IT and information security professionals have been bombarded with new terms and acronyms lately, and secure service edge (SSE) is the latest addition. As with all novel concepts, some are touting it as the ultimate solution to all cybersecurity problems, while others remain apprehensive. At its heart, SSE is secure access service edge (SASE) minus the “A”.
While SASE converged networking and security into a single cloud service, SSE only converges security functions, like secure web gateway (SWG), cloud access security broker (CASB), data loss prevention (DLP) and zero trust network access (ZTNA). It takes the connectivity factor — the SD-WAN and other networking functions — out of the equation, offering convergence at a different level than SASE.
So, is it the right choice for organizations struggling with all the point solutions that the “a solution for a problem” paradigm introduced? Or is it just a compromise that fails to capture the true value of deeper convergence? It’s actually a bit of both. Achieving SSE success comes down to asking the right questions and focusing on the long-term goals and objectives.
Convergence: How much is needed?
The infrastructure business in enterprises has evolved over the years by creating a solution for every emerging problem. And after 30 years of that process, organizations now struggle to integrate and manage all their point solutions due to complexity and the lack of resources. Gartner sought to solve this problem with SASE by converging the endless networking and security point solutions to one cloud platform. Since many organizations were not ready to cross the networking and security domains which are traditionally handled differently, Gartner introduced a smaller step — SSE. So, now there is SWG, CASB and ZTNA converged into a single platform. Ideally, organizations now have to manage one security solution instead of three.
However, SSE does not address the problem of properly connecting the sites to the internet and to the SSE service itself. Customer organizations must deploy other solutions for connecting their branches and data centers to the SSE service. At first glance, it seems like managing two components instead of one, which isn’t bad considering how many point solutions organizations previously owned. However, the “A” in SASE is much more than an SD-WAN. It also includes WAN optimization and other networking functions that SSE doesn’t cover. Additionally, SSEs are focused on cloud traffic and offer workarounds to secure access to legacy applications. Eventually, organizations will need other point solutions to secure the traffic escaping their SSE deployments.
Organizations must consider how much convergence a specific SSE implementation really offers. They must evaluate if they have successfully covered their bases for handling all their traffic across all applications and if they need more point solutions to cover the blind spots left behind when combining the two segregated components — SD-WAN and SSE.
SASE vs. SSE: Is the “A” dispensable?
Once again, SSE doesn’t provide connectivity between sites. That means organizations must consider their connectivity needs and challenges before taking the SSE plunge. In some situations, “A” could be dispensable, albeit temporarily. For instance, an organization that has recently deployed SD-WAN across all sites wouldn’t want to let go of its heavy investment right away. Still, it can deploy SSE on top of its existing SD-WAN deployment to reduce some of the complexity on the security side. In this case, SSE could be the first step towards complete convergence, given that the SSE vendor they choose is able to expand and take over the SD-WAN layer at some point in the future.
Similarly, organizations with extremely siloed networking and security teams and departments would also incline more toward SSE. While SSE will fit into their existing culture without challenging the proverbial Chinese wall, it will inevitably lead to fragmented vision and visibility gaps. Organizations will lose the contextual awareness that can be achieved by correlating real-time security events with historical networking data.
Digital transformation: Where does it end?
Digital transformation is a journey, and SSE could be an achievable first step toward security-driven transformation and complete convergence. SSE can become a tactical decision for organizations that are not prepared to touch their network just yet. It can help them make some progress in streamlining and improving their security posture while the networking team functions as usual. However, the end goal should be to bring together both teams and combine their functions and operations into a SASE deployment.
Full convergence across the board with SASE will be inevitable for most SSE deployments. So, it’s important that when organizations implement SSE, they choose an architecture with the capability to support all the pieces, the SSE and the SD-WAN, as a single platform but with the flexibility to deploy these components in phases.
The future belongs to converged, as-a-service deployments
SSE changes the dynamic of owning, maintaining and optimizing security infrastructure. It shifts the load from IT to the cloud service providers, and this is a significant trend that organizations cannot ignore for long. That’s why Gartner predicts that by 2025, over 60% of companies will either be well underway to SASE or SSE or at least have a plan to get there.
As contractual agreements end, renewal points are a good place to start rethinking how organizations consume networking and security solutions and services. SSE is a viable alternative for companies that cannot change or do not want to change their network infrastructure just yet. Still, they must be mindful of their ability to expand and include SD-WAN down the road.