Stax

Stax uses Cloudflare Zero Trust to boost security compliance, support multi-platform development, and accelerate innovation

Stax is a Melbourne-based management platform for AWS. With decades of collective experience delivering enterprise-grade AWS solutions, the Stax team provides companies with the tools and guidance they need to simplify cloud migrations and easily manage their online infrastructure.

Founded in 2015, Stax has grown to a customer base of over 200 companies across 3 continents. Their clients include fast food businesses, luxury brands, and corporations in the top 20 of the Australian Securities Exchange (ASX).

Challenge: Replacing underperforming technology to increase security compliance and support multiple development environments

Security is core to Stax’s core platform, which helps customers manage cloud data and infrastructure. Stax follows strict industry guidelines like the Payment Card Industry Data Security Standard (PCI DSS) and SOC2 customer data management from the American Institute of CPAs. In addition to meeting these standards, Stax has its own stringent internal security standards.

“Our enterprise customers contractually require Stax to meet very specific compliance standards,” says Ridgewell. “That led us to enforce security controls like Zero Trust across our infrastructure.”

Early on in its Zero Trust implementation, Stax experienced technical challenges and feature gaps with its prior vendor.

“The old solution lacked support for our environment. The vast majority of our computer fleet runs MacOS, and many of our critical developers run Linux,” says Ridgewell. “Their limited Mac compatibility often delayed our releases, and their Linux functionality was non-existent.”

Stax also had issues with the vendor’s instability and regular service interruptions. Stax’s developers frequently had their productivity limited by severe latency problems and delays — especially when accessing company applications and databases.

Finally, Stax disliked that the solution required regular server maintenance – a task that burdened administrators and ran contrary to the company’s focus on low-maintenance serverless technology.

“Our old vendor required us to run their tunnel agent on a dedicated EC2 server,” says Ridgewell. “That was less than ideal for us. We didn’t want a critical part of our Zero Trust network infrastructure on equipment we needed to manually patch or maintain.”

Solution: Cloudflare Zero Trust for performant, cross-platform, serverless access to company tools

Looking for serverless, cloud-native security that met their performance expectations and supported all their operating environments, Stax contacted Cloudflare. For four weeks, Cloudflare collaborated with the company to develop a Zero Trust implementation that made sense for Stax.

“We created proofs of concept and iterated through designs until we found the configuration that accommodated all of our admin interfaces,” says Ridgewell. “Cloudflare did exactly what we needed it to — it protected our endpoints and locked down our security much more effectively than the solution it replaced.”

Cloudflare Zero Trust is now the linchpin for how Stax secures application access, with secure, low-latency connections to company systems and SaaS services like Slack. Cloudflare has made it easy for Stax to apply identity and device posture checks, so Stax can make progress in its Zero Trust approach.

Rather than building and shipping custom workstations loaded with security controls, Stax contractors can securely access specific applications on their own machines using a single sign-on (SSO). Cloudflare integrates with the Stax’s identity provider (IdP) of choice and checks identity for every request before granting access to an application.

Cloudflare’s integration with Crowdstrike has helped Stax layer on device health as another key Zero Trust check. Stax checks for device health based on Crowstrike’s software before allowing or denying access requests.

“With Cloudflare and Crowdstrike working together, we know if a device on the network has malware,” he says. “We can instantly cut a connection, secure our important systems, and remediate an affected machine. The Cloudflare integration with Crowdstrike strengthens our overall security posture.”

Stax has also seen an exponential improvement in the quality of employee access to internal systems. Database and administrative access latency has shrunk to less than 100 milliseconds from over 700 — an 86% change. Further improving productivity, Cloudflare also provided compatibility for development on Linux and Mac, development environments that the previous vendor's solution did not support.

“We have seen benefits like happier developers, and simplified maintenance,” says Ridgewell. “Although we rarely have problems with Cloudflare, we can easily diagnose and resolve the few problems we do have by ourselves.”

Finally, Stax solved the manual server maintenance issue that complicated their prior Zero Trust implementation by replacing the dedicated EC2 server with a serverless Cloudflare Tunnel – lightweight software that runs without costly manually maintained hardware.

“Not needing to manage or patch the server OS also aligns with our goals for a completely serverless infrastructure. That is a huge win for Stax,” says Ridgewell.

Adding value with Cloudflare integration partnerships

With the Cloudflare dashboard and built-in integration features like the Cloudflare Analytics API, Stax can pipe Cloudflare data directly into critical AWS management tools like Datadog to further improve their service offerings.

Going forward, Stax is interested in taking advantage of Cloudflare’s integration with Terraform to automate the process of deploying security policies for its customers.

“We are looking into single-click AWS deployment models for Cloudflare and extended Zero Trust policy control via Terraform so that any Stax customer on Cloudflare can easily benefit from the work we are doing,” says Ridgewell.

For Stax, Cloudflare support has been as significant as the functionality improvements provided by Cloudflare tools. From updates on new features and use cases to issue resolution, Cloudflare has impressed the company with its proactive service.

“A key benefit of choosing Cloudflare is how quickly issues get fixed. Even with obscure problems specific to our deployment, Cloudflare provides the right people for the right outcome,” says Ridgewell. “I can’t speak highly enough about the partnership.”