Critical Capabilities for SSE: Securing Cloud Usage When Shadow IT is the NormDownload Case Study
With the release of the 2022 Gartner® Magic Quadrant™ for Security Service Edge (SSE) there is an abundance of information on the newest framework created to address security requirements in a cloud-first world.
SSE was introduced in 2021 to refine Secure Access Service Edge (SASE) by focusing on the convergence of security capabilities within the framework. Check out my blog breaking down SSE and SASE for a more in depth explanation.
For this blog, I would like to tackle the first SSE use case discussed in the 2022 Gartner Critical Capabilities for SSE, a complimentary report to the Magic Quadrant for SSE — Secure Cloud and Web Usage. Specifically, how organizations have lost visibility into cloud activities as users interact with cloud environments that they don’t manage.
This problem used to be labeled “shadow IT,” but that’s too narrow of a definition. The ownership of applications your users interact with now varies widely — from enterprise apps controlled by your IT department, apps owned by partners and contractors to apps owned by employees.
Let me break down why SSE is essential to how organizations reinstate visibility and control over their data while enabling this decentralized collaboration to continue.
Time to work with Shadow IT, not against
Shadow IT is not new. Employees have always sidestepped IT to acquire what they need for work. But over the past few years, this issue has exploded with the proliferation of software as a service (SaaS) and bring-your-own-device (BYOD) programs.
Yes, this boosted productivity, but it also turned security requirements inside out. “Unapproved” or entities, such as networks and devices, not under IT control might as well be the rule rather than the exception. Users are also switching between enterprise apps, apps owned by partner organizations and contractors, as well as apps they use personally, further complicating your cloud environment.
Rather than fighting against the lack of control, it’s better to work with the changing tide. Traditional tools used to secure web and cloud access are no longer adequate, and ultimately, it won’t protect data and keep organizations compliant. That’s where SSE comes into play.
Regain control with SSE
In light of the cementing of work from anywhere, it’s safe to say that this new wave of shadow IT, where countless apps are not under your direct control, is here to stay. To ensure your data is protected, here are key SSE capabilities that helps you regain control over those apps:
Visibility into all apps
The first step towards regaining control is visibility into all the apps that your users use, especially the ones not managed by IT. This enables you to better assess the risk levels of the various apps used, making it easier to onboard them into your organization.
With a next-generation inline proxy, SSE technologies are able to discover apps your users are using, including personal instances of popular enterprise SaaS apps, such as Microsoft 365 and Google Workspace, so that you can prevent data from leaking out of your enterprise.
Enterprise-wide policy enforcement
With that same proxy, SSE also enables you to enforce corporate and governance policies across all those apps. A comprehensive SSE platform would include native Endpoint Security, User and Entity Behavior Analytics (UEBA) and Data Loss Prevention (DLP) capabilities.
Armed with telemetry from those solutions, you can make smart access decisions based on the risk level of your users and endpoints as well as the sensitivity level of your data, ensuring you protect sensitive information while enabling productivity. You would also want Enterprise Digital Rights Management (EDRM) as part of your SSE, ensuring that policy is enforced even when data leaves your sphere of influence.
Keeping your security posture in shape
With SSE you can integrate with IaaS, platform as a service (PaaS) and SaaS for a holistic view of your tenant’s security posture and identify any misconfigurations. And, you can fine tune against baselines and industry standards to ensure your data protection policy and compliance requirements are met.
Shadow IT brought to light
SSE is like shining a light on shadow IT – clouds, apps, and internet usage can no longer remain hidden. The time is now to accept that security requirements are at a critical turning point. By harnessing the many powers of converged security, SSE diminishes the worries of the unknown – regaining visibility and control with granular policies.
The team here at Lookout carefully crafted a cloud-native SSE platform that stays ahead of the threat landscape derived from the way people work – and that’s why we believe we were named as a Visionary by Gartner in their very first Magic Quadrant for SSE – and ranked among the top three solutions inside the Gartner Critical Capabilities report.
Lookout brings full-strength SSE with not only access pipelines of Zero Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), and Secure Web Gateway (SWG), but native data protection capabilities that ensure sensitive data is protected while productivity is not hindered.
Securing Web and Cloud Usage is one of the use cases outlined by Gartner. If your organization is considering SSE, I would urge you to read the latest Gartner® Magic Quadrant™ for Security Service Edge and Critical Capabilities reports to learn:
- How SSE can help you reduce complexity, costs and management overhead.
- Which SSE Gartner Critical Capabilities to focus on.
- Which Use Case/s could be applied to your organization and what to look for in an SSE vendor.
- The analysis behind Lookout’s Visionary placement and top 3 placement in all Use Cases.
Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved
Gartner, Magic Quadrant for Security Service Edge, John Watts, Craig Lawson, Charlie Winckless, Aaron McQuaid, February 15, 2022
Gartner, Critical Capabilities for Security Service Edge, John Watts, Craig Lawson, Charlie Winckless, Aaron McQuaid, February 17, 2022
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.