There’s a new acronym in town: SSE, which stands for Security Service Edge. If this looks mighty similar to Secure Access Service Edge (SASE), it’s because they are closely related.
When SASE was conceived in 2019, we saw organizations struggling with new data security requirements that emerged from the increasing adoption of cloud technologies — a trend that was accelerated by the coronavirus pandemic. These cloud technologies include software-as-a-service (SaaS) applications, such as Microsoft 365, Salesforce, Google Workplace, and enterprise apps running in infrastructure-as-a-service platforms (IaaS), such as Amazon Web Services, Azure, and Google Cloud Platform. As Lookout Head of IT Joel Perkins told us, implementing SASE is a journey that will take time.
In July 2021 Gartner introduced SSE in its “Hype Cycle(™) for Cloud Security, 2021”, wherein “security leaders can evaluate the emerging technologies on this Hype Cycle to secure cloud computing.”* In February 2022, Lookout was named a Visionary in the 2022 Gartner Magic Quadrant for SSE.**
SSE isn’t just about having the right alphabets in your soup, it’s the idea of consolidating security technologies in the cloud to reduce complexity and enhance data security as employees access the web, cloud services and private apps from anywhere. In this blog I’ll break down why SSE matters and the types of data security capabilities a SSE platform should have.
Protecting data when remote work and cloud services circumvent perimeter security
With apps and data increasingly residing in the cloud, users now expect seamless access from anywhere and on any device. But security controls have been deployed with disparate on-premises tools that are anchored to data centers. As a result, most organizations have lost the ability to secure their data as they migrate to the cloud.
This is where the SASE promise comes in, converging key networking technologies, such as Software-defined Wide Area Networks (SD-WAN), with technologies that secure both access and data which Gartner calls SSE. The SSE technologies that may be most familiar are Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA) and Secure Web Gateway (SWG).
However, the real value is in the data protection services that ensure data is not exposed when it is copied or downloaded from the cloud. The idea is that, by integrating data security natively with these access technologies, organizations can implement a streamlined platform that gives organizations back control of their data by securing it wherever it goes, reducing risk and simplifying security operations.
SSE’s core objective: protect your data
Just like how traditional security was costly and inefficient because it was a mishmash of disparate products, SSE technologies have to be integrated and with the goal of securing sensitive data and reducing risk. To do so effectively, security teams need integrated insights into users, endpoints, data and apps.
Here at Lookout, we expanded the SSE framework with the integration of endpoint security, and advanced users and data protection capabilities. With these native to our platform, we can enforce intelligent Zero Trust access to varying degrees of granularity that matches both the risk level of users and endpoints and the sensitivity level of the data.
UEBA: stop insider threats and compromised accounts
Your data is often put in harm's way due to stolen credentials or an insider taking a malicious action – intentionally or unintentionally. This is where User and Entity Behavior Analytics (UEBA) comes in, monitoring the fluctuating risk levels of your users. By understanding how your users typically behave, you can spot when an account — whether it’s compromised or being used by a legitimate user for malicious activities — is putting your data at risk.
DLP: discover and secure your data
To make smart access decisions, you also need to know the sensitivity level of the data your users seek to access. With advanced Data Loss Prevention (DLP) integrated, Lookout enables security teams to take granular actions. For example, you may want to watermark or redact certain content instead of blocking access so you protect sensitive information while allowing work to get done.
EDRM: encryption that follows your data
The final layer of data security is the ability to automate encryption. In 2021, 12,000 sensitive files were stolen from pharmaceutical company Pfizer, including trade secrets related to its COVID-19 vaccines. While Pfizer later knew the sensitive nature of the data taken and which user did it, they weren’t able to stop it. With Enterprise Digital Rights Management (EDRM), organizations can encrypt data while it's downloaded so that only authorized users can access, even when shared offline.
Reduce risk and protect your data with Lookout SSE
At the end of the day, SSE and SASE are just frameworks. It's up to individual organizations to find a vendor that suits their requirements.
To secure data and reduce risk, Lookout delivers a platform that integrates endpoint security with an SSE that natively integrates UEBA, advanced DLP and EDRM to keep your data secure where it goes. The Lookout Security Platform provides the insights that enable organizations to implement Zero Trust to protect data, reduce risk and increase operational efficiency by closing gaps created by disparate point products.
To understand how the Lookout platform secures data no matter where it goes, check out our platform page. You should also download a complimentary copy of the 2021 Gartner Strategic Roadmap for SASE Convergence to get started on your SASE journey.
Download complimentary copies of the 2022 Gartner® Magic Quadrant™ for SSE and Critical Capabilities reports to learn:
- How SSE can help you reduce complexity, costs and management overhead.
- Which SSE Gartner Critical Capabilities to focus on
- Which Use Case/s could be applied to your organization and what to look for in an SSE vendor.
- The analysis behind Lookout’s placement
*Smarter With Gartner, “4 Must-Have Technologies That Made the Gartner Hype Cycle for Cloud Security, 2021”, September 08, 2021
**Gartner, Magic Quadrant for Security Service Edge, John Watts, Craig Lawson, Charlie Winckless, Aaron McQuaid, February 15, 2022
Gartner and Hype Cycle are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved