SSL. SSL is easy on a single server, but gets complex/expensive very fast on cloud platforms. Cloudflare have an incredibly easy solution (branded "flexible SSL") where they handle the SSL between the client and their CDN, and the CDN does un-encrypted requests to your platform.
Yes, this is a security shambles - Cloudflare is officially MITM-ing your traffic. But given the HTTPS-only movement this is a perfectly valid solution for public websites. And this announcement actually makes a big difference because if your platform is Google Cloud, then the un-encrypted portion is now over a private Cloudflare-Google interconnect.
FWIW, I've been using Cloudflare for 6 months and haven't seen any drop-outs. It's improved latency, and the only issue I've had was it mangling email addresses in transit, to prevent scrapers. It took 3 minutes to find the setting and switch it off, so I'm OK with that. Although I would prefer things that modify your HTML should be off by default.
I'm curious about the difficulties you're referring to. If you're referring to secure key distribution, check out Hashicorp's Vault project. Other than that, I can't think of any show-stoppers to deploying SSL across many commodity cloud servers.
Yes, this is a security shambles - Cloudflare is officially MITM-ing your traffic. But given the HTTPS-only movement this is a perfectly valid solution for public websites. And this announcement actually makes a big difference because if your platform is Google Cloud, then the un-encrypted portion is now over a private Cloudflare-Google interconnect.
FWIW, I've been using Cloudflare for 6 months and haven't seen any drop-outs. It's improved latency, and the only issue I've had was it mangling email addresses in transit, to prevent scrapers. It took 3 minutes to find the setting and switch it off, so I'm OK with that. Although I would prefer things that modify your HTML should be off by default.