from customers that want more visibility into the impact of the tools they use (also referred to as “Scope 3” emissions) — and we want to help!The impact of running an Internet property
We’ve previously blogged about how Internet infrastructure affects the environment. At a high level, powering hardware (like servers) uses energy. Depending on its source, producing this energy may involve emitting carbon into the atmosphere, which contributes to climate change.
When you use Cloudflare, we use energy to power hardware to deliver content for you. But how does that energy we use compare to the energy it would take to deliver content without Cloudflare? As of today, you can go to the Cloudflare dashboard to see the (approximate) carbon savings from your usage of Cloudflare services versus Internet averages for your usage volume.Calculating the carbon savings of your Cloudflare use
Most of the energy that Cloudflare uses comes from powering the servers at our edge to serve your content. We’ve outlined how we quantify the carbon impact of this energy in our emissions report. To determine the percentage of this impact derived from your Cloudflare usage specifically, we’ve used the following method:When you use Cloudflare, data from requests destined to your Internet property goes through our edge. Data transfer for your Internet properties roughly represents a fraction of the energy consumed at Cloudflare’s edge. If we sum up the data transfer for your Internet properties and multiply that number by the energy it takes to power each request (derived from our emissions report and overall usage data), we can approximate the total carbon impact of powering your Internet properties with Cloudflare.
We already knew that delivering content takes some energy and therefore has some carbon impact. So how much energy does Cloudflare actually save you? To determine what your usage would look like without Cloudflare, we’ve used the following method:Using public information on average data center energy usage and the International Energy Agency’s global average emissions for energy usage, we can calculate the carbon cost of data transfer through average (non-Cloudflare) networks. We can then compare these numbers to arrive at your carbon savings from using Cloudflare.
With our new Carbon Impact Report, available for all plans/users, we’ve given you this value for your account. It represents the carbon dioxide equivalent (CO2e) that you’ve saved as a result of using Cloudflare to serve requests to your Internet properties in 2020.
This raw number is great, but it isn’t the easiest to understand. What does a gram of carbon dioxide equivalent actually mean in practice? It’s not a unit of measurement most of us are used to seeing in our day-to-day lives. To make this number a little easier to digest, we’ve also provided a comparison to light bulbs.Standard light bulbs are 60 watts, so we know that turning on a light bulb for an hour uses 0.06 kilowatt-hours of energy. According to the EPA, that’s about 42 grams of carbon dioxide equivalent. That means that if your carbon dioxide equivalent saving is 126 grams, that’s approximately the same impact as turning off a light bulb for three hours.How does using Cloudflare impact the environment?
As explained in more detail here, Cloudflare purchases Renewable Energy Credits to account for the energy used by our network. This means that your use of Cloudflare’s services is powered by renewable energy.
Additionally, using Cloudflare helps you reduce your overall carbon footprint. Using Cloudflare’s cloud security and performance services such as WAF, Network Firewall, and DDoS mitigation allow you to decommission specialized hardware and transfer those functions to software running efficiently at our edge. This reduces your carbon footprint by significantly decreasing the energy used to operate your network stack, and improves your security, performance, and reliability along the way.
Optimizing your website also reduces your carbon footprint by requiring less energy for your end users to load a page. Using Cloudflare’s Image Resizing for visual content on your site to properly resize images reduces the energy it takes each of your end users to load a page, thus reducing downstream carbon emissions.
Lastly, since Cloudflare is a certified green host, any content you host on Pages or Workers KV is hosted green and certified powered by renewable energy.What’s next
This dashboard is just a first step in giving our customers transparent information on their carbon use, savings, and ideas for improvement with Cloudflare. Right now, you can view data on your carbon savings from 2020 (aligned with our 2020 emissions report). As we continue to iterate on how we measure carbon impact, we’re working toward providing dynamic information on carbon savings at a quarterly or even monthly granularity.
Have other ideas on what we can provide to help you understand and reduce the carbon impact of your Internet properties? Please reach out to us in the comments on this post or on social media!
We hope that this data helps you with your sustainability goals, and we’re excited to keep providing you with transparent information for 2021 and beyond.