Cloud Security, Security Architecture, Network Security

The Secure Service Edge based on software and the cloud will win the day as SD-WANs fade

A visitor tries out a tablet next to a cloud computing symbol at the 2013 CeBIT technology trade fair on March 5, 2013, in Hanover, Germany. Today’s columnist, Josh Stella of Snyk, lays out five fundamentals of cloud security.
(Photo by Sean Gallup/Getty Images)

In March of 2020 the “branch of one” was born as workers left their cubes and branch offices for the kitchen tables, bedrooms, and garages of their homes. To address this need, a large majority of enterprise IT fell back to remote VPNs as the method to connect these valuable workers to IT resources. In a matter of weeks, the world doubled down on legacy remote access VPNs. Adoption of SD-WAN slowed and the focus for networking turned to the question of how to best enable this new pattern of remote work. 

While placing a small SD-WAN device at each of these home offices was an option, from a cost and manageability standpoint, it was not feasible. Instead, the industry turned to client software and cloud gateways. Over the next 12-18 months, how businesses and the industry thought about the branch and future of work changed. 

From many to one

The future is about the how and where. Here’s a typical day in the post-pandemic world: the worker starts their day on a mobile smartphone at their home, then switches to a tablet or laptop to work from home or from a coffee shop. They may also drive into the office for an event and then return to the home or grab a beverage with their friend, and check the smartphone again. 

So moving forward, people will not work in a fixed location. We won’t have the branch office as it existed back in 2019. Mobility will rule. And if work becomes increasingly mobile, does this really mean we should focus on SD-WAN as they way to securely deliver applications to the workforce? Or rather, should we focus on an access platform which will securely deliver the application (and only the application) no matter where the worker is located? 

Meet the Secure Service Edge

Here’s where the Secure Service Edge (SSE) comes in. In just over 24 months, the way the world works has changed forever. It’s now about delivering secure applications anywhere, to any device, at any time. At its core, SSE takes technologies like remote access gateway, secure web gateway, cloud service access broker, and zero-trust network and moves the industry forward based on today’s requirements. Transport is agnostic. We can deliver over the internet, Wi-Fi, MPLS, 5G, or a simple cable modem. Agent software will be always on. A service broker will provide transport termination, security as well as telemetry so we can deliver the CIO’s application properly with the right amount of security. No compromise. 

So why will this new model win out?  It comes down to this – simplicity, security and speed.

Simplicity: It’s no longer about packet flows, complex routing protocols, firewall rules, filtering mechanisms, chaining hardware appliances in a central data center.  Instead, the SSE model applies policy to a worker or a resource based on the needs of the business and nothing more. Point and click. No need for a networking expert to adjust infrastructure when a new application is added.  Rather, the process becomes part of the operations role.  New application? Add the resource to the policy! 

Security: SSE focuses on the common denominator the CIO cares about. The secure delivery of an application. For far too long, we’ve built security and network systems based on private data centers. This approach both slows the delivery of applications because of unnecessary non-optimized traffic paths and relies on static defense solutions designed 30 years ago. IT systems are now based on distributed applications and a distributed workforce. SSE aligns to this new universe. Network and security delivered via the power of the cloud to local points of presence close to the worker and their applications. 

Speed: Time is critical in today’s enterprise business environment. Solutions based on hardware are slow to deploy. They involve scheduling downtime, configuration and cabling, as well as high, in demand, engineering talent to spin dials. SD-WAN was built on hardware. Contrast this with the SSE approach  based on easy-to-deploy software clients. 

Today, SD-WAN has just become one of the many transport options. It will act as an on-ramp to the SSE service platform. It will not function as the primary means for connecting to the enterprise going forward. Just one of the abstracted paths the SSE-delivered service will travel on top of to deliver the CIO’s applications fast and securely.

As the CIO of a Pacific Northwest retailers said recently: “I don’t care about your packet traces, your graphs, your TCP windows, all I care about is that your network delivers my applications securely."

John Spiegel, director of strategy, Axis Security

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.