Sundaram Lakshmanan, CTO of SASE Products at Lookout, explains what SSE is, its three core principles and how it differs from SASE, as well as how enterprises can get the most out of SSE with the integration of endpoint security, and advanced users and data protection capabilities.
To run an efficient business that enables your employees to work from anywhere, it has become nearly impossible to not be using cloud technology. Whether it’s Software-as-a-Service (SaaS) applications like Microsoft 365, Salesforce, Google Workplace, Servicenow and Slack or Infrastructure-as-a-Service (IaaS) such as Amazon Web Services, Azure and Google Cloud Platform, most organisations now have dozens of apps that employees are connecting to and sharing sensitive data with.
To protect data while enabling work-from-anywhere initiatives, a new security framework has evolved, from the convergence and consolidation of cloud-delivered network security functions into one platform, known as Security Service Edge (SSE).
If we look back just a decade, many organisations were reluctant to adopt cloud technology with the fear that perimeter controls were being relinquished. Over time, with technological advancements and increased awareness of the benefits of cloud, this sentiment was overtaken by the push towards digitalisation.
Yet, since then, it has been demonstrated that increased cloud connectivity creates additional challenges for traditional security strategies. To satisfy new data protection requirements, organisations must leverage the cloud for security, just as they have done for operations. Security technologies that used to reside on-premises, must converge in the cloud.
SASE and SSE education
When the term SASE was first coined by Gartner in 2019, many enterprises were having difficulties meeting the security requirements of a cloud-driven world, which was further amplified during the pandemic. Organisations needed to support a work-from-anywhere workforce to maintain business operations and overall productivity. With data and apps residing in the cloud, and users connecting from anywhere, organisations were no longer able to rely on traditional security perimeters for gaining visibility and control over their data.
SASE – a framework which combines Networking-as-a-Service (NaaS) and Security-as-a-Service (SaaS) technology into one seamless architecture – looks to address that. This approach incorporates Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) and Zero Trust Network Access (ZTNA), to secure access to Internet, cloud services and private apps while enabling seamless connectivity to these destinations via local direct-to-Internet breakouts with software-defined wide area network (SD-WAN), further simplifying the enterprise network architecture. The motivation behind SASE was to enable intelligent Zero Trust access that protects data from anywhere without hindering productivity.
Many organisations, having come to a realisation that their current security tools are ineffective in supporting the newer work-from-anywhere use cases, have started consolidating their security tech stack by selecting cloud-delivered solutions from fewer vendors. While security services have begun to converge, most still have not consolidated networking and security services from a single security vendor. Rightfully so, enterprises favour the best of breed technologies when given a choice. To keep up with these market trends, in 2021, Gartner created the SSE framework which concentrates only on the security capabilities of SASE.
What is SSE?
SSE at its core is designed to protect data and reduce risk through a single platform that combines access control, threat protection, data security, security monitoring and acceptable use control functionality. Security teams are often underfunded, mentally drained and lack the necessary resources to monitor every data movement, apps or endpoint usage or user behaviour. By following the SSE framework, security teams will effectively support work-from-anywhere while protecting data.
Furthermore, with more nations adopting data privacy and data security laws like GDPR and CCPA, the need for SSE is only going to increase. The best SSE platforms need to provide integrated data protection capabilities that allow organisations to focus on their business operations and productivity.
SSE and data protection
Data no longer resides within the traditional perimeter, so having security in layers to follow and protect it is essential. When choosing an SSE platform, ensure it incorporates the best-in-class endpoint security, and advanced users and data protection capabilities. In particular, look out for the following:
- Harness User Entity and Behaviour Analytics (UEBA) – This is the understanding of malicious behaviour, whether it’s a hacker that is exploiting a compromised credential, an insider that is accidentally sharing content with wrong parties, or an insider that has become a threat to the organisation, within the system.
- Data Loss and Prevention (DLP) – Must be native to any SSE platform as it enables security teams, and the organisation as a whole, to understand what kind of data is being stored across all architectures: on-premises and on cloud apps. It can also enforce restrictions, redact or watermark data.
- Enterprise Digital Rights Management (EDRM) – The last critical layer is automating encryption. If any organisation has policies to proactively encrypt data that they know is sensitive and needs to be restricted no matter what, then it is very difficult for insiders or compromised accounts to steal this information as they don’t have authority to decrypt.
Ultimately, the way we work has changed and the Digital Transformation and public cloud movement has impacted the way business is conducted. For many, hybrid working is now permanent, as is the transformation to the way enterprises think about productivity and business operations. Security has to evolve to ensure data is protected.
Currently, many organisations still rely on network-centric access technologies to enable remote work. But by giving users infrastructure-wide access creates risks of insiders or compromised accounts moving laterally within your organisation. Access should not be black or white, instead it should be a gradient done with full insight into your endpoints, users, apps and data.
Understand, the cloud-first work-from-anywhere world is here to stay and to overcome the many threat vectors, organisations must invest in the necessary tools and frameworks, such as SSE and SASE, to provide security that protects data from anywhere.