Security Service Edge, or SSE for short, is a concept that's been around since about 2021. SSE is all about how you help your remote workforce secure access to their cloud applications - while you continue to centrally manage your policy. There's a bit to it - let's take a look in this blog.
Networking is full of acronyms, and SSE is one of the newer ones to add to the list. There's a few key problems that SSE is designed to solve. Most people now work on laptops making them highly mobile - and while they might spend a portion of their time in the office, they definitely spend as much out of the office - home, coffee shops, airports and so on.
How can you ensure that these laptops and other devices are secure wherever they are and that the same policy is applied to them if they're in the office - or on the road? SSE if the solution to security and centrally controlling the security to these devices.
In this blog we'll explore this, alongside our Managed Services for SSE.
ASSOCIATED BLOGS:
Security Service Edge is all about looking after your clients and users while outside the confines of your standard office and data centre environment. That said one of the handy advantages is you can apply it to your office environment too - so you have one policy applied across the board, no matter where your users are located.
Increasingly, people do tend to work remotely, which means accessing many cloud applications these days.
The Security Service Edge ecosystem revolves around a set of core tools, which are shown on the diagram below.
We'll run through the core tools in this blog, including Secure Web Gateway, Zero Trust Network Access, Firewall as a Service, and Cloud Security Broker.
Cisco has built a handy suite covering SSE - slightly different for Cisco or Meraki:
ASSOCIATED BLOGS:
Our Managed Service for SSE is all about helping you deploy the tools to secure your remote workforce.
Our SSE Managed Service focuses on the making your life easy: we’ll help deploy and manage the four key tools that make up the core of the SSE offering
You’ll need the relevant licencing for the tools detailed below, but in essence our managed service will:
Work with you to provide the level of visibility and alerting that is right for your business.
In the rest of this blog, we'll have a run through the high level tools that make up the Cisco Security Service Edge.
ASSOCIATED BLOGS:
The concept of a cloud firewall seems like a strange one when you first hear it, but it does make sense.
A cloud-based firewall interconnects from
This is useful also for remote access workers as they will tunnel their traffic via that same firewall, providing you with firewall capability across both your internal office-based users and your users when they're at home.
One of the really useful aspects of a cloud-delivered firewall is the capability to inspect traffic and provide universal rules, such as blocking groups of websites and other types of harmful or unnecessary applications.
ASSOCIATED BLOGS:
Cisco Secure Web Gateway provides for the termination and proxying of web traffic.
This allows your web access to run in an isolated environment - whatever nasties you might encounter on a website are not running on your machine, but an isolated environment, preventing your machine being infected.
The termination of a user's encrypted traffic allows that internal traffic to be inspected, and any security issues to be identified and eliminated.
The SWG application interlinks with others too. So Firewall-as-a-Service, Cloud Access Security Broker, DNS Layer Security, and others are part of the overall Cisco Secure Access / Secure Connect suite.
ASSOCIATED BLOGS:
The CASB service is all about applying policy at the right place. This service sits between your end users devices and the cloud applications they're accessing and allows you to apply policy and controls to protect your end machines and network.
This is useful because it's a central point of control for the access to cloud applications for your users. The result is to limit or prevent of any issues occurring from those cloud applications inside your network.
ASSOCIATED BLOGS:
Zero Trust, as a concept, revolves around granting the minimal level of access to a user or device when it
Typically, this approach starts with no access and then you grant the access that the specific client requires.
The first phase in deploying Zero Trust is to establish user trust and ensuring the end device is indeed who they claim to be. For this we often use MFA, which you are likely already familiar with.
Following this, the process continues with verifying that trust, enabling access to applications, and continuously verifying that access.
Cisco Duo provides an end client capable of delivering that initial stage of trust, along with several other aspects of the comprehensive Zero Trust network access framework.
Zero Trust is about applying central policy, so a user can connect via whatever means and get a consistent experience - this typically allows them access to certain resources. The MFA requirement is to ensure the user really is who they say they are before you apply that policy.
ASSOCIATED BLOGS:
In this blog we've provided a high-level run through of what SSE is - and how our Managed Services can help you get this deployed and managed.
The Secure Connect and Secure Access products have grown out of the Cisco Umbrella portfolio of tools, so if you've come across Umbrella they will both be familiar for you.
Cisco Secure Connect is handy for Meraki users as it snaps right into the Meraki GUI, making it very convenient to access and administer.
Every network has users that move around, so SSE is all about ensuring you provide the same high security level, no matter where your user is - and the outcome is to give you peace of mind that your network, devices and users are safe and secure.
If you're interested to hear more on our SSE Managed Service, drop us a line.