[German]Recently I came across a piece of information from security vendor Lookout about the future of cloud security and the term SSE. Sundaram Lakshmanan, CTO of SASE Products at Lookout, explains what SSE is. And he describes the three core SSE principles and how it differs from SASE (Secure Access Service Edge). He also explains how organizations can get the most value from SSE by integrating endpoint security with advanced user and privacy features. I found this quite fascinating, so I'll post the text for interested blog readers.
Advertising
To run an efficient business where employees can work from anywhere, it has become almost impossible not to use cloud technology. Whether it's software-as-a-service (SaaS) applications like Microsoft 365, Salesforce, Google Workplace, Servicenow and Slack, or infrastructure-as-a-service (IaaS) like Amazon Web Services, Azure and Google Cloud Platform: Most organizations now have dozens of applications that employees use to connect and share sensitive data.
Security Service Edge (SSE)
To protect data while enabling location agnostic initiatives, a new security framework has emerged consisting of the convergence and consolidation of cloud-based network security capabilities into a platform known as Security Service Edge (SSE).
Just a decade ago, many enterprises were hesitant to adopt cloud technologies because they feared they would have to give up monitoring of the network perimeter and lose control of security. Over time, as technology advanced and awareness of the benefits of the cloud grew, this thinking proved to be outdated as digital transformation progressed.
Since then, however, it has become apparent that increasing cloud connectivity presents additional challenges for traditional security strategies. To meet new data protection requirements, organizations must leverage the cloud for security, just as they have for operations. Security technologies that were previously deployed on-premises will be brought together in the cloud.
Differentiation between SASE and SSE
Advertising
When the term SASE was coined by Gartner in 2019, many organizations were struggling to meet the security requirements of a cloud-driven world, a situation exacerbated by the pandemic. Companies needed to support a location-independent workforce to maintain business operations and overall productivity. With data and applications residing in the cloud and users connecting from anywhere, they could no longer rely on traditional security perimeters to gain visibility and control over their data.
SASE, a framework that combines Networking-as-a-Service (NaaS) and Security-as-a-Service (SaaS) technology in a seamless architecture, sought to solve this problem. This approach includes Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) and Zero Trust Network Access (ZTNA) to secure access to the Internet, cloud services and private applications while providing seamless connectivity to these destinations via local direct-to-Internet breakouts with Software-Defined Wide Area Network (SD-WAN), further simplifying the enterprise network architecture. The motivation behind SASE was to enable intelligent zero-trust access that protects data from anywhere without compromising productivity.
Many organizations have realized that their current security tools do not support the newer use cases of location-independent working. They have begun to consolidate their security technologies by selecting cloud solutions from a few vendors. While security services are gradually converging, most enterprises have not yet consolidated their network and security services from a single vendor. When given a choice, enterprises rightly prefer the best-of-breed technologies. To keep pace with these market trends, Gartner has developed the SSE framework in 2021, which focuses exclusively on SASE security capabilities.
What is SSE?
SSE is designed to protect data and reduce risk through a single platform that combines access control, threat protection, data security, security monitoring, and acceptable use controls. Security teams are often underfunded, feel stretched thin and lack the resources to monitor every data movement, application, endpoint usage and user behavior. By adhering to the SSE framework, security teams can effectively support work from anywhere while protecting data.
As more countries implement privacy and data security laws such as the GDPR and CCPA, the need for SSE will continue to grow. Solid SSE platforms must provide integrated data protection capabilities that allow organizations to focus on their business operations and productivity.
SSE and data protection
Data is no longer within traditional boundaries, so a security layer that tracks and protects it is essential. Therefore, when selecting an SSE platform, it is important to ensure that it provides effective endpoint security as well as advanced user and data protection capabilities. In particular, the following points are important:
- User Entity and Behaviour Analytics (UEBA): This is the understanding of malicious behavior within the system, whether it is a hacker exploiting a compromised credential, an insider inadvertently sharing content with the wrong parties, or an insider who has become a threat to the organization.
- Data Loss and Prevention (DLP): Must be included in every SSE platform as it allows security teams and the enterprise as a whole to understand what type of data is being stored across all architectures: On-premises and in cloud applications. DLP can also enforce restrictions, black out or watermark data.
- Enterprise Digital Rights Management (EDRM): The last important layer is encryption automation. If an organization has policies in place to proactively encrypt data that it knows is sensitive and must be restricted at all costs, then it is very difficult for insiders or compromised accounts to steal that information because they have no authority to decrypt it.
Ultimately, the way employees work has changed. Digital transformation and the trend toward the public cloud have impacted the way business is conducted. For many organizations, hybrid working is now an integral part, in the way they think about productivity and business processes. Security must evolve to ensure data is protected.
Currently, many organizations still rely on network-centric access technologies to enable remote work. However, when users are given infrastructure-wide access, there is a risk of insiders or compromised accounts moving laterally within the organization. Access should not be black or white, but a gradation that occurs with complete visibility into your endpoints, users, applications and data. To overcome the many threat vectors, organizations must invest in the necessary tools and frameworks, such as SSE and SASE, to provide security that protects data from anywhere.
Lookout is a provider of integrated endpoint-to-cloud security. The text was provided to me by the vendor, but it is not a sponsored post.
