Name: From Robotics to Remote Access: Implementing Zero Trust in an Era of Evolving Threats
Uploaded: 2025-09-09T10:16:25.261Z
Duration: 45 min 20 s
Description: From Robotics to Remote Access: Implementing Zero Trust in an Era of Evolving Threats

Transcript for "From Robotics to Remote Access: Implementing Zero Trust in an Era of Evolving Threats": Hello, and welcome, everybody. Thank you for joining us. We will get started, shortly. Just a quick little bit of housekeeping. So this webinar is going to be recorded and will be available on demand. You'll receive the link, of the recording in an email tomorrow, and you can also access that recording using the same link used to join today. We have a q and a section for for this webinar, so please write in your questions as we're going along in the right hand side, and we'll take, take those towards the end. You can also find some additional resources and links to our docs on the right hand side of the screen. And if you'd like closed captions, those are available. You can just select the CC button in the lower right hand corner, to turn those on and off. And finally, if you do experience any technical difficulties, there's a link on screen for you now, hopefully, at help.goldcast.i0/4- attendees, you can go to to get yourself sorted out. So without further ado, why don't we get started? Today, we're gonna be talking about implementing zero trust in an era of evolving threats. And my name is Joshua Watts. I'm a product specialist here at Cloudflare and have been for the last six years. And I'm joined by Pete Newcomb from one of our customers, Ocado Group. And we're gonna be talking a little bit later in the session around some of Ocado Group, specific experiences and, some of the challenges that they were looking to solve when they look to implement Cloudflare. Before we do that though, however, just a little bit of background history and context on what Zero Trust means to us here at Cloudflare and to our customers. Fundamentally, we think that the way that pretty much every organization has to think about, connect and secure their IT landscape environment has changed. And and that main driving change is ultimately that we believe we live in a much, much more distributed world than we did ten, fifteen years ago. Whereas, obviously, as employees, we all used to connect from largely office locations. Sure. Some of us worked remotely with a VPN. But whereas we used to largely connect from office locations and connect to application servers and file shares on the same network as that office location, Today, as employees, we largely expect to work anywhere with an Internet connection, and we connect to services, things like cloud and SaaS applications that are themselves just a distributed destination on the Internet today. So we think fundamentally pretty much every customer and every organization is trying to grapple with that changing IT landscape and are trying to think about how they connect and secure their internal employees, applications, and sites for that new reality. While, you know, there are many, many things that a customer could look to, you know, start with for connecting and protecting that that new distributed IT landscape and world, we believe a lot of customers have looked to focus on and prioritize given that so many of us do work remotely today on how they achieve secure remote access. Right? And specifically, they look to whether they need to replace and refresh their traditional corporate client based VPN with a more modern flexible often cloud based zed t n a solution. At Cloudflare, we are no stranger to that requirement. While hopefully a few of you on this session might be familiar with, you know, where we originated as a company and how really for the first seven or eight years of our existence, we were quite focused on protecting and accelerating a customer's public facing websites and digital platforms, I e what today we call application services in the left hand column on my slide. For the last seven or eight years, we've been highly focused around the middle column of my slide and what we call Cloudflare one, which is today a much much broader SASE, SSE, and zero trust, framework and and collection of services. But the very first product that we built in that portfolio largely because we realized the importance of this, both internally and to all of our customers was our ZedTNA solution, Cloudflare access, which we're gonna be talking to Pete specifically about, later in the session. Just quickly, in terms of where Cloudflare feels we are differentiated in the ZTNA space because it is a busy market and there are lots and lots of vendors that customers could be using to implement ZTNA. We believe, you know, amongst others, one of our key differentiators is the underlying infrastructure and and global Cloudflare network that we deliver all of our SASE, SSE, and zero trust products from. We've seen it, you know, time and time again that, you know, for customers, especially with global workforces and employees who travel, using z t and a solutions and SaaS vendors who don't themselves have a truly global footprint to deliver that product can impact user experience. And with Cloudflare, you know, over the last fifteen years, we've invested