März 3, 2022

SASE Security and the new Security Service Edge (SSE)

Jim Fulton

Information technology departments find themselves on a very different horizon of internet security. It contains a more hostile threat landscape where the majority of its users and devices operate on unmanaged networks due to remote work, and also where more business resources live in the cloud populated by more users, applications, and devices than ever before. The resulting decentralization has only increased the need for significant changes to the traditional digital protection measures, but security approaches have been slow to make this shift.

Many IT specialists find themselves faced with growing issues such as complexity, product sprawl, application latency problems, and rising costs. Over the past two years, a new class of integrated, cloud-delivered security solutions have emerged to address the issues, patterned on approach that Gartner dubbed “Secure Access Service Edge” or SASE (pronounced “sassy”) for short. The SASE model brought together networking and security to enable connectivity and security to be delivered consistently wherever people were working. With the rapid adoption of this approach by the security industry, last year Gartner coined the term “Security Service Edge” (SSE) as an easy way to carve out the security elements of SASE.

 

What is SASE Security or SSE?

Whether you call it SASE security or SSE, this unified approach to providing security as a service for people working at home, in the office or anywhere in between, brings together technologies that used to be treated separately, enabling security policies to be defined and monitored in one place and then enforced wherever people need them. It focuses on protecting people as they use business applications and data, which today are almost always stored in one of three types of places: the web, cloud apps like Microsoft 365, or private applications in internal data centers or private clouds:

  • Cloud Access Security Broker (CASB) - CASBs are gateways that allow access to cloud assets to be safely made available to users who need it, while also keeping out unauthorized activity.
  • Secure Web Gateways (SWG) - SWGs are used as a filter on the network, determining what is safe for user consumption and what needs to be blocked, typically to enforce Acceptable Use Policies and prevent malicious code like ransomware from getting onto user’s devices.
  • Zero Trust Network Access (ZTNA) - ZTNA is a gateway that provides secure access to private applications without the risks and complexities of VPNs. It ensures that each user only can see the specific resources they are allowed to access, preventing people or attackers who may have compromised their accounts, from sneaking into internal systems.

These access gateways typically take advantage of shared threat protection and data security capabilities to keep attackers out and sensitive data in.

Today, SASE is defined as the combination of the SSE capabilities mentioned above with SD-WAN (which is short for software-defined wide-area networking) and other networking functions. SD-WAN is an approach for using internet connections rather than old expensive network links (often called MPLS) to provide fast, versatile networking that is easier to manage than traditional networking solutions.

Why does your business need SASE and SSE?

Users are working in new ways and in more places. The pandemic and subsequent trickling back into the office has led to an explosion of remote and hybrid workers who need to be able to access the tools and applications that they require to perform their jobs whether they are in the office, in the field, or working remotely. The average remote worker uses an estimated 12 or more Software-as-a-Service (SaaS) programs and an increasing number of private applications. It’s no surprise that access to private applications, especially when managed by limited and outdated VPN technology is the leading source of inquiries to IT analysts. Because of this, their employer’s security needs to allow secure access without introducing latency issues. SASE security and SSE have become the leading way that organizations are providing this security.

Of course, organizations already have security operations. Historically, they added security applications piecemeal to achieve the desired security goals. However, using a legacy castle-and-moat style of security, such as VPN, and/or using many different silos of security technologies can leave vulnerabilities in your security and be disastrously complex to operate. Unified, cloud-delivered security such as SSE provides the robust, consistent security everywhere without sacrificing efficiency or putting sensitive data at risk.

SASE and SSE are designed to provide the same security regardless of where people are working and where the resources they are accessing reside. Using one solution saves money by reducing the need for multiple vendors and training IT teams how to manage multiple console.
 

The Benefits of SASE and SSE

SASE and SSE improve operations and security in a variety of ways:

  • Consistency for an evolving workforce - provides consistent security on work-issued and personal devices for users anytime, anywhere.
  • Streamlined security operations – offers all-in-one management and delivery of crucial security features, such as anti-malware, URL filtering, data protection, and both on-site and cloud protection. 
  • Reduced cost - eliminates the need for multiple vendor subscriptions, miscellaneous security equipment, and provides a complete security solution. This reduces the costs faced by the organization. Take the Forcepoint SASE Readiness Assessment to learn more.
  • Better network performance - SASE provides security from a centralized position, which allows for better, more efficient performance, especially for interactive cloud apps like Microsoft 365.
  • Scalability and agility – cloud-based security can rapidly scale up and down to meet changing needs.

 

What Sets Forcepoint’s SSE and SASE Apart?

Forcepoint’s SSE solution, Forcepoint ONE, provides network and cloud protection from malware attacks, and offers powerful encryption for data without bogging it down. It’s a complete solution in one package that has been built by talented and experienced cybersecurity technology professionals.

Forcepoint was founded more than 20 years ago with the singular mission to create safe digital environments through the implementation of robust cybersecurity. In that time, it has positioned itself to become one of the few vendors to offer rich SSE with SD-WAN networking. 

Jim Fulton

Jim Fulton serves as VP Product Marketing & Analyst Relations, focused on SASE, SSE and Zero Trust data security. He has been delivering enterprise access and security products for more than 20 years and holds a degree in Computer Science from MIT.

Read more articles by Jim Fulton

Über Forcepoint

Forcepoint ist einer der weltweit führenden Anbieter von Cyber-Sicherheit im Bereich Anwender- und Datensicherheit und hat es sich zur Aufgabe gemacht, Organisationen zu schützen und gleichzeitig die digitale Transformation und das Wachstum voranzutreiben. Unsere Lösungen passen sich in Echtzeit an das Nutzerverhalten an und ermöglichen Mitarbeitern einen sicheren Datenzugriff bei voller Produktivität.