This is part 3 of a 3-part blog series on SD-WAN, Secure Service Edge (SSE), and multi-cloud networking (MCN), where we will highlight how these 3 technology areas are analogous to 3 different musical instruments that can be played separately but combined, are better together. The first two blogs focused on MCN and SD-WAN, and this blog focuses on SSE technology. Feel free to check out Part 1 and Part 2.
So, let’s go ahead and discuss our third instrument the saxophone, an instrument which will symbolize SSE, an important foundation of a SASE architecture defined by Gartner and that supports secure connectivity and high performance for business applications. SSE is the part of SASE that encompasses the technologies that govern secure access to and user control of capabilities and resources within the SASE environment.
Gartner has defined SSE is a set of cloud-based security capabilities for building a modern enterprise with Zero Trust principles that combine to protect and secure end users and applications. So, let’s examine the three SSE technologies core to any SSE deployment. Those include zero trust network access (ZTNA), secure web gateway (SWG), cloud access security brokers (CASB). The make-up of the SSE can vary by the extent of technologies used, though ZTNA, SWG, and CASB are widely viewed as the table stakes for any SSE.
- ZTNA is a cloud-based method for connecting remote or hybrid workers through the cloud directly to the applications and resources they need based on proof of identity, and with contextual access policies applied to each user identity. Users can only access what they are approved to access.
- SWG moves the capabilities of physical appliances into the cloud and pushes them to devices. It filters and blocks URLs as needed, provides SSL inspection, and blocks data exfiltration from malware and ransomware.
- CASB: CASBs are cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement.
Secure access is a key element of an SSE architecture. Access privileges are enforced by policies based on user identities. Other pieces of information that inform policies include the location the user or group’s traffic is coming from, the time of day, the risk/trust assessment of the user’s device, and the sensitivity of the application or data being accessed.
The macro driver for SASE and SSE is the cloud-based approach to securing a WAN. Instead of having the network centered around the organization’s central private data center, SSE and SASE puts the cloud at the center of the network.
With the emergence of hybrid work environments, users connect from anywhere and from any device, accessing business applications and sensitive data directly in the cloud. As the traditional security perimeter continues to dissolve, security functions must also move to the cloud. SSE enables organizations to apply consistent security from the cloud and secure access to applications spread across multiple clouds, data centers, and software-as-a-service applications.
So how does SSE relate to our saxophone instrument? Well, saxophones were designed in the late 1800s to combine the best qualities of brass instruments, such as the trumpet or trombone, with traditional woodwind instruments, such as the clarinet or oboe. This is like SSE which has evolved from combining existing security technologies ZTNA, CASB and SWG. and just like our saxophone, which produce a unique and modern sound quality evolving from traditional instruments, it makes it easier to have a wide range of musical tones. Similarly, an advanced, cloud-native, cloud-based HPE Aruba Networking SSE platform is modernizing the existing security technologies to make it easier to manage the increasing complexity of cloud and IoT based applications and devices.
There are also 4 different types of saxophones (soprano, alto, tenor, baritone) in pitch order from highest to lowest. This analogy is like SSE where there are different approaches to SSE.
A modern and robust SSE platform, such as the HPE Aruba Networking SSE, incorporates the following capabilities to ensure a secure, agile, and streamlined network and security infrastructure. SSE platform requirements include:
- Cloud-native architecture: Inherently cloud-native, designed to leverage the scalability, elasticity, and agility of cloud environments.
- Global edges: A distributed architecture, which entails having on ramps close to the users across various geographical locations.
- Zero Trust security model: Adhere to a Zero Trust security model, wherein trust is never assumed based only on location.
- Granular segmentation: Support for fine-grained segmentation, enabling the segmentation of network traffic into smaller, isolated segments.
- Application-aware security: The ability to provide granular security policies based on application-level insights is crucial.
- User-centric Policies: Enable the creation of policies that are user-centric, accommodating the dynamic nature of modern work environments.
- Comprehensive Analytics and Visibility: Support real-time insights into traffic patterns, user behavior, and threat detection, facilitating proactive responses.
- Integrated Threat Intelligence: Integrate threat intelligence feeds and advanced threat detection mechanisms to identify and thwart emerging security threats in real-time.
When it comes to saxophones, there are premium brands such as Yamaha or Selmer that professional musicians choose because of they have excellent tone quality, intonation, response, durability and the most expensive and are made using the best materials. They also contain the most craftsmanship and are equipped with extra features not included on other less expensive models.
Similarly, like the professional saxophones, HPE Aruba Networking SSE is an advanced SSE platform that provides a secure network foundation for Zero Trust and SASE. It includes a first-class ZTNA paired with a next-generation SWG, cloud native CASB all managed from a single pane of glass management platform.
Carefully selecting your saxophone is like choosing an SSE platform. Consider what a unified SASE platform with an advanced SSE platform and an advanced SD-WAN platform can do for securing your business applications and devices across all networks. A unified SASE is similar to a music ensemble comprised of our piano, high-end guitar and professional saxophone synchronized to produce excellent music quality. Before you purchase a saxophone, you would try it out to see how it sounds, so why not take a test drive of HPE Aruba Networking SSE?
