Cloudflare maintains thousands of servers in more than 190 points of presence that need to be accessed from multiple offices. Samuel and Evan discuss their experiences depending on a private network and SSH keys to securely connect to those machines. They share the risk that the private network perimeter poses if breached and the need to carefully manage and revoke those keys as needed. They demonstrate how they resolved these challenges, by building and migrating to a model in which they expose the servers to the public internet and authenticate them with an identity provider to reach them. To do this, they deployed a system that leverages ephemeral certificates, based on user identity, to delete SSH keys as an organization. Samuel and Evan ultimately share what they’ve learned in three years: That Cloudflare has been building a zero-trust layer on top of its existing network to secure both HTTP and non-HTTP traffic.