Article content
In my last blog, Answering the Big SASE Questions, I looked at customers’ critical connectivity questions when discussing Secure Access Service Edge (SASE). In this post, I’m taking a closer look at the security services considerations around Secure Service Edge (SSE).
To recap, SASE is a methodology that steps away from traditional on-premises data centers to a decentralized architecture designed to support distributed resources across the enterprise. SASE converges connectivity and security requirements into a single cloud-centric solution.
SASE is not a transformation that happens overnight. As a result, many organizations choose to deploy SSE as part of a phased approach to the SASE journey. SSE provides the security components of an overarching SASE strategy. These include Zero Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), and Secure Web Gateway (SWG). Incorporating these capabilities into a single platform enhances both scalability and management.
Adopting SSE: a subset of SASE
SSE is a fundamental stepping stone to SASE. SSE can be seen as the core security technology in the SASE concept. And SSE/SASE is taking pace. By 2025, 80% of enterprises will have adopted a strategy to unify Web, cloud services, and private application access using a SASE/SSE architecture, up from 20% in 2021, according to Gartner[1].
SSE enables an enterprise to ensure they apply effective security controls on their user connectivity, no matter where they are located, providing enhanced security and visibility. But where do you start when choosing a scalable SSE platform that provides a seamless user experience and satisfies your security requirements from wherever your users log on? I have outlined five fundamental principles for selecting the right SEE solution.
1. Consider your enterprise’s journey when it comes to cloud security.
SSE technologies enable enterprises to support employees anytime, anywhere by utilising a cloud-centric approach to implementing security policies. Correctly deployed, it can reduce complexity and improve the user experience by consolidating multiple disparate security features into a single, unified platform.
Enterprises that find the move daunting can first deploy a Secure Web Gateway (SWG) before stepping up to a more complete SSE. An SWG is a security solution that stops unauthorized Web traffic from entering or leaving the network and enforces web-use security policies. Located between the user and the Web, an SWG is a solid first line of defense against cyber-attacks such as ransomware and malware.
SSE providers typically have the SWG within their portfolio. At a later date, an enterprise can move to take in the additional services of an SSE solution, such as ZTNA and CASB, and apply the features over the non-Web destined traffic, such as traffic destined for PaaS or on-prem destinations.
It is also essential that you consider vendor lock-in when making your choice. Why? Because you want the option to pivot to an alternative security approach mid-SASE journey as efficiently as possible if required.
2. Requirements, Requirements, Requirements!
SSE may be the gold standard for securing your workforce, data, and applications, but you must know your security and service requirements. A successful SSE solution depends on the individual elements all working in harmony.
Don’t try and implement everything at once. An organisation should look at precisely what it needs to secure and evaluate its top cyber security priorities. Match these interim requirements to the budget available. For example, if you have a growing hybrid workforce, you might replace VPN technologies with a Zero Trust Network Access (ZTNA) solution. This approach enables enterprises to enforce granular policies to provide secure and seamless Zero Trust access to applications in the cloud and at data centers.
3. Simplify where possible
A simplified approach will provide a lower risk profile than a complex one. Cloud has an ever-expanding portfolio of applications via software as a service (SaaS), and effective compute services can be seen across many PaaS providers. However, greater choice brings greater complexity as each may have its security considerations. To reduce complexity and prevent shadow IT, selecting and agreeing on a refined suite of platform-as-a-service (PaaS) providers and SaaS applications is essential.
Although you can use multiple vendors for SSE components, adopting a single vendor avoids management complexities, such as managing various user interfaces. It also steers past any possible architectural or compatibility issues.
4. People, processes, and solutions
No enterprise’s requirements are the same – and neither are SSE offerings. Choosing an SSE solution that provides total visibility to enforce one set of security policies across the entire organization and end-to-end data protection is important. At the same time, it must fit in with your business roadmap and budget.
To get the most from SSE, make sure it includes management, monitoring, and reporting to ensure your new SSE environment is optimized for people, processes, and solutions.
Security shouldn’t hamper the user experience. It is wise to choose an SSE platform that incorporates Digital Experience Monitoring (DEM) which provides valuable insight into performance and highlights the exact cause of any issues.
5. Take a hard line in your decision process
The SSE will be central to your ongoing security strategy, so don’t make compromises. It is paramount that SSE provides a unified approach to security that you are happy with going forward.
Before you make a final decision, refer back to your short-listed vendors and ensure they provide the necessary protection as a manageable service that can be easily integrated into current tools and solutions. It should also be within budget, so there are no costly bill shocks around the corner. This is no small task. Telstra Purple’s consultancy service can help you make sure you have the right SSE strategy in place to support your ongoing security posture.
Carefully assess the value of the short-listed solutions and their features. Can you justify the spending on them internally? Will they be updated in line with your security posture? Be sure to get references from SSE vendors if required to ensure they can deliver and integrate at scale.
SSE is one of the critical foundation stones of our SASE journey and fundamental to your security posture. Getting it right is paramount.
SSE provides enterprises with a robust network security solution that takes the complexity out of controlling and securing the network. Learn more about how Telstra Purple can help you plan and deploy a unified, holistic SSE solution that will fit your security needs now and into the future.
[1] Gartner 2022 Strategic roadmap for SASE convergence https://start.paloaltonetworks.com/gartner-2022-report-roadmap-for-sase-convergence.html
.png)