• United States



The evolution of security service edge (SSE) and zero trust

BrandPost By Zscaler
Apr 27, 20234 mins
Data and Information Security

How do zero trust architecture concepts relate to the broader definition of SSE?

istock 1352833698 article 7 image jacoblund
Credit: Jacoblund

With the recent publication of Gartner’s updated Magic Quadrant for Security Service Edge, we have been asked by several CXOs about this fast-growing solution category and how it relates to zero trust. The short answer is that they are closely intertwined.

Zero trust is a framework for securing organizations in the cloud and mobile world that asserts that no user or application should be trusted by default. Zero trust is a way of thinking permeating across several areas, not just new architecture or technology. There are practical zero trust implementations from vendors, like Zscaler, that have solutions with zero trust frameworks at their core. Once deployed, zero trust technology provides secure access to public or private destinations for users, things, and workloads.

The most common taxonomy used to describe solutions with zero trust architecture is Security Service Edge or SSE (defined by Gartner, and evaluated in a recently published Magic Quadrant and Critical Capabilities research note).

SSE provides a framework that combines the main elements of network security–including the Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), a Cloud Access Security Broker (CASB), and firewall as a service (FWaaS), among other components–as provided from the cloud at a location near the end user. ZTNA, in this context, relates to user-to-private application access. The main point is that the security stack, once hosted on-premises, moves to the cloud or the “security edge.”

How do zero trust architecture concepts relate to the broader definition of SSE? They are closely intertwined. Think of SSE as a practical implementation of zero trust architecture and other ecosystem components like identity, endpoint detection & response (EDR), or security information and event management (SIEM).

picture 1 image article 7 1200 Zsclaer

SSE is part of a broader Gartner framework called SASE (Secure Access Service Edge) that encompasses both SSE and WAN Edge infrastructure, including SD-WAN. SASE is commonly delivered as a two-vendor solution, leveraging robust integrations between SSE and SD-WAN architectures.

Drivers of SSE adoption

The adoption of SSE solutions is accelerating as cybersecurity professionals gravitate to modern, unified platforms and away from siloed point solutions to improve security, cut costs, and simplify management. 

Some of the key drivers are the evolution of the end user. Gartner calls this the “human-centric workforce,” which SSE facilitates, as it is based on user identity. That means security is woven around the user rather than location. SSE solutions enable better end-user experiences by reducing latency, applying a consistent security experience, and increasing flexibility to secure hybrid work.

Continuing cloud adoption is another underlying driver as security teams struggle to maintain configuration and vulnerability management as applications move to SaaS, IaaS, or PaaS hosting. SSE helps alleviate traditional architectures that backhauled traffic through the data center to access the cloud – SSE instead can provide security simply delivered from the cloud for the cloud.

Finally, another trend related to solution consolidation is a growing preference to consolidate multiple security solutions to a single SSE vendor. SSE allows networking and security teams to retire their legacy security stack across numerous vendors to a cloud-hosted and centrally managed SSE platform.

Zscaler’s innovative approach to SSE

Zscaler’s innovation in the SSE market started 15 years ago as pioneers of the cloud security market. And this innovation continues today, as Zscaler’s SSE platform goes beyond just protecting users.

Gartner’s evaluation of the SSE market is primarily focused on SSE for users or protecting the user accessing public or private applications. However, SSE must extend beyond just users. That is why Zscaler’s Zero Trust Exchange also provides extended SSE for workloads, IoT/OT, and B2B.

  • SSE for Workloads: Secures workload to internet traffic, provides zero trust workload to workload connectivity and secures cloud workload posture (CNAPP) [learn more]
  • SSE for IoT/OT: Secures internet traffic and provides zero trust connectivity to and from IoT/OT systems [learn more]
  • SSE for B2B: Provides customers and suppliers fast, seamless, and zero trust access to apps [learn more]
picture 2 body article 7 1200 Zscaler

And this innovation doesn’t stop there. New to the Zscaler Zero Trust Exchange is AI-powered capabilities to stop advanced cyber threats and data loss, simplify management, and speed response times. These include applying AI techniques to cloud browser isolation, phishing detection, and C2 detection, to name a few.

Additionally, Zscaler offered the first SSE-integrated digital experience monitoring (DEM) platform for end-to-end visibility and easy troubleshooting of end-user performance issues for any user or application. Innovation in the DEM space includes AI-powered automated root cause analysis capabilities.