There are a few places where this either occurs automatically if you're using our hosted service or can occur optionally if you're either running within Docker containers on your own or integrating to custom CDN endpoints.
First, the API itself can be fronted by a CDN that supports fallback lookup to an origin server. In this case, we recommend Amazon CloudFront with short-lived TTLs on cache headers. More specifically, you can use Amazon's API Gateway to get caching coverage across multiple geographies. This offers edge benefits for repeated API calls.
Second, any applications you build on Cloud CMS and deploy to our hosting service can be fronted by a CDN. Once again, in terms of our SaaS offering, we use Amazon CloudFront.
Third, we allow for custom CDN interaction based on lifecycle events and release publishing. For example, if you use releases and publish a new release, you can trigger an action that fires off to a custom web hook that you might implement. You can use this to synchronize / invalidate your own third-party CDN. We have customers who use Akamai, for example, and receive notifications about content being invalidated. Their web hook can then remove content from NetStorage or push new content to the CDN.
Finally, we have CDN integration that is specific to our Application Server and it's Dust-based WCM offering. In this case, when you use our Dust tags, each tag computes the set of "dependencies" upon which it's rendering is predicated. If a tag ends up rendering, say, Node A, Node B and Node C, then it remembers that. If you later update Node C, it works back to figure out which cached tags and ultimately which pages were rendered. These are then invalidated within local cache and optionally within the CDN.
Much of the answer here depends on how you're using Cloud CMS - whether you're only using the API, whether you're hosting web applications with us or whether you're using our WCM solution. If you're running on-premise, you have control over API-level caching, for example, that you wouldn't have via SaaS since we do it for you.