Optimizing Hapag-Lloyd’s Cybersecurity With Cloudflare Platforms

As the pool of applications expanded, the company’s infrastructure became critically complex. Managing disparate security policies required an unjustifiably large amount of time, and specialists did not have clear visibility into incoming traffic. Bot scrapers, which massively collected data on schedules and cargo tracking, became a particular threat, draining network resources. The situation was exacerbated in the Chinese market, where the company had to rely on a separate local provider. This led to disruptions in the customer experience: website loading times often exceeded eight seconds, and infrastructure reliability periodically fell below 90%.

To eliminate fragmentation, Hapag-Lloyd decided to migrate to the Cloudflare Connectivity Cloud platform. This step allowed for the unification of network routing, web application protection, and developer tools in a single architecture. Moving traffic filtering points to the network edge enabled blocking undesired requests before they reached internal systems. This approach eliminated operational divisions and allowed for the implementation of consistent management standards regardless of geography. The company gained a transparent environment for control without the need to switch between different management panels.

The foundation of the new cybersecurity model consisted of Cloudflare WAF and Cloudflare Bot Management. By configuring policies at the domain level, the team was able to separate legitimate partner bots from malicious traffic. For storing static assets, Hapag-Lloyd implemented Cloudflare R2 object storage, greatly simplifying data management. Additionally, Cloudflare Stream was implemented for video content delivery. This allowed engineers to forgo maintaining complex video infrastructure based on third-party cloud services and fully focus on software development.

The results of architectural consolidation are illustrated by specific business metrics. After implementing filtering, the number of requests from malicious bots was reduced to nearly zero, saving the company several thousand euros monthly by reducing bandwidth consumption. In China, redirecting traffic to the common Cloudflare network decreased the average content delivery time from eight to approximately three seconds.

Reliability has increased to 98%, ensuring stability in one of the most challenging markets. Meanwhile, using the R2 storage reduced overall data storage costs by 10% compared to previous solutions.

Technological changes also encompassed the organization of internal workflows. Hapag-Lloyd abandoned traditional corporate VPNs in favor of Cloudflare Access, a network access solution based on the Zero Trust principle. Currently, about 300 developers authenticate in critical engineering environments through a single sign-on (SSO) system. This has radically accelerated collaboration with external partners: access for testing is granted and revoked instantly, without reserving excess capacity. This ensures high team efficiency without compromising corporate security.

Hapag-Lloyd views infrastructure consolidation not as a one-time project, but as an ongoing strategic direction. The company’s plans include the complete abandonment of residual VPN connections using Cloudflare Zero Trust services and exploring the Cloudflare Workers platform as an alternative to existing serverless computing tools. Reducing architectural complexity is a key factor that allows the shipping giant to focus on improving service quality for its customers worldwide.

Summarizing this experience, transitioning to the unified Cloudflare platform allows a large business to simultaneously address several critical tasks: stopping threats from bot scrapers, overcoming regional data transfer speed issues, and providing developers with a secure Zero Trust environment. The success of this approach confirms that architectural consolidation is the most effective tool for cost reduction and risk management.

iIT Distribution is the official distributor of Cloudflare solutions and provides full support for enterprise-level projects. iITD experts assist with the evaluation of current architecture, system requirements development, and direct participation in the implementation of web application protection tools and zero-trust platforms. The iIT Distribution technical team integrates into your project at every stage, ensuring expert support and high-quality final results.