What is SSE?
Security Service Edge
The security half of SASE, delivering SWG, CASB, ZTNA, and DLP as cloud-delivered services without the SD-WAN networking component.
SSE was formally defined by Gartner in 2021 to acknowledge that many organizations need cloud-delivered security without replacing their existing WAN infrastructure. If SASE is the full convergence of networking and security, SSE is the security-only subset. It includes Secure Web Gateway, Cloud Access Security Broker, Zero Trust Network AccessZero Trust Network Access, and often Data Loss Prevention and Remote Browser Isolation.
SSE is the practical starting point for organizations that already have an SD-WAN deployment or are not ready to rip out MPLS. The security services are delivered from the same PoP infrastructure as SASE but without the SD-WAN overlay. Traffic steering typically relies on endpoint agents, PAC files, or GRE/IPsec tunnels from existing network equipment.
One important distinction: SSE does not mean 'SASE without networking.' The provider's PoP backbone still handles traffic routing and optimization between the user and the internet or SaaS applications. What SSE omits is branch-to-branch WAN management, path selection, and transport-independent connectivity. Organizations evaluating SSE should confirm whether their provider offers a clear upgrade path to full SASE if SD-WAN needs evolve.
A cloud-delivered architecture that converges SD-WAN and security services (SWG, CASB, ZTNA, FWaaS) into a single, globally distributed platform.
A cloud or on-premises proxy that inspects all web-bound traffic for malware, enforces URL filtering policies, and prevents data exfiltration over HTTP/HTTPS.
A security control point between users and SaaS applications that provides visibility into shadow IT, enforces data protection policies, and detects threats across cloud services.
An access model that grants users connectivity to specific applications, not networks, based on identity and device posture, verified continuously per session.
A set of technologies that detect and prevent unauthorized transmission of sensitive data by inspecting content at rest, in motion, and in use against predefined and custom data patterns.
A technology that executes web content in a remote, disposable environment and streams only safe rendered output to the user's browser, preventing web-borne threats from reaching the endpoint.
One email per publish. Unsubscribe anytime.