incredibly hard and wide to build out a network which gets our infrastructure and therefore delivers our product as close and as local to really every internet connected human being around the planet. It is only by delivering that experience as locally as possible that we believe we're able to provide really, really good and best in class user experience to our customers and users. And you know, on that note, while we've, you know, are very much of the opinion that, you know, ZedTNA is a priority for many many companies, many organizations, and many of our customers, it's not it's not unknown and not unfamiliar to us to to speak to many customers who have gone down the path of implementing zed t and a, not necessarily with with Cloudflare, and seeing those projects getting stuck. Right? User experience can often be a a a challenging aspect to get right especially when you're changing how an entire organization connects to everything that that, group of people needs to do their job. But with other vendors, we've also seen, customers struggle with the specifics or underestimating the importance of support and the commercial framework with which they procure a solution. And it's possible that that customer has overlooked a really important but quite specific technical requirement or use case they have on their traditional VPN that the Zed TNA vendor that they're working with is not quite geared up, geared up or or set up for to to cater with, their Zed TNA product. At Cloudflare, we like to think that we've got these three things in the bag and we make these three things, easy for customers and and and we'll be speaking to Pete, in a second about how, Ocado's experience with that has has looked specifically. Just quickly though, while ZedTNA as a concept is is not a a new thing and there are many, vendors out there who, you know, offers ZedTNA capabilities and and VPN replacement capabilities to customers, At Cloudflare, we very much believe that innovation is key and continuing to innovate on the concepts of ZTNA is really important, to delivering more and more value to our customers. And one of those is really extending ZTNA to privileged access to to infrastructure. Last year, Cloudflare acquired a startup, called Bastion Zero who were very focused on privileged infrastructure access and access to things like Linux servers, Windows servers, Kubernetes databases, you name it. And Cloudflare acquired the Bastion Zero team. And over the last year, that team have been building natively into our z t and a solution, Cloudflare access, a number of additional capabilities that look to extend Cloudflare access beyond just a traditional Zed TNA product and VPN replacement solution and actually offer, additional protections for things like SSH and RDP. And when we think about sort of what the the principles of of of capabilities that we want to extend to all customers, for Zed TNA at no additional cost, while Cloudflare access has made it possible for you to, connect, privileged users to all sorts of infrastructure, really over arbitrary TCP, UDP, or IP based protocols, what we think is critical and and and this is summarized on the right hand side of my slide is we think for specific types of infrastructure in a protocol native way, we need to offer, in order to, you know, meet newer security regulations, in order to simplify use cases for our customers. We need to offer them credential less access and and and in many places, session recording as well. Those are the kind of capabilities that many customers today look to dedicated, Pam, and privileged access management tools to deliver. We think we can deliver those over time natively within Cloudflare access, simplifying, our our customers' administrators lives and also improving the user experience for end users who do need to connect to this privileged, infrastructure in a privileged role, while also hopefully offering an improvement in security and actually reducing the risk of compromise for that privileged infrastructure. So, that's enough of of me talking and enough sort of context setting on our zed t and a capabilities and our zero trust platform, more generally. I'm very, very pleased to introduce, one of our customers, Pete Newcomb, from from Ocado. Thanks for joining us today, Pete. Really appreciate you answering a few of our questions and talking our audience through your experience with Powerplay Zero Trust. Thank you very much. Yeah. As Josh says, my name is Pete Newcomb. I come from a company called Ocado Group. Probably, people in The UK probably know Ocado Group, for being, basically, a pioneering online grocery retailer. Basically, over the past twenty five years, we've we've taken that technology, honed it, and created a solution now which we sell to customers across the world. So we've moved from a from a retailer, basically, to a technology company. We're now currently in, nine separate geographies across the world across the world, with Kroger being our first outside of The UK. And and, basically, we're we're moving now not only for the retail market into, other areas of robotic, pick and delivery. So, basically, anywhere where you can have a warehouse and remove, the laborious task of the the picking and packing of products. And as I say, my