Discover how Zero Trust Network Access delivers fast, reliable web application access

Back to blog

Security Service Edge (SSE): What it is and why it matters for modern enterprises

Share this article

As the Secure Web Gateway (SWG) market has continued to mature, Gartner has made the decision to retire its annual SWG Magic Quadrant report. SWG capabilities will be rolled together with Cloud Access Security Broker (CASB) and Zero Trust Network Access (ZTNA) to create what the analyst firm is calling the Security Service Edge (SSE).

With any change comes questions. We’re here to help set the record straight and explain why this market evolution is a step forward for the security industry.

What is SSE?

In the latest Gartner Hype Cycle for Cloud Security, analysts Tom Croll and Jay Heiser define SSE as an enterprise tool that “secures access to the web, cloud services, and private applications. Capabilities include access control, threat protection, data security, security monitoring, and acceptable use control enforced by network-based and API-based integration. SSE is primarily delivered as a cloud-based service and may include on-premises and agent-based components.”

What role does SSE play in the Secure Access Service Edge (SASE) architecture?

SSE is essentially the security piece of the SASE architecture. Take out the networking capabilities of the architecture and you have SSE. It’s as simple as that.

Why is this shift occurring?

Combining SWG, CASB, and ZTNA (and all the security components they entail) solidifies SASE’s standing as the future of networking and security. It also reflects the consolidation currently occurring in the security space as vendors continue to evolve and expand their offerings toward a single, comprehensive solution. As the way people work continues to spread out from the data center and as apps continue to be split up into microservices across multiple cloud and data center environments, organizations are going to have to shift their security capabilities to the cloud where they can follow users, apps, and data regardless of the underlying infrastructure.

How does this impact organizations?

SSE gives organizations better security in a consolidated, easier-to-manage platform. When everything was on premises, systems couldn’t talk to each other very well and tended to act in silos. Your firewall had a very specific job to do. Your DLP solution, anti-virus software, and web filter did as well—and each tool had to be managed separately. SSE changes all that by providing a consolidated platform for all your security capabilities with central management, visibility, and reporting. It delivers security through the cloud, allowing you to carry over and extend data center policies to web traffic and highly distributed users and apps—regardless of where they are located, what device they use, and how they connect to the Internet or the underlying infrastructure.

Why should security leaders and teams care?

The network is shifting from the data center to the cloud, and everything you used to do to secure on-premises infrastructure now needs to be done to traffic that is running across multiple environments. This includes both public and private infrastructure that lacks enterprise visibility and control. SSE allows security to evolve with digital and cloud transformation initiatives without putting the organization at risk.

How should SSE be delivered?

The goal of digital and cloud transformations is to enable business agility. Security shouldn’t stand in the way. Data center visibility and control needs to be extended out to the Internet in a way that doesn’t add complexity or inhibit the way people are now working. This requires a clientless architecture that eliminates the need to deploy agents to every user or device around the world. While some applications may require an agent on the endpoint, depending on the requirements of a specific application, a client-based architecture should not be the default. Organizations should look for an SSE solution that is built on a clientless architecture and has the ability to deploy agents when applications require it.

The security alphabet soup continues to stew. ZTNA, CASB, SWG, SASE—and now SSE. The industry is rapidly evolving to meet the security needs of the modern enterprise. Don’t be left behind.

Share this article

Make the secure way to work the only way to work.

To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.