CloudFlare Keeps Organizations in Control of Their SSL Keys, Removes Need for On-Premise Network Infrastructure

SAN FRANCISCO, CA--(Marketwired - Sep 18, 2014) - CloudFlare, the leading Internet performance and security company, today launched Keyless SSL, a new technology that allows organizations to keep Secure Sockets Layer (SSL) keys private -- out of reach from external parties -- while offering all the benefits of a cloud-based infrastructure. For the first time, organizations can rid themselves of expensive, rigid, on-premise network hardware while harnessing essential technologies like DDoS mitigation, CDN, web application firewalls (WAF), and load-balancing in the cloud.

Before Keyless SSL, organizations could not get the benefits of a cloud-based WAF, CDN, or other security and performance enhancement services without turning over cryptographic keys to a third-party cloud provider. Because of legitimate security concerns over revealing private SSL keys to a third party, most banks and Fortune 500 companies chose to maintain expensive on-premise equipment that would often fail under load. These organizations could not leverage the massive benefits of a cloud-based infrastructure: low cost, low maintenance, and virtually infinite scalability.

"Organizations shouldn't be shackled to a box just because they need to protect their private keys. For the first time, enterprises can benefit from the functionality of on-premise hardware, but deployed as-a-service with infinite scalability and elasticity," said Matthew Prince, co-founder and CEO of CloudFlare. "CloudFlare's Keyless SSL removes the last reason that has held organizations back from ripping out legacy hardware and moving to the power of the cloud."

Keyless SSL in the Security Community

World-renowned security experts Jon Callas and Phil Zimmermann support CloudFlare's latest announcement sharing, "One of the core principles of computer security is to limit access to cryptographic keys to as few parties as possible, ideally only the endpoints. Applications such as PGP, Silent Circle, and now Keyless SSL implement this principle and are correspondingly more secure."

NCC Group companies iSEC Partners and Matasano are leaders in application security and cryptographic review and worked with CloudFlare to review Keyless SSL prior to launch. A spokesperson from NCC Group's Cryptography Services practice commented: "We've seen how private keys can be stolen, and investing in techniques to limit their exposure makes the Internet a safer place. Our review of Keyless SSL indicates the keys themselves do not leave your infrastructure, and a secure channel with CloudFlare both protects the communication and reduces the attack surface for your key."

Keyless SSL for the Enterprise

Senior director of Trust at EMC Corporation, Davi Ottenheimer believes Keyless SSL is a fundamental innovation in security. "The trade-offs between control and cloud services are being solved by innovation in key management. Keyless solutions, where customers retain control of keys, clearly improve security while maintaining the best service offerings. Keeping control of your own private key, yet enabling a cloud provider to serve your customers with the same level of trust, is a real breakthrough in content delivery security."

Keyless SSL for Financial Organizations

"At Coinbase, we take security very seriously. To be successful in the Bitcoin ecosystem we prioritize security highly," said Ryan McGeehan, director of security at Coinbase. "Technology that improves the security of our critical infrastructure, like our SSL keys, is always welcomed."

Keyless SSL, while created with large financial organizations in mind, is also valuable for startups that work with such groups. "As a private-cloud file-sync and share startup working with many financial organizations worldwide, we are always looking for the best security technologies that help keep important data safe, secure, and behind the firewall while maintaining the scale benefits of the cloud," said Yuri Sagalov, co-founder and CEO of AeroFS. "Keyless SSL lets companies get the best of both worlds: Companies get to keep their private keys behind the corporate firewall where they belong, while still providing edge-level encryption for their customers accessing their services."

Keyless SSL for CloudFlare Partners

"Recent incidents like the APT exploit of Heartbleed to breach Community Health Systems and the Mask operation show that attacks on keys and certificates that establish trust are on the rise. If security teams don't protect their keys and certificates they undermine their critical threat protection and existing security controls," said Kevin Boeck, vice president of security strategy & threat intelligence at Venafi. "With our partner CloudFlare, Venafi supports the development of Keyless SSL technology to help further protect our Venafi Trust Protection Platform customers and secure their use of cloud services."

Keyless SSL is currently available to CloudFlare Enterprise customers.

Additional Resources

• Keyless SSL
• Data Sheet 
• (Blog post) Announcing Keyless SSL: All the benefits of CloudFlare without having to turn over your private SSL keys

About CloudFlare
CloudFlare, Inc. (www.cloudflare.com / @cloudflare) makes sites lightning fast, protects them from attacks, ensures they are always online, and makes it simple to add web apps with a single click. Regardless of size or platform, CloudFlare supercharges websites with no need to add hardware, install software, or change a line of code. The CloudFlare community gets stronger as it grows: every new site makes the network smarter. More than 5 percent of global Web requests flow through CloudFlare's network daily, and, thanks to our awesome sauce technology, every month more than 1.6 billion people experience a faster, safer, better Internet. CloudFlare was recognized by the World Economic Forum as a Technology Pioneer, named the Most Innovative Network & Internet Technology Company for two years running by the Wall Street Journal, and ranked among the world's 50 most innovative companies by Fast Company. CloudFlare has offices in San Francisco, California, USA and London, UK.