name is Pete Newcomb. I've been at Ocado Group now for probably about eight years. So and I, am a lead technical architect there. I'm mainly responsible for the, the hybrid identity, secure access automation, and Azure cloud strategy. But for the past four years, I've been leading the zero trust solution. Predominantly, we started off with a traditional VPN, but now we've moved over to Cloudflare. So that was our drive to move from a traditional solution to to the zero trust SaaS solution. Thanks, Pete. I guess maybe the first question for me, could you talk us through sort of how the sort of IT and security priorities of of a of an organization like Ocado have changed over the last few years? I'm sort of curious what, what were some of the drivers, and motivators for sort of looking at remote access and the VPN originally that led you to to to thinking about zed t and a and Cloudflare in the first place? Yeah. No problem. We obviously, as I said, at the start, originally, we're a we're a re UK based company, and using a VPN was fine. But when when we started moving to, more of a global company in in the the likes of The Americas and, Japan and other areas, using the traditional VPN where where everything comes back to basically The UK to back to our head office started causing us, obviously, latency issues. The other big change for us was, obviously, COVID and the ways of working and and moving people very much from, always in the office, so, it's sort of kind of inside your protected network to working from home, so a bigger reliance on VPN and security. The other area which has definitely come to the fore due to recent, cyber events is around the the granular control. We're moving from a a VPN solution that's like, an any any type scenario for users to a per request, and per, yeah, per request solution so that we can control exactly what a user can access, can't access, and and, move it away from that sort of wide and broad, access policy. Yeah. Makes makes sense. And, I mean, when you were sort of evaluating vendors, to sort of do do zed t and a as it were, What what sort of qualities and capabilities were you looking for? Self selfishly, what what stood out about Cloudflare that you can, that you can mention? Yeah. So we we we started looking at this journey back in probably early twenty twenty one. We we saw some, sort of presentations from the likes of, Google who were promoting their, BeyondCorp solution, which is very much going down the sort of the VPN less, if you like, solution. So we started investigating and and started discussions with vendors, including Cloudflare at the time. But, unfortunately, we had a bit of a false start in that we realized that, a lot of our foundations weren't in place. So, everybody wasn't using our entire workforce wasn't using a, a single cloud identity. We didn't have MDM, etcetera. So, basically, we we got them back. We got them in place and then we circled back in about 2022. And we pulled out probably initially about nine different vendors, to have discussions with around, around a zero trust solution. And, yeah, after some proof of concepts, etcetera, Cloudflare came out on, on top for for a number of reasons. One one of the the biggest for us was their their fitting in with, the econo values and the way that the the company, if you like, structure was designed so that it was very much fitting in with the way that Akano works. Cloudflare's willingness to collaborate with us to get basically at the time back in 2022, I think the the the ZendG and A solution was was probably not the best, and the most polished product in the market at the time, but we worked with Cloudflare over the the past three years to to get it to something which fits perfectly for, a car day and, and and definitely is what we see as a as a better a better fit for Ocado Group now than other vendors in that space. Yeah. Make makes sense. We we definitely like to pride ourselves on having a collaborative relationship with our customers and, you know, ultimately, if we're not seeking feedback and and guidance from customers on how our platform and product needs to adapt to meet their use cases, specifically, then we're not doing our job. So, you know, glad to glad to hear that, Pete. Could you also maybe just talk the audience through sort of, you know, once you had selected Cloudflare, what your kind of approach and strategy was to then deploying our ZTNA product? Did you sort of prioritize particular parts of the company, particular networks, applications? If if there was any sort of, you know, methodology or or or of strategy you took there, we'd love to hear about it. And then, if you can sort of think back, granted it was it's been a while now. So, won't won't blame you if you can't think of anything off top of your head. But if there were any sort of specific decisions or or things you did that made the deployment, the deployment, sorry, smoother. I think, you know, the audience here would love to hear some of those tips and tricks for just minimizing the impact to end users when you're, you know, putting a putting a big change across their desk. Right? Yeah. No. A 100%. And I think for us, we took a decision early on in the fact that the the our approach that we would do, we we had gathered