Cloudflare: Leading Cybersecurity - [Business Breakdowns, EP.241]

Summary of Cloudflare: Leading Cybersecurity - [Business Breakdowns, EP.241]

by Colossus | Investing & Business Podcasts

1h 10mFebruary 11, 2026
Listen to Episode

Overview of Cloudflare: Leading Cybersecurity - [Business Breakdowns, EP.241]

This episode (host Matt Russell with guest Sam Eden, investor at SquarePeg) breaks down Cloudflare’s business, history, product architecture, go-to-market evolution, financials, competitive position, recent outage, and investor considerations. Cloudflare started as a freemium CDN/security reverse-proxy and has layered internal security (zero-trust) and developer platform products (serverless Workers, edge inference) onto a single global, software-defined network. The conversation emphasizes how network effects, peering relationships, commodity hardware + proprietary software, and product-led growth created a durable moat — while also highlighting risks (operational outages, capital intensity, competitive headwinds in newer markets).

Key metrics & notable facts

  • 20% of global web traffic runs through Cloudflare.

  • Cloudflare blocks ~2.5 million cyber attacks per second.
  • Annualized revenue: ~$2+ billion.
  • Global network connects to >13,000 networks (ISPs/cloud/corporates); presence in ~330 cities.
  • Developer footprint: >3 million developers on Act 3 products.
  • Large-customer dynamics: <1.5% of customers (>$100k revenue) account for ~75% of revenue; <200 customers >$1M ARR.
  • Net revenue retention: historically >110% (recently ~112% → re-accelerated to ~119% in latest quarter).
  • Non-GAAP gross margins: ~75–78% (adjusted for equipment D&A gross margins nearer ~83–85%).
  • CapEx: ~11–14% of revenue (material for a software business). Free cash flow margin ~10% recently; management targets >25% longer term.
  • Channel partner revenue: ~30% of revenue (vs. Zscaler/Netskope ~90%); partner-sourced incremental revenue growth ~65% YoY recently.
  • Example contract: $130M, 5-year “pool of funds” enterprise deal.

Company history & founding

  • Founded 2009 by Matthew Prince (CEO), Michelle Zatlin (COO), and Lee Holloway (technical cofounder; contributed early innovations; later diagnosed with frontotemporal dementia).
  • Originated from Project Honeypot (crowdsourced list of bad/spammer addresses). Freemium model helped assemble signal and early adopters including nonprofits and hacker community.
  • Core early innovation: single reverse proxy that intercepts all customer traffic (rather than many fragmented proxies/CDNs) enabling simple onboarding and easy product stacking.

Core product architecture and moat

  • Single global, software-defined network built on commodity servers + proprietary software stack.
  • Peering relationships with ISPs remove transit costs and improve latency — creates customer & ISP value (keeps bandwidth fees down, speeds internet).
  • Network effects: serving the long tail → more traffic → more signals for security/optimization → better product → better enterprise wins → more peering and scale → lower costs and more capability.
  • Simplicity and product-led growth enabled rapid scale and made replication by incumbents difficult (technical scale, peering, and business model factors).

Product evolution — Act 1 / Act 2 / Act 3 framework

  • Act 1 (Web/application services): original CDN, DDoS protection, bot management, application security. Generous freemium; charges more for complexity/features rather than raw volume.
  • Act 2 (Internal/corporate security / zero trust): forward proxies, SASE/zero-trust offerings protecting employee outbound traffic, app access controls, email/phishing protection. Reuses the same edge network/hardware with different software layers.
  • Act 3 (Developer platform & edge compute): Cloudflare Workers (serverless functions at edge), storage, lightweight DBs, video; edge AI inference (adding GPUs to edge boxes to serve LLMs and models).
  • Developer strategy: very generous free tier (e.g., Workers quotas, storage w/ zero egress fees) to capture long-tail developers and funnel enterprise adoption.

Go-to-market & monetization

  • Product-led origins shifted toward a hybrid model with increasing enterprise sales muscle.
  • New revenue leadership (hired President of Revenue Mark Anderson from Palo Alto Networks) to boost enterprise sales; rep mix shifting to enterprise reps.
  • Enterprise funnel: high-dollar customers (small % of base) produce most revenue; “pool of funds” bundling encourages cross-product adoption and multi-year commitments.
  • Channels/partners: growing partner-led revenue and implementation-driven partner economics; channel incremental revenue has grown strongly (~65% YoY).
  • Pricing: Act 1 primarily subscription tiers (pro/business/enterprise); Act 3 generally usage-based (no egress fees in many cases).

