ETR Insights presents an interview with a panel of senior technology executives: Cloudflare remains their default perimeter for web performance and security, though most are holding spending steady, with only modest increases for expanded DDoS, bot management, and WAF coverage. Panelists like Cloudflare’s lightweight CDN, though find that their emerging SASE stack, while cheaper, is less mature relative to competitors like Zscaler. Persistent service quirks, technical gaps, and limited enterprise-grade management capabilities can also frustrate. Cloudflare Workers serves latency-sensitive edge functions and complex Web-application-firewall logic; panelists see upside if Cloudflare can convert its vast traffic telemetry into truly automated, AI-driven defenses without adding cost or oversight. Read on to learn more about Cloudflare’s “pay-as-you-grow” economics, skepticism that raw CDN speed will displace hyperscalers, and why some panelists find Cloudflare’s AI-driven API Shield too expensive to sustain.

Vendors Mentioned: Akamai, Amazon (AWS, CloudFront, Lambda), Cloudflare (Cloudflare One, Shield API, Workers), GoDaddy, Google (GCP), Microsoft, OpenAI, Palo Alto Networks, SAP, HashiCorp (Terraform), Zscaler

Key Takeaways

• Reliable and low maintenance. Panelists stated that once Cloudflare services (especially CDN and Workers) are deployed, they require little intervention. Cloudflare's overall platform is described as stable and dependable, with few or no outages over sustained periods of use
• Strong ROI across product portfolio. Panelists repeatedly praise Cloudflare as cost-effective, especially compared to higher-priced alternatives like Zscaler or AWS. Even enterprise users feel the pricing structure aligns well with feature depth and evolving product needs
• Product breadth and versatility. Cloudflare is seen as a well-rounded security and delivery platform. Core offerings like WAF, API Shield, and Workers solve a variety of use cases, from DDoS protection to edge computing and image optimization
• Immature features can frustrate. Several users express concern that Cloudflare launches products before they are fully enterprise-ready. Issues with incomplete DNS firewall features and UI limitations hinder deeper adoption of newer or advanced capabilities
• Operational complexity at scale. Managing Cloudflare across many domains or clients can be cumbersome. Lack of bulk update functionality in the UI and a heavy reliance on APIs or manual scripts are cited as pain points for multi-tenant or agency use
• Cautious optimism for SASE adoption. While SASE and Zero Trust offerings are under evaluation, some view them as not yet on par with Zscaler or Palo Alto, expressing interest due to pricing but remaining hesitant due to perceived maturity gaps

Core Products Continue to Anchor Landing Sales Motion

Cloudflare continues to hold its ground as the go-to perimeter for web performance and security, though our panelists are not increasing spending. “Our spend is remaining flat on a per-client basis,” says one SVP of Technology at a large IT services consultancy. “We generally don't need to increase the spend once it's deployed. The cost is right for our clients that don't have massive budgets.” A Global Information Security Director within manufacturing has recognized a good amount of oversubscription and is looking to consolidate spend across multiple accounts from different parts of their business within Cloudflare; another executive plans a 5% to 6% spending increase to bolster edge defenses. “Specifically, DDoS mitigation services, bot mitigation services, and hosted Web Application Firewall services. These platforms are relatively feature-rich but very cost effective.” One ITDM, an AI Product Management Director at a large telecom enterprise, endorses Cloudflare in particular for image transformation. “It has that command line also to deploy applications for use with image caching, kind of how we use it for the front end.”

A significant complaint: small functional oddities persist for years, and quirks in core services. “We’ve kind of had to trip on it ourselves or find it out through a support ticket,” says one SVP, “and then just kind of adjust our workflow or configuration to kind of work around it.” Another CISO attempted to move DNS-resolution to Cloudflare, only to pull back when promised capabilities failed to materialize. “There was an element of the marketing getting ahead of the actual delivery.” The mixed reviews matter, as tech leads debate whether to swap out zero-trust provider Zscaler for Cloudflare’s newer SASE. “We're pretty satisfied with our incumbent provider for that, although ‘Descaler’ is a great marketing term.” They do acknowledge that Cloudflare has been investing in core WAF and related tools, delivering incremental rule-set updates, with a newfound focus on post-launch maturity. “We will definitely look at Cloudflare’s SASE solution on our next renewal of Zscaler, because cost-wise it's very cost-effective compared to Zscaler. We haven't actually done a proof of concept or proof of value, but at a surface level, the cost is definitely very attractive.”

Cloudflare’s legacy content-delivery network continues to earn high marks, boasting plug-and-play convenience without sacrificing speed. Versus Amazon CloudFront—which one executive describes as akin to “Lego blocks” that demands extra time and upkeep—Cloudflare “hits all the big notes that we need, and it's very kind of, set it and forget it.” Their flexible, pay-as-you-grow model spares smaller clients the cost and complexity of rivals such as Akamai; panelists imply CDN is becoming commoditized, but that for now, Cloudflare still offers the best blend of simplicity and reliability. “Cloudflare is kind of like, start small and then go bigger if you need later, rather than starting with a behemoth, and then regretting that you paid too much and got too much, and you're not using it.”

