Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Products & Solutions

How to Resolve Data Protection Woes With SSE


The outdated security approaches of yesterday are no longer a good fit for protecting today’s data. These traditional security tactics were centered around the data center, but users, apps, data, and even infrastructure (in the form of IaaS), have left the building for good. Consequently, backhauling traffic no longer makes sense in today’s dynamic, work-from-anywhere world.

The rise of SSE offerings

SSE, or security service edge, is a framework for integrating complementary security technologies to provide consistent, consolidated, and easily manageable data protection that follows users away from the corporate network, applying security policy at every step. A term originally coined by Gartner, true SSE solutions successfully integrate CASB, SWG, ZTNA, DLP, and other future-forward security technologies.

Following the SSE framework, cloud security is typically delivered at the edge—as close to the user as possible. This eliminates the need for backhauling and ensures that security is everywhere, providing fast, seamless application and data access. 

The Zscaler Zero Trust Exchange is a leader (and positioned highest in ‘Ability to Execute’) in Gartner’s new SSE Magic Quadrant. What sets our technology apart is the ease with which it secures data across all transactions, regardless of application, device, or location. 

To highlight this, here are a couple of key data protection use cases with which we help our customers:

Preventing data loss in encrypted traffic

When traffic is encrypted, it obfuscates the movement of data therein. As a result, much of corporate data loss today occurs via SSL traffic. Unfortunately, inspecting encrypted traffic for this data loss takes massive amounts of computing power. And whether they are hardware or virtual, outdated appliances have fixed capacities to service users and lack the scalability needed to inspect this traffic at scale. This means that organizations relying upon a legacy security architecture built on appliances typically have little to no inspection for encrypted traffic. Obviously, with 95% of traffic today being encrypted, this isn’t enough for modern security. 

Powered by the world’s largest security cloud, consisting of more than 150 points of presence around the globe and processing 200 billion transactions daily, Zscaler can easily inspect all encrypted traffic and does so for some of the world’s largest organizations, including more than 25% of Forbes Global 2,000 companies. This means that Zscaler’s platform can find and stop any data loss inline and in real time—wherever it may be flowing—through leading DLP with advanced capabilities like exact data match (EDM), indexed document matching (IDM), and optical character recognition (OCR). 

Securing unmanaged devices such as BYOD

Unmanaged devices are phones, tablets, laptops, and countless other internet-facing endpoints that do not belong to, or were not issued by, the enterprise. In particular, the use of employees’ personal devices to access corporate data has been increasing over the years to enhance productivity—in part due to the global pandemic. In addition to BYOD, unmanaged devices can also belong to technology-partner organizations and third-party contractors, both of which need secure access to an organization’s data or business-critical applications. 

Legacy tools, such as endpoint agents, aren’t a good fit for data protection on unmanaged devices where mandating software installations is typically infeasible. Similarly, reverse proxies (which are agentless) regularly break and impede user productivity. Blocking unmanaged devices altogether is also a poor strategy because it disrupts normal business operations.

For SaaS and private apps alike, Zscaler Cloud Browser Isolation isolates app sessions in the Zero Trust Exchange and streams only pixels to the end user’s device. This allows access on unmanaged devices but prevents download, copy, paste, and print to stop data leakage. Because Zscaler can do this agentlessly, it is a perfect fit for unmanaged devices and a superior alternative to agents and reverse proxies. 

Uncover more about SSE with Zscaler

To see the other top data protection use cases that Zscaler customers use us to address, download our new ebook for free: The Top SSE Data Protection Use Cases. You can also see demos of more specific Zscaler data protection technologies here

form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.