Business Breakdowns: Cloudflare – Leading Cybersecurity

Episode 241 | February 11, 2026
Host: Matt Russell
Guest: Sam Eden, Investor at Square Peg’s Global Tech Fund

Episode Overview

This episode dives deep into Cloudflare, one of the most critical yet often misunderstood players in global cybersecurity and internet infrastructure. Host Matt Russell and guest Sam Eden explore Cloudflare’s technological innovation, business evolution, product strategy, growth levers, and competitive positioning. The conversation moves from Cloudflare’s origins to its rapid growth and current dominance, unpacking the company’s business model, financials, and the factors that reinforce its powerful moat.

Key Discussion Points & Insights

1. What is Cloudflare? (04:36–07:46)

• Core Offering: Cloudflare provides website speed and security, primarily through intercepting and filtering internet traffic for its customers—anyone from hobbyists to large enterprises.
• Protection Example: For e-commerce platforms like Shopify, Cloudflare absorbs attacks (e.g., DDoS) so stores can remain online during peak times (like Black Friday).
  • “Cloudflare provides security to prevent spam attacks...It prevents bots from scraping your website.” – Sam Eden (04:36)
• Scale: Over 20% of the world’s web traffic goes through Cloudflare, which absorbs 2.5 million cyberattacks per second.

2. History and Founding Story (08:16–16:47)

• Founded: 2009 by Matthew Prince, Michelle Zatlin, and Lee Holloway.
• Project Honeypot: Originally a project to trap and track spammers by creating fake email addresses leading to a list of “bad actors.” This database laid the groundwork for the company.
• Key Innovation: Instead of splitting services among multiple vendors (complex legacy approach), Cloudflare ran all traffic through a single reverse proxy, simplifying security and performance.
  • “Instead of splitting the network...now you just say, my new mailing address is Cloudflare.” – Sam Eden (14:56)
• Freemium Model: Early users, often nonprofits and even hackers themselves, adopted Cloudflare because of the free and easy-to-use tools.
• Network Effect: The more sites that use Cloudflare, the more data it gathers to improve its services, reinforcing its moat.

3. Business Moat & Reinforcing Growth Cycle (19:38–22:33)

• Cost Structure: Use of commodity hardware (inspired by Google) allows for cost-effective scaling.
• Peering Relationships: Cloudflare negotiates with ISPs worldwide by aggregating the traffic of many small clients, lowering costs and improving internet speed for end users.
• Powerful Virtuous Circle: Product-led growth brings more users, which provides more data and negotiating leverage, lowering costs and improving services, thus attracting even more users.
  • “This network gets better as it gets bigger. We often look for businesses with...this characteristic.” – Sam Eden (21:42)

4. Product Evolution & Expansion (23:14–30:56)

• From SMBs to Enterprises: Built up from freemium users to serving major enterprises as network capability and offerings improved.
  • Notably, their DDoS protection capacity dwarfs that of competitors.
• Act 2 – Internal Cybersecurity: Expanded from just protecting websites to protecting internal corporate users and applications (Zero Trust security).
  • “Zero trust means the zero trust between any app and any user...” – Sam Eden (25:24)
• Act 3 – Developer Platform: Leveraged their infrastructure to offer serverless computing (“Cloudflare Workers”) and other tools to developers, supporting both hobbyists and enterprises.
  • Over 3 million developers use Cloudflare’s developer products, often for free or at minimal cost.

5. AI and Cloudflare’s Role (33:08–37:04)

• AI Tailwinds: Benefiting from increased focus on data and security in AI.
• Serving AI Companies: 80% of top AI-native companies are Cloudflare customers.
• AI Inference at the Edge: Deployed GPUs across their global server network to run AI models close to users, leveraging infrastructure flexibility.
  • “They could go to all of their boxes and simply plug in a GPU...AI inference is available across the world.” – Sam Eden (35:22)

6. Go-to-Market Strategy & Contracts (37:04–46:57)

• Transition to Enterprise Sales: Experienced growing pains (2023–24), restructured sales team, hired experienced executives from Palo Alto Networks.
  • “There’s still ongoing transformation...but we’re starting to see growth of revenue from large customers start to inflect – from 30% to 40% year over year.” – Sam Eden (38:32)
• Revenue Concentration: <1.5% of customers (those spending >$100k) contribute ~75% of revenue.
• Stickiness and Expansion: High net revenue retention (NRR), reaching 119% after implementing “pool of funds” contracts, which let enterprises use credits across all Cloudflare products.
• Channel Partner Strategy: Growing share of incremental revenue through partners (from 20% to >40% in two years), with further runway for growth.

