Deep Dive 10: Cloudflare (NET) - The Technologist

Lede - Tell it to Me Like I’m 11-years Old

Cloudflare is like a giant helper for the Internet that makes websites load fast and keeps them safe from bad guys. Imagine your favorite game or video loading quickly without waiting – Cloudflare helps do that for millions of websites.

• Think of Cloudflare as a team of friendly robots all around the world.

They store copies of websites and pictures in many places.

When you click on a video or website, the closest robot sends it to you fast, so you don’t have to wait long.

It’s like having a library book kept at a branch near your home so you get it right away instead of from far away.

• These robots also protect websites from bullies on the Internet.

Some bad guys try to overload websites or sneak in like burglars. Cloudflare’s robots act like guards.

They block billions of attacks every day so that websites stay online and nobody can steal information or break things (Source).

• Cloudflare even helps people build their own projects on the Internet.

If you want to make a new game or app, you can use Cloudflare’s computers to run your code everywhere in the world.

This way, your game works fast for everyone, and you don’t need to buy a bunch of servers yourself.

In short, Cloudflare makes the Internet faster, safer, and smarter for everyone, kind of like a helpful wizard behind the scenes who ensures everything works well and no one gets hurt.

Preface

Easy Button: Cloudflare runs a huge network that makes the Internet work better. This section gives a summary of all the things Cloudflare does and how it earns money in each area.

Cloudflare is a global cloud services provider offering a wide range of products to improve the speed, security, and reliability of Internet properties for businesses of all sizes (Source).

It operates one of the world’s largest networks, with data centers in about 330 cities, so that 95% of the world’s Internet users are within ~50 milliseconds of a Cloudflare server (Source).

This massive network is “on a mission to help build a better Internet,” delivering content faster to users and protecting websites and corporate networks from attacks (Source).

Cloudflare’s platform eliminates the need for companies to manage their own networking hardware because Cloudflare handles it in the cloud.

How Cloudflare makes money: The company primarily sells subscriptions for its cloud-based services.

Many customers start on Cloudflare’s free tier (for basic website protection and acceleration), and upgrade to paid plans for more features and capacity.

Cloudflare reported total revenue of $1,669.6 million in 2024, which was 29% higher than the prior year (Source).

This revenue comes from a mix of products across security, networking, and performance.

It has millions of users in total (including free users), with over 35% of the Fortune 500 companies as paying customers (Source).

Cloudflare is not yet profitable on a GAAP basis, as it reinvests in growth, but its gross profit margins are around 77% – very high for its industry (Source).

That means most of the revenue (77 cents on the dollar) is left after covering the direct costs of running its network, a sign of efficient operations.

Product and service breakdown: Cloudflare has a unified platform but offers several major categories of services:

• Content Delivery & Web Performance: Cloudflare’s content delivery network (CDN) caches website content on servers around the world to help pages load faster for users.

This category also includes DNS resolution (mapping website names to IP addresses) and traffic routing optimizations that reduce latency.

• DDoS Protection & Application Security: These services protect websites and applications from cyberattacks.

Cloudflare’s network automatically blocks malicious traffic (like DDoS attacks that try to overwhelm a site) and provides a Web Application Firewall (WAF) to filter out hacking attempts.

Bot management and TLS encryption are also part of these offerings.

• Zero Trust Networking & Security Services: Under its Cloudflare One umbrella, the company provides security for corporate networks and remote employees.

This includes Zero Trust Network Access (replacing VPNs by only letting authenticated users into internal apps), Secure Web Gateway (filtering and inspecting outbound Internet traffic from employees), cloud email security, firewall-as-a-service, and inter-office connectivity via Cloudflare’s network (Magic WAN).

These tools help companies secure their data and users without traditional on-premises appliances.

• Developer Platform (Cloudflare Workers): Cloudflare enables developers to run serverless applications on its edge network.

The Workers platform lets programmers deploy code that executes in Cloudflare’s data centers worldwide, close to end-users.

Along with this, Cloudflare offers storage solutions like Workers KV (key-value store), Durable Objects (for stateful data), R2 object storage (for files, competing with AWS S3 but with no egress fees), and even a new database service.

Developers and businesses pay based on usage (requests, compute time, storage) instead of managing their own servers.

• AI and Machine Learning Services: Recently, Cloudflare has started offering infrastructure for AI workloads.

Its Workers AI initiative allows running machine learning models at the edge of the network for fast inference (processing AI tasks near users).

Cloudflare provides tools like AI Gateway (to route and optimize AI requests) and plans to leverage its serverless platform to give customers a cost-efficient way to deploy AI models globally.

In summary, Cloudflare’s business spans content delivery, security, networking, and developer services – all delivered as cloud-based solutions.

The company earns recurring revenue from subscription fees (especially from enterprise clients) and usage-based fees, and it continues to expand into new areas (like Zero Trust security and AI) to drive future growth.

