Cisco Umbrella

Enterprise network security

Security

How to Evaluate SSE Vendors: Questions to Ask, Pitfalls to Avoid

Author avatar of Yuval YatskanYuval Yatskan
• 5 minute read
View blog >

As new ways of work – cloud collaboration, hybrid work models, and BYOD – have become the standard, it’s clear that new environments and approaches require new strategies and capabilities.  The early era of cybersecurity protection was built by stacking solutions like firewalls, on-premises web proxies, sandboxing, SIEMs, and endpoint security. With more people connecting from more places and more devices, it’s clear that these old, data center-centric ways of protection are leaving huge gaps in security.   

The solution to streamlining these disparate solutions and providing better security for distributed work teams using more cloud-based tools is what Gartner calls secure access service edge, or SASE. SASE describes a converged networking and security architecture that isn’t defined by appliances in a data center, but instead is comprised of integrated services delivered from the cloud.  

Where a secure access service edge approach would unite both networking and security functionality in the cloud, security service edge (SSE) is a subset of the entire SASE structure that focuses only on cloud-delivered security capabilities. 

What is security service edge (SSE)? 

An SSE framework unifies once standalone, disparate functions – secure web gateway (SWG), zero trust network access (ZTNA), firewall-as-a-service technologies, and cloud access security broker (CASB) — managing secure access to websites and apps from anywhere users are accessing them. 

Adopting an SSE framework allows teams to:

  • Simplify adoption and deployment of security policies 
  • Bypass VPNs, increasing security and reducing unauthorized access 
  • Protect all users from ransomware and other types of advanced malware 
  • Monitor and track users across your network 
  • Provide fast and dependable connectivity to the web, the cloud, and private apps 

Who is SSE for? 

Embracing an SSE strategy makes sense for organizations that need: 

  • Security that isn’t tied to a network 
  • Reduction of risk posed by gaps in disparate solutions 
  • Zero-trust access based on identity and context  
  • Consistent policy enforcement across all users, channels, applications, and devices  
  • Fast, safe digital user experience regardless of location, device, or connection 

The promise of both SSE and SASE is that they can provide cloud-delivered capabilities on a global scale, reduce cost and complexity, and increase visibility and performance. It’s a tall order and it’s important to pick the right provider to partner with. 

The best approach to evaluating an SSE vendor? Taking a balanced approach by looking at their past successes, current offers, and vision for the future.  

The past as proof 

The first thing that organizations should look for in a SSE provider is experience. Successful SSE partners will have years of experience in the security space, a wide customer base, and experience continually growing and innovating. They also have portfolios of proof and examples of past wins. 

When assessing SSE vendors, look for:  

  • Security experience and efficacy: With the explosion of cloud-based connectivity and as-a-service applications, more and more companies are creating SASE and SSE offerings. They’re trying to capitalize on the urgency of securing these new ways of working. But not all capabilities are created equal. Organizations should have a history of delivering not just security solutions, but real security results for the organizations they’ve worked with.  
  • aaS experience and track record: As-a-service software and subscriptions are the way the world works and stays connected. To stay competitive, 99% of businesses use at least one SaaS solution. That’s why the future-state vision of a full SASE offering is a subscription-based, aaS model; it’s been proven to reduce complexity and increase productivity. A SSE provider should have a history of delivering products in the aaS market.  

Questions to ask vendors 

  • Do you have case studies that showcase results from security customers?  
  • How many of your products have you been able to deliver aaS? 
  • What capabilities do you have in terms of threat intelligence and cybersecurity research?  

Considering current capabilities   

Deciding on a near-term SSE solution, of course, means considering what a vendor’s SSE capabilities are right now and how those support both your current needs and future goals.  

When assessing SSE vendors, look for:  

  • True SSE functionality: SSE is cloud-based, cloud-delivered security to truly protect the edge and handle a wider range of use cases. This helps protect and connect users no matter where they work.  
  • Open platform approach: An open, integrated platform across all devices provides better security by helping you find and fix threats faster. Plus, an open platform allows security practitioners to gain both insight and value by being able to integrate and manage existing security investments.  
  • Full-stack observability:  Full-stack observability solutions move beyond domain monitoring into full-stack visibility, insights, and actions. They transform siloed data into actionable insights that provide shared context for your IT teams. This increased context and reduced complexity offers a better digital user experience, as well as helping to prioritize which security problems to focus on as incidents arise.  
  • Robust architecture and infrastructure: The foundation of any cybersecurity organization is its architecture and infrastructure. Vendors should have a cloud architecture that supports performance, including network capacity and throughput, a history of reliability, and adaptive capabilities like automation.  

Questions to ask vendors

  • How does your solution handle integrations with third-party tools? 
  • What does support and onboarding for new clients look like, particularly as it relates to learning platform management?  
  • How frequently is your infrastructure updated to deliver new capabilities?  
  • Do you have global coverage and connectivity? 
  • How does your infrastructure avoid customer downtime?  
  • Do you leverage peering partnerships with popular SaaS vendors to reduce latency?  

Looking forward into the future 

Some organizations want to improve their security posture now, with a vision of implementing a full SASE architecture down the line. Because a SASE architecture combines both networking and security functionality, a full SASE approach requires a coordinated and cohesive integration across both network security and networking teams, so a slow rollout that starts with SSE and folds in cloud-delivered networking over time makes sense for many teams. Plus, there’s often regulatory requirements in play that drive continued on-premises deployment. 

No matter where organizations are on their SASE journey, if the journey starts with SSE, it’s important to know what a vendor’s overall SASE vision and capability is to set yourself up for security success in the future.  

When assessing SSE vendors, look for:  

  • Ability and motivation to invest: Sometimes ability to invest means a solid financial portfolio; other times it means visionary, dedicated, and creative leadership. Often, it’s both. A vendor that has a strong market position and clear strategy towards continued investment and innovation is one you can count on to support your long-term security needs.  
  • Ability to support and include the key networking elements of SASE: For organizations that have a full-scale SASE roadmap in place, it’s important to select a vendor that provides the networking functionality – especially SD-WAN – that’s key for a successful SASE transformation.   

Questions to ask vendors

  • What’s the company’s vision for further integration? 
  • What’s the total value add related to any additional integrations and expansion of current capabilities?  
  • What would a successful SASE deployment look like? 
  • What are your networking options and SD-wan capabilities?  
  • Are all core components available in a single offer? Will there be flexibility to easily transition to a unified subscription service now or in the future? 

Get started on your SSE journey

Finding the right SSE vendor is about balancing your current investments, need, and goals vs. the ambitions and projections of the future. Organizations should focus on finding a vendor that can offer them a stable SSE environment and, at the same time, be able to support future growth.   

To learn more about SSE and find out if it’s the right fit for your business, talk to a security expert today.  

Consult an expert

Learn how how Cisco Umbrella can simplify your security and protect your users in a free consultation.

Contact a security expert

Finding the right SSE vendor is about balancing your current investments, need, and goals vs. the ambitions and projections of the future. Organizations should focus on finding a vendor that can offer them a stable SSE environment and...able to support future growth.

Tweet this quote

Additional Resources

Suggested Blogs