AHEAD · Cloudflare · HCA Healthcare · June 2026 · Confidential
The Foundation
for What’s Next
A Strategic Perspective for HCA Leadership
HCA is becoming a digitally coordinated healthcare delivery system.
Expanse, cloud migration, AI, expanded access points, and application modernization all point in the same direction: more interactions, more systems, and more dependency on technology to coordinate care.
The question is not whether HCA needs Zero Trust.
The question is whether the foundation underneath that future reduces complexity or adds to it.
HCA has proven that Zscaler ZIA works for ~150k users. The question is whether to keep building on that architecture — adding more Zscaler products, more configurations, more day-to-day noise — or introduce an alternative before it becomes permanently embedded.
The case for Cloudflare is simple: it creates operational quiet, makes the experience faster by design, and gives HCA a platform that goes well beyond just Zero Trust.
Zscaler built a cloud security exchange that HCA’s traffic must be steered to so it can be inspected. Cloudflare built a global network that internet traffic already flows through, so inspection and protection happen along the direct route instead of at a separate destination. For a CIO, that means fewer detours, fewer things to manage, and a faster, more predictable experience everywhere HCA operates.
At enterprise scale, the strongest innovations are built on a stable and trusted technology foundation.
Operational quiet means fewer alerts, fewer vendors, and fewer moving parts — not hiring more people to manage more tools. It comes from reducing the number of systems, configurations, and dependencies required to deliver secure services.
Operational quiet is not just a principle: it is an enabler of modernization, resilience, and responsible innovation.
HCA runs ZIA for a portion of its user population today. Expanding to its full suite of Zero Trust products means adding ZPA, ZDX, ZIdentity, and SPLX — each with its own policies, logs, and moving parts. The platform is built as an inspection point, so traffic must be steered to it. Private application access depends on connector software inside data centers and on routing paths that vary by location, which all require ongoing care and feeding. Every additional product adds another place to configure, troubleshoot, and explain when something breaks.
Cloudflare delivers the full Zero Trust portfolio as one cloud service, deployed once. Policy is written once and applies to users, applications, APIs, and AI everywhere. Beyond a lightweight connector, nothing is deployed or maintained inside HCA’s environment — no virtual machines, no appliances, no infrastructure to size or patch. Enforcement runs on the same Anycast network at every location, so behavior is consistent wherever care is delivered.
On Zscaler, traffic detours to a separate inspection point, and the user waits for that extra trip. On Cloudflare, inspection happens where the traffic already is. Zscaler sits closest to where infrastructure lives, in AWS. Cloudflare is the edge — closest to both infrastructure and users. For a CIO, that means fewer detours, fewer performance outliers, and a more predictable experience in the field.
Cloudflare has 2.24× more coverage in the key locations where care is delivered — present at 94 of 147 mapped HCA locations, compared to Zscaler’s 42. Cloudflare owns and operates its global network; Zscaler’s service runs on AWS data centers, so proximity is limited to where AWS chose to build. That gap is most visible in the markets that matter most to HCA:
The impact on traffic flow: A nurse in Houston opens a clinical app. With Zscaler, that traffic detours out of Houston to a separate inspection point, then comes back. With Cloudflare, the request is inspected and allowed in Houston itself, so the app simply feels faster and more reliable at the bedside.
The same experience in Nashville, Hyderabad, or a rural community hospital. A hybrid workforce and international growth require enforcement that performs everywhere. Coverage gaps make that conditional.
The same network that accelerates clinical apps also runs AI inference in 200+ cities, so AI copilots and agents show up fast in the exact facilities where they’re used.
Note: The capabilities in this section are outside the scope of what Zscaler offers.
HCA will not just consume AI, it will build agentic AI into its own clinical and operational workflows — and those agents need somewhere safe and fast to live. AI will sit inside clinical workflows, patient interactions, and day-to-day operations, not off to the side as a lab experiment. What most teams discover too late is that building AI and securing AI are the same problem, and that problem has to be solved at the network layer, not patched in afterward.
