In any case, enabling a modern workplace means rethinking connectivity. 

The amount of data has grown by 100% over the last two years alone. And, due to mobility, and to cloud adoption, networks are no longer controlled by IT. They are controlled by the SaaS vendor, or the IaaS platform. Or, in the case of home networks, the employees themselves. While the notion of “network security” is becoming obsolete, the Internet is quickly becoming the new corporate network. The question now becomes “How do you securely connect people, apps, and clouds to business resources, and, over the Internet?”

This has led to the creation of a new product category that Gartner calls Security Service Edge. These integrated, cloud-delivered, security services broker secure connections between authorized users and business resources by using identity and policy. This allows employees to work from anywhere, third-parties to safely access data, and infrastructure to be modernized.

With any new technology comes a host of new questions. SSE is no different. The industry is chock-full of questions like what criteria to look for with SSE, where to begin, what the best practices are for adopting SSE, what are the gotchas, and how to communicate the need for SSE to the business…you get the point.

Introducing the Security Service Edge Forum

In an effort to guide companies, and equip them with the answers they need so that they can effectively transform their businesses, we teamed up with a host of IT leaders to create the Security Services Edge Forum. The Forum’s mission is to explore the value of the security service edge for the modern era of work. IT leaders like Mustapha Kebbeh (CISO at Brinks Security), Tom Parker (CISO at Kayak), Matt McCormack (CISO at GlaxoSmithKline), Diego Souza (CISO at Cummins), and several others will work together to help design the best practices for their peers to follow. In doing so they will inspire other IT leaders to think beyond traditional access solutions, and to embrace modern access services that solve today’s business challenges.

2022 will be the year of SSE, and, according to Gartner, “By 2024, 30% of enterprises will adopt cloud-delivered SWG, CASB, ZTNA and branch office firewall as a service (FWaaS) capabilities from the same vendor.” Because of this we feel it’s our responsibility to help ensure that IT leaders can not only make informed decisions when selecting SSE vendors, but that they can play an active role in its development as well.

After all, the best services are those that are built FOR their customers, WITH their customers.

• Watch this short SSE Forum trailer video
• Learn more about the SSE Forum by visiting www.sseforum.io

The post Meet The Forum That Will Explore The Value of Security Service Edge (SSE) For The Modern Workplace appeared first on Axis Security.

In the video below I demystify SSE. Enjoy.

Over the next few minutes, I’m going to explain what Security Service Edges are, why they’ve been created, and hopefully give you some clarity on how to leverage them for your business in the near future. First, want to think about why any of this matters at all. The biggest causes for this change is the increase in cloud and user mobility over the last few years.

And what good is cloud if you don’t have a secure means providing connectivity to this? At the fundamental basis, Security Service Edge is meant to secure access between authorized users and specific applications that might be in cloud. These could be private apps running in public cloud, private apps running in legacy datacenter, SaaS applications like Microsoft 365 and Salesforce, or even the open internet.

So one thing that many customers need to wrap their heads around, especially if you’re used to the network security world, is, given what’s going on in the space, increased use of cloud mobility– these are networks that organizations don’t control. You don’t control Microsoft 365’s network or AWS or Azure’s network. You don’t control the personal Wi-Fi that a user’s working from home.

How do you do network security in this world? The reality is, you can’t. So the big question here is, how do we secure access to the internet? If that’s the case, how do we use the internet as, essentially, the new corporate network? That’s where this new set of technology really comes into play. Now, before we get into what SSE is, we first need to think about how we got here.

Over the last few years, there have been several technologies that have been introduced– secure web gateways, a key technology, then you had cloud access security brokers. This was all around discovering SaaS applications that were in use, minimizing over privilege and over sharing of cloud resources as well, and more recently, a new technology called zero trust network access, AKA ZTNA. These were developed to secure access to private applications that are often a great alternative to VPN to use for remote employee access, third-party access, accelerating M&A, and a whole host of other key use cases that businesses care about.

Now, what Gartner and other key firms started to realize was that these technologies were starting to converge into a single framework. That framework it’s called Secure Access Service edge, SASE. Well you might be familiar with that SASE term. It’s probably the architecture and marketing buzz term you see at the top of many of these security vendors out here. What Gartner has done over time, though, has looked to develop more intricate definitions for what SASE means. It started as the overall framework and architecture, and the refining is down to two key subsections.