over sort of eighteen months a lot of information around, what users were accessing due to, sort of network and VPN logs, etcetera. We were able to understand what people were were looking at. So we took kind of a very broad approach in that we would allow, not any any approach of a VPN, but very much a controlled approach based on, if you like, departments or areas of the business. And we were able to implement, basically, a solution that we then took and shrunk, if you like, to to limited, to limited use cases. Active Directory and RDP access, for example, were two of the big things we decided on the offset that we would start with no access, and then we would, allow access on the request basis. Whereas things like web, so sort of eighty four four three, we would allow a broad access and then shrink that down over time. So it very much it was very much a a direct VPN replacement and then reducing the access rather than it was done on that basis to stop. If you like, a lot of the friction that you get with users are unable to, access products which were probably deemed low risk at the time. So we started off basically with the first year. We had a goal to get a thousand users moved across. And then the second year after that, we moved, 80% of the of the users across. We're probably at around about the 95% mark. There are still some areas of, some use cases, old telephony systems that that users still require, sort of a a bidirectional VPN access, which is where we started looking at the new the newer sort of Cloudflare Nectar solutions, which are bidirectional rather than, sort of proxy based. So we started moving into that space. The the other decision we start we made the outset was to basically automate any policy, additions or management. And basically used a solution to do that. So that way then, we always have a base level. We don't have users manually changing policies in the, in the portal. It's all done by our pipelines, and it's meant that we're we're in a lot better control. And it removes a lot of the, admin, around that as well. So, yeah, basically, it's, I think some of the decisions we made at the start have definitely moved us in the the right, the right direction to make it more sustainable moving forward. Yeah. Make makes sense. And I mean, you know, as you were doing that as you were doing that rollout and, you know, getting to 80%, 90%, the sort of the the the the bigger and bigger sort of population, populations within the company, did you did you encounter any sort of unexpected roadblocks or issues that that you can remember that came as a surprise or you didn't sort of have a an inkling ahead of time would would be a problem, that that people might be interested in being aware of and and to sort of think about in advance next time? Yeah. So I think probably one of the the biggest things was the cultural shift. I think for us, predominantly around this is the way I've always done it. You're you're changing the way I'm working. Just a a a classic example of that was remote desktop access. So for the remote desktop piece in in a in a general VPN solution, you would need access to the to the server and also to active directory. We introduced a solution where the it can be all be run across web protocols. So we we removed that, if you like, that risk of AD access. So that meant that we were able to but it so it meant that users needed to change the ways of working. There were and I think as I mentioned, there were a lot of legacy tools, softphones or a prime example where it needed there there were challenges around the bidirectional nature of softphones. So, and currently, we've left the VPN we left the VPN in place, but they've now moved to a cloud based soft phone solution. So we, again, we can it's picking away at those, different bits and pieces around the, the the stuff that's left over on the VPN. The the only other big thing that we had to do, because Cloudflare obviously uses, TLS. So, for controlling sort of HTTP based traffic and for some of the antivirus and the malware protection and stuff like that inside that. The the way that the developers worked, it was made as a decision to remove the TLS inspection at the time, basically, because of the the the issues that the users were having with, container deployments and some of the other tooling. I do think that the company, the company is really looking at that because the TLS, inspection stuff does give us a lot more benefits now in in the, the the more cyber unfriendly world. Yeah. And, we, yeah, we're definitely moving into a sort of a a review of that to understand whether we can implement it without upsetting developers, but securing the car no better. Yeah. I mean, you I think you you know, from our perspective, you definitely have to be pragmatic with with things like that. Right? You can't, you can't impose all of these enormous changes on the way of working to a company overnight to everyone. You you know, it it may be a little bit cringey, but technology can be a journey sometimes, and you do have to, you know, do it gradually and in a in a phased approach, right, in a way that will go down, and be accepted by the company. So I think I think that makes a lot of sense. And just sort of quickly, shifting gears a little