Content Delivery

Easy Button: Cloudflare puts copies of websites on many servers worldwide so people can load sites quickly wherever they are.

This section looks at how Cloudflare’s network helps deliver content fast and reliably.

Cloudflare’s foundation is its content delivery network (CDN) – a mesh of servers across the globe that cache (store) content closer to users.

When you visit a website that uses Cloudflare, you are typically served by a nearby Cloudflare data center instead of having to reach all the way to the website’s origin server.
This drastically lowers latency (delay) and speeds up page load times.

For example, Cloudflare has a presence in over 330 cities and claims that about 95% of the world’s Internet users are within 50ms of its network (Source).

In practice, this means someone in London loading a site hosted in New York can get the data from a Cloudflare server in London, making it feel almost instant.

Beyond just caching static files (images, CSS, etc.), Cloudflare’s network also uses smart routing to find the fastest path through the Internet for each request.

Their Argo Smart Routing (a premium feature) can dynamically route around congestion, similar to taking back roads to avoid a traffic jam.

Cloudflare also offers DNS resolution services – it operates one of the most widely used authoritative DNS infrastructures, ensuring that when a user looks up a domain name, they get a response quickly and reliably.

A key part of content delivery is keeping websites online under stress.

Cloudflare’s network provides built-in DDoS protection.

If attackers try to flood a website with traffic, Cloudflare’s distributed system absorbs and filters that flood.

With a network capacity of over 321 Tbps, it can handle some of the largest attacks recorded.

In Q4 2024 alone, Cloudflare mitigated 6.9 million DDoS attacks, an 83% increase from the year prior (Source).

They even stopped a single attack as large as 5.6 Tbps – a record-breaking flood of data (Source).

By automatically blocking malicious traffic, Cloudflare ensures that legitimate users can still reach the websites.

Cloudflare’s CDN and security measures work hand-in-hand: while content is cached and served quickly, the network also inspects requests and filters out bad actors.

All Cloudflare data centers run the full stack of services (cache, DNS, firewall, etc.), so content is delivered quickly and safely from the same locations.

This has led to widespread adoption – Cloudflare says it now “serves and protects” roughly 20% of all websites globally (Source).

The ease of use (just changing your DNS to point to Cloudflare) and the free tier offering basic CDN and DDoS mitigation helped it gain massive traction among bloggers, developers, and small businesses.

Once on the platform, many customers upgrade to paid plans for better performance features and finer security controls.

In summary, Cloudflare’s content delivery services are about speed and uptime.
The company leverages its huge network to put content as close to users as possible and to shield sites from traffic spikes or attacks.

This not only improves user experience (faster websites) but also offloads bandwidth and traffic from the origin servers (saving costs for Cloudflare’s customers and increasing their reliability).

Zero Trust and Security Services

Easy Button: Cloudflare helps businesses protect their websites and internal networks by always checking who is coming in and by blocking threats.

This section explores how Cloudflare secures both public websites and private corporate systems.

Cloudflare’s security offerings fall into two broad buckets: application security (protecting websites and internet-facing services) and Zero Trust network security (protecting employees and private applications).

On the application security side, Cloudflare’s network acts like a shield in front of websites.

Every request to a Cloudflare-protected site is analyzed by its Web Application Firewall (WAF), which uses rules and machine learning to block malicious attacks (like SQL injections or attempts to exploit vulnerabilities).

Cloudflare’s threat intelligence comes from seeing traffic across millions of sites, so as new attack patterns emerge, they can update the WAF for everyone.

The sheer volume of threats Cloudflare blocks is enormous – the company says it stops billions of threats per day across its customers (Source).

This includes everything from automated botnets trying to crack passwords, to giant DDoS attacks, to sneaky exploits targeting web apps. Another key security feature is SSL/TLS encryption.

Cloudflare was a pioneer in offering free HTTPS: it automatically issues and manages certificates for websites on its service.

This means even a small blog can turn on secure encryption with one click (something that used to be complex and costly).

Today, any site on Cloudflare by default serves traffic over HTTPS, which protects users from eavesdropping and tampering.

Cloudflare also provides bot management (distinguishing real users from bots and blocking malicious bots) and API protection for companies that expose APIs.

For example, if someone is scraping a website or abusing an API, Cloudflare’s tools can detect the pattern and mitigate it without bothering the site owner.

These measures are crucial for preventing fraud and data theft.

Moving to the Zero Trust domain, Cloudflare has built a suite called Cloudflare One to secure how employees and devices access corporate resources.

The idea of Zero Trust is “trust nothing by default” – even if you are inside a company network, you must verify identity and compliance each time you access an application.

Cloudflare One includes:
Cloudflare Access: This replaces traditional VPNs for internal apps. Instead of putting employees on an open network, every user must authenticate through Cloudflare to reach a specific application.

It’s like a security guard at each application’s door, verifying your ID (login credentials, 2FA) and ensuring your device meets security standards. Only then does it let you through to that app.

