In the area of cloud security and networking, there is currently talk of SASE (Secure Access Service Edge) and SSE (Security Service Edge) - what is the relationship between the two frameworks? Lookout sheds light on the conceptual jungle.
To take advantage of cloud-centric business models, many companies are considering developing a SASE architecture. However, choosing a suitable solution is not easy. There are a variety of vendors that sell tools to secure the interactions between devices, applications, on-premises resources, and infrastructure. As a result, it can be difficult to choose the right mix of security technologies that best suits your business. Lookout, specializing in integrated endpoint-to-cloud security, would like to shed some light on the terminology surrounding SASE and SSE.
Many organizations today use multiple security tools that don't always work well together. As a result, additional security experts are brought in to fine-tune the security solution and security policies and fill in gaps. This is where the functionality of SSE often overlaps with that of SASE, as both technical frameworks are fundamental to building the cloud-centric security and network architectures of the future.
SASE: A security and network architecture
SASE combines a Software-Defined Wide Area Network (SD-WAN), Secure Web Gateway (SWG), Firewall-as-a-Service (FWaaS), Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA) in a single, unified architecture. The SASE framework, presented by Gartner in 2019, provides a framework for developing a converged security and network architecture in a world where the use of cloud applications is ubiquitous and fundamental to businesses. The SASE framework outlines all the essential technologies and how they should be integrated and deployed.
With SASE, key networking and security functions are moved to the cloud, eliminating the need for perimeter-based appliances and traditional products. It provides secure and reliable access to web services, applications and data, applying zero trust principles end-to-end to achieve continuous, adaptive trust in every interaction.
Key features of SASE include
- Consistent policy enforcement, regardless of location, with support for local decisions and coverage of all access types.
- Easy management through a consolidated policy control plane.
- Transparent and simplified end user experience.
- Complete data visibility and control, and threat detection.
- Security for SaaS, IaaS and PaaS services.
SSE is the basis for SASE
SSE provides the security service elements of a comprehensive SASE strategy. SSE capabilities combine access control, threat protection, data security, security monitoring, and acceptable use controls into a single strategy. Combined with SD-WAN, SSE capabilities form a comprehensive SASE platform including monitoring and policy enforcement with built-in network controls and application APIs, complemented by endpoint-based controls.
According to Gartner, SSE is a collection of integrated, cloud-centric security features that enable secure access to websites, SaaS applications, and private applications. A comprehensive solution includes a complete set of technologies that companies need to do two important things:
- one, to provide their employees, partners and contractors with secure remote access to applications, data, tools and other company resources;
- and second, to monitor and track user behavior after accessing the network.
A successful SSE implementation reduces infrastructure complexity and improves user experience by consolidating multiple, disparate security functions into a converged, cloud-centric function from a single vendor. The implementations are typically supported by core solutions such as CASB, SWG and ZTNA.
Cloud: SSE and SASE are the key to success
In today's cloud-first and work-from-anywhere world, organizations must continually protect their data—the most valuable asset—regardless of where it's stored or how it's accessed.
Lookout's industry-leading SASE platform, working seamlessly with SSE functionality, provides the highest level of contextual data awareness. It provides all the key capabilities to address critical cloud security issues, connectivity, and the application of Zero Trust principles at every point where data in the cloud is accessed. The Lookout Security Platform makes it possible to consolidate a SASE strategy into a unified solution that reduces cost and complexity while simplifying the management of security and access across endpoints, clouds and on-premises infrastructure.
More at Lookout.com
About Lookout Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.