RSAC 2026 Conference See us at RSAC™ 2026 Conference. Learn more →

This website stores cookies to collect information about how you interact with our website. To find out more visit our Privacy Policy.

Cloudflare + DataSunrise for Complete Security

Cloudflare + DataSunrise

Cloudflare and DataSunrise address different parts of the same problem: controlling access to systems and controlling exposure of data. When used together, they provide coverage from the first inbound request to the final database response.

This combination allows organizations to manage both entry points and data visibility without relying on application-level logic alone.

Key Highlights

50+

Database platforms supported

80+

Dynamic masking techniques

65+

Audit event categories

The two systems operate independently but complement each other. Cloudflare reduces attack surface and enforces access control. DataSunrise governs how data is accessed, modified, and exposed once a connection is established.

How the Joint Solution Works

Cloudflare processes incoming traffic before it reaches internal infrastructure. Requests are inspected against security rules, filtered through WAF policies, and validated through Zero Trust access controls.

Once a request results in a database interaction, DataSunrise evaluates the SQL query. It can log the operation, apply masking rules, or block execution depending on defined policies.

This separation ensures that access control decisions and data exposure decisions handle different layers, reducing reliance on application code for security enforcement.

Diagram showing Cloudflare edge controls and DataSunrise database security controls working together
Edge-level controls and SQL-layer enforcement operate as separate but coordinated layers.

Control at the SQL Layer

Database access controls typically determine whether a user can connect and which tables they can query. They do not define how much of the data should be visible within query results.

DataSunrise introduces policy-based controls that operate on the result set itself. For example, the same query can return different values depending on the role of the user. Sensitive fields such as personal identifiers, financial data, or credentials can be partially masked or fully obfuscated.

This approach avoids the need to create multiple database views or duplicate datasets. Policies are applied dynamically at runtime and remain consistent across environments.

In addition to masking, the system records query activity with full context. This includes the executed statement, user identity, affected objects, and response characteristics. The resulting audit trail supports investigation and compliance reporting.

Operational Model

The integration does not require changes to application logic or database schema. Cloudflare continues to operate at the edge, while DataSunrise is deployed as a proxy or monitoring layer near the database.

Policies are managed centrally. Security teams define rules for masking, auditing, and blocking once, and those rules apply across all supported database platforms.

This reduces the need for database-specific configurations and minimizes inconsistencies between environments such as development, staging, and production.

The separation between traffic control and data control also simplifies troubleshooting. Issues related to connectivity, access, and traffic flow remain within Cloudflare. Issues related to query behavior and data exposure remain within DataSunrise.

Audit and Visibility

Cloudflare generates logs related to traffic, access attempts, and request metadata. DataSunrise generates logs related to database activity, including executed queries and data access patterns.

When combined, these logs provide a more complete record of system behavior. Security teams can correlate external requests with internal database activity, creating a traceable path from entry point to data access.

This is particularly useful in environments that require detailed audit trails. Instead of reviewing disconnected logs, teams can analyze events as part of a continuous flow.

Diagram of combined visibility across edge and database layers
Correlating edge and database activity provides a complete view of system interactions.

Who This Is For

The combined approach is relevant for environments where both access control and data exposure must be managed consistently. It applies to organizations that operate public-facing services, handle regulated data, or maintain multi-tenant systems.

Different teams benefit in different ways depending on their responsibilities and the structure of their systems.

Audience
Where it fits

Regulated Industries

Supports environments where data access must be audited.

  • Maintain audit trails across access and database activity
  • Apply masking to sensitive data fields
  • Align with regulatory requirements such as GDPR or PCI DSS

SaaS Platforms

Useful for systems with multiple tenants sharing infrastructure.

  • Control data visibility at the query level
  • Reduce reliance on application-side filtering
  • Limit exposure of underlying database endpoints

Engineering Teams

Provides a consistent security layer across environments.

  • Apply centralized policies across multiple databases
  • Reduce duplication of masking logic in code
  • Maintain visibility into query behavior and data access

Conclusion

Cloudflare and DataSunrise address different layers of the same system. One manages access and traffic at the edge, the other governs query behavior and data exposure at the database level.

This separation allows teams to apply controls where they are most effective, without relying on application logic or duplicating security mechanisms across environments.

The result is a more consistent model for managing access, monitoring activity, and limiting data exposure across the entire request path.

FAQ

How do Cloudflare and DataSunrise work together?

Cloudflare controls incoming traffic and access at the edge, while DataSunrise inspects SQL queries and enforces data-level policies such as masking, auditing, and blocking. This creates a continuous control path from request entry to database response.

Do I need to modify my application to use this setup?

No. The setup works without changes to application logic or database schema. Cloudflare operates at the edge, and DataSunrise functions as a proxy or monitoring layer near the database.

What kind of data protection does DataSunrise provide?

DataSunrise provides dynamic masking, query auditing, SQL injection protection, and sensitive data discovery. Policies are applied at runtime based on user roles and context.

Can logs from Cloudflare and DataSunrise be correlated?

Yes. Cloudflare logs request-level events, while DataSunrise logs database activity. Together they provide a full trace from external request to SQL execution and returned data.

What problem does this integration solve?

It separates access control from data exposure control. Cloudflare manages who can connect, while DataSunrise determines what data is visible once access is granted.

Protect Your Data with DataSunrise

Secure your data across every layer with DataSunrise. Detect threats in real time with Activity Monitoring, Data Masking, and Database Firewall. Enforce Data Compliance, discover sensitive data, and protect workloads across 50+ supported cloud, on-prem, and AI system data source integrations.

Start protecting your critical data today

Request a Demo Download Now

Next

How to Mask Sensitive Data in Sybase

Learn More

Need Our Support Team Help?

Our experts will be glad to answer your questions.

General information:
[email protected]
Sales:
[email protected]
Customer Service and Technical Support:
support.datasunrise.com
Partnership and Alliance Inquiries:
[email protected]