Cloudflare Democratizes Spoof-Proof Security; Makes Hardware Security Keys More Accessible Than Ever for Millions of Customers Because it’s Good for the Internet

Collaborates with Yubico for exclusive offering to help end phishing attacks once and for all

SAN FRANCISCO–(BUSINESS WIRE)–Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today announced a new offering to make physical security keys the most accessible and economical solution for customers to better secure their business and employees. Cloudflare customers will be able to purchase Yubico�s security keys, the leading hardware security keys and most secure form of phishing-resistant multi-factor authentication (MFA), at an exclusive “good for the Internet” cost.

A Zero Trust security model means that no one is trusted, by default, regardless if they’re inside or outside of a corporate network. As such, verification is required from everyone trying to gain access to resources on that organization’s network, including location, familiar devices, and passwords. Today, hardware security keys are an additional layer of protection and a method of MFA that has been proven to be phishing-resistant.

Cloudflare customers will be able to claim an offer for Yubico’s Security Key Series at highly discounted prices – as low as $10 – through their Cloudflare dashboard. Larger organizations using Cloudflare and purchasing a multi-year YubiEnterprise Subscription for YubiKeys will receive a 50% discount off their first year of a 3+ year subscription. This collaboration aims to make it simple and seamless for organizations of all sizes to acquire, activate, and authenticate with security keys.

In July, Cloudflare prevented a breach by a SMS phishing attack that targeted more than 130 companies, due to the company’s use of Cloudflare Zero Trust paired with YubiKeys. Physical security keys strengthen the barrier against attacks and work in conjunction with additional security measures such as DNS filtering, browser isolation, cloud email security, and more, where an attacker would need to compromise every signal.

“We’re always asking ourselves how we can do even more to provide the best possible security to our customers and the Internet-at-large. With phishing attacks on the rise, this means helping to democratize additional security measures to complement the Cloudflare Zero Trust experience. We experienced this first hand, and wanted to make implementing hardware security keys a no-brainer for any organization,” said Dane Knecht, SVP, Emerging Technology and Incubation at Cloudflare. “Working with Yubico is just another way we’re trying to make it as seamless as possible to arm our customers with the best Zero Trust security strategy. Being a Cloudflare Zero Trust customer introduces an easy, fast and affordable way to implement security keys in your organization, and all part of our greater mission to help build a better Internet.”

With Yubico, Cloudflare is ensuring physical security keys are:

• Economical: Rolling out security keys can be difficult for companies with smaller security teams, or those that have just begun using two-factor authentication. By offering security keys at the most affordable rate, this offer makes the keys less of a financial burden on small companies.
• Accessible: Now Cloudflare customers can order Security Key Series, supporting FIDO-based authentication, directly through their dashboard. The YubiKey 5 Series, available through YubiEnterprise Subscription, supports multiple authentication protocols, from legacy applications to modern FIDO-based apps and services. The exclusive “good for the Internet” pricing, helps to introduce the value and functionality of hardware keys to Cloudflare customers.
• Simple to use: Setting up security keys is easy for participating Cloudflare customers. For Administrators, Cloudflare Zero Trust makes it easy to use your security keys with any Identity Provider (IdP) and integrates both the keys and IdP into a comprehensive Zero Trust solution. For employees, a simple guided prompt makes the action of touching a security key for authentication seamless. Security keys work across all devices, operating systems, and areas within an organization.

“Yubico pioneered the modern security key, the YubiKey, and continues to set the industry standard, protecting enterprise customers and consumers from security threats,” said Stina Ehrenvard, CEO and co-founder, Yubico. “Today’s attacks require modern MFA. Working with Cloudflare will help get more Security Keys and YubiKeys into the hands of their customers, to deliver on the combination of phishing-resistant MFA and provide peace of mind.”

This special promotion will be available to Cloudflare customers until December 31, 2022.

To learn more about Cloudflare’s physical security keys offering, please check out the resources below:

• The (hardware) key to making phishing defense seamless with Cloudflare Zero Trust and Yubico
• How Cloudflare implemented FIDO2 and Zero Trust to prevent phishing
• Activate phishing-resistant MFA with security keys and Zero Trust
• A Roadmap to Zero Trust Architecture
• The mechanics of a sophisticated phishing scam and how we stopped it

About Cloudflare

Cloudflare, Inc. (www.cloudflare.com / @cloudflare) is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures 2018 list and ranked among the World’s Most Innovative Companies by Fast Company in 2019.

Forward-Looking Statements

This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the potential benefits to customers of using physical security keys and a Zero Trust security model, including the potential benefits to customers of using Yubico’s physical security keys in conjunction with Cloudflare’s Zero Trust solution and its other products and technology, the future growth of the Zero Trust approach to security, the expected functionality and performance of Cloudflare’s Zero Trust solution and its other products and technology, the expected functionality and performance of Yubico’s physical security keys and its other products and technology, the timing of when Cloudflare will make available Yubico physical security keys to all current and potential Cloudflare customers, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Quarterly Report on Form 10-Q filed on August 4, 2022, as well as other filings that Cloudflare may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.

© 2021 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.

Contacts

Cloudflare, Inc.

Daniella Vallurupalli

Vice President, Head of Global Communications

press@cloudflare.com