What is Security Service Edge (SSE)?

Find out what SSE is, how it’s related to Secure Access Service Edge (SASE), and why the market for it is growing

2022.05.17Dheeraj Rawal

The need for SSE (Security Service Edge)

Enterprises want to reduce the attack surface and save security costs, but these ambitions can feel mutually exclusive. But there is a way, and with a security solution: SSE promises to deliver security services under one roof. Learn what SSE is and how it reduces risk and improves performance.

Top takeaways include:

  • Explaining SSE
  • VPN alternatives and SSE
  • SSE benefits
  • Use cases

What is Security Service Edge?


Security Service Edge (SSE) is part of the Secure Access Service Edge (SASE) framework that concentrates on security components. The market for SSE is growing; it entered Gartner's Hype Cycle 2021 as one of the four must-have technologies for cloud security.

SASE is an architectural framework that converges network and security capabilities and delivers them as a unified service. Remove the networking capabilities from this architecture, and what remains is Security Service Edge. In simple terms, SSE is SASE, but excludes the SD-WAN component.

SSE focuses on whether there are sufficient levels of protection across these security-related components:  

  • User internet access with Secure Web Gateway (SWG)
  • Cloud app access (mostly SaaS-based apps) via Cloud Access Security Broker (CASB)  
  • Remote access to apps with Zero Trust Network Access (ZTNA)

The Security Service Edge architecture converges these components. Network-related components like WAN optimization and bandwidth aggregation are not part of SSE.

Why does SSE matter now?

With the rise of distributed workforces, issues like accessibility of applications and secure edge computing are challenging for enterprises. Data is stored off-premises in data centers, and workforces constantly access business apps from anywhere and on any device.

And organizations are adopting more software and cloud apps, as reported by Netskope, which found that cloud app adoption increased by 22% in the first half of 2021. On average, a remote user accesses about 12 SaaS-based apps.

A traditional security approach is insufficient in a dynamic setting of mobile users and cloud apps; perimeter-based security doesn't work for distributed users. Another challenge is backhauling the traffic to data centers with a VPN for inspection; this hampers the user experience due to latency. Furthermore, traditional VPNs are susceptible to threats.

White paper: Security Services Edge to unify defensive strategy

As cloud adoption and hybrid models grow, learn how you can secure your businesses with an SSE strategy.

Organizations want VPN alternatives

Person using smartphone and laptop at the same time

Organizations were already looking for VPN alternatives even before the pandemic, but as COVID disrupted office working models, it compelled them to explore better and more secure options to VPN.

Also, many organizations have various security solutions that aren't well integrated and are too complex, exposing them to external threats. 

The SASE market is booming as organizations address these challenges and move away from the traditional network security approach.

Four benefits of Security Service Edge

Organizations are gaining an edge with the SSE framework by:

  1. Reducing risks
    A cloud platform enables protection; security is no longer attached to a location or network. Unified security services remove the gaps between point products, lowering risks. SSE enhances user visibility regardless of location and channels. It also enforces all security updates across the cloud –thus, significantly reducing the need for manual IT tasks.  
  2. Better user experiences
    With SSE's global distribution, content is inspected when the end-user connects to the SSE cloud. This naturally reduces the latency and enhances performance. Eliminating VPN use and switching to cloud-based apps also improves user experience.
  3. Reduced costs and complexities
    SSE unifies multiple security services, like SWG, ZTNA, CASB, FWaaS, Cloud DLP, CSPM, and CBI. With their availability under one roof, costs and complexity reduce as all channels users access have uniform security. Furthermore, you can choose to exclude a service if you do not need it now and add it later as you scale up.
  4. Zero trust-based access
    SSE creates secure remote access with zero trust policies for devices, applications, content, and crucially - users. Granting access is strictly policy and user-based. As users are not on the network, connecting apps and users is more secure. And as apps are behind the SSE platform, they aren't exposed to the internet, minimizing the attack surface and business risks.

Will SSE grow in popularity?  

Gartner anticipates that organizations are more likely to invest in unified SSE solutions over standalone CASB, SWG, or ZTNA solutions. The SSE market (for unified solutions) is set to touch 80% by 2025; this stood at just 15% in 2021.

It naturally becomes easier for any business to consolidate these services under one SSE platform, set up universal policies, apply them across the channels, and manage them.

Four use cases for SSE

Compelling use cases for Security Service Edge span:

  1. Secure remote workforce
    Traditional VPNs present five challenges, so organizations must secure remote access to private apps and cloud services. SSE enables access to apps, data, and content without exposing users to network and internet vulnerabilities. Zero trust-based access secures remote access and allows a better user experience because of a global network of access points.
  2. Identify and eliminate threats
    SASE has networking and security components, whereas SSE has security components. SSE's core job is to identify and eliminate threats (like phishing and malware) across the web, cloud, and the internet. For example, an SSE platform that includes CASB allows data inspection in SaaS-based applications and quarantines malware before any damage.
  3. Secure cloud services access
    One of the most crucial aspects of SSE is policy control of user access to cloud services, the web, and the internet. As users access apps and content on and off the network, SSE enforces policies to eliminate risks. Organizations also need to implement corporate internet and access policies for compliance reasons. The SSE platform with CSPM helps them avoid breaches due to misconfigurations.
  4. Secure sensitive data
    Organizations have data residing in different platforms and channels. SSE helps identify and safeguard sensitive data; the platform offers improved visibility across channels with key data protection technologies. Sensitive user data can be classified and secured with the help of the cloud Data Loss Protection (DLP) policy. DLP policies can be enforced for data at rest in the cloud and in transit, making data protection easier.

Digitalization and the cloud drive productivity and growth but also brings new challenges for organizations. Security and data leakage are at the top of every company's worry list since security threats lie in some easily overlooked areas.
A Security Service Edge architecture enables a modern workplace to guarantee that users can use cloud services with low latency and sophisticated security. 

Deniz Barbaros, Business Development Manager – Deutsche Telekom Security GmbH

Wrapping up

For a robust security strategy, organizations must not mistake SSE as a substitute for SASE and should plan for both.

Is your access to cloud services sufficiently secure? Take our SASE self-check for businesses in our whitepaper!

And if you're looking for a strong security partner who can help you with a long-term strategy that meets your business needs, you're welcome to get in touch.

About the author
Dheeraj Rawal

Dheeraj Rawal

Content Marketer, T-Systems International GmbH

Show profile and articles

You might also be interested in

Do you visit t-systems.com outside of India? Visit the local website for more information and offers for your country.