Interview for Cloudflare notes and transcripts #86
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,137 @@ | ||
| # Interview Notes – E03 | ||
|
|
||
| ## Participant Info | ||
| | Field | Notes | | ||
| |-------|--------| | ||
| | Stakeholder type | Expert (Cloudflare Web Filter Sales) | | ||
| | Age group | Adult / Account Executive | | ||
| | Location | Queensland, Australia | | ||
| | Interview date | 9th Jan 2026 | | ||
| | Interviewer | Saloni, Sugirdha, Aishwarya | | ||
| | Consent status | Recording allowed: TBD | | ||
|
|
||
| --- | ||
|
|
||
| ## Key Discussion Points | ||
| ### Overview / Current Context | ||
| - Account executive at Cloudflare working across financial services, critical infrastructure, and schools | ||
| - Schools are the most excited industry about Cloudflare products | ||
|
Collaborator
There was a problem hiding this comment. Most excited about a particular subset of products, specifically internal security. Anything that will protect students and their data. |
||
| - Works with K-12 schools (Kindergarten to high school) | ||
| - Currently has 2 schools adopted (mentioned as being in New Zealand) | ||
|
Collaborator
There was a problem hiding this comment. All schools in Queensland only. |
||
| - Only private schools using it so far; government schools need whole fleet deployment | ||
| - Has 3-year-old and 6-month-old children | ||
| - Practices intentional parenting around screen time and digital devices | ||
| - Talks extensively with other parents about cybersecurity and smart devices | ||
|
|
||
| ### Pain Points / Frustrations | ||
| - **MDM bypass issues**: Sugirdha shared students in Singapore can bypass/disable MDM (Mobile Device Management Service - a component within the school's Device Management Application) systems on school devices | ||
| - *Note: This was a passing remark that Sugirdha heard from the kids and hasn't been verified, so credibility is uncertain* | ||
| - **Network-only filtering limitations**: Traditional filters only work on school network, not at home | ||
| - **VPN bypass**: Traditional firewalls (like Palo Alto) can be bypassed by VPNs | ||
| - **Personal device gap**: Students' personal devices don't have web filters | ||
| - **Parental tech literacy**: Parents who are not tech savvy just rely on school devices | ||
| - **Device management complexity**: Schools have existing setups with physical networks and routers | ||
| - **Divided school approaches**: Some schools only care about filtering on school network, others want comprehensive protection | ||
| - **Parenting reality vs ideal**: Ideal screen time is 1 hour, reality is 2-3 hours when both parents working | ||
| - **Phone attention guilt**: 3-year-old says "Daddy put phone in pocket" when parent is distracted | ||
|
|
||
| ### Current Cloudflare Web Filter Capabilities | ||
| - **Device-level deployment**: Agent installed on device itself, not just network layer | ||
| - **Works everywhere**: Filtering that works both on and off school premises, regardless of network | ||
| - **Cannot be bypassed**: VPN-proof filtering that students cannot disable | ||
| - **Remote management**: Admin can toggle settings remotely without physical access | ||
| - **Default rulesets**: 95% effective with default Cloudflare ruleset for small IT teams | ||
| - **Granular customization**: Ability to add custom rules for specific needs (e.g., Wikipedia pages) | ||
| - **Color-coded categorization**: Green (safe), Red (blocked), Yellow (uncategorized - requires approval) | ||
|
Collaborator
There was a problem hiding this comment. Not colour coded in the Cloudflare dashboard, I used the colours as a metaphor. But you can configure it to achieve the same outcome. |
||
| - **User-friendly logs**: Made for non-techies to understand (school administrators) | ||
| - **Remote browser isolation**: Malicious content opens in remote environment, not directly on device | ||
| - **Comprehensive logging**: All student activity logged with timestamps, domains, IP addresses | ||
| - **Low stimulating content**: For young children, prefers Studio Ghibli over high-stimulation shows | ||
| - **Co-viewing**: Parent and child watching together, talking about content | ||
| - **GPS tracking**: Wants tracking device separate from smartphone for kids | ||
|
|
||
| ### Safety & Trust Requirements | ||
| - **UK act compliance**: Cloudflare follows UK act to hinder access to certain activities | ||
|
Collaborator
There was a problem hiding this comment. Cloudflare web filtering has the ability to turn on a ruleset that follows the CIPA (Child Internet Protection Act). This is a managed ruleset that is available to all customers. But it is not on by default. |
||
| - **Cannot be altered**: Cloud-based product that cannot be digitally altered or removed without admin access | ||
| - **Constant device checking**: Agent constantly checks device structure | ||
|
|
||
| - **IT admin approval**: Yellow/uncategorized sites require manual vetting before student access | ||
| - **Incident event management**: Integration with tools like Splunk for log analysis | ||
| - **Pastoral care alignment**: Christian schools use it for religious content filtering | ||
|
Collaborator
There was a problem hiding this comment. Yes but goes beyond religious content. It's any content that the school deems unsuitable for students in line with their values. |