Cloudflare Gateway: A secure web gateway that filters and inspects outbound Internet traffic from an organization.

If an employee tries to visit a malicious site or download malware, Cloudflare can block it. Gateway also enforces policies (like “don’t allow uploads of sensitive data”) to prevent data leaks.

Magic WAN & Magic Firewall: These offerings let organizations use Cloudflare’s network backbone to connect offices, data centers, and cloud deployments, with built-in firewall controls.

It’s an alternative to legacy WAN solutions – instead of backhauling traffic through a central location, offices and remote users connect to the nearest Cloudflare node, where security policies are applied and traffic is routed efficiently to its destination.

Email Security and DLP: Through acquisitions and integration, Cloudflare can also filter phishing emails (to stop targeted email attacks) and do Data Loss Prevention scanning (to detect things like social security numbers or other secrets leaving the company).

All these services are delivered from Cloudflare’s edge locations around the world.
In effect, Cloudflare is extending its network from just protecting websites to protecting users and devices.

One of Cloudflare’s advantages here is performance: because Cloudflare has so many local points of presence, a user’s connection doesn’t have to trombone to a far-off data center for security checks.

For instance, a worker in India connecting to a company app in AWS could authenticate and go through Cloudflare’s Mumbai or Delhi node, rather than funneling through a VPN server in the US.

This reduces latency and improves user experience, which is a big selling point for Cloudflare One.

Cloudflare’s unified approach (combining CDN, DNS, WAF, Zero Trust, etc. in one platform) can also yield cost savings and simpler management for customers.

A customer case study from late 2024 described how Cloudflare displaced a “first-generation” Zero Trust vendor: the customer chose Cloudflare for its superior network speed and its all-in-one SASE platform (Source).

In competitive evaluations, companies often compare multiple vendors for ZTNA (Zero Trust Network Access), SWG, firewall, etc.

Cloudflare’s pitch is that it can do it all, via one cloud interface, and backed by its globally distributed network.

Additionally, Cloudflare often emphasizes ROI – for example, pointing out that onboarding a new site or application through Cloudflare can take minutes instead of weeks (as one bank noted, switching from an incumbent that took 14 weeks to provision a new site vs. 10 minutes on Cloudflare) (Source).

For the enterprise segment, Cloudflare’s main competitors in cloud security are companies like Zscaler, Palo Alto Networks (Prisma Access), and Cisco (with its Umbrella and other SASE components).

Cloudflare is relatively newer in this market but is growing fast by leveraging its network advantages.

Notably, Cloudflare’s CEO has reported that some customers are now buying Cloudflare for security first and performance second – a significant change from its early days.

In fact, industry-wide, security services have become the largest segment of the cloud networking business.

Akamai, another CDN provider, revealed that in 2024, security and compute services made up 67% of its revenue, far outpacing traditional content delivery (Source).

Cloudflare is riding that same trend: its future growth is expected to come largely from security and Zero Trust services, using the foothold it gained by accelerating content to now also lock everything down.

Developer Platform

Easy Button: Cloudflare lets programmers run their code on Cloudflare’s network all over the world.

This means even a small app can serve users from nearby, making it super fast, and developers don’t have to maintain servers.

While Cloudflare started with networking and security, it has increasingly become a developer platform – providing a place to host applications and back-end logic on its edge network.

The flagship here is Cloudflare Workers, a serverless computing service launched in 2017.

With Workers, developers can write code (in JavaScript, Python, etc.) and deploy it to Cloudflare’s global network.

Whenever a user triggers that code (say by visiting a certain URL or making an API request), it runs on the Cloudflare server closest to that user.

This is a paradigm shift from traditional cloud computing, where your code might live in one region (e.g., US-East or EU-West).

With Cloudflare, your code lives everywhere by default. The benefits are low latency and high scalability.

For example, if you build a chat application on Workers, users in Asia will connect to an Asia data center to send messages, and users in Europe will hit a European data center – all without you, the developer, needing to explicitly set anything up in those regions.

Cloudflare handles replicating and running the code globally.

And because it’s serverless, developers don’t worry about servers or capacity – Cloudflare automatically runs more instances of the code when traffic increases.

Cloudflare Workers uses a technology based on the V8 JavaScript engine (the same engine in Google Chrome) to isolate and execute code extremely quickly (with very fast cold-start times, on the order of milliseconds).

This makes it feasible to run many tiny scripts on demand.

Over 1 million developers have tried Cloudflare’s platform, and many use it for production workloads, from lightweight API endpoints to entire microservices.

As Cloudflare’s developer platform matured, the company added data storage and databases to complement Workers:

Workers KV: a key-value store that replicates data globally (useful for config data, feature flags, etc., where eventual consistency is acceptable).

Durable Objects: a storage system that provides read/write consistency by pinning certain data (or “objects”) to a specific location (for cases like chat rooms or game lobbies where you need ordered events).

Cloudflare R2: an object storage service (similar to Amazon S3) that lets developers store large files or backups.

