Security Service Edge (SSE) Reflects Rapidly Changing Security Requirements: Here is What You Need to Know

The newest market segment, Security Service Edge (SSE), is here and demonstrates an increase in needs among users and the importance of zero trust access. Here’s why the industry’s newest acronym is being rapidly adopted by security leaders.

istock 1328349913
Inside Creative House

“What the world needs is another acronym in cybersecurity,” said no one ever. However, SSE – Security Service Edge – is an important new direction.

So why is this change of direction significant? Creating a new market segment is not done lightly – it often reflects trends and shifts in client inquiries (the typical analyst has more than 600 client interactions per year). The introduction of SSE demonstrates the fact that increasingly clients require:

  • Security that isn’t tied to a network.
  • Reduction of risk posed by gaps in disparate solutions.
  • Zero trust access that's least-privileged based on identity and context.
  • Consistent policy across all channels: internet, SaaS, and private applications in the data center or cloud.
  • Fast digital experience regardless of user location or connection.

First, let’s brush up on some history, shall we? The Secure Access Service Edge (SASE) category was first introduced back in 2019 to describe the convergence of WAN edge network services, like SD-WAN, with network security services, like secure web gateway (SWG) and zero trust network access (ZTNA). SASE described a world where the security perimeter wasn’t defined by appliances in a data center but as integrated services offered via the cloud closest to where the users were.

The adoption of SASE required crossing organizational silos and coordinating buying motions across disparate groups – for example, networking teams considering SD-WAN and security teams considering a consolidated security platform. This often required networking and security buyers to integrate solutions from multiple vendors.

Zscaler SSE Gartner Gartner

With SSE, the focus is on the security portion of its SASE architecture into its own taxonomy and research area and removes the access element, creating a separate market segment. SSE is a cloud-centric security platform – most often offered by a single vendor – that consolidates multiple security capabilities, including SWG, ZTNA, cloud access security broker (CASB), data protection, remote browser isolation (RBI), and firewall as a service (FWaaS) wrapped in Digital Experience Monitoring (DEM) to ensure optimal user experience (see Figure 1).

SSE promises to ensure secure administration and policies of cloud and web usage, identify and protect sensitive information, connect and secure remote workers, and detect and mitigate threats. And it promises to do so with a network-agnostic, single-vendor solution that offers consistent policy, zero trust access, and a fast digital experience.

The SSE market definition addresses these client requirements. SSE acknowledges that often disparate security services like SWG, ZTNA, data protection, and CASB should not be procured as standalone solutions, sold separately (where lots of assembly is required, and batteries are not included). The prevalence of cloud-hosted applications and data being everywhere, along with the emergence of the hybrid workplace, requires the streamlined approach of a best-in-class, single-vendor solution.

It also clarifies that single-vendor SSE platforms reduce risk by eliminating gaps created by multi-vendor offerings. They also allow a consistent policy to be set for data inspection and malware inspection.

Notably, the definition of SSE as its own market segment also acknowledges that these security services should be network-agnostic and not dependent on the underlying network infrastructure.

SSE further highlights the importance of zero trust access as the most secure way to connect users to applications, eliminating the need to allow users access to the network.

Finally, as noted earlier, SSE includes a section on user experience / DEM, acknowledging the importance of ensuring users get seamless access and optimal performance. This highlights the need for DEM solutions as an integrated part of a vendor’s SSE offering (see blog here).

Ensuring the digital experience of the end user is not only crucial for the adoption of SSE, but also for broader digital transformation initiatives.

Now, where do we see the SSE market evolve from here? First, we expect to see a broadening of SSE architectures to encompass cloud-to-cloud and workload-to-workload security, leveraging the same security cloud and policies that protect connections between users and applications.

We expect the SSE market to evolve toward protecting non-human users, with support for IoT/OT devices and 5G environments. We also see SSE vendors increasingly achieving operational benefits through automation and business intelligence, as these factors will significantly differentiate vendors in the space.

What does this mean for executives architecting a cybersecurity strategy? First, it means that executives need to leverage the SSE framework to evolve their cybersecurity strategies around a single platform vendor that can converge their disparate security solutions in a scalable and unified manner while optimizing the end user experience.

Not all SSE platforms are created equal, so anyone evaluating SSE options should look for solutions with the following capabilities:

A unified platform

A unified platform for growth to deliver all SSE services, plus network transformation and digital experience services.

Zero trust architecture

Native app segmentation, where business policies connect authenticated users to an official app without bringing users on the network.

Purpose-built for performance

Cloud-native architecture, globally distributed, with inspection and peering at the edge to provide the fastest app and user experience.     

Inspection scalability

Proxy-based architecture that holds and decrypts data in real-time to confidently inspect business-critical SSL traffic without limitations or SLA concerns.

While the introduction of SSE does add to the alphabet soup of Gartner acronyms, in this case, the juice is definitely worth the squeeze.

To learn more, visit Zscaler.


Copyright © 2022 IDG Communications, Inc.