Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Products & Solutions

Gartner’s New Security Service Edge: Real-World Applications


This blog is the second in a three-part series covering Gartner's new market category called security service edge (SSE). Our first blog explored explored what SSE is as a platform, and the third installment explains what features you should be looking for when selecting an SSE platform.

Now that we’ve established what Gartner’s new security service edge (SSE) is, it’s time to explore how it can be applied to your organization and what benefits it can offer. Two main concepts drive SSE: users and destinations, and these concepts outline how SSE can be applied practically to a business. The truth is, network security is on its way out—users and destinations are no longer on the corporate network, and your security shouldn’t be either. 

Think about SSE as a means to abstract security out of the network into a ubiquitous form factor that can follow users and destinations using secure web gateway (SWG), cloud access security broker (CASB), and zero trust network access (ZTNA). Delivered as a cloud platform, SSE can easily follow users and proxy their connections into destinations, regardless of whether the destination is the internet, a SaaS application, or a private application. Read below for a rundown on the top use cases for SSE.

Detecting and mitigating threats

In a new world dominated by cloud and mobility, business is increasingly conducted via the internet and cloud applications. The internet has become the corporate network, and organizations need a secure approach to reduce risk. But how? In-depth defense is crucial to success as breaches and ransomware can find their way into an organization through multiple avenues. The problem with traditional approaches is that disparate solutions have difficulty working in harmony, creating gaps as security gets passed from one point product to another, and updating traditional legacy appliances is cumbersome and often overlooked, leading to outdated security and vulnerabilities.

Enter SSE. Combining SWG, CASB, and ZTNA into one purpose-built platform, SSE delivers the best of defense in depth, including:

  • Advanced threat protection capabilities to block phishing, malware, and other inbound threats.
  • Cloud firewalls and an intrusion prevention system (IPS) to control access and secure branch office connections.
  • Cloud sandboxing to control new and unknown threats.
  • Browser isolation to help protect unmanaged devices accessing malicious active web content. 
  • Cloud threat intelligence, which helps improve threat sharing so new threats detected across the platform are quickly identified and blocked.

Because it’s cloud-delivered, SSE provides scalability in both coverage and inspection. A model SSE platform should provide comprehensive global coverage to ensure a fast local connection for every user and deliver scalable SSL inspection without limits so all threats can be discovered.

Connecting and securing remote workers

With an influx of hybrid work, organizations are having to rethink not only the way they conduct business, but also how to secure users and data. Legacy VPNs pose problems to this transformation. Not only are legacy VPNs unable to keep up with increased demand, they also have fatal architecture flaws.

It’s no coincidence that VPN vulnerabilities often, and increasingly, make headlines for putting organizations at risk. VPNs are discoverable on the internet and require patching, which is often overlooked. Additionally, VPNs place users on the network in order to grant application access. Both of these shortcomings significantly increase risk.

SSE provides a better, more modern zero trust approach defined within the scope of ZTNA. ZTNA allows user-to-app access without placing users on the network, and it’s designed to be invisible to the internet, therefore enabling inside-out network connections, with the SSE cloud platform brokering connectivity between the user and the application. 

Going back to the two main concepts that drive SSE—users and destinations—it becomes apparent why ZTNA is a critical piece of SSE: applications, whether SaaS or private, are still destinations, and users are off the corporate network, yet connection must be secure and always on. By integrating ZTNA into SSE architecture, organizations get an incredibly simple way to enable secure, zero trust connectivity between user user-to-app destinations, while tightly integrating it with the other security services organizations need for threat and data protection.

Identifying and protecting sensitive data

Data is the lifeblood of your organization, but with cyberthreats and attackers becoming increasingly sophisticated, it’s challenging to protect your most precious asset. Additionally, data is more distributed than ever, adding another layer of complexity. Some of the challenges that accompany this shift include:

  • Cloud applications are great for business, however, they need your data to work, and many organizations still lack data controls in SaaS.
  • Remote work - users need access to data regardless of location.
  • Collaboration - SaaS apps are designed to share data, and data is being shared like never before - far away from the visibility of traditional data and security controls.  
  • BYOD: with work from home, users are accessing data from devices that may not be managed.  These unmanaged devices often have legitimate rights to access data, however, the control of data gets lost once downloaded to the device.

These harsh realities and data challenges are causing organizations to realize that data needs to be extracted out of the data center and moved into the cloud. An SSE cloud platform enables complete data control over both data in motion and at rest. Cloud DLP handles data in motion, identifying and blocking sensitive content. The pairing of DLP with CASB enables the same level of security and control to govern within SaaS applications—dangerous sharing can be observed and prevented while sensitive data is controlled and protected. Lastly, an ideal SSE platform can secure BYOD devices without complexity. Ensure your SSE platform leverages cloud browser isolation to guarantee data visibility for BYOD without loss of control.


While it may be easy to confuse with SASE or write it off as just another industry acronym, SSE has myriad benefits of its own, and organizations should take notice. A purpose-built cloud SSE platform, which combines the power of SWG, CASB, and ZTNA, can help your business stay protected by detecting and mitigating threats in an ever-evolving attack landscape, connecting and securing users working from anywhere, and identifying and guarding sensitive data.

Stay tuned for the final installment of our SSE blog series which will explore what you should be looking for when selecting an SSE cloud platform.

form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.