Jul 15 2022

Security Service Edge: Explore the Defensive Technology Trifecta

SSE solutions can help companies improve visibility and streamline security. Here’s how.

Centralized security is no longer enough to protect corporate assets and data. Business technology acceleration brought on by the pandemic, coupled with the rapid uptake of remote work and the expanding impact of cloud and mobile services, has created the perfect security storm.

Security service edge solutions have emerged as a way to streamline security and improve visibility. According to research firm Gartner, 80 percent of enterprises will adopt an SSE strategy to unify security efforts in the next three years.

But what exactly is SSE? How does it work, and what benefits does it offer organizations? BizTech connected with Shane Moore, vice president of sales for SSE at Forcepoint, to help unpack this powerful protective package.

BIZTECH: What is security service edge?

Moore: SSE is basically a marrying of three technologies: a cloud access security broker (CASB), a secure web gateway (SWG) and zero-trust network access (ZTNA). CASBs act as a connection proxy to provide access and sensitive data control and visibility across the company’s Software as a Service (SaaS) applications, while SWG allows companies to restrict the flow of sensitive data to employee applications and provide general web browsing protections as required. Finally, ZTNA verifies both users and devices before permitting access to internal resources.

Pre-pandemic, Gartner was calling for a move to secure access service edge, but it made sense to break up SASE — since it was quite large — into SSE (which requires the combination of these three technologies), SD-WAN and Firewall as a Service. SSE solutions can help companies avoid the complexity of deploying CASB, SWG and ZTNA separately.

Learn More: See how CDW partners are leading the way in digital transformation.

BIZTECH: Why is SSE necessary?

Moore:  There are a few reasons. If you look at SaaS applications in general, companies started to adopt this model early on with Salesforce, then Microsoft 365, G Suite and others. SaaS enables mobile access to data from anywhere and any device — not just company-owned devices — and the security team’s job became much more difficult. Before that, security held the keys to the kingdom. With personal devices and SaaS applications, you have an easy data leakage point.

In addition, companies have contractors and auditors that connect to company resources with their own mobile devices, which are also beyond the control of in-house security in most cases. Add the fact that the average company has more than 100 SaaS applications and lets users connect to SaaS apps with any device, from anywhere, and data leakage is constantly occurring.

BIZTECH: What are some common misconceptions about SSE?

Moore: It’s not like a firewall, where providers do things in a similar way. If you look at the SSE space, everyone has their own spin on what exactly it means and how it works.

There is also significant confusion around SSE because multiple teams need to work together. People are worried they’re going to lose control, and their personal biases come into play. For example, a team managing firewalls and VPNs may not recognize the data leakage issue because data loss prevention may have been handled by a separate group or none at all. There might be one group that’s tasked with understanding CASB, while another is working on SWG and the third is doing ZTNA. Ownership and responsibility create additional challenges: The CISO might own the CASB function, while the CIO handles the SWG.

Click the banner to unlock exclusive cloud content when you register as an Insider.

BIZTECH: How can businesses make the most of SSE?

Moore: SSE can help simplify security. Envision what a single staff member can do with SaaS solutions. Staff have the potential to connect to cloud resources from a work or personal device, but you may not know which they’re using. Even if they’re using a trusted device, you need to make sure that this information can’t be sent to personal applications, such as a personal Dropbox account. This speaks to the need for CASB and SWG.

The third component is zero trust, which many companies see as a VPN augmentation, but that’s just the beginning. ZTNA can be used to either replace or augment existing VPNs. And, zero trust principles are woven throughout SSE — for example, to control how people interact with web pages and downloaded files off internal resources.

BIZTECH: What is Forcepoint’s approach to SSE?

Moore: We provide a secure web gateway, CASB function and ZTNA that supports direct internet access without sacrificing control.

Instead of creating a security solution for each app, we created a CASB framework that will work for any application, including custom applications, making it easy to consistently enforce data loss prevention, access control policies and so forth, across all applications. The next natural progression was to ensure that people on managed devices weren’t uploading sensitive material, so we created a new SWG architecture. A common problem with SWGs is that all web data flows through a single chokepoint. Our on-device agent allows traffic to safely route directly to destinations on demand. Finally, we integrated robust ZTNA to reduce access risk for legacy applications sitting in private data centers.

BIZTECH: What is the biggest challenge that SSE helps businesses address?

Moore: The need to provide the same level of security scrutiny we’ve been providing on-premises all these years, but for everyone, everywhere.

Brought to you by:

PeopleImages/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT