Security service edge (SSE) has emerged as a hot topic in the networking and security markets because it provides cloud-delivered security to protect access to websites and applications. This is key for the work-from-anywhere approach enterprises adopted during the pandemic and maintained as hybrid work became the norm. SSE is also a prevalent subject because it is a key component of secure access service edge (SASE) along with SD-WAN.
However, cloud-delivered security is a vague concept that can cover myriad functions and features. Organizations know it’s important but may not understand how to assess the best SSE solution for their network. And, as with all technology, SSE is continually evolving to address new business needs and emerging threats, further complicating what organizations should evaluate when choosing a solution.
Critical SSE features you should know about
At a high level, SSE should includeaccess control, threat protection, data security, and a monitoring tool. But there’s so much more to consider. That’s why I’ve compiled a list of the key components organizations should keep in mind when selecting an SSE solution outside of the well-established basics:
- Global point-of-presence network: Points of presence (POPs) are locations where organizations send their traffic for cloud-delivered security. At first, everyone focused purely on a vendor’s number of POPs, thinking that more meant less potential for network latency. While the number of a vendor’s POPs is important to assess, organizations need to account for the global reach of POP locations because this has a bigger impact on overall performance. For instance, if an organization is located in Berlin, it’s more important that the SSE provider has a POP nearby rather than 100 in the United States. Additionally, customers should have the option to pick a desired POP based on compliance and regulatory requirements and the ability to restrict users connecting from specific countries into the POPs.
- Support for BYOD and agentless devices: Modern networks include a variety of devices that connect to the network and all of them need to be secured. Contractors, for example, need to access network resources on their own devices, a form of bring your own device (BYOD). And connected devices, like cameras, printers, and medical or industrial technology, are becoming central to how many do business, but these devices don’t support agents. Organizations should prioritize an SSE solution that has the flexibility to secure all devices connecting to the network, including those that are BYOD and agentless.
- Strong data loss prevention features: As mentioned above, SSE provides secure access to applications, including SaaS applications like Salesforce, Zoom, and Slack, as well as private and corporate ones. These apps hold critical information that could create security or business risk if leaked outside the organization’s network. This is why data loss prevention (DLP) is a key SSE feature. Look for a SSE solution with deep DLP capabilities like defining sensitive data patterns, scanning for the patterns while inspecting traffic, and allowing or blocking access according to traffic patterns. The SSE solution should also monitor for data loss across all domains, including network, endpoint, and SaaS applications. This ensures data is protected when in use, in motion, and at rest.
- Unified management for all use cases: SSE covers a range of security features that touch many parts of a complex, multi-cloud environment. Since most vendors have cobbled together disparate offerings and packaged it as an SSE solution, customers often find themselves contending with different consoles to deploy and manage separate SSE features. This is unwieldy and expensive and can create weak spots in a company’s security posture. It’s critical to prioritize SSE solutions that offer a truly unified management experience. Ensure you can control all deployments and configurations via a single pane of glass.
Choosing the right SSE solution for your needs
Fortinet’s SSE solution, FortiSASE, delivers comprehensive, cloud-based security with the industry’s most flexible connectivity, whether customers require a unified agent, protection for agentless devices, or seamless integration with access points or SD-WAN. Because FortiSASE is built on our FortiOS operating system and is a part of the Fortinet Security Fabric, our cybersecurity platform, it offers cutting-edge features that help customers consolidate security solutions and benefit from the convergence of networking and security.
Learn more about FortiSASE and Fortinet’s approach to cloud-delivered security.