Financial profile & capital allocation

  • Non-GAAP gross margin 75–78% (equipment D&A depresses reported gross margin; adding D&A back pushes to mid-80s).
  • CapEx is significant for infrastructure (11–14% of revenue). Management emphasizes strategic CapEx with high ROI (commodity hardware, “invest behind the demand curve”).
  • Operating costs: Sales & marketing ~35% of revenue (opportunity for leverage).
  • Cash flow: recent FCF margins ~10%; management target >25% in long term if operating leverage materializes.
  • Key value drivers for investors: Act 2 enterprise adoption pace, Act 3 developer & AI inference growth, partner/channel expansion, net retention trends, CapEx efficiency.

Recent outage (root cause and implications)

  • Outage cause: not an attack — a process error related to bot management ML model updates. A corrupted update doubled model feature size, causing memory exhaustion across servers and widespread outage.
  • Impact: wide visibility because Cloudflare’s footprint is large; highlighted concentration risk of a single global network.
  • Company response: transparent, detailed post-mortem; remediation plans; previous outages had accelerated internal migrations away from third-party dependencies.
  • Business implication: short-term customer disruption and reputational cost, but not necessarily long-term revenue damage if remediation and transparency restore confidence.

Competition & risks

  • Act 1: Cloudflare is the leader in scale and peering; incumbents (e.g., Akamai) and niche legacy players remain but are challenged.
  • Act 2: More competitive (Zscaler is a leading pure-play zero-trust player). Cloudflare is a strong contender but is a second mover here.
  • Act 3: Competes with hyperscalers (AWS/Azure/GCP) and other edge providers; GPU/inference rollouts create new dynamics and capital-intensity for specialized hardware.
  • Key risks:
    • Execution risk as Cloudflare scales enterprise sales and integrates product lines.
    • Operational risk (global outages/process errors).
    • Capital intensity and ROI concentration with GPU/inference hardware (different economics than previous universal hardware).
    • Valuation sensitivity — priced for near-flawless execution; little margin for execution misses.

Valuation & investor considerations

  • Historically high multiples (e.g., ~25x next-12-month revenue earlier in year), reflecting growth + multiple TAM expansion levers.
  • Investor modeling should focus on:
    • Speed of Act 2 enterprise adoption (market share gains vs incumbents).
    • Trajectory and monetization of Act 3 (developers → enterprise, edge AI inference volume).
    • Margin expansion via operating leverage (sales & marketing efficiency, CapEx ROI).
    • Signposts: large-customer growth, pool-of-funds bookings / RPO growth, partner-derived revenue, net revenue retention trends, and incident remediation outcomes.
  • Conclusion: attractive long-term growth/strategic position, but priced for strong execution; watch for operational and execution risks.

Actionable signposts & monitoring checklist (for investors/operators)

  • Quarterly trends:
    • Net revenue retention (direction & magnitude).
    • Revenue growth from customers >$100k and >$1M.
    • RPO / pool-of-funds bookings (growth rate).
    • Channel partner incremental revenue (% of incremental revenue).
    • Sales & marketing % of revenue and rep productivity metrics.
  • Operational reliability:
    • Post-incident remediation steps completed and any recurrence of outages.
    • Third-party dependency reductions and hardening of CI/CD/model deployment processes.
  • Act 3 & AI:
    • GPU edge deployment cadence and utilization rates.
    • AI inference pricing / gross margins and enterprise adoption for inference.
    • Developer adoption economics: free-to-paid conversion rates, Workers usage growth.
  • Competitive wins/losses: marquee customer logos switching to/from Cloudflare vs Zscaler/Akamai/hyperscalers.

Key takeaways / lessons

  • Simplicity + scale: A simple customer experience (freemium, one reverse proxy) built on a very hard-to-replicate global infrastructure can produce compounding network effects.
  • Product-led + sales-led balance: Freemium acquisition powered scale; enterprise muscle is required to capture high-value accounts — blending both is critical but operationally challenging.
  • CapEx can be a moat-builder in software if ROI is high and hardware supports multiple revenue streams.
  • Multiple growth levers (Act 1 → Act 2 → Act 3 + AI tailwinds + channel) create optionality, but also raise execution complexity.
  • Operational transparency and swift fixes after outages are vital for customer trust when you operate critical infrastructure.

Notable quote excerpts (paraphrased):

  • “Cloudflare is effectively a single global private network that runs all this traffic.”
  • “They absorb over 2.5 million cyber attacks every single second.”
  • “They build on commodity hardware and a software stack — the network gets better as it gets bigger.”

This summary captures the core narrative of the episode and the main investor/operational takeaways.