What Is Security Service Edge (SSE)? How is it different from SASE?
Introduction to SSE & SASE
Security and network architecture have taken a front seat since cloud adoption is all time high and constantly growing. The demand for remote workforce is increasing and per Gartner research demand for remote working is set to increase 30% by 2030, this is given more momentum with the coronavirus pandemic which has forced world wide organizations to adopt a hybrid working model.
Need for distributed working is however much older and not just evolved in the last 24 months during the pandemic times. In the 1990s and 2000s there was a simple centralized architecture where data resided in data centers and connectivity to branch offices and simple security measures were set in. The majority of staff worked from the office so it was easy to provide secure access to resources and services.
Today we look more in detail about two most popular terminologies emerged in cloud era – SSE (Security service edge) and SASE (Secure access service edge), lets understand how they are interlinked but at the same time they are different , their advantages and limitations and off course the use cases.
What is Security Service Edge or SSE?
SSE term was also introduced by Gartner in the year 2021 emerged as a single vendor, cloud centric converged solution to accelerate digital transformation with enterprise level security to access web, cloud services, software as a service, private applications with capability to accommodate performance demands and growth.
It may be included as a hybrid of on premises and agent-based components but primarily it is a cloud-based service. It offers capabilities such as access control, threat protection, data security, security monitoring, acceptable use controls enforced via network based and API based integrations.
SSE security services include Cloud access security broker (CASB), Secure web gateway (SWG), Zero trust network access (ZTNA), Data loss prevention (DLP), Remote browser installation (RBI) and Firewall as a service (FaaS).
What is SASE?
Term Security Service Edge or SASE was coined by Gartner in 2019 to describe offering a range of security networking products. It is a complex product with five elements into it and with the inclusion of SD-WAN meant on premises equipment which makes setup more complicated and pricing model needs to cover cost of hardware also.
Some of the major vendors in SASE space are Cato networks, Fortinet, Palo Alto networks, Versa, VMware and others. It brought two prolonged vendor approaches together, having a highly converged wide area network (WAN) and Edge infrastructure platform with highly converged security platform – Security service edge (SSE).
It is a security component of SASE which unifies all security services including secure web gateway (SWG) , cloud access security broker (CASB) and Zero trust network access (ZTNA) to provide secure access to web, cloud services, and applications.
Comparison: SSE vs SASE
The key points of differences between the two are:
Gartner gave SSE term in year 2021 to define limited scope of network security convergence including SWG, CASB, DLP, FaaS, ZTNA into a single cloud native service. On the other hand, Gartner gave SASE term in year 2019 to define convergence of networking and security capabilities into a single cloud native service.
SSE is a component of SASE (a security pillar). SASE has broader approach and takes a holistic approach towards secure and optimized access . The focus is both on user experience and security.
To use capabilities of SSE we need physical hardware to deploy services at locations. SASE = security service edge (SSE) + access, it is an architecture that organizations endeavour to have involving delivering networking and security via cloud directly to end user instead of a physical conventional data center.
Some of the examples of important vendors of SSE are Z-scaler, Cisco, Palo Alto, Netskope, Cato networks. Whereas, Z-scaler, Palo Alto, McAfee, Cisco, Nokia, Fortinet, Versa Networks, VMware are the important vendors that provide SASE.
Below table summarizes the differential points between the two:
Download the comparison table: SSE vs SASE
CASB vs SASE: Which One Is Better?
CSPM vs CASB: Detailed Comparison