R2 attracted attention by charging no egress bandwidth fees, solving a pain point developers have with cloud providers.

D1 Database: a SQL database (in beta) that allows developers to use relational data (built on SQLite) within Cloudflare’s network.

Queues, Analytics, etc.: Cloudflare has also introduced message queue services and logging/analytics tools so that developers can build more complex distributed apps entirely on Cloudflare.

With this toolkit, Cloudflare is positioning itself as an alternative platform to traditional clouds for certain workloads.

For instance, a developer can host a full web application on Cloudflare Pages (for the frontend) and Workers + D1 (for the backend), getting global performance out of the box.

Because Cloudflare doesn’t charge for inbound data or for delivering responses (only for the compute time and storage), some applications can be more cost-efficient as well.

A notable advantage is geographic distribution and compliance: since Cloudflare’s network spans 100+ countries, a developer can deploy globally but also ensure data stays in specific regions if needed.

Cloudflare offers jurisdiction tags (so you can say certain data should only run in EU data centers, for example), which helps with regulations like GDPR.

One highlight in 2024 was how Cloudflare’s developer platform started intersecting with the AI boom (which we cover next).

Many developers began using Workers to build AI-driven chatbots and applications, capitalizing on the platform’s speed and global reach.

Cloudflare reported that the “killer application” for Workers is turning out to be AI, as the event-driven, scalable nature of Workers fits AI workloads well (Source).

It’s worth noting that Cloudflare’s approach differs from giants like AWS, which offer edge computing (e.g., AWS CloudFront Functions or Lambda@Edge) but as an extension of their central cloud.

Cloudflare, by contrast, is primarily an edge network, so its developer platform is edge-first by design.

This can simplify development because you don’t have to explicitly choose regions – your code is just everywhere.

However, it also means Cloudflare’s platform is more specialized (stateless or semi-stateless apps that fit in a serverless model).

Some developers will still need central cloud services for heavy databases or centralized workloads.

Cloudflare’s developer ecosystem is growing: they have a package manager (Workers Registry) and support frameworks like Node.js, and there’s a community of third-party services integrating (like databases and SaaS APIs accessible through Workers).

Financially, the developer platform revenue is usage-based, and while Cloudflare hasn’t broken it out separately, it’s believed to be a smaller portion of revenue today compared to security or CDN.

However, it represents a strategic long-term bet – if more and more apps run on Workers, customers will stick to Cloudflare’s whole platform.

In summary, Cloudflare’s developer platform turns its network into a giant, distributed computer that anyone can program.

This deepens customer integration (once your application logic runs on Cloudflare, not just caching, you’re very tied in) and opens up a large addressable market competing with traditional cloud providers for certain types of workloads.

AI Infrastructure

Easy Button: Cloudflare is even helping with artificial intelligence by putting AI programs on its network.

This means AI can answer questions or process data closer to users, making it faster and protecting privacy.

In 2023-2024, Cloudflare jumped into the AI (Artificial Intelligence) arena by leveraging its edge network for AI workloads.

The logic is compelling: AI models (especially for inference, which is the process of using a trained model to get results) can benefit from being run near users.

For example, if you have a language translation AI or an image recognition AI, running it on a server 50 miles from the user will give a snappier response than running it 5,000 miles away.

- Cloudflare sees four opportunities in AI: efficiency in business processes, smarter performance and security products, AI as the killer application for Cloudflare Workers, and Cloudflare's unique position in the AI-driven web of the future.

Cloudflare’s network, being everywhere, is well suited to host these models at the edge. Workers AI is Cloudflare’s flagship AI offering.

Announced in late 2023, it brings serverless AI inference to Cloudflare’s platform.
Cloudflare started deploying clusters of NVIDIA GPUs (hardware specialized for AI computations) across its data centers.

By the end of 2023, they had GPUs in over 100 cities and planned to expand that “almost everywhere” across their 300+ city network (Source).

These GPUs are the engines for running neural network models. What Workers AI provides to developers is a simple way to run AI models with minimal code.

Cloudflare offers a set of popular open-source AI models (for example, for image classification, language understanding, etc.), and developers can also bring their own models.

A developer can write a Cloudflare Worker that invokes an AI model – for instance, take some text input and get a GPT-style completion or analyze an image – and Cloudflare will execute that model on its edge GPU infrastructure.

Importantly, it’s pay-as-you-go: users pay per inference (i.e., per request or a small unit of computation) rather than having to rent entire GPU servers by the hour.

This is attractive because AI workloads can be spiky; you don’t want to pay for idle time. Cloudflare has emphasized a few advantages of its approach:

Low latency: Because the model runs near the end user, the time to get a response is reduced.

For interactive AI applications (like chatbots, personal assistants, or real-time video processing), every millisecond matters. Cloudflare can often run the inference in-region or in-country with the user.

Data privacy and sovereignty: Some customers worry about sending sensitive data to third-party clouds for AI processing (e.g., healthcare or personal information).