||
| - **Protection from external threats**: Schools get hit with phishing attacks | ||
| - **Protection from internal threats**: Malicious websites accessed by students | ||
| - **No smart devices for young kids**: Haven't incorporated smart devices for 3-year-old and 6-month-old | ||
| - **No doomscrolling**: Agreed early on not to doomscroll in front of kids | ||
| - **Active monitoring**: Try to monitor what child is watching, rarely alone | ||
|
|
||
| ### Opportunities / Ideas | ||
| - **Complement to MDM**: Cloudflare as extra security layer on top of existing school MDM (Mobile Device Management Service) systems | ||
| - **DNS filtering for personal devices**: When connected to school network | ||
| - **Free base version**: Parents can use Cloudflare base version for free at home | ||
|
Collaborator
There was a problem hiding this comment. https://developers.cloudflare.com/1.1.1.1/setup/ Link to 1.1.1.1. (DNS resolver) for families |
||
| - **Sweeper management**: Comprehensive default filtering with granularity for custom rules | ||
| - **SASE integration**: Secure Access Service Edge that ingests logs and provides simpler logs for schools | ||
|
Collaborator
There was a problem hiding this comment. *Saasyan is the company based in Australia that we have just partnered and integrated with to deliver this outcome for schools. |
||
| - **Nokia phone + GPS tracker**: Alternative to smartphone for kids taking bus | ||
| - **Situation-based device access**: Not about age but about situation (picking up vs taking bus) | ||
| - **Delayed smartphone access**: 14-15 years old for smartphone | ||
| - **No social media under 16**: Aligns with Australian legislation | ||
| - **Resistance leads to improvement**: Parents report massive improvement when social media removed | ||
| - **Colleague tracking**: Teenage daughters tracked by parents who know where they are | ||
| - **Varied approaches in social circle**: Acknowledges diversity in parenting approaches | ||
|
|
||
| --- | ||
|
|
||
| ## Direct Quotes | ||
| > "Schools are probably the one industry that is most excited about specific Cloudflare products" | ||
|
|
||
| > "Every time it concerns kids, everyone understands the risks" | ||
|
|
||
| > "Never had to convince schools of the threats and risks" | ||
|
|
||
| > "We don't want them to look up things they are not supposed to" (Christian schools) | ||
|
|
||
| > "We do this because we care about this" (on device management) | ||
|
|
||
| > "Doesn't matter what network they are on, they cannot access certain websites" | ||
|
|
||
| > "VPN cannot bypass Cloudflare" | ||
|
|
||
| > "There may be some companies that can somehow remove the WARP client, but it's not easy" | ||
|
|
||
| > "School nightmare is self-harm content" | ||
|
|
||
| > "Daddy put phone in pocket" (3-year-old to parent) | ||
|
|
||
| > "His attention is taken away by this device" (child's mindset) | ||
|
|
||
| > "The doomscroll conversation happened early on" | ||
|
|
||
| > "At first they would resist it, but then there has been a massive improvement since then" | ||
|
|
||
|
|
||
| --- | ||
|
|
||
| ## Technical Details | ||
| ### Cloudflare Architecture | ||
| - **380 datacenters** in over 100 countries | ||
| - **Anycast network**: Every single datacenter is connected | ||
|
Collaborator
There was a problem hiding this comment. Beyond this, every single product and service of Cloudflare's is available from every single data centre. Some provider will have DDoS protection available in Australia but not in New Zealand, or zero trust access in Europe but in the US. Every single DC of Cloudflare's serves every single product around the world. |
||
| - **Three main buckets**: CDN (Application Security), Network Connectivity & Security, Protecting Users (Internal Security) | ||
| - **WARP agent**: Freely available to download, installed on every device | ||
| - **Sweeper management rule set**: Default comprehensive filtering with granular customization | ||
| - **Remote Browser Isolation**: Malicious content opens in remote environment, Cloudflare projects to user | ||
| - **Cloud-based deployment**: On device itself, not just network layer | ||
|
|
||
| ### Deployment Models | ||
| - **Best scenario**: WARP agent installed on device (works everywhere) | ||
| - **DNS filtering**: Implemented in school network itself (only works on school premises) | ||
| - **Network layer**: For personal devices connected to school network | ||
| - **Device layer**: For school-issued managed devices | ||
|
|
||
| ### Competitors | ||
| - **Palo Alto Global Protect**: Can be bypassed by VPN, not user-friendly for schools, no own datacenters | ||
| - **Traditional MDM (Mobile Device Management Service)**: Can be bypassed/disabled by students, network-layer only | ||
|
|
||
| --- | ||
|
|
||
| ## Potential Themes Tags | ||
| `#web-filtering` `#school-safety` `#device-management` `#vpn-bypass-prevention` `#remote-management` `#content-categorization` `#logging-monitoring` `#christian-schools` `#managed-devices` `#dns-filtering` `#mdm-complement` `#parental-controls` `#screen-time` `#co-viewing` `#doomscrolling` `#smartphone-delay` `#gps-tracking` `#social-media-ban` `#australian-legislation` `#intentional-parenting` | ||
|
|
||
| --- | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
working across all industries inc. finservices, critical infra and education.