Important Considerations
To ensure a comprehensive understanding of Cloudflare's capabilities for KBANK, please consider the following points regarding certain advanced scenarios and functionalities:
- Protocol Scope for DLP: Cloudflare's Data Loss Prevention (DLP) is highly effective for inspecting data transiting via HTTP/HTTPS. However, its current inspection capabilities do not extend to other protocols such as SCP, FTP, SSH, or similar non-web protocols.
- End-to-End Encrypted Applications: While Cloudflare inspects HTTPS traffic, applications or tools (e.g., Git command line operations, Copilot, or specific web applications like LINE that utilize HTTPS as a transport but also implement an additional layer of end-to-end encryption [E2EE]) can obscure the raw content from DLP inspection. This limitation is not unique to Cloudflare; any vendor performing DLP at the network layer would be similarly affected, as the data remains encrypted between the end-user's application and the application's server, thereby bypassing network-level visibility.
- Image Content Analysis (OCR & Obfuscated Images): Cloudflare's Data Loss Prevention includes Optical Character Recognition (OCR) to identify sensitive text within images. However, the effectiveness of current OCR capabilities can be limited when dealing with images that are intentionally blurred, heavily obfuscated, or of very low resolution.
We recognize this as an important area for development and will ensure this feedback is relayed for future feature enhancements. We are eager to discuss our product roadmap with KBANK and explore how upcoming improvements can better address these specific challenges. We recommend discussing these specific use cases further to explore comprehensive security strategies and align on future development priorities.