Zero Trust

CXO Insights: Evolution of zero trust and the security service edge (SSE)

Apr 19, 2023
CXO Insights: Evolution of zero trust and the security service edge (SSE)

With the recent publication of Gartner’s updated Magic Quadrant for Security Service Edge, we have been asked by a number of CXOs about this fast-growing solution category and how it relates to zero trust. The short answer is that they are closely intertwined.

Zero trust is a framework for securing organizations in the cloud and mobile world that asserts that no user or application should be trusted by default. Zero trust is a way of thinking that permeates across a number of areas, not just new architecture or technology. There are practical zero trust implementations from vendors, like Zscaler, that have solutions with zero trust frameworks at their core. Once deployed, zero trust technology provides secure access for users, things, and workloads to public or private destinations. 

The most common taxonomy used to describe solutions with zero trust architecture is called Security Service Edge or SSE (defined by Gartner, and evaluated in a recently published Magic Quadrant and Critical Capabilities research note).

SSE provides a framework that combines the main elements of network security–including the Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), a Cloud Access Security Broker (CASB), and firewall as a service (FWaaS), among other components–as provided from the cloud at a location near the end user. ZTNA, in this context, relates to user-to-private application access. The main point is that the security stack, once hosted on-premises, moves to the cloud or the “security edge.” 

How do the concepts of zero trust architecture relate to the broader definition of SSE? They are closely intertwined. Think of SSE as a practical implementation of zero trust architecture, along with other ecosystem components like identity, endpoint detection & response (EDR), or security information and event management (SIEM).

An illustration of Gartner's SSE category

SSE is part of a broader Gartner framework called SASE (Secure Access Service Edge) that encompasses both SSE and WAN Edge infrastructure, including SD-WAN. SASE is commonly delivered as a two-vendor solution, leveraging robust integrations between SSE and SD-WAN architectures.

Drivers of SSE Adoption

The adoption of SSE solutions is accelerating as cybersecurity professionals gravitate to modern, unified platforms and away from siloed point solutions to improve security, cut costs, and simplify management.  

Some of the key drivers are the evolution of the end user. Gartner calls this the “human-centric workforce,” which SSE facilitates, as it is based on user identity. That means security is woven around the user rather than location. SSE solutions enable better end-user experiences by reducing latency, applying a consistent security experience, and increasing flexibility to secure hybrid work. 

Continuing cloud adoption is another underlying driver as security teams struggle to maintain configuration and vulnerability management as applications move to SaaS, IaaS, or PaaS hosting. SSE helps alleviate traditional architectures that backhauled traffic through the data center to access the cloud - SSE instead is able to provide security simply delivered from the cloud for the cloud.

Finally, another trend related to solution consolidation is a growing preference to consolidate multiple security solutions to a single SSE vendor. SSE allows both networking and security teams to retire their legacy security stack across numerous vendors to a cloud-hosted and centrally managed SSE platform.

Zscaler’s Innovative Approach to SSE 

Zscaler’s innovation in the SSE market started 15 years ago as pioneers of the cloud security market. And this innovation continues today, as Zscaler’s SSE platform goes beyond just protecting users.

Gartner’s evaluation of the SSE market is largely focused on SSE for users or protecting the user accessing public or private applications. However, SSE must extend beyond just users. That is why Zscaler’s Zero Trust Exchange also provides extended SSE for workloads, IoT/OT, and B2B.

  • SSE for Workloads: Secures workload to internet traffic, provides zero trust workload to workload connectivity, and secures cloud workload posture (CNAPP) [learn more]
  • SSE for IoT/OT: Secures internet traffic and provides zero trust connectivity to and from IoT/OT systems [learn more]
  • SSE for B2B: Provides customers and suppliers fast, seamless, and zero trust access to apps [learn more]

 

And this innovation doesn’t stop there. New to the Zscaler Zero Trust Exchange are AI-powered capabilities to stop advanced cyber threats and data loss, simplify management, and speed response times. These include applying AI techniques to cloud browser isolation, phishing detection, and C2 detection, to name a few.

Additionally, Zscaler offered the first SSE-integrated digital experience monitoring (DEM) platform for end-to-end visibility and easy troubleshooting of end-user performance issues for any user or application. Innovation in the DEM space includes AI-powered automated root cause analysis capabilities.

What to read next 

Gartner Magic Quadrant for Security Service Edge 2023

Security Service Edge (SSE) reflects a changing market: what you need to know