With Cloudflare, they can choose to run the AI in specific jurisdictions or keep data within certain boundaries.

Cloudflare even allows running models within a customer’s own data center via its network (in conjunction with Magic WAN), though that’s more of a hybrid scenario.

Cost efficiency: Cloudflare claims that its serverless model avoids a lot of waste.

Traditional cloud GPU use might require renting a GPU for an hour even if you only need it for 10 seconds.

Cloudflare’s multi-tenant GPU deployments and per-request billing mean you only pay for the fraction you use. This could significantly lower costs for many inference workloads.

A simple example of Workers AI in action: imagine a website that generates personalized artwork via an AI model when a user clicks a button.

Without Cloudflare, the website might call an API hosted in one region, leading to slow response for users far from that region (and potentially higher cost).

With Workers AI, when a user in Tokyo clicks the button, Cloudflare’s Tokyo data center can run the art-generation model locally and return the result quickly to the user.

Cloudflare’s CEO, Matthew Prince, has said that AI is the “killer app” for their edge compute platform (Source).

They’ve observed many companies starting to use Workers to deploy AI agents and workflows.

For instance, companies have built AI-powered chatbots that run entirely on Cloudflare’s network, or AI-based analytics that process user data at the edge in real time.

Because Cloudflare’s Workers can scale massively (each data center can handle many requests in parallel), an AI service can handle a burst of users without breaking a sweat.

It’s still early days, and Cloudflare is not aiming to train the huge AI models (that’s left to the hyperscalers with massive training clusters).

But for inference – the everyday use of AI – Cloudflare is positioning itself as a unique provider of “AI at the edge.”

This pits them somewhat indirectly against cloud providers like AWS, Google, and Azure, which offer their own AI inference services but mostly concentrated in a few regions.

Cloudflare’s pitch is that an AI service on their network can reach global users faster and maybe cheaper.

One challenge is the competition from established AI platforms (like OpenAI’s API or Google’s Vertex AI) which offer ready-to-use models but usually from central locations.

Cloudflare’s strategy seems to be focusing on the open-source AI ecosystem: instead of relying on one model like GPT-4, Cloudflare can host models like Llama 2 or Stable Diffusion that are open source, giving customers more control and avoiding vendor lock-in.

In terms of impact on Cloudflare’s business, AI services could drive a lot of additional usage of its network (GPU hours, etc.), contributing to revenue growth.

Cloudflare is already seeing large customers engage with its AI offerings.

They mentioned on the Q4 2024 call that one major AI company is using Cloudflare to run inference tasks and found it more efficient in cost and performance than the centralized alternative (Source).

To support AI workloads, Cloudflare is also making sure its inter-data-center connectivity is robust (AI tasks might require coordination or fetching data from a central store, etc.).

Their global private backbone and peering with cloud providers help in cases where an edge AI worker needs to fetch something from a cloud database – it can do so over a fast link.

Summing up, Cloudflare’s AI infrastructure initiative (Workers AI) extends its platform from not just delivering and protecting content, but now also processing data and running intelligent services at the edge.

It’s a natural extension of their edge compute vision, and if AI-driven applications continue to rise, Cloudflare aims to capture that demand on its network.

This could deepen the company’s moat, as AI workloads are resource-intensive and any organization running them on Cloudflare would likely consume a lot more of Cloudflare’s services (thus spending more and sticking around longer).

Competitor Analysis

Easy Button: Cloudflare isn’t alone – other companies also speed up websites or provide security in similar ways. Here we compare Cloudflare with some big peers and see how they stack up technically and financially. Cloudflare’s range of services means it competes with different sets of companies in each area.

Below are key competitors across content delivery, security, and edge computing, and how they compare:

• Akamai Technologies (AKAM) – The legacy CDN giant turning to security and cloud.

Akamai is the oldest and one of the largest content delivery providers, historically serving media and enterprise customers.

Fourth quarter 2024 revenue was $1.02 billion (full-year $3.99B), up 5% year-over-year (Source).

Akamai’s traditional web and video delivery business has matured (its “Delivery” revenue actually declined ~15% in 2024 as traffic patterns changed).

To reaccelerate growth, Akamai has invested heavily in security services (web application firewall, bot mitigation, etc.) and cloud computing.

Over 67% of Akamai’s revenue now comes from security and compute, its fastest-growing areas, and 2024 was the first year Akamai’s security revenue surpassed its CDN revenue (Source).

Technically, Akamai and Cloudflare have similar global footprints and both aim to be a “platform” at the edge.

Akamai has an advantage in certain enterprise media streaming segments and has built out an IaaS cloud (after acquiring Linode) to compete with hyperscalers.

Cloudflare, on the other hand, is growing much faster and focuses on ease of use and developer experience (Akamai’s platform historically is seen as more complex to integrate).

Financially, Akamai is profitable and generates significant cash flow, whereas Cloudflare has been prioritizing growth over profit.

