What’s The Difference Between SSE And SASE?

In its latest Hype Cycle for Cloud Security, Gartner introduced a new technology: SSE (Security Service Edge). SASE (Secure Access Service Edge) also remains part of the hype cycle. In this blog we’ll dive into what SSE is, examine how it’s connected to SASE, and reveal where and how ZTNA comes into play.

What is SSE?

SSE is a single set of cloud-centric security controls that secure access to the web and also to services and applications. These services and apps could be private or in the cloud. SSE’s capabilities include access control, monitoring, data control, threat protection and use control. It is intended to reduce complexity for security teams and employees by providing a single product for security with an optimized user experience.

What Technologies are Included in SSE?

SSE includes the following capabilities:

• ZTNA (Zero Trust Network Access) – A novel security model based on the principle of least privilege, which continuously authorizes users and devices before providing them with access to services and applications. 

• SWG (Secure Web Gateway) – A component for protecting users from web-based threats through filtering and enforcing policies.

• CASB (Cloud Access Security Broker) – Software for enforcing security policies in the cloud.

• FWaaS (Firewall as a Service) –  A cloud firewall.

What is SASE?

SASE, also a Gartner-coined term, refers to the convergence of both security control and network controls into a single, cloud-based platform. SASE provides a solution for both security and IT teams, to provide complete optimized and secure connectivity from anywhere. In other words, it’s SSE with the convergence of network capabilities as well.

If We Have SASE, Why Do We Need SSE?

In modern architectures, network and security are closely related. Digital transformation and the adoption of cloud infrastructure have made secure access to cloud applications and data centers the cornerstone of business connectivity. However, in many companies, IT and security teams are still siloed and have different requirements and priorities.

SSE enables security teams to modernize their stack and services, separately from the IT and infrastructure teams. As a result, they are able to reduce the attack surface while still relying on network services like SD-WAN or the global internet. When IT teams are ready to move to SASE, SSE will evolve with them to SASE.

How is ZTNA Related to SSE and SASE?

Zero trust supports both SSE and SASE by ensuring users gain continuous and secure access to organizational applications, assets and the web. Zero trust can provide secure access across any network topology (SD-WAN, VPN, the public internet, SASE, or others) and connect remote employees, third parties, supply chain vendors, data centers and more. This is because zero trust moves defenses from network-based parameters to identity-based parameters and validates access regardless of the network origin. So whether you have SSE or SASE, ZTNA is the most secure model for your organization.