ANNOUNCEMENT | Axis acquired by HPE Aruba to create a powerful, unified SASE platform.
What is SSE?
Security Service Edge (SSE) is a relatively new term used to describe a set of integrated, cloud-delivered, security services that broker secure connections between authorized users and business resources by using identity and policy. First introduced by Gartner in 2021, Security Service Edge (SSE) represents the future of security connectivity. As more and more users work outside the corporate perimeter due to hybrid work, adoption of SaaS apps (i.e. M365, Salesforce, Box etc.) increases, and private applications move to public cloud, IT leaders have realized that it no longer makes sense to backhaul user traffic to a corporate network. Because of this, many IT leaders are looking to replace traditional network security appliances (i.e. Firewalls, VPN gateway appliances, web gateway appliances etc.) in an attempt to better protect data, deliver a better experience and reduce costs for the business.
SSE platforms are the modern alternative to traditional network security technologies. They extend secure connectivity out to the users location through cloud services – without connecting users to the corporate network, exposing applications or IT infrastructure to the Internet, or requiring complex network segmentation. Instead, a Security Service Edge (SSE) platform allows IT to provide end users with secure access to private applications from anywhere, safely access the Internet, and quickly access SaaS apps used for work. SSE services that include Digital Experience Monitoring (DEM) can even boost user productivity by making it easier for network operations managers to monitor application, device and network performance.
The terms Secure Access Service Edge (SASE) and Security Service Edge (SSE) are often conflated. While they may sound similar, they are actually different. SASE represents the broader framework that many IT leaders are looking to adopt. It’s the notion of combining modern day network optimization services (i.e. SD-WAN, Content delivery, QoS) with modern day secure access services (i.e. ZTNA, SWG, CASB etc.). Put simply, SSE represents one half of the SASE framework.
Pro-tip
Companies looking to securely enable a modern workplace should begin first by deploying an SSE platform. Once SSE is deployed they can either decide to continue to invest in network optimization or embrace more of an “internet-only” model. This will allow them to make smarter decisions on whether or not technologies, like SD-WAN, are important to their business mission, or not.
SSE services use a zero-trust architecture that combines identity, policy, and context to securely connect business users to key business apps. This reduces the overall attack surface, minimizes the change of over-privileged access, and helps security prevent threats like ransomware, insider threats, acquiring a breach through M&A, and third-party users.
SSE increases the presence of secure access technologies by extending security services to the edge ( the user location and their device) via a cloud architecture. This helps minimize latency (no backhauls to the datacenter or site-to-site VPNs). SSE platforms that support both agent-based and agent-less access models help make access seamless to end users – even as they shift between home and the office.
SSE services that offer inspection provide deep visibility at the user and application level, which is more granular than source IP and destination IP – making it simple for security to react to potential threats.
Enabling hybrid work for employees, securely connecting the business ecosystem with private data, simplifying the migration to the cloud, and accelerating IT integration during M&A are all initiatives that are easily supported by an SSE platform.
SSE services that are fully cloud-delivered helps IT avoid renewing contracts for disparate network security services like VPN, firewalls, or secure web gateway appliances. In some cases, the SSE service charges are based on a per-user, per-year, subscription. This makes it easy for IT to prevent expenditures while avoiding issues with high bandwidth costs, or management of appliances.
According to Gartner the first step in adopting a SSE platform should be to “Deploy zero trust network access (ZTNA) to augment or replace legacy VPN for remote users, especially for high-risk use cases.” Once this is done, teams can then look to further inventory their equipment and any existing contracts to begin putting together a phase out plan for perimeter-based security technologies. They can then look to consolidate contracts by selecting a single SSE vendor that can provide ZTNA, SWG and CASB. These decisions will not only impact infrastructure at the corporate office, but can also help accelerate branch office transformation projects – helping to minimize unnecessary MPLS costs, and instead investment in cloud-based security edge services at the branch..
Watch ‘SSE Explained’ video to learn about the SSE architecture
Watch NowLearn how to get started with the Architect’s Guide to Adopting SSE
Read Guide