Understanding SSE: Components, Process, and Advantages

This article is the first in a three-part series covering a new market category, security service edge (SSE). The second entry highlights the top use cases of SSE, and the third explains what features you should look for when selecting an SSE platform.

The cybersecurity world is constantly evolving — updating existing technologies and innovating new solutions to bolster defenses from increasingly sophisticated cyberthreats. As such, just as we were becoming familiar with secure access service edge (SASE), Gartner introduced a new market category: security service edge (SSE). SASE and SSE help define the requirements for a purpose-built cloud security platform, but the two have important and noticeable differences.

First, let’s define SSE.

SSE is the convergence of key security services delivered from a purpose-built cloud platform. There are three core services encompassed by SSE:

Secure Web Gateway (SWG)

SWG secures access to the internet and web, mitigates the risk from inherently unknown and risky web content, and helps maintain access compliance across users. SWG must be delivered via a cloud platform when consumed as a part of SSE. As part of an SSE platform, SWG has to be fully distributed globally with strong points of presence so every user, regardless of location, gets a fast local connection to the cloud platform.

Cloud Access Security Broker (CASB)

CASB controls cloud apps and data so that sensitive data is not lost and compliance can be maintained. In the scope of SSE, CASB should be consumed both inline and via API and combined with DLP. By unifying all these into one cloud platform, you significantly reduce the complexity of point products. In addition, policy control becomes simple, as it is managed from one place across all data everywhere.

Zero Trust Network Access (ZTNA)

ZTNA enables secure remote access without the requirements of a legacy VPN. Within the scope of SSE, ZTNA provides a better user experience than backhauling through a VPN. Security is also improved (via reduced attack surface) for remote users.

Why SSE, and why now?

The modern workforce has undeniably changed — users, and the applications required to perform job responsibilities effectively, are more distributed than ever. This shift, accompanied by latency, increased cost and complexity, and security concerns, has caused organizations to rethink what’s needed to accommodate this new reality. As a result, consuming security services from a cloud platform is now the best approach for companies undergoing digital transformation, which is why SSE is now top of mind in the industry.

What is the difference between SASE and SSE?

SASE is a framework that securely connects entities — such as users, systems, and endpoint devices — to applications and services when their locations are distributed. The network side of SASE encompasses technologies like SD-WAN, WAN optimization, Quality of Service (QoS), and other means of improving connectivity to cloud apps. SSE, however, focuses on all the security services within the SASE framework that are needed to connect users to cloud apps securely.

What are the advantages of SSE?

Risk reduction

SSE enables cybersecurity to be delivered without being tied to a network. Security is delivered from a cloud platform that can follow the user to the app connection regardless of location. Because all security services are delivered in a unified approach, the risk is reduced as there are no gaps commonly seen across point products.

Zero trust access

SSE platforms (along with SASE) should enable least-privileged access from users to the cloud or private apps. Access should be granted based on identity and policy. A strong zero trust policy should consist of four factors: user, device, application, and content. By securely connecting users and apps using business policies over the internet, organizations can ensure a more secure remote experience. Users are never placed on the network, and the lateral movement of threats is eliminated, further reducing business risk.

Improved user experience

SSE enables fast local connections for all users. Instead of forcing users back to a central data center via VPN, SSE’s global data center footprint allows inspection to be delivered close to the users at the edge, reducing latency and improving connectivity and productivity.  

Consolidation advantages

Complexity is the enemy of IT productivity. By its very definition, SSE reduces the complexity and cost of traditional network security by delivering key security services all in one platform: secure web gateway (SWG), cloud access security broker (CASB), zero trust network access (ZTNA), cloud firewall (FWaaS), cloud sandbox, cloud data loss prevention (DLP), cloud security posture management (CSPM), and cloud browser isolation (CBI).

For more information, visit Zscaler.