Now, the first is around WAN optimization. So this is where you see tools like SD-WAN, content delivery, et cetera, being focused on. Again, on the network operations perspective. The other piece is what’s called Security Services Edge, and that’s what we’re going to talk about today. This is essentially the set of network security technologies that were traditionally delivered by perimeter-based solutions deployed on-prem.

What’s happening is, these technologies are being moved to cloud. They’re being cloudified, if you will. So now, key technologies like SWG, CASB, and ZTNA are conjoined as a single solution, a single integrated set of security services meant to secure access to business resources. So what does that look like? Here’s a high-level SSE architecture representation. Now, you’ll find right away, this is very different from network connectivity. In many cases, you’ll find that this is not about connecting user to a network at all. It’s about connecting a user, or in some cases, even a server, another application, to a specific application, and only that app.

Now, some of the key differences you’ll find between SSE and traditional network security fall within the actual flow of traffic, and how that traffic is monitored, remediated, et cetera. You’ll see, from the beginning, instead of allowing passthrough connections, like in the case of the network firewall, all traffic is actually first terminated. So you have this termination point, where the user is forwarding traffic up to the SSE service.

SSE services a few different things. Terminates the tunnel. It authenticates the user based on the IP that’s used. Most of these support SAML 2.0, based IDPs, so proctors or Azure IPs, Ping Identities of the world. It then authorizes access based on policies. These policies can take into consideration context like device posture, user location, device type, et cetera. The authorized user can then get access to the application.

Now, instead of trusting them or placing them into the corporate network, for example, in this example I have here, you have SAP running in public cloud. What’s happening is, this outbound connection from that private application to the SSE service, in which case, the brokering between the specific user specific application takes place. Now, this isn’t about listening for inbound ports like a traditional VPN concentrator or DMZ or inbound gateway.

There’s actually no inbound connection at all. So the user connects to the application through outbound connections. These two individual tunnels are actually stitched together in the location that makes the most sense based on the user’s location and the application’s location as well. Now, in this example, I’ve talked about private applications here. But this is just as important and just as useful for accessing private apps in the datacenter, SaaS applications like Microsoft 365, Salesforce, Box, et cetera. Even the internet or safe web browsing as well.

Now, what you want to think about when you have a Security Service Edge service is you want to try to minimize complexity and make managing policies as simple as possible. So having a single pane of glass for that SSE service is important. One place where you can manage access to all your applications for all your users and all your endpoints.

Now, as you could guess, the benefit around Security Services Edge are you’re taking these services, leveraging them through cloud, and extending them as close to the edge– AKA the user’s location– as possible. This is a huge benefit for businesses from not only security perspective, where you can search for SSE services that allow for in-line inspection, and there’s this idea of application access without network access, not having to expose your network to the open internet.

But it’s also huge benefits around user experience and reduction of cost and complexity. From the user experience side, many SSE services offer the ability to have digital experience monitoring built into the platform in itself, to manage hop-by-hop metrics between that user, accessing from home, attempting to get access to Microsoft 365, to determine what are the different hops, where are potential areas of latency, and allow IT operations teams to pinpoint those challenging areas and solve them immediately.

The other piece is around minimizing cost and complexity. Since these are cloud-delivered services, there are no appliances to manage. This is about application-level segmentation, so there’s no network segmentation or ACLs that are based on source IP and destination IP. The goal is fast access, secure access, and scalability. Key to that scalability is making it super easy to set and manage policies as users move between home and the office.

And the beauty of this entire architecture is that this is not just about user applications. You can apply this same concept to server-to-server connections as well, which is really changing the way we look at connectivity today, and this is what securing access to internet looks like in the modern era.

Hopefully this makes sense. There will be more videos down the line around what Security Services Edge is, and some of the key use cases for real-world implementations.

If you are interested in learning more about SSE, feel free to speak with our team here at Axis!

We’d be happy to provide a quick demo of our SSE platform

The post The Security Service Edge: EXPLAINED appeared first on Axis Security.