Security Services Edge (SSE) is a new strategy introduced by Gartner in 2021 to improve data protection in cloud environments. It’s a cybersecurity strategy that covers Software-as-a-Service (SaaS), website communication and cloud-based computing. Although it’s not a compliance standard, SSE can facilitate better compliance for organisations that follow its best practices.
Why Is SSE Important?
Because SSE focuses on remote access to data, its standards help organisations ensure data protection for customer and employee data. Any vendor or third-party contractor must also follow SSE practices to remotely connect to your corporate data to ensure data integrity and security. Many SSE’s strategies include monitoring and tracking policies to improve incident response and investigations should an organisation suffer from insider threats and unauthorised access. Without SSE, your organisation may endure unnecessary risks, potentially leading to a data breach in the future.
Capabilities and Components
SSE has four main general components that improve the security infrastructure, including applications connecting over the internet. At-home workforces also benefit from an organisation following SSE standards that protect employees and data stored in the cloud. Administrators have the benefit of monitoring user activity for better visibility on the network.
The four main components are:
- A zero-trust environment (ZTNA): Instead of using traditional security where authenticated users are implicitly trusted, a zero-trust network access system assumes every access request could be an attacker.
- A secure web gateway (SWG): Web gateways inspect traffic between users and the internet and allow or disallow communication based on administrator configurations.
- Cloud access security broker (CASB): CASB ensures that authorisation and authentication policies are enforced across network resources.
- Firewall-as-a-Service (FWaaS): Firewalls deployed in the cloud are a service that protects data and defines access to different network segments.
A zero-trust environment is the recommended strategy for a modern hybrid cloud. SSE freely allows users to communicate and work with cloud technology but prevents unauthorised users from accessing data. When an account is compromised, a good zero-trust security environment will prevent lateral movement to access other resources and accounts.
Benefits of SSE
Gartner introduced SSE after the growing changes in cloud computing and organisational changes in how employees work. More organisations embrace an at-home workforce, which means that more users connect to the cloud rather than authenticate on-premises, where the environment is more controlled.
The challenges of managing robust cybersecurity with remote users led to the introduction of SSE, which offers several benefits for both businesses and the customers they serve. SSE benefits give an organisation an advantage by providing better cybersecurity to protect data stored in a modern cloud environment.
SSE benefits include:
- Reduced risk: Helps your organisation stay compliant and pass cybersecurity audits, thereby decreasing the opportunity for a significant data breach. Cloud security is top-notch and affordable, so administrators can leverage cloud technology to better protect data stored in the cloud, especially in departments where remote users access it.
- Zero-trust access: In a zero-trust network, all data access requests are treated like they could be from an attacker. No user or network resource has implicit trust, so authorisation is validated for every user request. Using a zero-trust environment stops attackers from moving laterally after compromising a specific network resource or user account.
- Better user experience: SSE is built with performance in mind, so internal and external users experience faster communication speeds across the organisation's network. Performance and user experience are tightly tied together with revenue. Customers expect faster performance from an enterprise organisation, and employees work faster and more efficiently when performance is optimised.
- Consolidate cybersecurity services: Unifying your cybersecurity resources reduces potential mistakes and oversights and makes it easier for administrators to properly configure infrastructure. SSE includes better data protection security and browser isolation that stops users from accessing malicious sites and downloading malicious content.
SASE vs. SSE
Secure Access Service Edge (SASE – pronounced “sassy”) is an overall solution for cloud-based environments that includes connectivity and security. SSE is a component that works within the SASE framework. SASE includes the technology to connect to the cloud using SD-WAN architecture, while SSE brings data security, threat protection, monitoring and firewall services to the SASE environment.
Organisations can incorporate SASE and SSE in their cloud environment, and Gartner suggests working with both strategies to integrate the cloud into on-premises productivity. SSE is recommended for its access controls and visibility in the cloud environment. Administrators have full control over user requests, and monitoring services alert administrators to any suspicious activity.
SSE greatly reduces risk by controlling user browser activity. A centralised sandboxed browser gives users access to the websites required to perform day-to-day business activities but blocks malicious scripts, domains and potential threats. Administrators control user access to websites, but should a user accidentally open a malicious website, the centralised virtualised browser will block malicious scripts from accessing the local workstation and network.
