In practice, Security Service Edge (SSE) is an integrated, cloud-centric offering that facilitates safe access to websites, SaaS, and private applications. It will typically also combine access control, threat protection, data security, security monitoring, and acceptable use control. 

 The concept was introduced in the latest Gartner® “Hype Cycle™ for Network Security, 2021” by Shilpi Handa, and Pete Shoard. This segment was not only “High” on the Benefit scale and at the peak of the Hype Cycle but also an architecture that would have near-term implications on mainstream adoption by security teams.

 

As part of a Secure Access Service Edge (SASE) journey, this is an adopted approach by the security team while SD-WAN services are separately adopted by the infrastructure team. “Security Service Edge offerings reduce complexity and improve user experience by consolidating multiple disparate security capabilities into a single-vendor, cloud-centric converged capability.”

At its most foundational level, SSE converges capabilities typically found in 3 technology sectors: Cloud Access Security Broker (CASB), Secure Web Gateway (SWG) and Zero Trust Network Access (ZTNA); each with critical functional requirements.

 

Hype Cycle for Network Security, 2021, Shilpi HandaPete Shoard, 14 July 2021

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner and Hype Cycle are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

 

Cloud Access Security Brokers

As anchor points to a SSE paradigm, CASBs serve as the policy enforcement point that delivers data and threat protection in the cloud to and from managed SaaS applications and resources. A strong deployment empowers security teams with visibility and control for data that has moved off premises and into SaaS apps and IaaS platforms.

  • Protect data and stop leakage with access control and data loss prevention (DLP)
  • Keep malware from infecting your cloud through advanced threat protection (ATP)
  • Maintain visibility in the cloud by tracking user activity and generating security reports
  • Protect sensitive data with  with full-strength encryption solution that protects data-at-rest in any cloud application.
  • Authenticate users with single sign-on (SSO) and multi-factor authentication (MFA)

Secure Web Gateways

A SSE architecture encompasses a rapidly evolving set of requirements for SWGs. As users conduct their day-to-day activities directly with the Internet, SWGs have evolved to become a core component to securing users. Foundationally, they secure web traffic as users browse websites and access unmanaged applications (shadow IT); these will encompass a deeper set of requirements as well:

  • Filter content by categories like streaming and gambling to enhance productivity
  • Keep threats at bay by blocking access to destinations like botnets and malware sites
  • Control the usage of shadow IT and direct employees to correct, sanctioned apps
  • Prevent data leakage by stopping the upload of sensitive files to the web
  • Secure encrypted traffic at cloud scale

Zero Trust Network Access

SSE will also be required to ensure consistent security for on-prem and data center resources like Jira and Confluence as well as thick client apps like SSH and remote desktops.

  • Secure access to internal apps by factors like user group, location, and device type.
  • Prevent employees from downloading or uploading malware to the network
  • Log user activity to enable audit and demonstrate regulatory compliance
  • Authenticate users through native functionality or integrations with leading IdPs
bottom-cta-image

Bitglass SASE

Want to see Bitglass solutions in action?

Request a FREE trial below.