What is Security Service Edge (SSE)?

Security Service Edge is the security stack of SASE (that also includes a networking stack including SD-WAN).

Security Service Edge is the security stack of SASE (that also includes a networking stack including SD-WAN). A complete SSE stack of cloud security services allows organizations to protect their workforce from internet threats, provides secure and adaptive access to private corporate applications, and protects data across all their cloud platforms and applications.

Security Service Edge

There are 3 core services as part of the SSE stack:

  1. Secure Web Gateway (SWG): Protects workforce and devices from all internet based threats.
  2. Zero Trust Network Access (ZTNA): Protects access to private apps, whether they are in a data center or hosted in the cloud.
  3. Cloud Access Security Broker (CASB): Protects data stored in multi-cloud environments.

SSE vs SASE: How are they different?

SASE or Secure Access Service Edge is an architecture that allows networking and security services to be consumed using a unified control and a unified management plane. The networking and the security services delivered using this architecture focuses on delivering a better end user experience, helping improve security posture, while reducing the cost and complexity for IT teams.

SASE has two parts: Networking Services or the WAN Edge part that includes SD-WAN delivering WAN optimization, Quality of Service (QoS) and Direct Access from branch office locations to the internet.

The Security Services or the SSE part includes SWG, CASB and ZTNA delivering a unified platform for delivering consistent security policies, protecting users, data and access to applications with the same solution.

Why do you need SSE?

Traditionally, the security of an organization has been dealt in a very siloed fashion and using multiple vendor products that were deployed in a data center. With an acceleration to cloud, and workforce becoming hybrid, the traditional approach does not meet the requirements of modern day work style because of the following:

  • The traditional Castle and Moat architecture requires all traffic to be backhauled to data center, adding latency and resulting in poor end user experience
  • It requires extensive management, including maintenance, administration, and new deployments keep IT stressed and allow less time to focus on strategic initiatives and team growth
  • It does not provide complete visibility and monitoring of work-related end user traffic and actions thereby resulting in insecure and costly work practices

Key benefits of SSE

A complete and a unified stack of security services allows customers to:

Provide a secure and productive environment for hybrid workforce

As a cloud native service, it sits inline with applications in the cloud and does not require backhauling, delivering a real time end user experience. 

Modernize IT with a cloud-delivered unified platform

A unified, cloud-delivered platform minimizes management of security policies and does not require day to day maintenance thus providing time for IT to focus on strategic initiatives as well as on their professional growth.

Protect corporate data stored across multiple cloud platforms

As all the corporate traffic goes through this single proxy solution, it helps identify Shadow IT and empower end users to use sanctioned applications securely. It also inspects all the incoming and outgoing internet traffic for stopping and internet-based threats like ransomware.

How does SSE work?

Security Service Edge or SSE is part of the SASE stack that offers security delivered as a service. These services are cloud-native, that offer unlimited scalability, high resiliency, and ease of management. As these services work as one, it protects a user’s journey all the way from its endpoint, to accessing their work in cloud and back. Below is an example of such an illustration.

Top SSE use cases

1. Secure web and cloud usage

  • Allow workers to securely access information they need, whether it is general internet access or corporate applications hosted in the cloud, or delivered as SaaS. A unified policy framework helps protect these workers from internet based threats like ransomware as well as protect corporate information stored across various cloud, SaaS and private applications.
  • Prevent any policy misconfigurations and mitigates any risk as a result of human error or policy mismatches in the cloud.

2. Detect and mitigate threats

  • Allow IT to discover any unauthorized activities by users in terms of using unsanctioned SaaS apps to share corporate information. This enables IT to secure these apps and allow users to continue using these apps while following proper security practices.
  • Discover and remediate any malicious content by inspecting all incoming and outgoing internet traffic and preventing harm to corporate networks including stealing of sensitive information.
  • Prevent unauthorized access to apps based on adaptive access policies that are based on user's risk, device posture and user location.

3. Connect and secure remote workers

  • Provide users the flexibility to use any device from any location with agent-based and agentless access to private apps.
  • Protect remote workers from internet-based threats like ransomware and phishing attacks.

4. Identify and protect sensitive information

  • Discover sensitive information automatically with inline controls which allows enforcement of security policies on the fly, and prevents exposure of sensitive data in real time.
  • Prevent exposure of sensitive data, even if files are shared with external parties like partners, and contractors, with embedded security policies within the files.

Three important things for selecting the right SSE solution

As you select the right security strategy for your organization, please keep in mind the following:

  1. A unified platform will future proof your investment - Look for vendors that deliver cloud-native platforms that will help you build your stack as a single, integrated solution. It will help you minimize management overhead, future proof your investment, allow your IT to focus on key and strategic initiatives, and provide a great end user experience.
  2. Built from the ground up with zero trust - A solution, built as cloud-native from the beginning,  will provide the best scalability and reliability for your business. A solution based on zero trust will help you modernize your IT security, protect you from all the modern day threats coming from the internet or from Internal employees as well as provide flexibility for your modern day workforce to work from anywhere using any device.
  3. Provide tools to discover and monitor all corporate traffic - The right solution can enable IT to implement security controls to protect corporate information from being exposed and misused. By doing this, IT can be more flexible in allowing users to continue using unsanctioned apps for their work.

Learn more about how Lookout helps accelerate your SASE journey with SSE