SSE Use Cases
The plethora of cybersecurity strategies makes it difficult to determine which ones are best for your organisation. Identifying use cases that could affect your organisation will help you decide if SSE is the right strategy for your cloud environment.
A few use cases where SSE is beneficial:
- Securing user web access: SSE’s cloud browser isolation (CBI) is one of its most valuable aspects for organisations. Any organisation allowing users to browse the web is at risk of a compromise from phishing, malicious scripts and drive-by downloads. Administrators control website access, but content filters aren’t enough. A virtualised browser environment blocks:
- false negatives from accessing the local device;
- installing malware on a local workstation;
- and users from running malicious software that could destroy business continuity and productivity.
- Monitoring and threat detection: Many organisations require monitoring as it’s a typical component of compliance regulations. If not done correctly, monitoring can give administrators a false sense of security. SSE provides administrators more visibility to user activity, devices connected to the environment and better mitigation to stop ongoing attacks. Firewall-as-a-Service capabilities offer better network segmentation control and methods to block and monitor network traffic. Any organisation that struggles with monitoring cloud data access will benefit from SSE.
- Remote user access: An at-home workforce needs connectivity to company resources, but administrators must set up capabilities with security as a priority. The challenge for organisations is allowing internet access while monitoring and blocking threats. But the typical virtual private network (VPN) is not enough. SSE supports remote access users while providing administrators the necessary tools to monitor activity.
- Identify sensitive data: As a business grows, the storage location for sensitive data gets lost in the mix. With SSE, administrators can find sensitive data and apply proper access controls across the environment. Administrators can find personally identifiable information (PII), financial data, healthcare information (if applicable) and any other data that must be protected from unauthorised access.
Choosing an SSE Solution
Even though SSE was first coined in 2021, organisations can choose from several different vendor options. If you don’t know what to look for, it can be difficult to determine the best vendor that will make it convenient for administrators to configure security settings yet provide enough coverage to fully protect sensitive cloud data. The first step is to research the vendor and identify past performance. An organisation's choice vendor should have a large customer base, several years of experience in the security industry and a strong research and development effort to continually improve.
A few other items organisations should consider before choosing a vendor:
- Long history in efficient cybersecurity: Many cybersecurity companies want to capitalise on the latest trends, and SSE is one of them. Just because a company offers SSE doesn’t mean they do it well. Look for a company with a long history of deploying security tools and continually innovating new ways to make them more efficient.
- Track record of “as a service” experience: Deploying secure cloud technology differs greatly from deploying on-premises infrastructure. “As a service” (e.g., SaaS, IaaS, PaaS) infrastructure requires its own configurations and best practices to avoid a large data breach. Find a vendor that works primarily with cloud infrastructure, cybersecurity and cloud integrations and hybrid environments.
- True SSE capabilities: Make sure the product being sold is truly SSE and not cybersecurity infrastructure packaged with the SSE label.
- Platform agnostic: Your chosen vendor should be able to deploy platform-agnostic solutions that don’t lock your organisation into a specific solution. A solution should also integrate with any device or technology necessary for business productivity.
- Scalable architecture: SSE technology should NOT inhibit business growth. Cybersecurity can be difficult to deploy, but it should be scalable to allow for increased revenue, employees, data silos and services without problems from the SSE solution.
How Proofpoint Can Help
Proofpoint offers a strategic, platform-agnostic, convenient and effective solution for enterprise cloud networks. The Proofpoint solution includes all components that make an SSE effective and a centralised way to configure and maintain it. Administrators have full visibility of all moving parts of their cloud environment, and Proofpoint has the monitoring capabilities that provide compliant-ready insight into all aspects of your data.
Cloud security from Proofpoint protects your people and your data. Our solution is a forensics tool where administrators can view an analytics dashboard and make informed decisions based on our cybersecurity feedback. Automatic responses quickly mitigate threats and limit damage from various malware.
Every strategy Proofpoint delivers is zero-trust and works with SASE solutions. Administrators work with Proofpoint products to create uniform security policies that protect data, optimise user experiences to improve productivity and reduce costs associated with cybersecurity infrastructure.
Proofpoint's Perspective on Gartner’s Security Service Edge Magic Quadrant
Gartner recently published the first-ever Gartner Magic Quadrant for Security Service Edge. Read on to learn Proofpoint’s perspective and approach to SSE.