Cloudflare’s network is not only a security layer; it is a development environment. HCA’s teams can write and deploy code — the applications, the logic, and the AI agents themselves — directly onto the same infrastructure that secures and delivers them. That means a clinical workflow, a patient intake agent, or an internal operations tool can be built, deployed, and protected without provisioning servers, choosing cloud regions, or adding a different vendor for each layer of the stack. The compute runs in the same cities where the users are, and the security is not a separate system the application calls — it is the environment the application runs in.
Cloudflare runs AI inference in 200 cities worldwide, including 92 cities directly where care is delivered. The network already carries AI at enterprise scale, allowing AI applications, copilots, and agents to operate closer to users while benefiting from the same security, performance, and reliability that protect the rest of the platform.
HCA has already chosen to modernize.
It has already chosen to expand digital access.
It has already chosen to move critical workloads to the cloud.
It has already chosen to make AI part of the future of healthcare delivery.
The remaining decision is whether the foundation underneath those initiatives reduces complexity or adds to it.
The Cloudflare story starts in 2004 with a question: where does email spam actually come from? To answer it, the founders built Project Honey Pot, a distributed system that let any website owner plant tracking traps for spammers and malicious bots, mapping their behavior across the internet in real time. Over five years, thousands of websites in 185 countries joined.
The dataset grew rapidly. And users kept pushing for more capability — “don’t just track the bad guys. Stop them.”
Lee Holloway didn’t build another web proxy. He built a globally distributed reverse proxy layer that ran the same software stack on every machine, everywhere, simultaneously.
The physical infrastructure was unremarkable: commodity x86 servers in colocation facilities around the world, nothing exotic.
The radical part was the software architecture and what it was designed to do.
Rather than sending traffic to a specialized system for caching, then another for security, then another for routing, Lee built a unified packet-to-application processing pipeline where a request arrives, gets parsed, hits security logic, gets routed, and gets served, all inside the same system.
Combined with anycast routing (where every Cloudflare location shares the same IP address and the internet automatically routes users to the nearest one), this meant that any Cloudflare server anywhere in the world could handle any request for any customer.
Cloudflare didn’t build services on top of a proxy, it built a network. That difference is now visible in every enterprise conversation about what infrastructure can actually support the next ten years.
By 2025, Cloudflare was processing traffic for roughly 20% of all websites on the internet. But revenue and growth are not the real story. The real story is architectural timing.
AI agents are not like traditional software. Traditional software runs in predictable locations, on predictable schedules, talking to known endpoints. AI agents are autonomous. They make decisions, call APIs, spin up processes, and talk to other agents. Constantly, globally, simultaneously, and at a scale that was unthinkable five years ago.
They need infrastructure that is globally distributed, low-latency, secure by default, and instantly available, with no servers to provision and no regions to choose.
Cloudflare has been building exactly that infrastructure for fifteen years, without knowing AI agents would need it.
That foundation was not built for AI. But it turns out, building for the hardest problems on the internet (global scale, millisecond latency, consistent security everywhere, no boxes) is exactly what AI needs. Cloudflare did not predict AI. They just built the right thing, and AI arrived.
Selected podcasts, analysis, and primary sources on Cloudflare, AI infrastructure, quantum readiness, and the current threat landscape.
2026-06-09 1:00 PM ET
The New York Stock Exchange
Join us for Agents Week 2026, where we celebrate the power of AI agents and explore how they're transforming the way we build, secure, and scale the Internet.
Useful overview of what Cloudflare is and why its role in internet infrastructure is unusual.
Independent essay on network-layer convergence.
Official earnings calls, investor days, and presentations.
February 2026 milestone.
How attacks are changing across the network.
The largest attacks mitigated on the network.
Introducing dollar-denominated spend limits in AI Gateway — budgets in dollars, not tokens, scoped by team, model, or application.