7. Business Model & Financials (47:18–54:09)

• Revenue Split: Rough estimate — 2/3 from Act 1 (web security), 30% Act 2 (corporate security), remainder Act 3 (developer platform).
• Freemium DNA: Attracts users via no-cost plans and only charges for advanced features or complexity (not volume).
• Subscription & Usage-Based Pricing: Tiered plans for Act 1, usage-based for developer tools.
• Margins: Reported gross margins 75–78% (could be 83–85% if adjusted for CapEx). Free cash flow margin around 10%, with aim to exceed 25% long term.

8. Competition & Key Risks (54:09–64:35)

• Legacy Competitors: In Act 1 (web security/CDN), Cloudflare is dominant and hard to catch.
• Act 2 (Zero Trust cybersecurity): Zscaler is the leading competitor, with Cloudflare catching up.
• Developer Platform: Competes with hyperscalers (AWS, GCP) and others.
• Risks:
  • Execution risk, especially as a second mover in cybersecurity.
  • New AI inference push requires specialized hardware and ROI diligence.
• Service Outages: Cloudflare had a major network outage due to a bot management software error—handled transparently, and is seen as unlikely to erode their strong customer base.
  • “One of the downsides of having a single global network is that it can all go down—and that’s what happened.” – Sam Eden (55:48)

9. Valuation & Lessons for Investors (64:35–71:10)

• Valuation Premium: Trades at a high multiple (25x next 12 months revenue) due to growth and strategic position.
  • “It’s priced for pretty flawless execution, which they’ve done...” – Sam Eden (66:31)
• Long-term Bull Case: Multiple growth levers, room to expand in enterprise and developer markets, and defensive capex—even if margins remain below those of pure software.
• Key Lessons:
  1. Founder-led vision is powerful.
  2. Product simplicity enables mass adoption for complex tech.
  3. Multiple, reinforcing growth levers.
  4. Strategic CapEx can create a formidable moat.
  • “Capex can be okay, provided that it has a very high ROI and builds defensibility for the business.” – Sam Eden (69:55)

Notable Quotes and Memorable Moments

• Explaining Cloudflare in Simple Terms:
  “I like to think of it as a postal service. Cloudflare would be a sorting factory that intercepts all your mail... blocks junk mail... scans all incoming boxes to make sure nothing’s malicious.” – Sam Eden (05:30)
• Network Effect:
  “This network gets better as it gets bigger...it creates a moat that’s very hard to replicate.” – Sam Eden (21:44)
• Strategic Product Expansion:
  “They realized: why don’t we intercept and inspect traffic that goes from a company to the outside world?” – Sam Eden (24:58)
• Transparency on Outages:
  “What the customers and community really appreciate is how transparent they were. They wrote a very in-depth and transparent report day of the incident.” – Sam Eden (57:12)
• Investor Takeaways:
  “Looking for product simplicity, particularly for complicated industries... sets them up really well.” – Sam Eden (68:26)

Timestamps for Important Segments

• Cloudflare Introduction: 04:36
• Example with Shopify: 06:56
• Founding Story & Project Honeypot: 08:38
• Key Product Innovation: 14:56
• Network Effect & Moat: 19:38
• Expansion: Internal Security & Zero Trust: 24:58
• Developer Platform (Cloudflare Workers): 30:24
• Cloudflare in the AI Ecosystem: 33:59
• Enterprise Sales Transformation: 37:04
• Pool of Funds Strategy: 41:28
• Channel Partners: 44:04
• Financial Model & Margins: 47:18
• CapEx & Business Model: 53:11
• Competition & Risks: 54:09
• Major Outage (2026): 55:48
• Valuation Framework: 64:35
• General Lessons for Investors: 67:41

Summary

This episode provides a comprehensive breakdown of Cloudflare, illustrating how a combination of technical innovation, savvy go-to-market strategies, and a powerful network effect built a global infrastructure leader. The conversation highlights Cloudflare’s ability to continually layer new products—transitioning seamlessly from website security to developer tools and AI inference—while maintaining financial discipline and a defensible moat. Investor lessons and risks are explored candidly, rounding out a nuanced and practical guide for understanding the company's remarkable trajectory in global internet infrastructure.