---
title: Doctolib &#38; Cloudflare | Customer Story
description: Cloudflare Access and DLS help to ensure patient and employee data privacy and security while helping address regulatory compliance
image: https://813f.17wa.net/preview.png
---

# Doctolib

> #### “ When the president of France talked about us, our traffic jumped by 10X with no warning. We needed a solution that could sustain the additional workload that we couldn’t forecast, which is where Cloudflare was really helpful. ” 

  
## **Doctolib provides secure, reliable e-health services in the EU with Cloudflare**

Doctolib is Europe’s fastest-growing e-health service. Founded in France in 2013, the company has expanded rapidly, now serving patients in Germany and Italy as well. Patients can use the platform to make appointments and telemedicine visits with healthcare providers.

Doctolib was a well-established e-health service prior to 2019, but the COVID-19 pandemic drove significant, rapid growth. Pre-pandemic, the platform had approximately 1,000 employees, a number that grew to 3,000 within a couple of years. Doctolib also enables over 390,000 healthcare providers to serve 90 million patients across France, Germany, and Italy.

### **Challenge: Ensuring service accessibility and data privacy and security**

Doctolib faced a multi-faceted challenge in securing sensitive data across a complex cloud environment while adapting to a growing hybrid workforce. As they onboarded over 200 employees a month, Doctolib needed to ensure that it maintained its strong security posture and regulatory compliance. The organization had access to large volumes of sensitive patient and employee data and was subject to stringent GDPR requirements for data protection and localization.

“During the pandemic, we had to adapt to a new work model, offering full office, hybrid, or remote options.” explains Cédric Voisin, CISO at Doctolib. “Ensuring compliance and managing cyber threats became even more critical as we navigated this new work environment. A big challenge was to ensure that, no matter where our employees worked from, they could access resources securely.”

Additionally, they needed to protect sensitive data across a broad range of SaaS applications, such as Google Workspace, Microsoft 365, and Salesforce. With several integrations in place, they were concerned about secure access, misconfiguration management, and potential data exposure across these platforms.

On top of these day-to-day security concerns, the company also needed to ensure the availability of its platform through traffic surges during the COVID-19 pandemic. Greater visibility increased visitors to the platform and made it a larger target for cybercriminals.

### **Managing rapid growth and sudden traffic spikes**

During the COVID-19 pandemic, interest in Doctolib grew rapidly. The company provides online health services and was part of the vaccination effort in France and Germany. As a result, traffic to the company’s site grew dramatically over that time period.This growth in traffic was a primary driver behind Doctolib’s switch from Cloudflare’s free plan to becoming an enterprise customer. This transition ensured that the company’s infrastructure could scale and keep up with demand while providing protection against the greater number of cyberattacks that came with the company’s increased visibility.

This additional scalability and resiliency was especially important in the face of sudden spikes in traffic to the company’s page. Occasionally, Doctolib’s CEO would appear live on television, which caused site traffic to triple shortly after.

However, these spikes paled in comparison to the surges that occurred when the company was referenced by France’s president on live television. According to Cédric Voisin, Doctolib’s CISO, “When the president of France talked about us, our traffic jumped by 10X with no warning. We needed a solution that could sustain the additional workload that we couldn’t forecast, which is where Cloudflare was really helpful.”

### **Ensuring data security and regulatory compliance**

Zero trust is a key component of Doctolib’s [data security](https://813f.17wa.net/learning/cloud/what-is-dspm/) and regulatory compliance strategy. Voisin says, “We don’t implicitly want to trust the hardware or people at any point during the connection. If you want to access one of our assets, you need to prove that you’re who you claim to be and that you’re using the device that you’re claiming to use.”

To meet these zero trust goals, Doctolib uses Cloudflare’s Zero Trust Network Access (ZTNA) service. All employees and contractors are provided with a company laptop preloaded with Cloudflare’s device agent. This enables the organization to control access to patient data and other resources in accordance with regulatory requirements and its own security policy.

To complement these network-level defenses, Doctolib also uses Crowdstrike for endpoint security. As part of the zero trust validation process, Cloudflare verifies that Crowdstrike is active and up-to-date, protecting the device against malware and other threats to endpoint security. Voisin says, “We work with providers that have access to very sensitive assets. Together, Cloudflare and Crowstrike ensure that they are who they claim to be and that their devices are secure.”

