The Evolution of SSE and Its Role in Modern Security Architectures

The cybersecurity landscape has shifted dramatically over the last several years. More and more work takes place outside of the office and in the cloud — in fact, experts expect the cloud market to exceed $676 billion in 2024. It’s not hard to see why. With the cloud, organizations gain unprecedented freedom to work how they want, whether that’s in-office, in one or more cloud environments, or in a hybrid of multiple approaches.

There’s just one problem: security. When workers clock in from outside the office, they introduce a world of vulnerabilities that traditional cybersecurity solutions are unprepared to address. To meet the challenges of modern, distributed work, cybersecurity experts have developed new solutions organized under new frameworks. One of the most important of those frameworks is the security service edge, or SSE. Here’s how SSE evolved to protect employees and organizations, no matter how they work.

‍

How SSE evolved

The moat-and-castle approach

The story of SSE begins before the advent of distributed work and cloud computing. In the early days of cybersecurity, keeping data safe was relatively straightforward. Employees did their work in the office, where they used devices and networks configured by cybersecurity personnel. Private devices rarely entered the picture. That provided several distinct advantages for keeping the company network safe:

• The attack surface was smaller.
• IT could directly supervise all applications and devices, allowing for full visibility and comprehensive policy enforcement.
• Physical network constraints meant that if a device successfully connected to your organization’s network, you could reasonably assume it met your security standards.

In this context, organizations could easily track the entry points into their network and guard them. This strategy became known as the moat-and-castle approach. Its two main tools were firewalls, which could block traffic based on its type, origin point, or destination, and virtual private networks (VPNs), which provided secure connections to the corporate intranet. These worked as the moat and drawbridge around the castle.

Over time, organizations developed tools to protect against threats that had already breached the castle walls. Intrusion detection and prevention allowed them to monitor network traffic for unusual activity. If they found something suspicious, they could raise the alarm or trigger an automatic defensive response, such as severing the network connection.

The advent of cloud apps

Cloud apps completely upended this dynamic. Suddenly, workers could connect to work networks from home or public networks. Many started to use personal devices to make those connections. That caused an exponential growth in the attack surface, much of which IT staff could not directly configure. They also couldn’t easily enforce security policy, and monitoring worker activities on personal devices raised privacy issues. At the same time, centralizing data in the cloud meant that the potential risk of an attack had only grown.

Organizations couldn’t decide where traffic came from. However, they could decide where it went. To regain control of their security, they started to create their own virtual networks. These software-defined wide area networks (SD-WANs) were typically hosted on-premises at an organization’s headquarters. Whenever an employee accessed the network from a branch location or a remote workstation, their work would first flow through that checkpoint. There, security solutions could check traffic for anything suspicious and send it on its way. This allowed organizations to re-establish a virtual perimeter and maintain security.

However, SD-WANs introduced their own problems. With all an organization’s traffic passing through a single point, SD-WANs created bottlenecks for data. Network performance dropped, and employees could become frustrated with the slowdowns. Organizations needed more secure gateways to the network, and they needed them closer to distributed employees. For a solution, they turned to the source of their troubles: the cloud.

‍

Supplementing SD-WAN and the birth of SSE

In 2019, Gartner defined the secure access service edge (SASE). Rather than funnel all traffic through a single virtual checkpoint, SASE uses the power of the cloud to create checkpoints wherever employees need them. Each time an employee connects to their organization’s network, that network can apply the same level of security regardless of location. That makes SASE both scalable and flexible. Plus, IT can still monitor and control network traffic.

At first, vendors provided SASE solutions piecemeal. If an organization wanted maximum security, it would need to engage several vendors and solutions. Over time, vendors started to centralize the security features of SASE into a single platform. By 2021, Gartner had broken the security components of SASE into their own category: security service edge (SSE).

With SSE, an organization could maintain its own SD-WAN without sacrificing security or usability. In fact, integrating an existing SD-WAN with SSE can lead to more robust security and compliance. It also powers simpler, more centralized security management and improved network performance. As a result, SSE has become the leading method for mitigating the risk of working in the cloud.

‍

What security features does SSE include?

The goal of SSE is to provide fast, safe, and compliant access to websites, SaaS apps, and private apps. Here are some of the integrated, cloud-centric security technologies it uses to do so:

• Secure web gateways (SWGs) use URL filtering, SSL inspection, advanced threat defense, and legacy malware to prevent unsecured internet traffic from entering an organization’s network. It also helps to enforce an organization’s compliance standards.
• A cloud access security broker (CASB) is a cloud-delivered or on-premises software that mediates between users and SaaS apps. A CASB helps to plug the gaps in security created by cloud apps, providing IT vision and control where users meet the cloud.
• Zero trust network access (ZTNA) enforces “least privilege” access to private apps. With ZTNA, employees can only access the parts of the network they need to do their jobs. ZTNA uses a matrix of user identity, location, time of day, service type, and device security posture to determine the appropriate level of access.

‍

Learn how Lookout leverages SSE

Over years of evolution, SSE has become a critical component of enterprise cybersecurity. With it, employees can safely share information and collaborate across any distance. If you’re ready to see SSE technology in action, Lookout is here to help. You can try out the Lookout SSE platform for yourself in one of our free, weekly hands-on sessions. Click here to register.