SASE to SSE: Understanding the Shift

Written by Prakhar Singh, Business Development Manager, Cybersecurity & GRC Services, HCLTech.

Introduction

In a previous blog post, I highlighted the importance of Zero Trust and Zero Trust Network Access and how organizations can cultivate the same within their ecosystems. While the term Zero Trust was coined by Forrester, in 2019 Gartner launched the Secure Access Service Edge (SASE) category underlining the convergence of its two core 2 pillars: Networking and Security, that are delivered from a single cloud native service. In February of 2022, Gartner launched the Secure Service Edge (SSE) category and Magic Quadrant and released their projection that by 2025, out of all organizations implementing an agent based ZTNA, 70% will choose a single platform SSE provider, rather than standalone offerings from different OEMs, as compared to 20% in 2021.

The cybersecurity world is always abuzz with new acronyms, and the conversion of an existent framework (SASE) to the latest buzzword- SSE, has been enough to get the security managers thrilled.

While customers are still adopting SASE, it is important to know whether it gets converted to SSE, what are the core capabilities of SSE, and what are the differences between SASE & SSE. But before we go down the rabbit’s hole, it is important to deep dive into SASE and its importance in the modern IT world.

SASE

One of the most important things which needs to be understood about SASE is that it is not a single solution, or a product offered by a single OEM, but a holistic framework combining network connectivity and security. The key 5 tenets of the SASE Framework are (there are other tenets such as, User Behavioral Analysis, Data Protection, Browser Isolation, etc.):

• SWG
• CASB
• SD-WAN
• ZTNA
• FWaaS

The need for SASE was already building up due to cloud transformations and the increasing popularity of hybrid cloud. However, COVID-19 and the resultant WFH and BYOD culture acted as a catalyst and highlighted the need to have an integrated environment providing reliable and secure remote access service to all users, irrespective of location. This environment also needed improved end user experience, which unlike with VPN, not only creates poor end user experiences, but also allows malware to move laterally. The existent SASE providers in the market jumped on this opportunity by offering a wide range of cloud and security features under one roof.

SASE vs SSE

Traditional networking revolves around the concept of network infrastructure around the DC. SD-WAN follows the same concept connecting the HQ, all branches and the DCs to themselves and the internet with the traffic going through the SD-WAN controller. SASE combines the features of SD-WAN with cloud-based security protocols, focusing on remote endpoints (users or devices) rather than a central node with the DC just being another access point.

SSE, if it’s not yet obvious, is SASE minus the access part, or SASE excluding SD-WAN. What SSE does is that it allows customers who prioritize security over network in their SASE adoption. In layman terms, SASE is focused on secure access of users, whereas SSE follows the Starbucks office model of securing end users irrespective of which network they are on.

Adopting SSE before SASE

An obvious question which can come to any security professional’s mind is whether we can skip the ‘access’ part and adopt SSE directly? The answer is easier than one would think.

As mentioned earlier, SASE is not a single technology or product offered by a single OEM, but multiple technologies and products from different vendors which can be adopted over time as part of a larger cybersecurity roadmap. With time, single providers have come up with SASE offerings. Although as per Gartner, some customers might prefer partnered SD-WAN &and SSE offerings depending on which stage they’ve reached on their SASE journey.

In the case of an IT organization for which network has been a priority area, then there is a high probability that SD-WAN has already been (or is about to be) implemented in the environment. In this case the focus should be to secure the network and local internet breakouts by adopting an SSE solution. If on the other hand, security is the need of the hour, then the organization can directly adopt SSE as its immediate focus.

Taking the above two scenarios into account, it is safe to say that SSE adoption is the key to the seemingly uphill task of making an IT environment SASE compliant. A single platform SSE solution can not only make your environment more secure and simplified, but the deployment itself can be done quickly, making it a highly preferable option for security professionals worldwide.