Both are converging to offer a full spectrum (CDN, security, edge compute), so this is a classic incumbent vs. disruptor scenario.

• Zscaler (ZS) – Zero Trust security specialist.

Zscaler is a pure-play cloud security company that dominates the Secure Access Service Edge (SASE) market for Zero Trust access and secure web gateways.

It doesn’t do CDN or edge compute – its focus is protecting corporate users and data. Zscaler’s fiscal year 2024 revenue was $2.17 billion, up 34% year-over-year (Source).

This makes Zscaler roughly comparable to Cloudflare in size (Cloudflare’s FY2024 was $1.67B) but growing faster in that period.

Zscaler’s flagship is the Zscaler Zero Trust Exchange, which provides secure access to internal applications (Zscaler Private Access) and secure Internet gateway services (Zscaler Internet Access) – very similar to Cloudflare One’s offerings.

Technically, Zscaler runs a global proxy network with data centers in many countries, though its footprint (~150 data centers) is smaller than Cloudflare’s.

In competitive deals, Zscaler is often the incumbent Cloudflare is trying to displace for Zero Trust solutions. Zscaler has a strong reputation for security and a large enterprise customer base, often landing big contracts with Fortune 500 companies.

Cloudflare’s challenge (and opportunity) is to convince customers that its integrated platform can do the same job with equal or better performance.

One difference: Zscaler is solely focused on security and has deep integrations into enterprise IT environments, whereas Cloudflare can bundle security with performance (e.g., WAN optimization, CDN).

Financially, Zscaler has been narrowing its losses and is non-GAAP profitable, indicating a maturing business.

For a customer evaluating Zero Trust, Zscaler might be seen as the safe, dedicated option, while Cloudflare is the newer, innovative option that also ties in with other IT needs.

• Fastly (FSLY) – Edge cloud competitor focused on developers and performance.

Fastly is another CDN and edge computing provider that often comes up alongside Cloudflare.

It’s smaller, with $543.7 million revenue in 2024 and ~7% YoY growth (Source).

Fastly built its brand on ultra-fast content delivery (adopted by many high-profile web companies for its low latency and real-time tuning) and on being very dev-friendly (it open-sourced its Varnish-based caching software, etc.).

Fastly introduced its own edge computing solution, [email protected], similar in concept to Cloudflare Workers, and it acquired Signal Sciences to add web security (WAF and bot protection).

In essence, Fastly is trying to offer the same trio as Cloudflare – CDN, security, and edge compute – but at a smaller scale.

Fastly’s network has fewer points of presence than Cloudflare’s, focusing on strategically placed high-capacity servers.

It often performs extremely well for specific use cases (like live streaming or API acceleration) due to its engineering focus.

However, Fastly suffered some setbacks (a major outage in 2021 hurt its reliability image, and it faced demand headwinds when a top customer scaled down usage).

In terms of margins, Fastly’s gross margin is around 55-57%, notably lower than Cloudflare’s ~77% (Source).

This suggests Cloudflare has economies of scale or a more favorable product mix.

From a go-to-market view, Fastly has historically focused on a smaller number of large tech-savvy customers (its top 10 customers were 32% of revenue in Q4 2024, versus Cloudflare’s more distributed customer base).

Cloudflare’s broad user base (including many self-serve signups) gives it a different growth engine.

Some analysts think Fastly could be an acquisition target for a larger cloud or telecom company, whereas Cloudflare is bigger and set on independent growth.

Other notable competitors: Microsoft, Amazon, and Google each have services overlapping Cloudflare in parts – for instance, AWS’s CloudFront CDN, AWS WAF, and Lambda@Edge compete with Cloudflare’s CDN/WAF/Workers; Microsoft and Google have their own enterprise security solutions (e.g., Azure AD Conditional Access, Defender for Cloud Apps, Google BeyondCorp).

However, those giants typically bundle such services with their broader cloud offerings, whereas Cloudflare’s advantage is being cloud-neutral and focused solely on networking/security.

Additionally, companies like Palo Alto Networks (with Prisma Access), Cisco (Umbrella), and Fortinet compete on Zero Trust networking for large enterprises, and smaller CDN/security players like Edgio (Edgecast) and Imperva overlap in specific niches.

Cloudflare’s broad integration across domains gives it a unique position, but it faces strong single-domain competitors in each area.

In summary, Cloudflare’s competition is fragmented – no single rival offers the exact same breadth.

Akamai is closest in scope (network + security + compute), Zscaler leads in Zero Trust security, and Fastly competes in edge performance and developer mindshare.

Cloudflare’s strategy of an all-in-one platform is a double-edged sword: it can deliver more value by cross-selling services, but it must keep innovating in each area to match specialists.

So far, Cloudflare has been gaining ground, as evidenced by its higher growth rates.
Its ability to win over customers from these incumbents (as highlighted by case studies of replacing legacy providers) will be crucial to sustaining that momentum.

