SASE Security and the new Security Service Edge (SSE)
Information technology departments find themselves on a very different horizon of internet security. It contains a more hostile threat landscape where the majority of its users and devices operate on unmanaged networks due to remote work, and also where more business resources live in the cloud populated by more users, applications, and devices than ever before. The resulting decentralization has only increased the need for significant changes to the traditional digital protection measures, but security approaches have been slow to make this shift.
Many IT specialists find themselves faced with growing issues such as complexity, product sprawl, application latency problems, and rising costs. Over the past two years, a new class of integrated, cloud-delivered security solutions have emerged to address the issues, patterned on approach that Gartner dubbed “Secure Access Service Edge” or SASE (pronounced “sassy”) for short. The SASE model brought together networking and security to enable connectivity and security to be delivered consistently wherever people were working. With the rapid adoption of this approach by the security industry, last year Gartner coined the term “Security Service Edge” (SSE) as an easy way to carve out the security elements of SASE.
What is SASESecurity or SSE?
Whether you call it SASEsecurity or SSE, this unified approach to providing security as a service for people working at home, in the office or anywhere in between, brings together technologies that used to be treated separately, enabling security policies to be defined and monitored in one place and then enforced wherever people need them. It focuses on protecting people as they use business applications and data, which today are almost always stored in one of three types of places: the web, cloud apps like Microsoft 365, or private applications in internal data centers or private clouds:
- Cloud Access Security Broker (CASB) – CASBs are gateways that allow access to cloud assets to be safely made available to users who need it, while also keeping out unauthorized activity.
- Secure Web Gateways (SWG) – SWGs are used as a filter on the network, determining what is safe for user consumption and what needs to be blocked, typically to enforce Acceptable Use Policies and prevent malicious code like ransomware from getting onto user’s devices.
- Zero Trust Network Access (ZTNA) – ZTNA is a gateway that provides secure access to private applications without the risks and complexities of VPNs. It ensures that each user only can see the specific resources they are allowed to access, preventing people or attackers who may have compromised their accounts, from sneaking into internal systems.
These access gateways typically take advantage of shared threat protection and data security capabilities to keep attackers out and sensitive data in.
Today, SASE is defined as the combination of the SSE capabilities mentioned above with SD-WAN (which is short for software-defined wide-area networking) and other networking functions. SD-WAN is an approach for using internet connections rather than old expensive network links (often called MPLS) to provide fast, versatile networking that is easier to manage than traditional networking solutions.
Why does your business need SASE and SSE?
Users are working in new ways and in more places. The pandemic and subsequent trickling back into the office has led to an explosion of remote and hybrid workers who need to be able to access the tools and applications that they require to perform their jobs whether they are in the office, in the field, or working remotely. The average remote worker uses an estimated 12 or more Software-as-a-Service (SaaS) programs and an increasing number of private applications. It’s no surprise that access to private applications, especially when managed by limited and outdated VPN technology is the leading source of inquiries to IT analysts. Because of this, their employer’s security needs to allow secure access without introducing latency issues. SASEsecurity and SSE have become the leading way that organizations are providing this security.
Of course, organizations already have security operations. Historically, they added security applications piecemeal to achieve the desired security goals. However, using a legacy castle-and-moat style of security, such as VPN, and/or using many different silos of security technologies can leave vulnerabilities in your security and be disastrously complex to operate. Unified, cloud-delivered security such as SSE provides the robust, consistent security everywhere without sacrificing efficiency or putting sensitive data at risk.
SASE and SSE are designed to provide the same security regardless of where people are working and where the resources they are accessing reside. Using one solution saves money by reducing the need for multiple vendors and training IT teams how to manage multiple console.
The Benefits of SASE and SSE
SASE and SSE improve operations and security in a variety of ways:
- Consistency for an evolving workforce – provides consistent security on work-issued and personal devices for users anytime, anywhere.
- Streamlined security operations – offers all-in-one management and delivery of crucial security features, such as anti-malware, URL filtering, data protection, and both on-site and cloud protection.
- Reduced cost – eliminates the need for multiple vendor subscriptions, miscellaneous security equipment, and provides a complete security solution. This reduces the costs faced by the organization. Take the Forcepoint SASE Readiness Assessment to learn more.
- Better network performance – SASE provides security from a centralized position, which allows for better, more efficient performance, especially for interactive cloud apps like Microsoft 365.
- Scalability and agility – cloud-based security can rapidly scale up and down to meet changing needs.