What is Security Service Edge (SSE)? SASE vs SSE vs VPN

there was a time when vpns or virtual

private networks made sense as a way for

remote users to access corporate

resources you see for a long time

applications and services the remote

users needed were located behind private

networks or data centers a vpn would act

as a head-end or connectivity point into

those resources located in the private

network however today's organizations

look quite different with more and more

sas and cloud-based services being

accessed directly from the internet as

opposed to private networks a recent

report by netskope found that the

average enterprise has around 1 000 sas

application these applications are

highly distributed and designed to be

accessed directly by the user based on

their geo-location

suddenly backhauling user traffic into a

central location no longer made sense

this extra hop and central termination

point introduced higher latency longer

round trip times and bottlenecks that

needed to be addressed all the while

reducing performance and increasing

costs due to the equipment requirements

that were needed in order to keep up

with the demand

this explosion of sas and cloud-based

services meant that a central network

and security point was no longer viable

even before covid modern organizations

were already moving toward more and more

remote workforce users and applications

are highly distributed and for the best

user experience users should be

accessing these sas applications

directly while still maintaining their

security policies and inspections from

wherever they're connecting from

secure access service edge or sassy aims

to solve this problem by providing

security and network services in

distributed pop locations you see sassy

vendors have a very large global

presence with pop locations hosted in

multiple regions

they would then partner with tier 1

backbone providers like at t or verizon

to have preferred direct access to

nearly any point on the internet that

they needed to get to

users would then connect into their

nearest pop location which then routes

them out to the sas application or

private resource depending on where

their traffic is going security was

enforced wherever the user connects in

from whether that be europe in the

morning and california in the evening in

a previous video i detailed the

components and use cases for sassy which

could be categorized into these four

core requirements secure web gateway

which connected and secured remote

employees to their sassy cloud or

internet services according to gartner

it also must include at a minimum url

filtering malicious code detection and

blocking application identification and

control and almost always will include

some type of firewall service

cloud access security brokers or casbi

this provides a granular access control

and security to sas applications like

office 365 and salesforce xero trust

network access or ztna this connects

users to private resources in a

corporate network or data center and

finally there was sd-wan this was a when

and device that connected corporate

locations like a branch site or

headquarter to a public or private land

provider and made intelligent steering

decision based off of multiple paths to

the destination

for sd-wan vendors without built-in

security like silver peak or velocloud

the integration meant that it could

offload those services to the nearest

sassy pop for inspection sassy itself is

not a technology but rather a package of

four different services that were

brought together under a single or at

most two-vendor solution to provide a

single place to control access and

policies across all four of these

services

garner predicts that by 2025 over 60

percent of enterprises will have

strategies and a timeline to migrate to

sassy and while this is a booming market

the consolidated vision and integration

of security and network into a single or

dual vendor solution has left a lot to

be desired as we just reviewed sassy is

made up of four technologies secure web

gateway casby ztna and sd-wan

and in order to accomplish a sassy

vision security providers like z-scaler

and netskope needed to team up with

sd-wan vendors like velocloud or viptela

in practical terms the integration

between security and network vendors has

not only proven to be very difficult but

it's also provided users with few

options in choosing the best of breed if

you wanted security services of z-scaler

but the networking services of viptela

you may not have all the integration

that you really needed in order to

accomplish the sassy vision and in a

post-covered world you may not even have

a need for sd-wan in the first place

this is why a completely new category

altogether was form that defines the

security services of sassy without the

networking requirements

security service edge or sse was

announced by gartner in 2021 to include

only those security components of sassy

that is secure web gateway casby and

ztna the difference between sassy and

sse is assassins c does not include the

network components of sd-wan or the

optional services like wireless lan

in other words networking has been

completely removed just like sassy

however sse also includes the optional

security components of dlp sandboxing

knack or network access control and some

others however it aims at focusing only

on the security aspects without any of

the networking requirements

this makes ssc an ideal solution for

organizations that don't need sd-wan or

want to choose a best-of-breed approach

in choosing an sd-wan and security

vendor

ultimately sse is a component of sas

people without sd-wan and depending on

your organization they both aim to solve

the problem of providing work from

anywhere security and network access

without any of the restrictions or

constraints of the central termination

point brought on by a vpn

the decision on whether to choose sassy

or sse really comes down to whether or

not you have on-premise connectivity

requirements in this post-covet world

where organizations slowly start to move

back to the office or have a hybrid

approach sassy provides a way for

offices to enforce consistent security

anywhere the users are whether they're

working from anywhere or back at the

branch office for organizations that are

100 remote or do not need sd-wan ssc may

be the right solution for you

this wraps up another video of the cso

perspective and i hope you found it

informative please don't forget to hit

like down below to give me a boost in

the youtube algorithm consider

subscribing if you want to stay on top

of our latest releases here at the cso

perspective my name is andy and i'll see

you on the next video