Tariffs

Easy Button: We also need to think about trade tariffs (extra taxes on goods from other countries).

If computer parts get more expensive or harder to get because of tariffs, it could affect companies like Cloudflare that need lots of hardware for their servers.

Let’s see how these tariffs might impact Cloudflare.

The return of U.S. tariffs on tech imports – as signaled by the Trump administration in 2025 – could have several effects on Cloudflare:

1. Direct hardware cost increases: Cloudflare builds and operates its own servers and network equipment in data centers worldwide.

If tariffs are placed on imported components like computer servers, chips, network switches, or even steel racks, Cloudflare’s cost to buy or replace this hardware could go up.

For example, tariffs on Chinese-manufactured electronics might add a 10-25% cost on network cards or motherboards.

Forbes noted that tariffs on imported electronic components will “drive up the cost of servers, storage and networking equipment” (Source).

That means Cloudflare might have to spend more money to maintain and expand its global infrastructure.

Higher costs could squeeze margins unless Cloudflare raises prices for its services (which might be hard in a competitive market).

In extreme cases, if certain hardware becomes very expensive, Cloudflare might delay some expansion or seek alternate suppliers in tariff-free regions.

2. Supply chain and deployment delays: Tariffs and trade disputes can cause broader supply chain disruptions.

If there’s uncertainty about tariffs, companies might stockpile components or suppliers might slow down production, leading to shortages.

Cloudflare could face delays in getting critical equipment (like new GPUs for its AI infrastructure or replacement parts for servers).

This might slow the rollout of new features (for instance, deploying GPUs to more data centers for Workers AI if those GPUs are held up at customs or are pricier due to tariffs).

Also, any retaliatory tariffs (e.g., China imposing tariffs on U.S. goods) could complicate Cloudflare’s deployment in Asia.

Cloudflare operates in over 100 countries – a sprawling supply chain – so global trade friction can introduce unpredictability in where it’s economical or timely to expand next.

3. Customer and demand impact: Indirectly, tariffs can affect the broader economy and Cloudflare’s customers.

If tariffs lead to higher costs for businesses or slow down economic growth in certain regions, companies might cut back on IT spending.

For example, if a European customer has to pay more for U.S. software or hardware due to a trade skirmish, they might delay projects, which could include using Cloudflare’s services.

On the flip side, if U.S.-China tensions escalate, Chinese companies might shy away from U.S.-based services like Cloudflare due to political pressure, affecting Cloudflare’s ability to grow in that market.

Cloudflare does have a partnership in China (with JD Cloud) to operate there, but geopolitical strains could impact that relationship or customer usage in that region.

Another scenario: tariffs on data center equipment could drive up costs for all cloud providers, possibly raising prices industry-wide; Cloudflare might then face a market where customers are more cost-conscious.

4. Geopolitical strategic moves: Cloudflare might respond to tariff pressures by adjusting its strategy.

It could source hardware from different countries (e.g., buying from Taiwan or Vietnam instead of China if U.S. tariffs hit Chinese goods).

It might also consider localized manufacturing or assembly in the U.S. to avoid import duties (though that has its own costs).

Additionally, if tariffs are paired with U.S. policies aimed at onshoring tech, Cloudflare could seek any available incentives or credits for using U.S.-made equipment to offset costs.

Conversely, if other nations impose digital service taxes or retaliatory measures on U.S. tech firms, Cloudflare might need to invest more in lobbying or legal navigation to ensure it can keep operating globally.

From a macro perspective, tariffs introduce uncertainty.

Cloudflare, as a high-growth tech company, thrives on predictable costs and the ability to deploy rapidly.

Trade conflicts threaten that.

However, Cloudflare’s core business – providing Internet performance and security – will remain in demand.

The key questions will be if increased costs can be absorbed or passed on, and how agile Cloudflare’s supply chain is in adapting to new trade rules.

Cloudflare has mentioned in its risk factors (in SEC filings) that international tensions and changes in trade policy could harm its operations (tariffs would fall into this category of risk).

For instance, unexpected changes in tariffs and trade practices are listed among the factors that could adversely affect their business (Source).

Tariffs under a renewed Trump administration would put those warnings to the test.

They could modestly compress Cloudflare’s gross margins by raising cost of revenue (if, say, hardware and transit get pricier).

They could also complicate customer acquisition in affected markets. In a broad trade war scenario, every global business (including Cloudflare) might face headwinds in growth.

But Cloudflare’s distributed model (with infrastructure in many countries) could provide some resilience – for instance, it might shift procurement or deployment to regions with more favorable trade conditions.

In summary, new tariffs on tech gear present a headwind: higher costs and potential slowdowns.

Cloudflare might navigate it by tweaking its supply chain and pricing, but it’s a factor to watch because it comes from outside the pure tech realm – it’s geopolitics meeting infrastructure.

Financials

Easy Button: This section explains Cloudflare’s financial performance in simple, clear terms using the latest Q4 and FY2024 results.

