Word Notes 10.25.22
Ep 122 | 10.25.22

Security Service Edge (SSE) (noun)


Rick Howard: The word is: Security Service Edge.

Rick Howard: Spelled: Security as in protection against threats. Service as in a utility to carry out a particular purpose and Edge as in the border of secured access. 

Rick Howard: Definition: A security architecture that incorporates the cloud shared responsibility model, a vendor provided security stack, and network peering with one or more of the big content providers and their associated fiber networks. 

Rick Howard: Example sentence: The organization's SSE solution allowed the employee to secure access company services remotely.

Rick Howard: Origin and context: Gartner coined the term SASE, Secure Access Service Edge, in 2019 to represent a fundamental shift in security architecture thinking away from the traditional perimeter defense model. 

Rick Howard: SSE is a modification of the SASE model by making it less complex. In other words, it removes one of the SASE components that netword defenders realized was not essential: SDWAN. Since the early internet days, circa in 1995, network defenders typically established a perimeter defense between their internal digital assets and the outside world. Organizations established one or more internet connections with a service provider and connected remote offices, data centers, and endpoints via internal leased lines. Network defenders deployed their security stack tools like firewalls and intrusion detection systems at the internet boundary and network managers ensured that the data flow would always traverse through the security stack. But leased lines are expensive and the typical number of tools in the security stack in today's environments can be upwards of 300 depending on how big the organization is.

Rick Howard: At the same time. Local internet connections have become so inexpensive and reliable, that it doesn't make sense to pay for internal lease lines anymore. It's easier just to let the remote offices connect to the internet themselves. But that means the network defender team has to deploy the security stack in multiple locations. The management complexity of this situation has become exponential, and the money we save by removing the leased lines is consumed again by maintaining multiple sets of the same security stack.

Rick Howard: SASE changed that model and it has four components, number one, a SASE Cloud Provider, instead of each network defender managing and maintaining their own internal security stack, the SASE vendor provides a stack in multiple data locations around the world. The first network hop out of the customer location is through their SASE vendor. The SASE customer sets the global policy for every tool in the stack, and the SASE vendor keeps the blinky lights working on all of the equipment. Number two, the security stack, the SASE vendor offers security services for its customers, like zero trust, intrusion kill chain prevention, compliance, and risk forecasting. Number three, SDWAN, the SASE vendor connects a software/hardware meta-layer to all the customer remote locations for the purpose of making efficient riding decisions between all customer internet collections. And lastly, number four, peer connections, the first hop out of the SASE vendors data center is not to the internet backbone, but to one or more of the big content provider fiber networks like Google, Amazon, and Microsoft. According to Maria and Alex Korolov at NetworkWorld, Gartner introduced SSE in its strategic roadmap for SASE convergence paper in March, 2021, essentially SASE without the SDWAN component. 

Rick Howard: Nerd reference: In 2022, Netskope's Chief Evangelist, Bob Gilbert, published a YouTube video explaining what SSE is.

Bob Gilbert: So let's start by looking at the rapidly changing environment that is forcing the transformation from the old way of doing security to a more modern approach. Today there are more users, apps, data and devices outside of a corporate network than inside, and this is a result of the massive adoption of SASE in addition to the rise of the work from anywhere user. When you combine the fact that users are everywhere and the resources they're accessing are everywhere, the result is that legacy security approaches are ineffective when it comes to protecting data, and defending against threats and giving users the unfettered access they demand. Legacy security architectures like hair pinning user traffic back through a set of security appliances that are located in the data center is cumbersome and ineffective and results in poor user experience. Now this is where Security Service Edge or SSE comes into play.

Bob Gilbert: SSE converges a number of modern Cloud native security services and delivers them to the edge as close to the user as possible. Core SSE services include Cloud Access Security Broker, Secure Web Gateway, and Zero Trust Network access. Now, SSE is a subset of the Gartner category, Secure Access Service, Edge, or SASE and SASE encompasses SSE plus WAN Edge, which is also known as SDWAN.

Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe and edited by John Petrik and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.