Lessons from a $125K Cloudflare Subscription: The True Cost of Skipping Risk Management
After suggesting to a customer the migration to Cloudflare, I was confronted with the latest controversy surrounding this provider, and I feel compelled to conclude that a double-edged sword should only be wielded by those who can handle it.
Robin Dev, who titles himself as the “SysOps engineer of a fairly large online casino,” had configured the company’s DNS infrastructure within Cloudflare’s services, which is understandable because, in my opinion, it is the best provider for this service at present. However, Robin apparently forgot to apply basic System Operations principles, namely redundancy and automation.
I have been working in operations and cybersecurity for over 20 years, professionally for 15, and I can affirm that 9 out of 10 of my clients do not apply the most basic risk management fundamentals. This reality spans all the areas in which I have operated (telecommunications, media, banking, and fintech), and is notably prevalent in IT departments, particularly systems and operations.
The truth is that most companies primarily focus on two departments, finance and sales, ignoring the insufficiencies of all the others that provide support. This affects the company’s reputation, the quality of its products, and consequently its revenue. If I were to point fingers, I would certainly point at the administration because, in the end, any company decision falls under their responsibility. However, I am willing to go further and point to the prevalent professional culture in society. Ultimately, this is a situation observed internationally, at least considering the four continents I have worked with.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25544672/Jones_drives_the_solar_car_across_the_finish_line_at_the_Portofino_Hotel.jpg)