← Back
Cloudflare
Cloudflare One adds endpoint DLP, browser RDP clipboard controls, and AI prompt security
Cloudflare · featuresecurityplatformapi · blog.cloudflare.com ↗

Unified Data Security Across the Enterprise Stack

Cloudflare is advancing its data security vision in Cloudflare One by connecting protection across multiple layers—from network traffic and SaaS applications to endpoints and AI interfaces. The company's core insight is that data security is enterprise security: controls matter because they prevent sensitive data loss, which triggers incident response, customer impact, and reputational damage.

Key Updates

Browser-Based RDP Clipboard Controls: Administrators can now enforce granular clipboard policies for browser-based RDP sessions, controlling whether users can copy or paste between their local devices and RDP sessions. This allows security teams to permit productivity workflows in safe contexts while blocking data exfiltration—for example, allowing copy/paste into a support portal while preventing data from moving out to unmanaged endpoints.

Operation Mapping in Logs: Cloudflare has extended its operation mapping process into logging, providing richer visibility into SaaS application usage. Logs now display both application control groups and specific operations (e.g., "SendPrompt" for ChatGPT), accelerating forensic analysis and policy tuning without additional configuration.

Endpoint DLP in Cloudflare One Client: The company is now bringing data loss prevention enforcement directly to endpoints via the Cloudflare One Client. This protects sensitive data copied from managed SaaS applications, preventing snippets of code or customer records from being pasted into unauthorized tools or personal LLMs—closing a critical gap where data in use becomes unprotected.

What Developers and IT Teams Should Know

  • Clipboard controls are available immediately in Access Application Policies for browser-based RDP applications
  • Operation mapping and enhanced logging require no configuration changes—they're enabled automatically for compatible SaaS services
  • Endpoint DLP integration with Cloudflare One Client eliminates the need for separate agents or complex integrations for clipboard-level data protection
  • These capabilities reflect Cloudflare's shift from point solutions to a cohesive data-following-data security model that spans transit, rest, use, and prompt contexts