Cybersecurity Alphabet Soup: SASE vs. SSE

SSE and SASE may look similar on paper, but they each play a distinct, critical role in cybersecurity. Here’s what IT teams need to know about these two solutions.

Random letters in a pile

When it comes to the cybersecurity space, there is no shortage of acronyms. With DLP, CASB, SSL, IPS, ATP, CIEM, ZTNA, CSPM, ML, SWG, and many others, the alphabet soup can become too much to consume. However, each acronym typically corresponds to technologies or frameworks that address unique challenges that must be solved if an enterprise is to maintain a robust security posture. Therefore, when a new phrase is coined, IT teams need to understand what it refers to, why (or perhaps if) it matters, and whether they need to change the way they go about security.

SASE is an acronym that recently took the world by storm and called existing IT paradigms into question. However, at the apex of its popularity, Gartner, its creator, coined yet another similar-sounding term: SSE. Naturally, this has led to some confusion. So, why this addition to the cybersecurity dictionary, and how is SSE different from SASE? Read on to find out.

SASE: The core framework

SASE (pronounced “sassy”) stands for secure access service edge and refers to a framework suggested by Gartner rather than a specific technology. Unlike legacy data center architectures wherein network and security services are disjointed, SASE envisions a cloud-delivered ecosystem that unifies the two. With users, services, applications, and end-user devices existing virtually everywhere, organizations need a means of connecting them both effectively and securely, ensuring a productive user experience while keeping data safe and threats, like ransomware, at bay.

While the development of SASE offerings is still in its early stages, the vision  is that individual vendors will one day have complete suites of both network and security services (from SD-WAN and quality of service [QoS] to cloud firewall [FWaaS], and Cloud Browser Isolation) so that organizations can obtain a single, unified, secure access service edge.

SSE: Unified security

SSE stands for security service edge and is a subset of SASE. Specifically, the portion of SASE focused on the consolidation and delivery of security services (while the other half of SASE has to do with network services). In other words, SSE serves as a first step into the overarching SASE philosophy by suggesting that organizations adopt a single, cloud-delivered security platform that boasts a variety of integrated technologies and provides them at the edge — for any user anywhere.

The above represents a significant departure from legacy security architectures that require backhauling traffic to a central location and several disjointed appliances that can’t scale to inspect SSL and are costly to purchase and maintain. Stated simply, security, user experience, and enterprise productivity suffer under the status quo. Additionally, even where true cloud security solutions are deployed as point products, the lack of integration and the duplication of (disparate) policies create inconsistent security and a significant burden for the IT teams tasked with managing them.

SSE has emerged as a critical solution to the above challenges. SSE platforms provide comprehensive security by integrating three primary solution sets: cloud access security broker (CASB), secure web gateway (SWG), and zero trust network access (ZTNA). As a result, they can secure any cloud app, all web traffic, and private applications, respectively. This unified approach enhances security across the IT ecosystem while reducing complexity and saving time for administrators. Additionally, as the name security service edge implies, SSE offerings deliver their comprehensive security functionality through the cloud and as close to the end user as possible.

Where do we go from here?

While the volume of acronyms in cybersecurity can be overwhelming (and sometimes unnecessary), IT must work to separate the wheat from the chaff. In the case of SSE, analysts have their fingers on the pulse of what IT teams need to keep their organizations safe. That is to say, this is one bite of alphabet soup that is sure to be both delicious and nutritious.

Want to see how Zscaler fits into the SSE picture? Check out our Zero Trust Exchange. For further reading, take a look at how we help when it comes to data protection.


Copyright © 2022 IDG Communications, Inc.