Cloudflare Adds The Ability To Access Private Networks To Its Browser Isolation Service

American content delivery network and DDoS mitigation company Cloudflare has recently released the option to access private networks through its browser isolation service, a combination resembling virtual desktop infrastructures.

An Illustration of Cloudflare’s browser isolation service and access to private networks.

Organizations must set up a client on users’ devices and have a Cloudflare Zero Trust account in order to enable browser isolation. They get to use the browser that Cloudflare runs in the cloud to browse normally, but Cloudflare steps in to prevent users from reaching the web server they were trying to access.

After visiting the server, Cloudflare causes the client browser to redraw the website. Because the user’s device never interacts with the web server, malicious code on a page is eliminated by Cloudflare in the cloud rather than corrupting a local PC.


Since Cloudflare provided private network access to the service last Friday, both internal web apps and the public internet may benefit from browser isolation.

Using a cloud browser to access a private network is unnecessary. As complicated as it may sound, Cloudflare contends that its secure remote browser is simpler than the virtual desktops that many people use.

Tim Obezuk, who serves the role of Product Manager at Cloudflare, had the following to say:

With most Virtual Desktop Infrastructure (VDI) users connecting to a remote desktop just to open a web browser, VDI’s utility for distributing applications is really no longer needed. Adding VDI has become a tremendously expensive way to securely host a web browser.

He is correct. VDI needs complicated rigs to run consistently, and it also has to be overprovisioned to manage “boot storms,” which happen when many users get on at the beginning of a working day. These machines are money makers for companies like VMware, Citrix, Nutanix, Dell, HPE, Lenovo, and others.

Even if VDI is often excessive, they have developed as cash cows. However, there are numerous situations where virtual desktops are worth the hassle because they provide users with access to applications that are not hosted in browsers, preserve legacy apps, or provide elastic desktops to handle demand spikes. They also provide highly regulated organizations with the level of control they require.

Such controlled enterprises will read Cloudflare’s argument that browser isolation implies BYOD devices might take the role of VDI, accept the potential, and emphasize that user-managed anything is unthinkable in their surroundings.

The advent of email link isolation, which makes it such that clicking on links in emails launches isolated browser sessions, last week, however, plainly demonstrates that Cloudflare sees some benefits to browser isolation. One more time, any malicious code runs on Cloudflare’s infrastructure, not yours. That extra layer of email security is quite useful.

This adds to the pressure on VDI suppliers, who already have to deal with Microsoft’s Windows 365 Cloud PCs and AWS‘s constantly-improving Workspaces. VDI suppliers do not need to be concerned about Cloudflare breaking the cloud and isolating millions of browsers, as happened last week, at least not when employing on-premises workstations.