Cloudflare Inc., cloud-based networking and cybersecurity services, expected to go public next week, may have violated U.S. economic and trade sanctions regulations as its products may have been used by entities designated by the U.S. as terrorists and narcotics traffickers.
Cloudflare voluntarily disclosed potential economic and trade sanctions violations to the Treasury Department, the company said in documents that declared the company’s intention to go public.
Cloudflare said that it determined that its products were used by, or for the benefit of, certain individuals and entities that have been blacklisted by the U.S. A number of the parties made payments to the company in connection with their use of the platform. Those parties included entities that have been designated by the U.S. as terrorists and narcotics traffickers or are affiliated with governments currently subject to comprehensive U.S. sanctions, according to the filing.
Cloudflare said it is working to implement additional controls and screening tools to remediate the issue.
The company also disclosed that it may have violated U.S. export control regulations and has submitted self-disclosures to the Commerce Department’s Bureau of Industry and Security as well as to the Census Bureau regarding potential violations of the Foreign Trade Regulations. Cloudflare said it learned this year that it may have submitted incorrect information to the U.S. government in connection with certain hardware exports, according to the filing.
Cloudflare said its service blocks 44 billion cyber threats from 20 million internet properties daily, and that it is better suited to today’s cloud environment. Security patches are no longer hardware-based “Band-Aid boxes,” and even if they were, they would be incapable of scaling and are largely incompatible with cloud-based architectures.
“This transition has created a vast opportunity both in expanding the market to address underserved businesses and replacing Band-Aid box vendors, and the budget spent on their increasingly obsolete devices, in the enterprise,” the company said. “Cloudflare is leading this transition.”
CloudFlare was founded by Matthew Prince, Michelle Zatlyn and Lee Holloway in 2009. Although CloudFlare started as a project designed to stop spammers from harvesting email addresses on websites, in 2009, the company’s focus shifted towards providing web security solutions. CloudFlare founders realized that security software was one of the factors behind slow site performance. This prompted the development team to find ways of improving site performance while at the same time offering solid Internet protection.