top | item 22443174

(no title)

It’s always nice reading about a company taking security seriously, and Cloudflare has some decent write ups for their hardware/software security, but I sure wish they would take other forms of security more seriously.

I visited Cloudflare’s Austin office. The door to the office is an old unlocked door with a glass pane and an old deadbolt. There is no reception desk or even anyone watching the door. I was able to walk in completely unnoticed and walk around for a couple minutes trying to get someone’s attention to figure out where I needed to go (not the best job interview experience, but that’s a different topic), while desks full of unattended and unlocked computers were fully available to me.

For a company that bills itself as an internet security company, it wasn’t very inspiring security.

edit to add: this was over a year ago so it’s possible things have improved since then. My understanding is that the Austin office is relatively new so maybe at the time they were still working out the kinks (still not great security but more understandable at least)

discuss

Hikikomori|6 years ago

We had a guy from another company walk into our office behind someone by mistake, find our it support people behind more internal doors, and asked them for help with with his laptop. Still just as easy, we're a large fintech company.

zackbloom|6 years ago

I work at Cloudflare Austin. I can't speak to this specific experience, but we have badges and a security person like every other office. It is true we don't have a reception desk in the lobby as it's a shared building.

myalphabet|6 years ago

When did you join the Austin office? I'm guessing things changed over time. When I visited there definitely was not a security person (not for the building nor for the Cloudflare suite in the building) and there were no badges. I was able to walk into the Cloudflare office through the unlocked door and walk around inside the office for at least a couple minutes before anyone paid any attention to me (and even that was only because I was trying to get someone's attention to tell me where to go).

Regarding the reception desk, it shouldn't matter if it's a shared building. Unless it's a small company (CF is not), even in shared buildings it's common to have at least one person sitting at a desk in the office suite to act as a gatekeeper and assist visitors, etc.

noahmbarr|6 years ago

Before posting this, did you give them this feedback directly?

myalphabet|6 years ago

One of the folks I talked to while there was one of the senior security team members, and I mentioned it to him during the interview but felt like it was brushed off (honestly that’s not that uncommon, I’ve worked in security for years and while software people are always really critical on software security, they really don’t care about physical security). I’ve been back once and nothing had changed at that time, but that was over a year ago so hopefully in the past year things have improved.

ksec|6 years ago

Very often Middle Management just dont care ( Security or not ). It is not their Job to care. Unless this get escalated to C / SVP feel.