SSE leaves the network world behind

08 September 2022

Nathan Howe, VP of emerging technology at Zscaler

Nathan Howe, VP of emerging technology at Zscaler

The meteorite impact on Earth millions of years ago ensured that the Earth’s surface would never be the same again, leading to the extinction of the dinosaurs. A parallel between how dramatic external events can cause fundamental long-term change in environmental conditions can be observed today in the world of IT.

While IT modernisations had already been initiated with many organisations moving applications to the cloud, the pandemic has proven to be a widespread impetus for change. In a previously unforeseen way, companies worldwide were forced to transform their IT landscapes to adapt to the new and evolving conditions, at an unprecedented speed. But which of the traditional infrastructures will sooner or later be left behind in the post-COVID era?

In recognition of the universal upheaval organisations face, Gartner is helping to set the course for the reorganisation of IT infrastructure with its new security pillar, the Security Service Edge (SSE) of the SASE framework. The new model, with its unifying of safety parameters as a service function, represents the natural evolution of the SASE framework. By eliminating the “A” for access the decreasing importance of the security stack at the network perimeter, which previously regulated the access authorisations to the corporate network and thus ensured IT security within the sealed borders, becomes clear. Today, the network itself is no longer regarded as part of the security control body, but only as a means of transporting data streams towards a new security model.

The traditional network is losing importance

In this way, SSE reflects the circumstances that companies have contended with over the past two years. Employees have left the secure network and access their applications from a variety of new working environments – in many cases, this is due to imposed contact restrictions. For a decade now, applications have found a home in cloud environments, further reducing the importance of the data centre. Driven by the pandemic, however, even those previously reluctant have made their way to the cloud. But if there are neither applications nor employees within the corporate network, what sense does a security stack at the network edge make? The answer to the reorientation of the security infrastructure is the Security Service Edge.

In modern working environments, securing the direct path from users to their applications plays the decisive role—without the intermediate step of a network perimeter. And it is precisely this core idea that a Security Service Edge approach revolves around, with zero trust being the cornerstone of implementation. If a user needs access to an application or a service, this access must be defined in a role-based manner and continuously monitored. Regardless of where the applications are stored, security must work in line between the user and application. A cloud function provides this control authority and offers the necessary agility and flexibility for a wide variety of application scenarios.

In a Security Service Edge deployment, users are no longer tied to a network for access to applications, but instead gain universal access based on their identity, regardless of location. The least-privileged access concept shows its strengths in all modules of the SSE and also accordingly forms the basis for cloud access security broker (CASB) or data loss prevention (DLP). Crucially, the focus is always on policy-based access rights, whether for access to permitted applications or web services, or at the level of individual documents.

Universal access for future scenarios

To keep up with these changes, IT departments must consistently select the right tool for each task. When it comes to IT security, this means that they must step away from network appliances as gatekeepers for security tasks and follow a new approach with SSE that switches security directly between user and application or service. At the same time, IT departments are paving the way for companies to take the next steps towards digitisation. Zero trust is an ideal architecture not only for user access authorisations, but for devices or workloads as well.

With applications that are outsourced to the edge or internet of things (IoT) and operational technology (OT), the next digital applications that need to be secured are in the starting blocks. Then the cloud will not be the only connective tissue for access, but the internet or, or even the latest wireless standard, 5G, will be included. 5G already enables completely new application scenarios beyond the traditional network, whose data transmission and access authorisations should also be secured.

The traditional network has been completely and permanently transformed. As companies realise the full potential of the cloud to secure users, applications, and devices, SSE provides a forward-looking framework that can help guide them in this journey. Essentially, organisations that consider an SSE solution can ensure that they rely on a future-proof and portable approach that supports the requirements of a cloud-first working environment.