Why No SASE/SSE Architecture is Complete Without Isolation
Web isolation technology strengthens SASE platforms with functionality that extends well beyond secure browsing to protect web app surfaces.
What is Security Service Edge (SSE)?
What is Security Service Edge (SSE)?
In 2021, Gartner introduced the term Security Service Edge (SSE), as part of its report entitled the 2021 Strategic Roadmap for SASE Convergence. In this report, Security Service Edge (SSE) is described as a group of cloud security capabilities that are integrated as part of a Secure Access Service Edge (SASE) offering.
SSE security provides secure access to private applications, software as a service (SaaS), and websites alike, all through a cloud infrastructure. This is a solution tailored for today’s world, where organizations are utilizing more cloud apps, users are accessing networks from many locations, and data resides in more places than just a data center.
How is SSE security different from Secure Access Service Edge (SASE)?
Secure Access Service Edge (SASE) refers to a cloud-delivered service that combines network security functions with SD-WAN infrastructure. Thus, a SASE solution comprises two subcategories – SSE and WAN edge infrastructure.
Security Service Edge refers to the fundamental cloud security components of the SASE solution, without the accompanying SD-WAN and connectivity optimization services. SSE capabilities cover access control, security monitoring, security enforcement, threat protection, and more, as an integrated solution.
Of course, SSE is best used together with SD-WAN networking services, as part of a SASE solution, for optimal network performance.
What are the key components of SSE?
A good Security Service Edge (SSE) solution will include a combination of some or all of the following network security services, through a unified platform.
Zero trust network access (ZTNA)
ZTNA provides least privileged access controls for private applications, data centers, and cloud resources. It does this through granular, role-based security policies, so user access is only granted for the exact corporate resources that the user requires.
Zero trust network access is ideal for providing both on-premises and remote access to an organizational network, replacing legacy VPNs. ZTNA can scale to support a global network of users, enabling access that is secure, reliable, and efficient.
Data loss prevention (DLP)
DLP tools classify data both at-rest and in-transit, and ensure that sensitive data is protected. No matter where the data resides, whether it’s cloud-based data, or in on-site data centers, DLP ensures that no valuable corporate data is left vulnerable to data loss or theft.
Cloud access security broker (CASB)
A cloud access security broker acts as an intermediary between end users and cloud services, providing data security through policy enforcement.
CASB capabilities often include authentication, single sign-on (SSO), threat protection, and monitoring.
Secure web gateway (SWG)
A secure web gateway protects users from web-based threats.
A SWG often includes web traffic monitoring and filtering, web access controls, URL filtering, web visibility, malicious content inspection, and a variety of other web security services. It also handles acceptable use control.
Remote browser isolation (RBI)
RBI provides users with secure remote access to the internet and web apps.
With RBI, the end user browses the web as usual, and all active code, malicious or otherwise, is run in a virtual container outside the organizational network. The user is presented with an interactive content stream for a seamless experience.
At the end of a browsing session, the virtual container is destroyed, ensuring that malware can never reach the user’s endpoint or the organizational network.
Firewall as a service (FWaaS)
This is like a regular firewall, but as a software as a service (SaaS) product. Organizations can configure the firewall to restrict or block access to the corporate network as needed.
As part of SSE, FWaaS can be used to secure remote locations, such as branch offices, or a data center, analyzing network traffic and user behavior, enforcing security policies, and providing complete network visibility.
As it’s a SaaS product, FWaaS is easier to scale and maintain than its traditional counterpart. It also doesn’t require that organizations route traffic through hardware on-site.
Read about ZTEdge Capabilities
What are the benefits of Security Service Edge (SSE)?
Using Security Service Edge creates many benefits for an organization. Here are some of the main benefits.
Cloud native architecture
As companies increasingly adopt cloud infrastructure, such as cloud apps, the network security services must be suited for this. An SSE solution is designed to protect data and provide access management specifically to organizations that are using cloud-based services.
Provides secure access to cloud apps and the web
The security technologies that form SSE, such as CASB and ZTNA, ensure that only authorized users have access to private apps, cloud services, and the web, through comprehensive policy enforcement.
Less complexity
As SSE is a set of components that are integrated into a single cloud-based service, security teams benefit from increased simplicity – central management and monitoring, easy maintenance, and scalability. This saves time, money, and resources, when compared to the hassle involved in integrating numerous standalone security technologies.
Comprehensive threat protection
SSE tools, such as ZTNA, CASB, and RBI, use a preventive approach to ensure protection from all kinds of threats, whether they originate from inside or outside the network.
Ideal for a remote workforce
As SSE delivers security controls from the cloud, it provides security capabilities for remote workers, including mobile users. With SSE, an organization can enforce consistent security, no matter where remote users are located.
Protects sensitive data
With SSE’s data protection capabilities, all sensitive data is protected both in-transit and at-rest. As more data is stored outside of the traditional data center, with the introduction of distributed edge computing and the increasing need for remote access, SSE provides a more robust data protection solution.
How to choose the right Security Service Edge (SSE) solution
It’s important to choose an SSE solution that includes most or all of the technologies listed above, to ensure the most comprehensive network security possible. Here are some other characteristics you should look for:
Integrated solution
Choose a single SSE vendor that can provide all the capabilities as part of one platform. This is far more simple to manage than using multiple SSE vendors.
Scalability
Will the solution grow with your organization? For a growing enterprise, a good SSE must be able to scale easily and provide security capabilities on a global scale.
Zero trust architecture
Zero trust is the golden standard for access control. An SSE should use zero trust access controls for all users, devices, and applications. This will provide users with faster and more secure access than other alternatives, such as VPNs.
ESG Report Highlights Midsize Enterprise’s Needs for SASE Solutions
What midsize enterprises want from SASE solutions is a bit different from their larger peers, ESG’s Democratizing SASE for Midsize Enterprises reports.