Sorting Out the Differences in SSE, SASE and SD-WAN
Trends in digital experience, hybrid work, and remote service interactions are leading many IT leaders to recognize how their previous fields of responsibility are now overlapping. Even before the 2020 pandemic, running a network, connecting users to information and defending enterprise data were all becoming interdependent workloads. Today’s business trends are only accelerating the affinity between the network and security.
And where trends go, solutions follow.
The convergence of network and security has led to new overlapping offerings, each with its own acronym. Just when we were catching up to the software-defined networking reality, along comes another new acronym. First it was SD-WAN, software-defined wide area networks. Then it was Secure Access Service Edge (SASE), and now there is Security Service Edge (SSE).
But what is the difference and how do you sort them all out?
The reality is that SD-WAN, SASE and SSE are different from one another, though they overlap and converge in their functions. Each represents a different model or technology package with each playing a similar yet different role in enabling today’s ever-expanding IT estate. Here’s how to keep them straight.
What is SASE?
SASE is not only a new approach to secure network management, it’s also a new category of solutions emerging in the market. As a cloud based solution, SASE aims to consolidate SD-WAN with network security controls at the edge of the network — rather than through a core data center. Analyst firm Gartner coined the term to describe this new approach, and it’s an idea gaining traction.
Research from CIO shows that 94% of IT leaders are accelerating SASE adoption due to the need to support digital services and remote work. The rationale for SASE is that a growing portion of users are requesting enterprise data from far outside the core network. Additionally, much of the enterprise’s data is now hosted in the cloud. SASE solves this problem by connecting devices at the edge instead of routing requests for data through the core data center, which can create all sorts of traffic jams, unnecessary backhauling and needless risk. This way, SASE enables enterprises to support dispersed users and their devices with security and convenience.
Gartner’s definition of SASE requires the integrated functioning of five separate components:
1. SD-WAN provides the network connectivity.
2. Cloud Access Security Broker (CASB) connects users securely to cloud-based digital assets
3. Next-Generation Firewall-as-a-Service (FWaaS) controls access across the entire SASE environment.
4. Secure Web Gateways (SWG) protects users from web-based threats while enforcing acceptable use policies.
5. Zero Trust Network Access (ZTNA) limits access to verified users based on the Zero Trust model.
What is Security Service Edge?
SSE, also a Gartner concept, refers only to the security elements of a SASE environment. Think of it as SASE without SD-WAN. According to Gartner, SSE is a collection of integrated, cloud-centric security capabilities that include ZTNA, CASB, FwaaS and SWG. SSE is therefore a subset of SASE.
SSE offers secure access to web and cloud services as well as on-premises applications. Like SASE, it avoids routing users through a corporate network for access to cloud-based assets. It connects users to apps and data through the internet. There is no SD-WAN in an SSE environment.
Why have both SASE and SSE?
Why have both the term SASE and SSE? Because one size doesn’t fit all, according to Andrew Lerner at Gartner, who explains that buyers typically have different and distinct needs across SD-WAN, SASE, and SSE. Organizations have different network and security needs, so any given enterprise may not need everything that comes with SASE. For example, one company might have to support a large number of branch locations, but have relatively few remote employees. That might argue for SD-WAN on its own. Another business might be implementing hybrid work and a cloud-first strategy. They could probably benefit from SASE. Keeping the categories separate helps buyers sort out what they need and who offers the best solutions in each category. Even within each category, they should be thought of as a ‘framework’ more than a hard definition
SSE solutions also help describe the blurring lines between security tools like SWG, CASB and ZTNA, which are increasingly offered as multiple tools in one solution, usually from one vendor or manufacturer.
Keeping the SASE and SSE categories separate helps buyers sort out what they need and who offers the best solutions in each category. Even within each category, they should be thought of as a ‘framework’ more than a hard definition.
Don’t miss my other article, Think of SASE as a Framework, Not a Checklist
Can they work together?
Yes, potentially. SASE, SSE, and SD-WAN are different from one another, but all try to solve the same general problem: integrating network and security. How they do this differs a little and customers can have more than one of them in the same overall solution. It is important to understand how these solutions consolidate and work together, so check with your provider(s) to avoid conflict and increased complexity
What is SD-WAN?
An SD-WAN is a wide area network built with software-defined network technology. This might mean using encrypted overlay tunnels to communicate over the Internet, dedicated private circuits, or a combination of different transport technologies. The advantage of SD-WAN over traditional WANs is its ability to simplify WAN management and operations through the decoupling of network hardware from control mechanisms. This allows for the WAN to utilize the proper transport type in order to optimize the performance of each application.
SD-WAN solutions comprise the following components:
- SD-WAN Edge—a physical or virtual network function located in an organization’s branch, regional or central office site or data center as well as in public or private cloud platforms.
- SD-WAN Gateway—software that provides access to the SD-WAN with the goal of shortening the distance to cloud-based services or the user—reducing service interruptions.
- SD-WAN Orchestrator—a cloud hosted or on-premises web management tool that allows configuration, provisioning and other functions when operating an SD-WAN.
- SD-WAN Controller—software that makes forwarding decisions for IP packets, i.e., “application flows.”
