Scott McKellar is currently a Technical Consultant at Mimecast where he has been since early 2019. Scott has been working in the technology industry for fifteen years and is passionate about technology & security. Scott enjoys understanding his customers and prospects often complex business challenges and aligning them with technology to solve problems and add value. Prior to his role at Mimecast, Scott headed up the technology team for an Australian leading Wi-Fi analytics SaaS and IaaS provider; Discovery Technology (a Data#3 company).
As the world digitalises at breakneck speed, cybersecurity moves with it.
One of the biggest shifts in working environments today is the shift from office-based to hybrid models. Many white-collar workers spent large chunks of the pandemic in WFH mode, and the change is here to stay – a mere 28% of us have returned to the office. That shift in how work is done has accelerated the move to the cloud, leaving some organisations’ security scrambling to catch up.
Of course, though the pandemic accelerated these changes, change had been underway for many years prior. By 2019, the security changes in cloud security made by forward-thinking companies were given a name: Secure Access Service Edge (SASE). Then, just as SASE was becoming a prominent part of the security landscape, along came another acronym. SSE, or Security Service Edge, was coined in 2021. Some experts believe it will sweep the industry. “By 2025,” Gartner says, “80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform.”
But before businesses jump on the hype train, let’s take stock. Here, we’ll explore what links SASE and SSE, how they differ, and how they can help your organisation get the most out of the cloud and weather the cybersecurity threats ahead.
How SASE can be cloud security’s saving grace
Traditional approaches to cybersecurity have been on the wane for years. The idea of a single perimeter protected by firewalls, antivirus solutions and the physical walls of an office was a thing of the past long before the pandemic.
Use of remote devices, the rise of networked machines (aka the Internet of Things) and the flexibility granted by cloud services all benefited organisations and employees, but gave cybercriminals an increasingly complex and distributed network to exploit. Factor in the expense of hardware maintenance and the difficulty of patching VPNs – plus the flaws of security set-ups that mix unintegrated tools – and it’s easy to see why some CISOs have been crying out for a solution.
Enter Secure Access Service Edge (SASE), which pulls software-defined WAN (SD-WAN) together with multiple security solutions into a single, integrated cloud service. The great advantage of SASE is that it consolidates its tools into a single point of control, helping organisations manage a distributed environment nimbly and securely.
Choose SSE for targeted protection in the cloud
SASE, then, doesn’t just provide security: it’s also about improving user experience in the cloud while keeping costs down and workflows manageable. Security Service Edge (SSE), meanwhile, is best viewed as a leaner subset of SASE. While it includes elements of network access and brokered connectivity, it exists primarily to ensure end-user security in the cloud, making it ideal for keeping remote workers – and your assets – safe. SSE takes a number of features of SASE, and makes them the main event:
Zero Trust Network Access (ZTNA), in which no user is inherently trusted. Access to cloud resources is instead constantly reviewed based on their identity and your policies. Zero trust can stop threats moving laterally or accessing applications, which remain protected within the SSE.
Secure Web Gateways (SWG) that offer secure access to the internet thanks to tools such as URL filtering, DNS monitoring, browser isolation and sandboxing
Cloud Access Security Brokers (CASB), which offer deep analysis of unusual API interactions across software-as-a-service (SaaS) and cloud applications
Firewall-as-a-Service (FaaS), or network traffic control – a sophisticated cloud-based firewall
SSE can deliver effective cloud security – if you choose the right product
SSE can offer multiple advantages. Key security services are integrated on one platform, offering usability and consistent protection, plus the ability to add additional services as needed. Because tools are delivered from the cloud, visibility and control across users and data is high, and updates can be automatically applied without delays. And SSE’s distributed infrastructure improves speed and frees your business from slow VPNs.
What should you look for in SSE?
If you’re in the market for a SSE solution, it helps to keep a few key considerations in mind when comparing vendors. For example:
minimal friction for the user
consistent security and cloud experience across locations and users
scalable and customizable (with the opportunity to add rising features such as digital experience monitoring or, where relevant, upgrade to SASE)
track record in supporting zero trust across a wide range of users, devices and apps
cloud apps should be accessible to users but not exposed to the internet
advanced threat detection, and security features such as FaaS, malware detection, cloud sandboxing, adaptive access control and SSL encryption and decryption
For many organisations, SSE is a step on the road to SASE
SSE can be a winning choice for organisations who want to secure a widely distributed workforce, but don’t need the added cost or more complex adoption that comes with adding SD-WAN and SDN network traffic management.
Yet SSE vs SASE is not a one-off, either/or choice. Many SSE vendors offer a licensing model that allows the upgrade to SASE when the time is right. For some organisations, merging networking and security via SASE to simplify workflows and tighten integrations will make perfect sense. For others – particularly the largest companies – it may make more sense to optimise your cloud-based security with one specialist vendor, and your SD-WAN with another. Whatever you choose, make sure security-centric thinking is at the heart of your cloud strategy.
Uniting the cloud with SSE
Being able to unite security over an increasingly complex and far-flung cloud is an obvious win for companies that have moved beyond an office-based infrastructure – as well as cybersecurity professionals wrestling with multiple platforms and the constant ping of alerts. With the cloud-security functions of SASE separated out as SSE, your organisation has the opportunity to weigh up the benefits of both, and build a cloud that will help your business soar – and make would-be attackers curse in frustration.