Mixed Feedback Around Developer Tools

Cloudflare Workers is lightly deployed, but is surprisingly mission-critical where it is used. “I’ve found our usage of it to be a lot like Lambda, where it's kind of like we need to do this one small thing, and we kind of need somewhere to put it, depending on the task that's happening.” Our panelists use it for edge branding masks, complex Web-application-firewall logic, and ultra-low-latency apps that would cost more on hyperscalers, though several mention it requires particularly hands-on deployment. “It's all very manual, which I don't love. It's a point solution we don't use very often, and it's not across all of our clients. It’s for very particular problems that we find that don't have a kind of prepackaged solution within Cloudflare already.” Past Terraform gaps also sound to have slowed broader rollout. “There have been a lot of improvements in the Terraform provider, which is a good thing, but since we don't do any frequent changes in that, it didn't come as a priority to move our deployment to manage with Terraform for now.” Broadly, panelists say the platform is already fit for purpose, but that future spending hinges less on new features than on new use cases. “Our security and infrastructure folks have it as a tool in their tool belt, and as they're getting more comfortable with it, they're turning to it a bit more to solve more problems. It's probably just a time and experience thing.”

Edge Presenting the Clearest AI/ML Use Cases?

Cloudflare’s edge network gives it visibility into global web traffic, and our panelists see theoretical value in applying machine learning here. They also see friction; Cloudflare’s current AI-infused API Shield costs extra and still needs supervision. “We've been moving away from it because it's expensive, and it seems like it just takes a lot of oversight from a human. But I think that if they really used AI in an intelligent way, and they kind of had an evolution of API Shield that was a combination of it finding insights from the traffic coming in, it making recommendations on rules you should have, and then human oversight to make sure it's not hallucinating, that could be really, really powerful.” One executive imagines a potential arbitrage play. “We're building a lot of our generative AI in Azure Open AI, but I can see as we scale that up, it becoming not very cost effective to do it through Microsoft, in which case Cloudflare's platform would be one we would at least explore as having maybe similar capabilities.” Others were more circumspect; one cloud architecture pointed out that most enterprises either stay with a single hyperscaler or “use mostly OpenAI,” leaving little daylight for Cloudflare unless it materially improves speed or economics.

One SVP, whose firm advises clients on Cloudflare contracts, notes upselling has intensified, in particular attempts to dislodge Zscaler. Some of their clients struggle to understand which Cloudflare services are truly necessary, while others find that hurried purchases end up discarded at renewal. Again, follow-on is an issue. Within enterprise, “They get [the product] out, and then it takes a while to get all the enterprise-grade features added after it's in the marketplace.” Although the company’s support teams are improving, our panelists want to see deeper product maturity and steadier account guidance before declaring Cloudflare a fully enterprise-ready platform. “They’ve been more responsive to that in probably the last four months. While aggressive and while cross-selling, I think they tend to be more willing to maybe put in a little bit of work now.”

Opportunity to Differentiate in a Crowded Field

According to these panelists, future growth for Cloudflare hinges on three things: adding robust prompt-injection protection for generative-AI apps, delivering AI-powered defenses that outperform competitors, and pricing its expanded SASE stack aggressively enough to displace higher-cost incumbents. The pressure is on: panelists indicate they would quickly test and switch to another platform that could automate defense layers more effectively. “There’s a huge potential for Cloudflare to take all the data and automatically thwart these attacks more effectively than they do now. But there could be a competitor that does that much more quickly than them, and I don't know that we would wait around for them to figure it out before we at least piloted on the other platform to see how it does.”

Finally, these IT leaders say Cloudflare One still trails rivals in management features and overall maturity. Low price is a selling point, but deep integration and switching costs make Zscaler and Palo Alto Networks hard to unseat. One executive indicates their firm would only switch if the incumbent took a strategy so damaging that change became unavoidable—and that Cloudflare’s current discount, roughly one-fifth to one-third off, is far short of a tipping point. Another is more open. “The primary thing that stopped us is existing contracts with existing players. When we're coming up on a renewal and have the opportunity, then we'll do an actual POC and determine whether or not those gaps have been reduced, and whether we can live with them if the associated cost delta is big enough.” Panelists agreed that Cloudflare must shore up administrative features and step up executive-level sales outreach. “If the organization team who has to make this decision doesn’t get much communication with Cloudflare, or time to spend on the comparison, then they may get more inclined towards another product like Zscaler.”

Panelists appreciate Cloudflare’s rapid, credit-card-driven onboarding and low-maintenance operation once initial settings are dialed in, though ones juggling dozens of customer domains complain the platform lacks true multi-site management, forcing them to rely on APIs and infrastructure-as-code scripts for routine bulk updates. “Being forced to use an API—that's kind of their default answer to anything—that's also been a point of frustration.” An effort to secure white-label enterprise agreements fell apart on overly restrictive terms. Cloudflare’s appeal is clear to power users, but cracks are showing at scale. “What I like is that Cloudflare is innovative and cost-effective, and what I dislike is that they're slow to deliver enterprise-grade functionality.”