MCP governance
Model Context Protocol (MCP) allows Large Language Models (LLMs) to interact with proprietary data and internal tools. However, as MCP adoption grows, organizations face security risks from "Shadow MCP", where employees run unmanaged local MCP servers against sensitive internal resources. MCP governance means that administrators have control over which MCP servers are used in the organization, who can use them, and under what conditions.
Cloudflare Access provides a centralized governance layer for MCP, allowing you to vet, authorize, and audit every interaction between users and MCP servers.
The MCP server portal serves as the administrative hub for governance. From this portal, administrators can manage both third-party and internal MCP servers and define policies for:
- Identity: Which users or groups are authorized to access specific MCP servers.
- Conditions: The security posture (for example, device health or location) required for access.
- Scope: Which specific tools within an MCP server are authorized for use.
Cloudflare Access logs MCP server requests and tool executions made through the portal, providing administrators with visibility into MCP usage across the organization.
To maintain a modern security posture, Cloudflare recommends the use of remote MCP servers over local installations. Running MCP servers locally introduces risks similar to unmanaged shadow IT ↗, making it difficult to audit data flow or verify the integrity of the server code. Remote MCP servers give administrators visibility into what servers are being used, along with the ability to control who access them and what tools are authorized for employee use.
You can build your remote MCP servers directly on Cloudflare Workers. When both your MCP server portal and remote MCP servers run on Cloudflare's network, requests stay on the same infrastructure, minimizing latency and maximizing performance.