Cloud SecuritySoftware Defined WAN (SD-WAN)Network SecuritySASECloudNetworkingSecurity
Article6 minute read

Security Service Edge (SSE): What Happened to the "A" in SASE?

Understand the SSE in SASE. Here's a high-level overview of Gartner's updated terminology.

In this article

  1. SASE today
  2. What is SSE?
  3. SSE vs. SASE: Same Family, Different Flavors
  4. What's Fueling the Rise of SSE and SASE?
  5. How does SSE integrate with enterprise security? 
  6. Conclusion 

 SASE today

Before we can dive into security service edge (SSE), we first need to go down memory lane with secure access service edge (SASE).

SASE has rapidly become an architecture that's top of mind for the IT community and not just because it's a fun term to say. SASE gives your business peace of mind by knowing that you are providing optimal and secure edge-to-cloud connectivity. In fact, many SASE and SSE vendors are quickly expanding their offerings to provide single vendor and unified solutions. 

Prior to SASE's rise in popularity, many organizations had already embarked on their transition from a traditional data center design that is centralized to a cloud-centric design by implementing solutions like software-defined wide area network (SD-WAN). However, security teams were still unable to achieve the following that SASE solves for:

  • Network and security visibility
  • Centralized security policy
  • Secure, consistent access to internal resources while minimizing latency
  • A cohesive user experience regardless of physical location and identity context

 What is SSE?

I know what you're thinking, "My organization just started on our SASE journey and now there's a new breakout term called SSE?!" 

Don't panic. Simply think of SSE as the unified security services slice of the SASE pizza. Gartner coined the term SSE in its 2021 Strategic Roadmap for SASE Convergence. The firm's intent was to develop a path for organizations struggling to bridge the gap between their cloud security design and WAN service edge design.

SASE Architecture

Imagine this... You're planning a pizza party for your network and security teams. You've got your eyes on one glorious extra large pie called the SASE pizza. But here's the catch: the network team is all about classic cheese, while the security team won't settle for anything less than pepperoni. Budget only allows one pizza, so what's the move? Easy, go half-and-half!

Okay, yes, it's a bit of a cheesy analogy (pun fully intended), and yes, it might sound like a dad joke, but stick with us.

The point is, you don't have to go all in on SASE right away. You can start by savoring the SSE (security side) of the pizza, think of it as your first slice. Then, when you're ready, come back for the rest and enjoy the full SASE experience (maybe even as a midnight snack).

This gives IT leadership the ability to begin their digital transformation, even if the network team and security team are not aligned for a full SASE solution. However, once the network and security toppings are ready to be put on the SASE pizza, the oven is hot and ready to bake the perfect half-and-half pizza.

Simply put, SSE is the security stack of a full SASE architecture.

 SSE vs. SASE: Same Family, Different Flavors

Starting to get the hang of all these acronyms?  Let's take it a step further by breaking down where SSE and SASE overlap, and where they each bring something unique to the table.

Just like SASE, SSE brings:

  • Robust threat protection
  • Strong data security controls
  • Starts a Zero Trust journey with Zero Trust Network Access (ZTNA)
  • Centralized policy management and visibility
  • A secure, consistent user experience (no matter where users connect from)

But here's where SSE starts to chart its own course:

  • User experience may vary depending on network performance and latency
  • Some SSE vendors are beefing up their networking game but to achieve a complete SASE strategy, you'll either need to integrate with a third-party SD-WAN or explore whether your SSE provider offers a truly unified SASE platform

Think of it as the difference between ordering à la carte and going for the full combo meal. Both get the job done, but one might save you a few extra steps (and dishes).

 What's Fueling the Rise of SSE and SASE?

Organizations are leaning into SSE/SASE for two big, and relatable reasons.

First up: the cloud boom.
As more apps like Office 365, Salesforce, and others moved to the cloud, IT teams needed a way for branch and remote users to securely connect without the dreaded lag. Traditional methods like routing traffic through a centralized VPN or firewall were slowing things down. Imagine forcing every user to take the scenic route just to get to a cloud app sitting a few digital blocks away.

SSE/SASE flips that script. By delivering security services at the cloud edge, users can access cloud applications directly over the internet securely and swiftly.

And then came the curveball: COVID-19.
Practically overnight, remote work wasn't a perk it was the norm. Suddenly, the need to deliver consistent, secure access whether someone was on the couch, at a branch site, or back on campus became top priority.

That's where SSE shines. With policies that follow the user, security becomes seamless and scalable. This has been a win for users and a huge sigh of relief for IT.

 How does SSE integrate with enterprise security? 

Traditionally, IT departments have maintained rigid access methods for remote users through network access control (NAC) or VPN solutions. However, now that we've prioritized delivering the same experience to remote users as those onsite, these solutions begin to fall short. 

SSE/SASE can further identity with context, which in turn can help organizations implement zero trust.

One of the great things about SSE is that it allows for the concept of identity with context. IT can use SSE to grant access to resources based on traditional authentication elements like username and password, but it also allows IT to grant access on far more characteristics, such as user location, device location, security posture and time of day. 

Using SSE for identity with context leads to logical boundaries for precise, least-privilege access. In turn, it can accelerate an organization's path to zero trust by providing an easier way to validate initial access to the network as well as an easier way to repeatedly validate network connections.

 Conclusion 

While the change in terminology might be frustrating, remember that SSE is a good thing. Adopting a full SASE architecture won't be the right path for every organization. Instead, use SSE to incrementally move toward a unified experience for network and security services. Plus, realize tangible security benefits along the way.

Figuring out how your organization should approach SASE is hard. Schedule a briefing with one of our experts to jump-start your journey. 

This article was originally published in 2022 and has been updated with new information.

Hear directly from an SSE Expert
Watch Event