← Back
Cloudflare
Cloudflare One extends DLP and RDP controls to endpoints and AI prompts
Cloudflare · featuresecurityapiplatform · blog.cloudflare.com ↗

Unified Data Security Strategy

Cloudflare One is advancing its vision of data-centric security that follows sensitive information across networks, endpoints, SaaS applications, and AI interfaces. Rather than isolated point solutions, the company is positioning Cloudflare One as a connected system where visibility, policy controls, and enforcement work together—from data in transit across the internet to data being used in AI prompts.

Browser-Based RDP Clipboard Controls

Security administrators can now configure granular clipboard policies for browser-based RDP sessions. New controls let organizations allow copy/paste workflows in safe contexts (e.g., pasting commands into a support session) while blocking clipboard movement in high-risk scenarios (e.g., preventing sensitive customer data from copying out to unmanaged endpoints). This is configured within Access Application Policies and reduces the need for workarounds like screenshot-taking or data re-entry.

Operation Mapping and Enhanced Logging

Cloudflare One now enriches HTTP logs with operation-level visibility through expanded operation mapping. Previously limited to policy configuration, operation mapping now automatically tags log events with specific user actions (e.g., "SendPrompt" for ChatGPT) and groups them into application controls like "Share" or "Upload." This provides visibility into how SaaS applications are being used and accelerates forensic analysis without requiring additional configuration.

Endpoint Data Loss Prevention

The Cloudflare One Client now includes on-device DLP enforcement, extending protection to data in use on endpoints. Starting with high-signal workflows like clipboard movement, the feature prevents sensitive data copied from protected SaaS applications from being freely pasted into unauthorized tools, unmanaged cloud applications, or personal LLMs without triggering security controls.

Practical Security-Productivity Balance

These updates acknowledge the challenge of balancing user productivity with security enforcement. By providing granular controls—allowing workflows where safe, blocking where necessary—Cloudflare One aims to reduce the risk of employees circumventing security policies through unauthorized channels or workarounds.