What is Security Service Edge?
Gartner introduced the SSE concept in 2021 and defined it as a group of technologies that secure access to the web, cloud services and private applications regardless of the location of the user, their device, or where the application is hosted. SSE capabilities include threat protection, data security, access control, security monitoring, and acceptable-use control enforced by network-based and API-based integration.
In practice, Security Service Edge (SSE) combines diverse security functions and delivers them as a service from the cloud. The core modules include secure web gateway (SWG), zero trust network access (ZTNA), firewall-as-a-service (FWaaS), and cloud access security broker (CASB). These are supplemented by multimode DLP, DNS Security, remote browser isolation (RBI), sandboxing and threat intelligence. SSE helps enforce modern cybersecurity to radically reduce risk and improve the end-user and IT staff experience by addressing today’s challenge of safely connecting anything to anywhere.
How does SSE help a remote workforce?
IT and security teams are finding it challenging to secure increasingly dispersed employees, contractors, and partners. End users primarily connect to cloud-located SaaS applications or IaaS sources, as well as private applications, from anywhere that has an internet connection. As a result, more traffic flows outside of data centers and bypasses the traditional security perimeter. This magnifies the attack surface. The level and sophistication of threats constantly grows. Altogether, this expands security gaps that legacy security architectures aren’t built to handle.
SSE can protect your organization from cybersecurity threats, simplify the access procedures for hybrid workers, and reduce IT/Security complexity — no matter where employees log in.
What’s the difference between SASE and SSE?
In 2019, Gartner defined a term that’s become well publicized in the intervening years — Secure Access Service Edge (SASE). SASE is the convergence of security and networking capabilities into one single cloud-delivered service. Think of SSE as the security side of SASE.
A commonly asked question is whether an organization should deploy SSE or move towards a full SASE topology. The answer will vary by each organization’s own unique need and situation. Factors to evaluate include:
- Is there an existing SD-WAN network deployed?
- How centralized are the networking and security procurement and deployment teams?
- What security stack service contracts are in place and when do they expire?
- Are hardware refresh cycles coming up?
- What are the specific use cases and relative importance of networking and security improvements?
The journey to SSE or SASE is not an either/or decision. In fact, the introduction of SSE by analysts and vendors was a tacit recognition that some organizations, especially large enterprises, might not quickly move to SASE. Rather, they may employ an incremental approach and initially focus on the security facets of SSE. In this scenario, IT could maintain separate networking, primarily via SD-WAN. Vendors with a solid background in security and networking are best positioned to support comprehensive SSE and SASE solutions. And as usage models and needs will change over time, having the flexibility to combine SSE based security and networking with SD-WAN and related elements of SASE is critical.