Technology review - SSE
Technology review - SSE
SSE: secure connectivity in the cloud era
Virtual private networks, or VPNs, are increasingly under fire—both figuratively and literally. In addition to the exponential rise in the number of cyberattacks, which inevitably also affect VPN connections, the technology itself has come under growing scrutiny in recent years. Fortunately, an alternative has already emerged in the form of a new access architecture: Security Service Edge, or SSE for short.
Creation date :
The reasons behind the increasing criticism of VPNs today are diverse. To begin with, they undeniably pose a security risk. Research shows, for example, that virtually all companies are aware that their VPN infrastructure can serve as a target for cybercriminals. “It is simply a weak point to exploit,” says security specialist Farouk El Jaouhari, SASE Channel Lead at HPE Aruba Networking. “Nine out of ten companies fear that using VPN technology could jeopardise their business environment.”
At the same time, companies are dissatisfied with the user experience of VPNs. In particular, VPN connection speeds often fall short. “Because VPN providers must route VPN traffic to the nearest data centre location—often hundreds of kilometres away—this inevitably leads to latency and delays,” explains Farouk El Jaouhari. In addition, VPNs are relatively complex to manage. “Every device must be managed and updated individually. This makes scaling or expanding VPNs a true logistical nightmare.”
Firewall created fortress mentality
A similar situation applies to firewalls. The firewall remains a proven and popular security tool. “We certainly do not wish to question its use,” emphasises Farouk El Jaouhari. “The firewall will probably be around for quite some time—and rightly so. However, we do need to ask ourselves whether investing solely in technologies like the firewall will suffice to meet the many security challenges that lie ahead.”
The established notion that all assets located behind the firewall in our data centre are automatically secure has proven to be an illusion. “Through the internet and various clouds, we are in daily contact with numerous clients, partners and suppliers, each with their own devices and applications,” notes Farouk El Jaouhari. “We can no longer protect everything perfectly through a firewall or another centralised control point. Our attack surface has simply grown too large.” The successful rise of hybrid working—partly in the office and partly at home or on the go—also contributes to this evolution.
Integrate security at the edge of your network
In most companies, a (critical) portion of data still resides in their local data centre. Another portion is already in the cloud, which explains the emergence of the term ‘hybrid cloud’. At the same time, companies are also generating more and more data at the edge of their corporate network. The complex new environment that results is unfortunately also more complex and, consequently, more costly to secure.
“New solutions must reduce this complexity again and help simplify security management,” says Farouk El Jaouhari. One such solution, Secure Service Edge or SSE, is a security architecture that replaces traditional perimeter security or firewalls by centralising various security solutions at the edge of the network. This new approach focuses on protecting organisations in a decentralised and cloud-oriented environment. By moving security functions (‘Secure Service’) to the edge of the network, closer to users and their devices (endpoints), a strong line of defence can be established against cyber threats before they reach the internal network.
Zero trust
The SSE platform relies on four technological pillars. “Of these, Zero Trust Network Access, or ZTNA, is by far the most important,” says Farouk El Jaouhari. Roughly half of all companies start their SSE journey by implementing ZTNA, which is essential for ensuring secure access to private applications in the data centre or cloud. To authenticate users and grant access to specific applications based on a predefined identity and context policy, ZTNA follows a strong security principle: ‘Never trust, always verify.’
This makes ZTNA the ideal replacement for a remote access VPN. “ZTNA allows us to modernise the VPN principle by transforming it into a cloud-based network access solution.” Most companies then move on to implementing a Cloud Access Security Broker (CASB), a Secure Web Gateway (SWG) and Digital Experience Monitoring (DEM).
Step by step
“Do you need to adopt everything at once? We strongly advise against implementing it all simultaneously. What we do firmly recommend is to first seek proper advice from an experienced secure networking specialist. Our technology partner Inetum has all the necessary expertise to determine the best approach for your organisation through a tailored workshop or audit.”
More information?
If you have any questions or wish to take your first steps, please email info.belgium@inetum.com
