NordLayer - Network Security

How to choose the right SSE vendor for your business?


By NordLayer
22 Aug 2022
14 min read
How to choose the right SSE vendor for your business web 1400x800

The prevalence of hybrid work heightened the risks of cyberattacks. This pushed IT teams to seek alternative strategies to secure enterprise networking. As the previous approach was stacking separate solutions on top of one another, it didn’t take long for this method to show its flaws.

The new trend was consolidation by combining all the technical security solutions in a single package. This was the environment in which cloud-based network and security frameworks were born, like secure access service edge or SASE. However, not all businesses found that they needed networking capabilities. This paved the way for security service edge (SSE), focusing on threat protection and excluding networking.

What is security service edge (SSE)?

Gartner defines SSE solutions as a security side of the SASE platform. SSE discards wide area networking (WAN) edge focusing on security services. It’s a collection of cloud-based security capabilities.

SSE consists of the core components (while sometimes additional functions might be added):

1. Zero Trust Network Access (ZTNA) — creates identity and context-based secure access boundaries across applications used in the business.

2. Cloud Access Security Broker (CASB) — uses various cloud security technologies to protect Software-as-a-Service (SaaS) applications.

3. Secure Web Gateway (SWG) — an intermediary between the users and the internet. Regulates which domains are accessible by enforcing security policies.

Altogether, these core components form SSE. However, this package may also be expanded with supplementary features like Firewall-as-a-Service (FWaaS). The key to remember is that if cloud-centric WAN services are deployed over the same network architecture, it’s no longer SSE. It’s SASE.

Who needs SSE?

SSE allows greater security related to such challenges as remote work and hybrid environments. Nowadays, more businesses are adopting various third-party cloud-hosted applications. Therefore regular perimeter defense security solutions don’t really fit the case here.

  • Legacy security technologies can’t protect connections beyond the localized perimeter.

  • Tunneling the whole organization’s traffic via VPN introduces severe bottlenecks by backhauling data when the user can connect directly.

  • Using SSE is much cheaper than deploying and maintaining everything on the premises.

  • Outdated VPN protocols have numerous vulnerabilities that could be exploited, exposing company data.

  • Modern cyber threats have become sophisticated enough to navigate legacy security solutions. To stop modern threats, you need a multi-layered approach.

SSE is much more capable of protecting your network security and your company’s data. It’s the next chapter of cybersecurity that tackles sophisticated cyber threats.

Why is vendor selection important?

As SSE integrates several solutions under one roof, a single product will substitute several separate ones you’ve used previously. For this reason, it’s important to evaluate whether your SSE vendor will hold up to the same level of quality that you’ve used to expect. You should also ensure that you’re not downgrading, but upgrading — the rule of thumb should be to retain all your current functionalities and expand on them.

Failing to do proper research means relying on an SSE vendor that fails to meet the requirements that you’ve set. In turn, its flaws as a product directly translate into the risks from which you aren’t covered. Always think of the SSE provider’s search as a method to look past the flashy marketing tactics and see what you’re getting, as your business’s security will depend heavily on it. Canceling the contract and moving to a different SSE vendor could again halt your business operations and make you defenseless, which could be the opening the hackers are looking for.

What you should consider when selecting an SSE vendor

While SSE is relatively fresh, there are many SSE vendors to choose from, so choosing one for your business can be a descent down the rabbit hole. We’ve picked the key qualities you should focus on when procuring a new cybersecurity service provider.

The product/service quality

The product itself should be the first thing you inspect when deciding. Check all the features that the product includes. If possible, look up its architecture, and find out about its security certificates and other technical data. Ask around if any other businesses are also using the service. Maybe they’ll have useful insights that could reveal some red flags in advance. The bottom line is that product quality should be the main deciding factor to base your decision on.

Pricing

You should look at the pricing not to find the cheapest option but to get the most value. Overspending might also be more harmful than beneficial in the long run, as you might end up with features you pay for but don’t necessarily use or need. 

Don’t fall for inferior products undercutting other market players with extremely low prices, as the quality of their service is bound to be subpar. Get in touch with the SSE vendor and go through every line of the cost to get a real sense of what you’ll be paying and what you’ll be getting.

Vendor portfolio

Before shaking a hand and signing a contract, it never hurts to look into the vendor portfolio and other company’s related projects. Make sure that the company’s track record doesn’t show anything suspicious. This can potentially save you a lot of trouble down the road. Even if the company is relatively new, this shouldn’t mean that you should automatically skip them. Depending on the service and security level you expect, you should find the company that will be able to keep their end of the bargain when entering a long-term deal.

Customizability

No two businesses are identical. Depending on your business rhythm, you may require some adjustments to make to your service. Some SSE vendors can be more limiting in this regard than others, which can be a dealbreaker if the only way you’d be happy with the transition is if some adjustments are made. Look into SSE vendors that have technical customer support teams that would be able to implement and maintain your custom requests.

Scaling possibilities

As the current economic climate is very shifting, you may be required to scale up or scale down your operations. It doesn’t make much sense to opt-in an extensive plan without any possibility to alter the terms on the go. This alone can save you a lot of money, as you could set everything up so that you’re only paying for what you need. Also, make sure your SSE vendor can handle additional connections if you suddenly need to accommodate more employees.

Customer service

You may not always actively need customer service. However, when you need it, it’s best to have it ready as soon as possible. When troubleshooting, you'll likely need customer support no matter what product you’ll buy. For this reason, the customer support team’s size and capabilities to support your needs should be a part of your considerations when making a purchase. 

How are SSE vendors different from SASE?

Despite being closely related, SSE vendors are different from SASE vendors. Always ensure that what you’re getting is indeed SSE and not SASE.

Illustration explaining the difference between SASE and SSE

In short, if you don’t need networking services, you should go with SSE. If you do need them, you should go with SASE. This can be relevant to businesses seeking to improve routing to cloud apps.

How can NordLayer help?

NordLayer’s Secure Service Edge focuses on threat protection, helping to lock down business networks. An entirely cloud-based SSE platform helps to reorganize cloud resources and implement remote work systems to facilitate work from anywhere.

Included Secure Web Gateway disables various malicious websites from loading ensuring secure access when using a work device. You also get an always-on web shield against drive-by infections, Javascript injection, and phishing.

Segmenting your internal network into teams enforcing Zero Trust Network Access is possible. Require authentication at every step of the log-in to ensure that every entity on your network is who they claim they are. Get in touch with our team to learn more about our product and eliminate the risks posed by modern cyber threats.

Share article

Related Articles

Protect your business with cybersecurity news that matters

Join our expert community and get tips, news, and special offers delivered to you monthly.

Free advice. No spam. No commitment.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.