Increasingly, security capabilities are paired with SD-WAN, creating a comprehensive solution integrating network and security
The most important takeaway here is to avoid getting caught up in the acronyms. Regardless of an organization’s approach to modernizing its IT secure networking environment, there will be a suitable solution available, whether its SD-WAN, SASE or SSE. The best practice in determining the right solution is to start with your business goals, IT requirements and security policies.
The key is to find a solution portfolio that covers all the latest and greatest capabilities and adapts with you as your needs change. This might mean starting with SD-WAN and then evolving to SASE, or starting with SSE and evolving into SASE. How the solution is managed can be a major part of the thought process. Some vendors provide a managed service for SD-WAN, SSE and SASE. Given how new and potentially complex these technologies can be, it may make sense to outsource some or all of their operation.
Interested in how SASE can improve your business?
Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.
Three Considerations for Creating a Future-Ready Enterprise
Learn about what business leaders should do to create a technology-forward, future-ready enterprise.
Delivering On The Digital-First Promise: How To Meet Heightened Demand With Less Risk
The best digital strategies foster an IT ecosystem where checks and balances allow emerging technologies to synthesize with security and the network.
AI Can Automate Your Network: Buyer’s Guide from ZK Research
Want to use AI to automate your network? These three tips from ZK Research serve as a buyer’s guide for AIOps success.
Think of SASE as a Framework — Not a Checklist
A checklist approach to SASE can be problematic. Instead, tailor your perfect SASE solution to solve your biggest business problems — here’s how.
Masergy Acquisition helps Comcast Business be Named a 2022 Market Leader for Managed SD-WAN Services and SDN Transformation Services by ISG
Solution advancements as well as the increased capabilities gained from Masergy make Comcast Business an SD-WAN 'Leader'.
New 2022 SASE Market Trends Study Shows Solutions Exceed Expectations in Remote Work Connectivity and Security
Distributed workforce trends and digital services accelerate SASE investments, according to CIO research sponsored by Masergy and Fortinet.
CIO Survey Says SASE Solutions are Exceeding Expectations
New research from CIO reveals which SASE features early adopters prioritize and where benefits payout beyond initial predictions.
Masergy, Fortinet, and Ingram Micro Trailblazing SD-WAN for Resellers with New Managed Services Sales Route
Offering enables resellers to easily scale their businesses, meeting growing demand for network and security services supporting hybrid work.
The Transformation Trifecta at the Heart of the Hybrid Work Revolution
How sustainable is your hybrid work strategy? It's time to unite the disciplines of connectivity, cybersecurity and collaboration.
Masergy Wins “Editor’s Choice MSSP of the Year” Global InfoSec Award During RSA Conference 2022
As a leading managed security services provider, Masergy earns one of Cyber Defense Magazine’s most prestigious awards. Here’s why.
Getting Software‑Defined Network as a Service (SD‑NaaS) Right
Explore modern SD-NaaS, understanding benefits, drawbacks, ways to get started, and considerations when selecting your provider.
The Comcast Business Story – An Overview
Comcast Business and Masergy have joined forces - We are your one provider for all your secure networking needs.
SEVEN leaders from Comcast Business and Masergy recognized on CRN’s 2022 Women of the Channel List!
New Distribution Route Makes SD-WAN Services Frictionless for Resellers
Can you hear me OK? How to keep video conferencing from dragging down your network
A more reliable network service is non-negotiable when relying on video conferencing for hybrid work. Here’s what IT leaders should consider.
Making the Business Case for SASE
Want to make SASE a no-brainer? Explore the essential elements for justifying your investment, and leveraging your existing initiatives to get started.
Masergy Awarded 2022 TMCnet Remote Work Pioneer Award
Masergy succeeds in making remote work actually work well for IT teams in the long run.
Masergy Awarded 2022 INTERNET TELEPHONY SD-WAN Product of the Year Award
Masergy’s SD-WAN demonstrates the innovation, vision, and execution to deliver software-based networking tools driving upward market trajectory.
Masergy Acquisition Helps Comcast Business Achieve #2 Position in 2021 U.S. Carrier Managed SD-WAN Services Leaderboard
As the fastest growing SD-WAN company, Comcast Business takes second position, thanks to organic growth and Masergy.
Masergy Wins Fortinet’s MSSP Partner of the Year Award
The award recognizes Masergy's exemplifying innovation, growth, and strategic business alignment with Fortinet.
AIOps lessons learned: Be careful when selecting a vendor
The path to AI raises several questions. Where should you start? Learn how AIOps can make operations speedier and more efficient.
Masergy Named as a Visionary in 2022 Gartner® Magic Quadrant™ for Network Services, Global for Sixth Consecutive Year
Masergy today announced it has been named a Visionary in Gartner, Inc.’s March 2022 Magic Quadrant for Network Services, Global, report.
Improve your hybrid workplace video experience: Proven approaches for multi-cloud application performance management
Companies need guaranteed performance between their enterprise network and the UC provider’s service network. Here's how to ensure it.
Meeting the moment for hybrid work cybersecurity
A growing number of cyberattacks and the explosion of hybrid work have pushed security resources to the brink, exposing the need for more managed services backed by machine learning.