Argh! there are acronyms everywhere in the I.T world and knowing what each means can become a headache. Two acronyms that are being used a lot more since the Covid 19 epidemic hit are SASE and SSE and the two of them are creating some confusion amongst most I.T professionals. Most network and security professionals are familiar with Secure Access Service Edge (SASE), but Secure Service Edge (SSE) is also used in the same realm and it is important to differentiate between them. In this article, we’ll explore SASE vs SSE further, defining the key differences between both terms.
What is SASE?
The ongoing coronavirus pandemic has created a demand for the modern workforce to become increasingly distributed. It has forced companies worldwide to accommodate off-site staff and remote work. Cloud, SaaS, and edge offerings emerged to create a hybrid infrastructure, as everything moved from being centralized to highly distributed. With users, services, applications, and end-user devices existing virtually everywhere, organizations need a means of connecting them both effectively and securely, ensuring a productive user experience while keeping data safe and threats like ransomware at bay. Secure Access Service Edge (SASE) is a cloud-delivered concept that provides the perfect solution, combining network and security functions with WAN capabilities to support the dynamic, secure access needs of today’s hybrid organizations. Conceptually, SASE extends networking and security capabilities beyond where they’re typically available.
Secure Access Service Edge comprises the following core service –
- Firewall as a service (FWaaS)
- Secure web gateway (SWG)
- Zero-trust network access (ZTNA)
- Cloud access security broker (CASB)
- Software-defined wide area network (SD-WAN)
What is SSE?
Security service edge (SSE), as defined by Gartner, is a convergence of cloud-centric security capabilities to facilitate secure access to the web, cloud services, and private applications. SSE can be considered a subset of the secure access service edge (SASE) framework with its architecture squarely focused on security services without the network services such as SD-WAN and sometimes also the Firewall as a service.
The secure service edge comprises three core services:
- Secure access to the internet and web by way of a secure web gateway (SWG)
- Secure access to SaaS and cloud apps via a cloud access security broker (CASB)
- Secure remote access to private apps through zero-trust network access (ZTNA)
What’s the difference?
While the security access service edge, or SASE, describes an architecture framework that consolidates networking and security delivered as a unified service from the cloud, SSE describes the security-as-a-service portion of this framework, leaving out the networking-as-a-service part.
You can look at a SASE platform basically split into two core pieces – the SSE piece and the Networking WAN edge piece. The SSE piece focuses on unifying all security services, including SWG, CASB, and ZTNA. The other, the WAN edge piece, focuses on networking services, including software-defined wide-area networking (SD-WAN), WAN optimization, quality of service (QoS), and other means of improving routing to cloud apps.
Why the Separation?
The modern remote workforce needs remote access to cloud services and private applications but to do this there is usually a need for VPN technology. Providing secure access to private and cloud apps without needing to open firewall ACLs or expose apps to the internet is key. Enabling access to applications, data, and content without enabling access to the network is a critical piece of zero trust access because it eliminates the security ramifications of placing the user on a flat network.
This new acronym reflects the observation that while organizations are looking to consolidate and simplify their network security for remote and hybrid workers, some prefer a best-of-breed dual-vendor approach with separate solutions for networking-as-service and security-as-a-service.
Most organizations today need what SSE provides: a suite of controls that can shield a remote workforce from malicious activities through the deployment of a zero-trust model governing access control and monitoring, browser and cloud services security, and data protection. Many providers offer both SASE and SSE, with SSE available through a licensing model that enables an organization to upgrade to SASE if appropriate.