bit. For those users that you have been able to sort of get off the traditional VPN or I guess the 95% of the users that you have been able to get off the VPN, Have you sort of seen specific benefits and outcomes aside from the obvious sort of security benefits for for for you and and and Ocado Group as an organization? But from an end user's perspective, you know, do do you think you sort of see feedback largely people are happier or, you know, enjoying a new way of working better now that they're used to it? I'm curious to see see what that side looks like. Yeah. A 100%. So I think the the biggest thing we we hit on straight away was the was was the sort of latency and the speed improvements. So we hosted our services in AWS, which are run on which are run basically on private networks. So the the normal access user, for example, in America would have would have, would have seen or or experienced with VPN in back to head office, then basically going down the site to site VPN into the AWS environment and, and then gaining access that way. And there was a lot of issues around speed and latency, whereas with the the Cloudflare solution, the user connects to their local POP. The, the Cloudflare connects, directly in AWS, and the two join together. And we were seeing sort of five, six times speed improvements and a lot happier users in that space. The the other big thing from a management point of view as well was the the ability to do, sort of real time posture checking of the device and a continuous posture checking, not a we do a posture check at the start of the VPN access, then you use it. And then six twelve, sixteen hours later, you get disconnected, so it happens the next day, whereas the the Cloudflare posture piece was able to check the security continuously. So so it's kind of a user experience better, management more secure, happier, basically. Yeah. Gotcha. And I mean, I'm I'm curious sort of from a from a stakeholder and a change management perspective. So you mentioned the latency, and the sort of performance improvement for users. Were you were those sort of metrics you were tracking internally or, were there any other sort of, you know, key KPIs or key performance indicators you were reviewing with your senior management you were doing this rollout that sort of said, yeah. This is this is a success. This is going well or or we need to, you know, speed up a bit or get things back on track? Yeah. Well, we had the we had the two targets, the the original, if you like, thousand get thousand users on and then the 80% on. And then we would also send out, if you like, satisfaction surveys to understand what users were experiencing. We also because we we started off, if you like, at a very hands on support approach, then we moved it to our standard ticketing system. So you'd be able to see how many issues were risen, were raised, in the in the ticketing system to understand, therefore, what you, how good over time and how better it was was, being experienced by users, basically. And nowadays, we we we we've honed it to the point where we probably get couple of requests a month for additional, access where users have particularly in our r and d area of and then, adding new services or systems which they need access to. But in general, it's, it's now sat there stable. It's basically what a user, after three years, basically. It's just become a user's way of life, basically. Yep. Makes makes sense. And then and and maybe just to follow on from that, I mean, as much as I'm sure sometimes we'd we'd all love to be able to, you know, implement and enact the change that we want to see inside an organization from a technology perspective by ourselves. You know, we often have to collaborate, and involve, you know, other stakeholders and other teams, because it touches, you know, their their lives and their jobs and and and and their sides of of the business. So could you sort of speak to what what other parts of the organization were sort of involved in, you know, both deciding to do ZTNA to begin with and and and then also rolling it out, you know, where there particularly key teams or stakeholders that you needed to get on-site, in order to sort of make this a success? Yeah. So the I I think for us, the the the key one was the the the move was sponsored by the execs. So getting them on-site to start with, it's not a it's not an implementation like this cannot be not be done from bottom up. It's got to be done from top down if if you haven't got the buy in from the execs because there will be some disruption in, in the world, and the way people work. And then if you haven't got the buy in from for that, then you, you you will then struggle to implement because people complain, people complain, and then the project stops. So it was definitely the case. The other area was definitely around any any other cloud providers, so the likes of AWS, GTP, the network team to match because they were looking after different areas, different cloud solutions. So getting them to implement, if you like, with all the connectors, that that are needed in that space, to basically make sure that we've got the the best performing network, not not having a single point of failure, but having a a resilient solution, basically, that that