Cloudflare’s Data Localization Service (DLS) is also critical to the company’s compliance strategy, enabling it to prove to customers and regulators that patient data never leaves the EU. Storing and processing data of EU data subjects within the EU helps make compliance with GDPR easier. DLS also ensures that non-EU providers and third parties do not have access to patient data, that only Doctolib-authorized users can access and view patient data, logs, or IP addresses, and that this metadata never leaves the EU. According to Voisin, “DLS is invaluable for us because it allows us to use Cloudflare while remaining compliant. And no one else in Europe has Cloudflare’s capabilities and ability to handle the massive amount of traffic we have.”

### **Increase visibility of data and misconfiguration risks**

"The visibility Cloudflare provides is important in helping us reduce the risk of data breaches.” says Voisin. “Their products enable us to quickly address misconfigurations and ensure compliance with data protection regulations like GDPR."

Voisin explains that Cloudflare has been instrumental in improving Doctolib’s data security and that they plan to continue to collaborate closely with Cloudflare experts to strengthen protection for their employees and customers alike. Cloudflare paves the way for accelerated future growth with a scalable approach to compliance “Next, we want to expand our business to more countries. So we'll have to adapt to more regulation. That's a given. But, we build around Cloudflare, which will be useful for us to be at speed entering the market without many burdens.”

To read more about how Cloudflare helps Doctolib beyond data security and compliance, please read this [Medium article](https://medium.com/doctolib/why-does-doctolib-use-cloudflare-7bc44440d749) in their own words about our application services. 

![Doctolib logo](https://images.ctfassets.net/slt3lc6tev37/1WVNgmOmCAMaCg9bGAuuM5/4bf95c426f5e0c90d66222195c86057b/doctolib-logo.png) 

Cloudflare Access and DLS help to ensure patient and employee data privacy and security while helping address regulatory compliance

 Cloudflare Products 
* [  Zero Trust ](/sase/)
* [  Access ](/sase/products/access/)
* [  Data Localization Suite ](https://813f.17wa.net/data-localization/)
* [  Data Loss Prevention ](https://813f.17wa.net/learning/access-management/what-is-dlp/)

 Products Used 

Access Zero Trust 

 Details 

 Industry 

Healthcare & Life Sciences 

 Region 

Europe, Middle East & Africa 

Build section video off in Low preview — use High mode and refresh for full motion. 

# Build without boundaries

 Join thousands of developers who've eliminated infrastructure complexity and deployed globally with Cloudflare. Start building for free — no credit card required. 

[  Start building for free ](https://dash.cloudflare.com/sign-up) [  View docs ](https://developers.cloudflare.com/) 

 No cold starts or region complexity  SASE and Zero Trust without the complexity  Deploy to 330+ cities instantly  Defend against the Internet's biggest DDoS attacks  Predictable pricing without surprises  Identity-aware Zero Trust access that retires your VPN  Battle-tested infrastructure powering millions  CDN, WAF, and DNS faster than the public Internet  No cold starts or region complexity  SASE and Zero Trust without the complexity  Deploy to 330+ cities instantly  Defend against the Internet's biggest DDoS attacks  Predictable pricing without surprises  Identity-aware Zero Trust access that retires your VPN  Battle-tested infrastructure powering millions  CDN, WAF, and DNS faster than the public Internet 

```json
{"@context":"https://schema.org","@type":"Organization","name":"Cloudflare","url":"https://813f.17wa.net","logo":"https://813f.17wa.net/logo.svg","sameAs":["https://github.com/cloudflare","https://www.linkedin.com/company/cloudflare","https://x.com/cloudflare"]}
{"@context":"https://schema.org","@type":"WebSite","name":"Cloudflare","url":"https://813f.17wa.net","inLanguage":"en","potentialAction":{"@type":"SearchAction","target":"https://813f.17wa.net/search?q={search_term_string}","query-input":"required name=search_term_string"}}
{"@context":"https://schema.org","@type":"WebPage","name":"Doctolib & Cloudflare | Customer Story","description":"Cloudflare Access and DLS help to ensure patient and employee data privacy and security while helping address regulatory compliance","url":"https://813f.17wa.net/case-studies/doctolib/","inLanguage":"en"}
```