When the COVID-19 pandemic hit, everyone in the security world was talking about the value of a secure access service edge (SASE) to protect the waves of workers now accessing company data and apps from home. Vendors across the security landscape were all announcing new products and services in this “new” market as IT teams clamored to better protect their end users now working from home – where the “edge” was no longer within the safe confines of a secured firewall.
But now a new technology is penetrating this market in a fresh attempt to address today’s changing dynamics of work: the security service edge (SSE). SSE, unlike SASE, is an edge security service without all of the software-defined networking (SDN) capabilities. This evolution delivers new advantages, and opportunities. Let’s explore them.
First, What’s the Difference?
Gartner coined the SASE term in 2019 as a class of products that converged networking service brokering, identity service brokering and security as a service into one solution. In a nutshell, SASE products make security for edge environments more effective by creating a single fabric for networking services with a single control point. The key here is that SASE includes networking services.
Subsequently in late 2021, Gartner pinpointed a new technology concept: SSE which delivers the security capabilities, without all of the network connectivity infrastructure. Even though SSE includes some network access and connectivity capabilities, it focuses more on securely enabling end user access.
Gartner sees this as a big move. Their February 2022 “Critical Capabilities for Security Service Edge” report claims that “By 2025, 70% of organizations that implement agent-based zero trust network access (ZTNA) will choose a security service edge (SSE) provider for ZTNA, rather than a stand-alone offering, up from 20% in 2021.”
What Can SSE Do?
A SSE solution essentially secures access to the web, cloud services and private applications. This is why it is so ideal for remote and home-based workers. It does this by offering capabilities for access control, data security, threat protection and security monitoring. It can also enforce acceptable-use control through network-based and API-based integration. In most instances, SSE is delivered as a cloud service, but it can also include on-premises and agent-based components.
What Doesn’t SSE do?
It might be easiest to think of SSE as a subset of SASE. It offers many of the same security control capabilities including zero-trust network access, a secure web gateway and a cloud access security broker. Some vendors also include network traffic control or a firewall-as-a-service. It doesn’t typically provide network bandwidth control or WAN optimization.
These features are more ideally suited for the remote worker where SD-WAN network traffic management may be unnecessary. An SSE will help to protect remote workers from cyberthreats and malicious attacks by governing their access control and monitoring for unusual activity.
SSE to Secure Remote Work
As many will report, remote and hybrid work is here to stay. In fact, according to a survey by Wakefiled Research, almost half of employees (47%) would look for a new job if their employer didn’t offer a flexible working model. As such, the security implications of the remote worker will clearly persist.
SSE solutions are a wise investment to ensure that this new work model doesn’t put corporate data and apps at risk, while still giving remote users the flexible access they need to get work done. Without some of the needless network management of SASE solutions, they ensure protections that prevent sensitive data loss, both accidental and intentional, so that businesses can continue to enable worker productivity anywhere they want to work.