Cloudflare Zero Trust

Secure your organization with Cloudflare Zero Trust — a cloud security model that replaces legacy perimeters with Cloudflare’s global network.

Available on all plans

Cloudflare Zero Trust is part of Cloudflare One, our name for the Secure Access Service Edge (SASE) platform that protects enterprise applications, users, devices, and networks.

By progressively adopting Cloudflare One, organizations can move away from a patchwork of hardware appliances and point solutions, and instead consolidate security and networking through a unified control plane that includes products like Cloudflare Access, Secure Web Gateway (SWG), Cloudflare Tunnel, Data Loss Prevention (DLP), Remote Browser Isolation (RBI), Cloud Access Security Broker (CASB), and Email Security.

Refer to our SASE reference architecture to learn how to plan, deploy, and manage SASE architecture with Cloudflare.

Get started

Zero Trust dashboard

Implementation guides

Products

Access

Authenticate users accessing your applications, seamlessly onboard third-party users, and log every event and request.

Cloudflare Tunnel

Securely connect your resources to Cloudflare without exposing a public IP by using Cloudflare Tunnel, which establishes outbound-only connections from your infrastructure to Cloudflare’s global network via the lightweight cloudflared daemon.

Secure Web Gateway (SWG)

Inspect and filter DNS, network, HTTP, and egress traffic to enforce your company's Acceptable Use Policy (UAP), block risky sites with custom blocklists and threat intelligence, and enhance visibility and protection across SaaS applications.

WARP

Protect corporate devices by privately sending traffic from those devices to Cloudflare's global network, build device posture rules, and enforce security policies anywhere.

Browser Isolation (RBI)

Mitigate the impact of attacks by executing all browser code in the cloud and securely browse high-risk or sensitive websites in a remote browser.

Cloud Access Security Broker (CASB)

Protect users and sensitive data at rest in SaaS applications and cloud environments, scan for misconfigurations, and detect insider threats as well as unsanctioned application usage to prevent data leaks and compliance violations.

Data Loss Prevention (DLP)

Scan your web traffic and SaaS applications for the presence of sensitive data such as social security numbers, financial information, secret keys, and source code.

Email Security

Configure policies to manage your inbox, automatically move emails based on disposition, and use screen criteria to investigate messages.

Digital Experience Monitoring (DEX)

Monitor device, network, and application performance across your Zero Trust organization.

---

More resources

SASE video series

New to Zero Trust and SASE? Get started with our introductory SASE video series.

Reference architecture

Explore our reference architecture to learn how to evolve your network and security architecture to Cloudflare One, our SASE platform.

Plans

Cloudflare Zero Trust offers both Free and Paid plans. Access to certain features depends on a customer's plan type.

Limits

Learn about account limits. These limits may be increased on Enterprise accounts.

Support

Find answers to common questions or open a ticket with Cloudflare Support.

Community

Ask questions, get answers, and share tips.

Note

Enterprise customers can preview this product as a non-contract service, which provides full access, free of metered usage fees, limits, and certain other restrictions.