Article Summary:
SSE (security service edge) constitutes the security component of the larger SASE framework, designed specifically to protect access to the cloud for the remote workforce.
The security service edge architecture is built around three core components: Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), and Cloud Access Security Broker (CASB).
SSE enables the implementation of a strong Zero Trust security model by applying consistent security policies, like identity- and context-based access, regardless of user location.
What is security service edge (SSE)?
Security service edge (SSE) is the security aspect of secure access service edge (SASE). SASE is a cloud-native IT model that combines wide area network (WAN) edge networking and security services in a way that is better suited, compared to traditional network architectures, for how modern businesses operate.
SASE can be divided into two sets of interwoven capabilities: networking services and security services.
The networking side of SASE: WAN edge services
Gartner, the research and advisory firm that first coined the term "SASE," considers wide area network (WAN) edge services, including software-defined wide area networking (SD-WAN), to be the networking capability upon which SASE is built. WANs connect local networks across vast distances. Moving those capabilities to the edge better serves branch offices, mobile users, and cloud infrastructure. Edge-delivered WAN services are also more scalable and flexible than traditional, MPLS-based WANs.
The security side of SASE: SSE
SSE includes three core components, along with some additional capabilities:
Zero Trust Network Access (ZTNA): ZTNA, according to Gartner, "creates an identity- and context-based, logical access boundary around an application or set of applications."
Cloud access security broker (CASB): Includes a number of different cloud security technologies to protect software as a service (SaaS) applications.
Secure web gateway (SWG): Sits in between remote and office users and the Internet to apply acceptable use and security policies for threat and data protection.
Together, these areas make up SSE — with other security capabilities like firewall-as-a-service (FWaaS) and remote browser isolation (RBI) often included as well. When cloud-centric edge WAN services and SSE are delivered from the same network architecture, an organization can fully deploy a SASE model.
How does Cloudflare help organizations adopt SSE?
Cloudflare has a network with over 330+ locations around the world, and Cloudflare has long been a leader in security, network performance, and edge computing. The Cloudflare One platform includes all the aspects of SSE listed above, and it combines this with network-as-a-service for a full SASE deployment.
Learn more about Cloudflare One.
FAQs
What is security service edge (SSE)?
SSE is the specialized security component of the larger secure access service edge (SASE) framework. It is a cloud-based architecture designed to protect remote workers and branch offices. While SASE as a whole includes networking services, SSE focuses specifically on the security tools required to maintain a safe and reliable digital environment.
What are the three core components of SSE?
A standard SSE architecture is built on three primary pillars: Zero Trust Network Access (ZTNA), secure web gateway (SWG), and cloud access security broker (CASB).
How does SSE relate to the SASE model?
Think of SASE as a complete toolkit for modern business connectivity. It is divided into two halves: the networking side (often involving SD-WAN or WAN edge services) and the security side (SSE). When an organization combines these edge-delivered networking capabilities with the security protections of SSE within a single network architecture, they have achieved a full SASE deployment.
Why is SSE considered more effective than traditional network security?
Traditional security models often rely on a "castle-and-moat" approach that assumes anyone inside the office network is trustworthy. SSE is better suited for modern work because it is cloud-native and delivered at the edge, closer to where users actually are. This allows for more scalable, flexible protection that follows the user regardless of whether they are in a central office, at home, or traveling.
What is the role of Zero Trust within an SSE framework?
SSE is the primary vehicle for implementing a Zero Trust security model. SSE ensures that no user or device is trusted by default. Instead, access is strictly controlled through identity- and context-based policies, meaning a user only gets access to the specific applications they need to do their job, and only after their identity has been thoroughly verified.
In addition to the core components, what other features are often included in SSE?
Beyond the three main pillars, many SSE solutions include advanced security features such as firewall-as-a-service (FWaaS) and remote browser isolation (RBI). These tools provide additional layers of defense by filtering network traffic and executing web browsing in a contained cloud environment to prevent malware from reaching a user’s local device.
How does Cloudflare assist businesses with SSE adoption?
Cloudflare offers a comprehensive platform that delivers all the essential elements of SSE through a global network. By integrating these security services with its existing network-as-a-service capabilities, Cloudflare allows organizations to fully deploy a SASE model that optimizes both security and performance.