The CXO’s Security Service Edge (SSE) Checklist

Security service edge (SSE) provides secure connectivity and protection across cloud devices and services. However, enterprises need to focus on certain prerequisites to enable and ensure security success. In this article, John Spiegel, director of strategy at Axis Security, shares a checklist to assist practitioners in getting an SSE project off the ground and on a proper flight path.

It’s 2 PM on a Friday. Your thoughts are on the upcoming weekend. Your daughter’s big soccer match, that brisket you are going to smoke, or the in-laws coming to town. That is when it happens. The CISO reaches out to you. They are concerned about the recent VPN breach. They’ve reported the incident to the board, and the decision has been made. You’re being assigned a new project with the attention of the C-level execs and the full Board of Directors. Replace the VPN with a modern Security Service Edge (SSE)Opens a new window solution. Where do you start?  

SSE is a new paradigm for bringing together network and security technologies for the modern era. It extends secure connectivity out to the users’ location through cloud services – without connecting users to the corporate network, exposing applications or IT infrastructure to the internet, or requiring complex network segmentation. The future is about hybrid work, and distributed cloud services will provide private access, web protection, cloud application access, data loss prevention, and digital experience monitoring. These services are delivered as a single SaaS service as part of a Security Service Edge model.  

Based on my experience in enterprise IT and working with IT leaders, both C-level and below, I’ve compiled a checklist to assist practitioners in getting a project such as this off the ground and on a proper flight path. The critical part is to avoid solutioning out of the gate. That comes later. So don’t pick up the smartphone and text your technology partner. Rather do the following. 

The SSE Checklist

1. You need a team: Remember Nick Fury said this in Avengers One, “The idea was to bring together a group of remarkable people, to see if they could become something more. To see if they could work together when we needed them to fight the battles we never could.” That is where you need to start. For this type of project to be successful, you will need a cross-functional team. Start there.  
2. Inventory the current landscape:  An SSE project will allow you to remove or consolidate your large portfolio of network and security products. I’ve seen several enterprises gain quick ROI by taking a hard look at their roadmaps and considering how to transition to a new model for networking and security. As a project leader, I told my team the rule was for every new technology we brought into the portfolio seek to remove two legacy solutions. This can be hard and may not be achieved, but the guidance was successfully leveraged to help with the business case.
3. Address identity:  This is the lynchpin. Much like success with Cloud transformations, identity must be addressed. Do you have multiple IDPs? Is consolidation possible? Do you have a challenge with employees inheriting excess rights?  Is the System for Cross-domain Identity Management (SCIM) enabled? How are you going to manage 3rd party identities? These are just a few questions that need to be answered. Make sure to include an identity expert before you start the project (see above). If you do not have one in-house, find the budget to pay for a consultant to assist. Success here may determine the outcome of your project. 
4. Use cases:  This one is important. It is too tempting to try to address everything out of the gate. Don’t give in to this temptation. Implementing SSE is a large project. It’s best to start with an easy use case to gain success with the technology. My recommendation is either 3rd party accessOpens a new window , such as contractors or call centers. Both involve risk as well as cost. In terms of risk, allowing a contractor full access to your network via VPN is a tempting target for bad cyber actors. Instead, limit access via zero trust principles and limit access to only the set applications required for the contractor to work successfully. Additionally, I’ve worked with several call centers where they were shipping laptops out to associates. Due to the nature of how call centers operate, turnover was high, and the company was only getting 30-50% of the laptops returned. This was expensive from an IT labor standpoint. A better alternative was to leverage a BYOD policy with an agentless solution. Reduce cost, reduce risk. These are excellent use cases to get off the ground smoothly! After lift-off,  expand to remote access, network segmentation, branch transformation and SSE everywhere!  
5. What does success look like? SSE transformation is a journey. The project will not end in 3-6 months. It can be one to two years before fully implemented. It is critical to not only know what success looks like but also to communicate that with your team. Where do you want to be in six months, one year, or two years? Right it down! Align the team and set realistic expectations. Measure where you are in your journey. Beyond the team responsible for the execution, you will also be able to inform those above you where it all began, with the C-Suite and Board of Directors. You won’t want to be fumbling for answers when they come calling. And they will.

See More: Is Zero Trust the Catalyst for a Successful Digital Transformation?

Now You Can Pick Up the Smartphone

Once you’ve done the pre-work, it is time to text the partner. Explain your goals and objectives. Make sure they consider multiple vendors. Include your established vendors and the startups looking to disrupt. Meet with them, and also recommend to POC at least three vendors. Kick the tires. Understand each vendor’s strengths and weaknesses. Ask about their roadmaps. Remember, the pace of innovations with software solutions can be quick. Avoid hardware-based solutions that are slow to evolve.  

I hope this helps. Keep in mind, like Zero Trust itself, SSE is a journey, not a race. If you have any questions, feel free to reach out. 

Have you used a similar checklist to enable your SSE project’s success? Tell us on  FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .

MORE ON ZERO TRUST: 

• The Case for Zero Trust amidst Soaring Connectivity
• Identity, Access and Zero Trust in the Metaverse Era
• Zero Trust: What Is It and How Can Businesses Make It Work?

 Image Source: Shutterstock