BIZTECH: Why is SSE necessary?
Moore: There are a few reasons. If you look at SaaS applications in general, companies started to adopt this model early on with Salesforce, then Microsoft 365, G Suite and others. SaaS enables mobile access to data from anywhere and any device — not just company-owned devices — and the security team’s job became much more difficult. Before that, security held the keys to the kingdom. With personal devices and SaaS applications, you have an easy data leakage point.
In addition, companies have contractors and auditors that connect to company resources with their own mobile devices, which are also beyond the control of in-house security in most cases. Add the fact that the average company has more than 100 SaaS applications and lets users connect to SaaS apps with any device, from anywhere, and data leakage is constantly occurring.
BIZTECH: What are some common misconceptions about SSE?
Moore: It’s not like a firewall, where providers do things in a similar way. If you look at the SSE space, everyone has their own spin on what exactly it means and how it works.
There is also significant confusion around SSE because multiple teams need to work together. People are worried they’re going to lose control, and their personal biases come into play. For example, a team managing firewalls and VPNs may not recognize the data leakage issue because data loss prevention may have been handled by a separate group or none at all. There might be one group that’s tasked with understanding CASB, while another is working on SWG and the third is doing ZTNA. Ownership and responsibility create additional challenges: The CISO might own the CASB function, while the CIO handles the SWG.
Click the banner to unlock exclusive cloud content when you register as an Insider.