that the users would then have a good experience from. Then they were probably the main areas. I think policy and all that sort of stuff was done within within my team. So that was that was quite, quite easy task to do. So, yeah, I think getting exec buy in is a 100% a must if you want to deploy something like this in in, in your, in in your world. Makes sense. Makes sense. Two two final questions from me, Pete, and then hopefully, we have a couple of minutes to see if there's any questions we can answer from the audience. You you you mentioned, you know, looking now at, some of the TLS decryption stuff and and making sure that that's, you know, enforced and rolled out across the organization for security benefits. You mentioned, you know, looking to utilize some of the investments we've made over the last year or two to support bidirectional connections and server initiated connectivity with some of our newer connector technologies. Are there anything else that you're sort of looking at next within your zero trust journey or, you know, anything that's on your to do list from a from a ZTNA perspective that that, you know, you're excited to sort of look to next? Yeah. Definitely. So we we, we have within Acala, we we actually run two VPN VPN solutions. So we run the corporate one, which is what Cloudflare has now replaced. We also run a a VPN solution for accessing our production environments, and that's the that's the next, solution that we're gonna tackle. But in inside of that, we have a lot of sort of infrastructure access requirements. So it's gonna be good to investigate the news of infrastructure access around SSH, RDP, the just in time piece, and the ability to expose, those as, endpoints that a user can that that a user can access without necessarily the opening up a wide a wide network access to a whole subnet, etcetera, etcetera. So we're looking at those areas. We're also looking at the the ability to, sort of publish more self hosted apps in Cloudflare access as well, which is another area because in the production environment, users often need to access, just sort of dashboards and web portals and stuff like that. So if we can expose that without any form of, if you like, Cloudflare direct Cloudflare connectivity from a user's point of view, then that moves a user's experience to a better place and secures the environment. So probably there are two main areas. We are investigating your, MagicWAN and Magic Firewall solutions for site to site VPN connectivity as well. But that's kind of been, that's, for that's a a next year thing now. Makes sense. Makes sense. And then, finally, Pete, before we turn to I can see some some questions popping in, from the audience. What advice would you share with others, and people on this call who are looking to to get started with their zero trust journey? Would you sort of say they should prioritize or focus on one thing first, above anything else? I I guess probably the as I say, Ocado is, 25 years old now. So we there is still a lot of systems. I wouldn't say they're 25 years old, but they they are many, many years old. So there's a lot of legacy stuff in there. So you need to decide whether, you want to tackle the, if you like, the the infrastructure access piece first. Some newer companies use a lot more SaaS based, so that moves more into the the Cloudflare access piece. So deciding which route you wanna start with is is a, is definitely key to the, the way moving forward. And also making sure you have a good sound foundation, so cloud identity, MDM tooling for the devices, etcetera. So make sure you've got those in place. And then discuss with vendors because, I think, we we learned a lot through doing a proof of concept, and we're able to then understand a lot more of what each vendor offered and which then fitted best for, best for Ricardo, in in the long run, basically. Yeah. Makes sense. No. Thank you, Pete. So with a few minutes left on today's session, why don't we turn to answering some questions from our audience? I could see a few of you have popped your questions in the chat. First one is from Alexander. Were there any on-site upgrades you needed to do to implement zed t and a, Pete? Or maybe if I expand on that as well, any, you know, changes you needed to make to your network, broadly speaking? Yeah. So so upgrades, no. None whatsoever. We initially, because the team I work with is a Windows team. We initially, implemented, the Cloudflare connectors on Windows. We, and this may have changed over past few years, but we found that the the Windows infrastructure had an overhead on those. So we moved to the, the sort of the Linux Docker based solutions. Since then, absolutely zero problems. Upgrades are easy. They're automatic. So it's a platform basically, either platform to host your Cloudflare d connectors. The only other thing that we needed to do was get additional a few additional firewall ports open because the the Cloudflare d connectors, obviously, don't connect over the standard four four three ports. They do some some, some different connections. So from a for an upgrade, no. But from a change, the the network was the only change we needed to, needed to, basically make. Yep. Makes makes sense. And then we've also got a a question