Security Service Edge (SSE) is a cybersecurity concept introduced by Gartner in 2021. SSE is the security component of the secure access service edge (SASE). Gartner defines SSE as a collection of integrated, cloud-centric security capabilities that includes Zero Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), Firewall as-a-service (FWaaS), and Secure Web Gateway (SWG). The goal of SSE is securing access to all web and cloud services as well as locally hosted applications.
SSE enables users of an organization’s applications, data, and assets secure, trusted access to resources and provides the ability to track user behavior to help identify anomalies that may be caused by bad actors or cyberattacks.
SSE solutions provide secure connectivity to users through cloud-based services, eliminating the need to connect users directly to the corporate network for services that are cloud-based. This eliminates the need to expose an organization’s IT infrastructure or applications needlessly or the need for complicated network segmentation. Instead, SSE connects users securely to applications across the internet. When coupled with digital experience monitoring (DEM), SSE can ease monitoring of apps, devices, and network performance which can provide a boost to user productivity.
The Secure Access Service Edge (SASE) was first introduced by Gartner in 2019 and combined networking and security technologies into one cloud-based platform designed to provide for a fast, secure cloud transformation. Gartner says “SASE capabilities are delivered as a service based upon the identity of the entity, real-time context, enterprise security/compliance policies and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people, devices, applications, services, IoT systems or edge computing locations.”
- Deep visibility into user and application behavior which can uncover and speed reaction to potential threats
- Improved data protection by using a zero-trust approach that reduces the attack surface, eliminates issues of over-provisioning privileged access, and helps prevent ransomware and other threats both internal and external
- Cost savings realized by combining multiple security and network access technologies into a single platform that is often delivered via subscription pricing, giving IT control of spending and predictable costs.
- Improved end-user experience. Latency is minimized by eliminating the need for backhauls to a datacenter for cloud access or the need for site-to-site VPNs.
- Improved hybrid work support as a result of secure connections between cloud and on-premises IT resources and simplifying cloud migration.
Cloud Access Security Broker (CASB):- CASB is a go-between for users and services on the network, and offers services including:
- Extending security policies from existing on-premises infrastructure to the cloud
- Providing transparency of security and compliance issues
- Discovering risks in SaaS applications by scanning apps for policy violation or malware
- Tracking data flows between multiple applications whether SaaS, cloud, or on-premises
- Providing authorized users to utilize cloud resources while protecting data in a hybrid, multicloud environment
Zero Trust Network Access (ZTNA):- ZTNA provides secure, policy-based access to services and applications, ensuring that every transaction is authenticated and with the assumption that no device or user is ‘safe’. ZTNA by default will deny access to resources until a user, device, or application has been authenticated, and then provides the least access necessary to complete the transaction and are the opposite of VPNs which offer unfettered access to a user once authenticated. ZTNA services include:
- Identity-based authentication or users, providing role-based access only to data or services needed for a particular task
- Centralized control and tracking of users, data and its location, and network traffic
- Threat monitoring based on network activity
- Security policy enforcement across on-premises, cloud, or SaaS applications no matter where data resides
Secure Web Gateway (SWG):- An SWG halts unauthorized traffic before it can enter the organization’s network, while allowing authorized users access to company-approved websites. SWG functions include
- Packet and content inspection to uncover malicious content
- URL filtering
- Web access controls
SWGs provide secure internet access for users and help protect against data exfiltration. SWGs will block access to prohibited or inappropriate websites based on the company’s policies
Firewall as a Service (FWaaS):- FWaaS provides a cloud-based firewall that aggregates network traffic from multiple sources that include on-premises infrastructure, branch offices, mobile users, and cloud-based applications. FWaaS provides all these users and locations a consistent level of security and policy enforcement regardless of user or location, while providing transparency and visibility for network monitoring and control, all without the need to deploy physical firewall appliance.