Skip to main content

Hello everyone, MS Azure is changing its approach on cloud security, implemented the new Security Service Edge (SSE) solution

 

Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID | Microsoft Security Blog

 

What is the Security Service Edge?
Security Service Edge, or SSE, as defined by Gartner in the Hype Cycle for Cloud Security in 2021, is the security component of SASE that protects access to the web, SaaS applications and private applications. It includes advanced security features such as Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA) and Firewall as a Service (FWaaS).

Explanation of Security Service Edge (SSE)
With the emerge of hybrid work environments, users are connecting from anywhere and from any device, accessing business applications and sensitive data directly in the cloud. As the traditional security perimeter continues to dissolve, security functions must also move to the cloud. SSE enables organisations to apply consistent security in the cloud and protect access to applications distributed across multiple clouds, data centres and software-as-a-service applications. An SSE solution, when combined with an advanced SD-WAN, creates a Secure Access Service Edge (SASE) architecture that significantly improves the end-user experience for applications hosted in the cloud.

How does SSE work?
An SSE solution protects remote access to the web, cloud services and private applications.

Traditionally, companies centrally hosted their applications in data centres, facilitating a range of security inspections such as firewalls and IDS/IPS. With the shift of applications to the cloud and remote work initiatives, companies struggle to protect applications from external threats as they operate in distributed environments outside the traditional security perimeter. Existing network infrastructures prevent IT departments from monitoring all connections between users and SaaS applications. Furthermore, routing traffic destined for the cloud to the data centre for security inspection has a significant and negative impact on application performance and user experience.

Security Service Edge solutions are services delivered in the cloud that enable organisations to perform advanced security inspections closer to endpoints, including users and devices. They create a dynamic security perimeter that provides threat protection, data security, security monitoring and access control regardless of where users connect.

 

Components of SSE
Security Service Edge (SSE) comprises four basic security components:

SASE = SD-WAN + SSE

SASE = SD-WAN + SSE

ZTNA assumes that, by default, no user can access anything until proven otherwise. Unlike a VPN, which offers connected users broad access to the corporate network, ZTNA limits user access, via a trust broker, to only specific applications or microsegments approved for the user.

CASB identifies and detects sensitive data in cloud applications, including cloud-to-cloud access, and enforces security policies such as authentication and Single Sign On (SSO). It prevents users from signing on and using cloud applications that are not authorised by the organisation's IT and security policies.

SWG protects organisations from web-based threats using various defence techniques. It interposes itself between the user and a website, so that users connect to the SWG solution, which performs several security inspections, including URL filtering, malicious code detection and web access control, and then redirects traffic to the website.

FWaaS is a cloud-based firewall that analyses traffic from multiple sources. FWaaS consolidates traffic from multiple locations managed by the organisation, including headquarters, remote branches and mobile users. FWaaS often supports critical access controls such as IDS/IPS, advanced threat prevention, URL filtering and DNS security.

DLP In addition to the main functionalities mentioned above, other security services such as Data Loss Prevention (DLP), Remote Browser Isolation (RBI) and sandboxing can be offered.

 

 

Azure Active Directory (Azure AD) will be renamed Microsoft Entra ID.

Microsoft has unveiled two new additions to its Entra product family, a suite of cloud-based solutions for enterprise customers. The new services, Entra AI and Entra Data, aim to provide users with powerful and flexible tools for artificial intelligence and data management. Both tools come after Microsoft revealed that Azure Active Directory (Azure AD) will be renamed Microsoft Entra ID.

Regards

Thanks for sharing this. Read about it in another announcement.


Thanks for sharing...now I need to go google a couple acronyms that are new to me….


Good Piece @Link State Cheers!


Comment