SASE without the A: What is Security Service Edge?

May 19, 2022 Mike Frane 3 min
Adoption of SASE has been a logical evolution for teams migrating from legacy networking and security technologies. But there's a new term on the block: Security Service Edge. How does it differ from SASE, and is it right for your organization?

Secure Access Service Edge—best known as SASE—has garnered a lot of attention in a short period of time since Gartner coined the term in 2019. This comprehensive, cloud-native framework delivers the convergence of cloud-based networking and security services, and provides hybrid and remote workers with comprehensive, secure access to designated company applications and resources while offering a much simpler connectivity model for cloud-first enterprises, with security functions wherever they’re needed.

Just as the industry has started to digest the meaning and importance of SASE, a new entrée has been brought to the table: Security Service Edge—in other words, SASE without the “A.” IT and business leaders are left wondering what this is,  how it differs from SASE and what the right architecture is for their organization’s needs.

What is Security Service Edge (SSE)?

SSE technologies allow organizations to support users anywhere and anytime by using a cloud-centric approach to enforce security policies. According to Gartner, “SSE secures access to the web, cloud services and private applications. Capabilities include access control, threat protection, data security, security monitoring and acceptable use control, all enforced by network- and API-based integration.”

SSE is designed to reduce complexity and improve user experience by consolidating disparate security capabilities into one a unified service framework. Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall as a Service (FWaaS) and other security technologies are all necessary components of a complete SSE offering.

SSE vs. SASE: Tomato, tomahto?

SSE is the half of SASE that is focused on the security capabilities, leaving out the networking convergence piece that makes up the other half (SD-WAN). Yet the argument for SSE is more or less the same as it is for SASE. Both SSE and SASE enable enterprises to reduce complexity, costs and the total number of vendors that are required. They’re both identity-driven, dependent on a zero-trust model that restricts user access to permitted resources. For these reasons, SSE and SASE address similar issues.

What really emphasizes the need for SSE, or its holistic predecessor SASE, is that the global cybersecurity market is projected to grow from $155.83 billion this year to $376.32 billion by 2029, exhibiting a CAGR of 13.4%. The growing importance of SSE is a constant reminder to how much the cybersecurity market has expanded and will continue to evolve.

Same, same, but different

SSE consolidates all of the security capabilities without addressing the networking component that is so vital to a complete SASE framework. Software-Defined Wide-Area Network (SD-WAN) fills in the role of “A” (Access) in SASE, offering the most agile, cost-efficient way to ensure flexible, secure and affordable bandwidth to complement the security components.

Without the “A,” enterprises lose the ability to prioritize application traffic and optimize network performance that—when combined with SSE—creates the optimal and secure network and application performance while also addressing compliance requirements.

Bringing networking and security together is more than another “nice-to-have.” In today’s modern landscape, it’s essential for organizations to secure their offices, remote users and cloud applications without compromising the user experience. Moreover, SASE unifies networking and security into a fully converged and cloud-native service provided by one vendor.

In doing so, SASE provides a synchronized and single view and complete control into network and security policies—especially since the framework is managed by one managed service provider.

What’s right for you?

The rise of cloud adoption and the shift to work-from-anywhere has demanded a great deal of change from IT teams, especially since more users, devices and resources now exist outside an enterprise’s traditional network. Connecting and protecting cloud resources and remote and hybrid users require significantly more advanced security and networking capabilities that legacy technologies can no longer support.

Most organizations today need what SSE provides: a framework of security solutions that can defend a remote or hybrid workforce from malicious activities through the deployment of a zero-trust model. Yet it’s often more effective for business and IT leaders to consider SASE for its future-proofed network connectivity capabilities that are fully integrated with security.

Curious about all the ways your organization could benefit from a SASE solution? Answers are only one click away.

Learn more
Key Takeaway
SASE is the total blueprint for integrated networking and security, while SSE is a subset of overall requirements focused on several key security-related components.

Banks and credit unions need the cloud. Here's why