• Valuation: NET’s valuation is high, even extremely high. It is trading at 150x this year’s estimated eaarnings and 74x 2028 earnings.

Further, NET is trading at 20x this year’s estimated revenue.

These are nosebleed valuations and leave little room for upside unless the company beats estimates by a considerable amount.

Of course, earnings and sales multiples are only relevant within the context of growth estimates.

Here is how the median consensus estimate lines up for NET revenue in 2025, 2026, and 2027 respectively:

• Cloudflare reported total revenue of $1,669.6 million for FY2024, reflecting a 29% year-over-year increase. (Source)

• In Q4 2024, revenue reached approximately $560 million, demonstrating strong momentum and robust growth. (Source)

• The company maintained impressive gross margins of around 77%, highlighting its operational efficiency. (Source)

• Despite strong revenue growth, Cloudflare remains unprofitable on a GAAP basis as it reinvests aggressively in future growth initiatives. (Source)

• Non-GAAP operating performance has shown improvement, indicating progress toward operational profitability. (Source)

• A robust balance sheet with increasing cash reserves supports ongoing investments in network expansion and innovative products such as AI infrastructure. (Source)

As for the earnings call, we took away these highlights:

- Record number of new large customers added, now totaling 3,497 (up 27% YoY).

- Large customers contributed 69% of revenue, up from 66% in the previous year.

- Dollar-based net retention rate increased to 111%.

- Gross margin was 77.6%, above the target range of 75%-77%.

- Operating profit of $67.2 million with an operating margin of 14.6%.

- Strong free cash flow of $47.8 million for the quarter and $166.9 million for the year.

- Customers have been cautious with budgets but confidence is returning, especially in the U.S.

- Notable uptick in close rates and improvement in sales cycles.

- Record growth in customers spending over $1 million per year, with 173 such customers by year-end.

- Sales productivity increased for the fifth consecutive quarter.

- Aggressive hiring in sales, particularly in the enterprise segment.

- Sales force capacity is a constraint but is improving.

- Cloudflare's go-to-market execution is improving, with confidence in reacceleration throughout 2025.

- Cloudflare sees four opportunities in AI: efficiency in business processes, smarter performance and security products, AI as the killer application for Cloudflare Workers, and Cloudflare's unique position in the AI-driven web of the future.

- Notable uptick in close rates and improvement in sales cycles.

- Double-digit year-over-year improvement in sales productivity, with record productivity in EMEA and APAC.

- Increase in ramped account executives, expecting growth to accelerate each quarter through 2025.

- Q1 2025 revenue guidance: $468 million to $469 million.

- Full year 2025 revenue guidance: $2.090 billion to $2.094 billion.

- By 2025, Cloudflare plans to target specific accounts that are already customers and have a good fit for further AI integration.

Conclusion

• Cloudflare’s global network delivers content quickly and reliably by caching websites close to users, ensuring optimal performance.

• Its integrated security platform, including Zero Trust and DDoS protection, shields both public websites and internal corporate systems from cyber threats.

• The developer platform, highlighted by Cloudflare Workers, empowers developers to build and deploy distributed applications at the edge, reducing latency and operational complexity.

• Cloudflare’s AI infrastructure, notably through Workers AI, enables fast AI inference at the network edge, enhancing user experience and data privacy.

• In a competitive landscape, Cloudflare stands out by merging content delivery, security, developer tools, and AI into one unified platform, even as competitors like Akamai, Zscaler, and Fastly offer their own specialized services.

• External factors such as tariffs and geopolitical risks could impact hardware costs and supply chains, but Cloudflare’s agile, distributed model provides resilience against such headwinds.

In conclusion, Cloudflare’s forward-thinking strategy, continuous innovation, and comprehensive service offering position it as a dynamic leader in the digital transformation of global networks.

Its integrated approach not only addresses today’s Internet challenges but also sets a solid foundation for future growth despite external economic and geopolitical pressures.

Legal

The information contained on this site and in this report is provided for general informational purposes, as a convenience to the readers.

The materials are not a substitute for obtaining professional advice from a qualified person, firm or corporation.

Consult the appropriate professional advisor for more complete and current information.

Capital Market Laboratories (“The Company”) does not engage in rendering any legal or professional services by placing these general informational materials on this website.

The Company specifically disclaims any liability, whether based in contract, tort, strict liability or otherwise, for any direct, indirect, incidental, consequential, or special damages arising out of or in any way connected with access to or use of the site, even if I have been advised of the possibility of such damages, including liability in connection with mistakes or omissions in, or delays in transmission of, information to or from the user, interruptions in telecommunications connections to the site or viruses.

The Company makes no representations or warranties about the accuracy or completeness of the information contained on this website.

Any links provided to other server sites are offered as a matter of convenience and in no way are meant to imply that The Company endorses, sponsors, promotes or is affiliated with the owners of or participants in those sites, or endorse any information contained on those sites, unless expressly stated.