Choosing the Right Security Service Edge Platform

Finding the right security service edge (SSE) platform for your organization is crucial. In this piece, we look at the capabilities an effective SSE platform should include, to ensure you make the right selection.

This is the third installment of our security service edge (SSE) blog series. Our first blog explores SSE as a platform, and the second looks at the top use cases. In this article, we’ll explore what features you should be looking for when selecting an SSE platform.

SSE is all about delivering security from the cloud. Cloud apps and mobility have started a revolution, and security needs to be untethered from the network. While SASE explores the complete framework required both from a network and security perspective, SSE (the security half of SASE) is all about security services. To reap maximum benefits from SSE, you must be uncompromising in your decision process. Why? Unlike point products, a holistic, integrated approach like SSE will undoubtedly become an essential centerpiece of your security strategy.

Therefore, it is crucial to make the right decisions. Let’s look at the capabilities an effective SSE platform should include.

Inline and SSL inspection at scale

One of the critical values of SSE is its ability to deliver a unified approach to security inspection.  Across the web, internet, cloud apps, and data, inspection will be the most important thing your SSE platform will be doing. Because much of your SSE platform will deliver inline inspection across business-critical traffic, you need to ensure it was built with that in mind. If there is a problem with your SSE platform, you’ll know immediately, as your business traffic will come grinding to a halt. When choosing an SSE platform, stress test extensively and select platforms with a proven pedigree for performance and scale across large organizations.

Additionally, SSE platforms should provide proxy inspection. This is the only way to deliver SSL inspection, where most threats now hide. The best SSE platforms need ultimate scalability to accommodate a surge of users and traffic. Remember that proof of value (POV) testing associated with pre-purchase often cannot simulate the demands and scalability of an ecosystem with 20,000+ users. Please don’t overlook the importance of getting references from SSE vendors that prove they can deliver at scale across giant install bases.

Purpose-built zero trust

Many organizations have initiatives around zero trust. It’s a huge market driver and one of the key reasons Gartner has defined SSE with strong zero trust overtones. Zero trust network access (ZTNA) is the concept that remote access should provide user-to-app connectivity without having to place the user on the network. As organizations began swapping out their legacy VPNs for ZTNA in force around the beginning of the pandemic, it became clear that ZTNA was a much-needed security service within the SSE ecosystem. ZTNA is no different than SWG and CASB, as they all focus on user-to-app connections. Forward-thinking companies are now shopping for zero trust solutions to complement the rest of their cloud security services.

So, what capability should your SSE have to enable zero trust? At its core, zero trust is identity-driven least-privileged access. View your SSE platform as an international airport — nothing gets through unless it passes all identity checks. An effective SSE platform should evaluate identity and uplevel security by checking for device posture, user risk score, location, and destination. Of course, this only works if the SSE platform can scale SSL inspection and has the global presence to protect all users, both on and off the network. 

Optimization for enhanced user experience

User experience is a critical aspect of SSE that should not be overlooked when selecting an SSE platform. We know that legacy data center security approaches can negatively impact user experience, and security shouldn’t be an inhibitor — you shouldn't even know it’s there. For example, backhauling users and offices to a centralized egress point are sure to gain users’ attention, but for all the wrong reasons. Alternatively, creating a direct path to the internet and cloud applications increases speed and improves user experience, reinforcing the value of cloud platforms like SSE.

Securing all these connections with a ubiquitous cloud platform immediately provides a faster experience, but there are a few things you need to consider in an SSE platform. First, as previously mentioned, look for vendors with the largest footprint of global point of presence (POP), especially if you have a distributed workforce. All employees globally, from London and Japan to Australia, India, and the U.S., all want a fast experience, with a local SSE onramp. Also, purpose-built SSE vendors will deliver inspection down to the edge. Instead of having a few centralized locations of compute, every SSE onramp should do edge inspection with all security services across SSL. This again ensures the fastest experience without any security latency. Lastly, strong peering is a must with SSE. Ensure your SSE vendor peers with as many other cloud providers as possible, ensuring the connection between everything your business uses is fast and local.

Room to grow

When selecting an SSE platform, the last recommendation is to think about the future. SSE is all about unifying cloud security services in a holistic way. As mentioned, it will be a centerpiece of your security strategy: once you embrace a unified platform, you will wonder how you operated without it. Look for vendors that value innovation and are preparing for the future of SSE based on customer requirements.

Outside of security, think through other areas of your company that will require growth, including:

Branch offices

While remote work is still top of mind, your branch offices will soon start coming back to life, and they will need fast internet performance to match what users have become accustomed to at home going direct. The best SSE vendors will add significant value on the network side, which is core to the SSE parent, SASE. Direct internet access (DIA), SD-WAN, and other connectivity aspects of your organization can benefit from an SSE vendor with a robust feature network set that can maximize branch office performance and user experience.

Digital experience monitoring

The ability to monitor user experience — with in-depth visibility into choke points — can be an invaluable tool to maintain user productivity and prove the worth of your SSE platform to the board. Lastly, expanding the scope of SSE to cloud workloads is an important initiative. Like users, workloads connect to the internet, require inspection, and have extensive routing and connectivity requirements. Look for SSE vendors that deliver workload connectivity and protection. Enabling SSE to be at the heart of your IT ecosystem simplifies requirements while consolidating all your user and workload security across the same policy and controls.

Because SSE is newly-defined, it can be challenging to identify the most important benefits and even more difficult to select the best platform for your business. Don't be intimidated. Instead, consider the factors that matter most to your organization, from user experience and growth potential to zero trust and security requirements.

Learn more:

What is Security Service Edge?

What You Need to Know About Gartner’s New Security Service Edge

Gartner’s New Security Service Edge: Real-World Applications

 

Related:

Copyright © 2022 IDG Communications, Inc.