from, Ricardo. I like this one. What's your experience been with support? Do they help, or do they just send links from the public pages? No. I think I can we we've used particularly when we were first, implementing this, we were using support a lot, and I I certainly can't fault them. You know, the the the the ability to either raise a ticket via, phone or via your portal or even potentially via Slack, if you use Slack as well, was easy, direct. You have the same engineer all the time. It would be easily escalated to users. And now they they, I I think it's like any support. You you go through that. Could you send me the logs scenario? But if you include them straight off, and I must admit, I now see you've got a an, an AI solution for analyzing the, the Cloudflare logs. So so that might be a lot easier. But, so sending the logs and making sure that, you get as much information there to start with, and then you get a direct call. So, no, they don't just point you at public pages. The other thing is kind of support and kind of not is the honesty we got from Cloudflare. Whenever you've had a an outage or an issue, you've always been honest around, what happened and what you're gonna do about it. It's nothing's hidden, basically, which definitely the execs like because they they feel like there's an element of trust in there as well. Yeah. No. I think, you know, we internally, we believe very, very much in a culture of transparency and projecting that externally and, you know, we we hope that over time that, you know, builds trust with our customers and your leadership. So, no, glad glad to hear that, Pete. Thank you. And then a question from Chris. If you could restart the journey with the lessons you've learned, what would be the one thing that you would look to change? Personally, take, Dig Mahills in around the the TLS space. I think from a security point of view, the, the benefits, outweigh the, the disadvantages. I think it was very much a case at the time that it was causing developers a few challenges in, in the fact that every doc we've been in chat to have a a Cloudflare certificate into to work with the the TLS piece. And I think, personally, I think if it would have been good to change the ways of working rather than change the product to fit with the ways of working. Personal opinion, and I think it's very much case of the TLS stuff brings a lot of benefits in the current climate. And and then it moves into other areas like, the the DLP areas, etcetera, which, obviously, we haven't touched on here. But it means that you can do real time DLP rather than sort of the the the, the after the event DLP. So, personally, that's the biggest, biggest takeaway. I think we everything else, we we didn't do a 100% right, but I think we we started with some good foundations. And and I think I don't think there's anything else personally I would change. Obviously, technologies have changed, so I've now started implementing the, the Cloudflare connectors as, alongside the Cloudflare d solution. But that's, that's, progression, not necessarily what we would have changed at the start. Sure. Right. Thanks. Thanks, Pete. One final question also from Alexander, and then I think, unfortunately, we are gonna run out of time today, but I'm sure, people can, can can send questions over to us if if they think of anything else. I you also, sort of partially answered this earlier in the session, Pete, but maybe we can just, repeat it in case people joined late. What made you choose Cloudflare over other vendors? Price, trust, something else? So so we started off I think it was with eight or nine inventors, including the big ones, the likes of Google and Microsoft and and stuff that were, the the big ones that you would have thought were good in that space. And to be honest with you, from a product point of view, we dismissed them quite quickly and ended up with three. I won't mention the names, but there were, there were three in there, Cloudflare being one of the three. And I think to get to the price, Cloudflare was def was not the was not the cheapest of the three. So it wasn't a 100% down to price. It was down to the technical product. It was down to the company how we felt it, the company fitted with Ocado Group and that or then also how we could see the product developing and our ability to influence the direction of the product. So not a 100% price, but it was wasn't the certainly not the most expensive, product out there. It was definitely more around how we could move Cloudflare's product to one that fit us better. Awesome. No. Thank you. I think, unfortunately, we are just about at time. So we will wrap up there. Thank you again, Pete, for, your your candor and and all your answers. I certainly find it super interesting to listen to, and I hope the audience, did too. If we didn't get a chance to answer your question, feel free to to reach out directly. I'm on I'm on LinkedIn at Joshua Watts if you have any specific questions. I'm looking forward to hopefully, speaking with and working with a few of you on this call around zero trust. So thank you again for the time this morning, this afternoon, wherever you are, everybody, and enjoy the rest of your days, and weeks. And, yeah, see you all again soon. Thank you. Thank you.