General availability of the Microsoft Entra Suite is expected to shake up the nascent SSE industry, putting particular pressure on smaller vendors.
SSE – secure service edge – is a cloud-based way to deliver secure access to corporate systems, SaaS applications, and the Internet in general. At its core, SSE combines three main technologies: cloud-access security broker (CASB), secure web gateway, and zero-trust network access (ZTNA).
After sharing its SSE plans last year, Microsoft this month announced the availability of Microsoft Entra Suite, which includes ZTNA and a secure web gateway. In addition to these two core SSE services, Microsoft Entra Suite includes identity governance and administration, identity protection, and identity verification.
Three of the components of the Microsoft Entra Suite are new: Internet Access, Private Access and Verified ID Premium. Two other components – Microsoft Entra ID Protection and ID Governance – have been available previously in Microsoft Entra ID P2 SKU and Microsoft Entra ID Governance SKU.
The one major thing that’s missing from the Microsoft Entra Suite is the CASB component.
Microsoft does offer a separate CASB product, Microsoft Defender for Cloud Apps. It’s not included in the Microsoft Entra Suite because most customers get it through a Microsoft 365 E5 subscription, says Irina Nechaeva, Microsoft’s general manager of identity product marketing. “But in cases where relevant to the customer, we’ll ensure that they can get a complete solution, complementing Microsoft Entra Suite with Microsoft Defender for Cloud Apps,” she says.
And Microsoft Defender is a component of its SSE solution, she adds. “It is integrated with Microsoft Entra ID and the rest of Microsoft Entra portfolio through Conditional Access policy engine.”
“Our SSE products can also be deployed side-by-side with other SSE vendors, making it possible for customers to mix different components of the SSE stack,” she adds.
SASE vs. SD-WAN
SSE can be considered a subset of SASE (secure access service edge), which is a term coined by Gartner to describe a cloud-based service that combines networking and security to give remote workers safe access to internet-based resources. The five elements of SASE are CASB, secure web gateway, ZTNA, firewall as a service, and integrated SD-WAN. SSE is essentially SASE minus SD-WAN, the network access part of the equation.
IDC splits the difference between SASE and SSE, using the term “network edge security as a service” (NESaaS) to describe a converged approach that includes SWG, CASB, and ZTNA as prerequisites and treats networking capabilities like SD-WAN and digital experience monitoring (DEM) as “optional points of integration.”
SSE vendor landscape
According to Gartner, there are three SSE vendors that are leading the space: Netskope, Zscaler, and Palo Alto. Other SSE vendors include Cisco, Fortinet, Versa Networks, Cloudflare, Broadcom, iBoss, Skyhigh Security, and Lookout.
Microsoft’s SSE solution will put pressure on the other vendors in the space, says David Holmes, an analyst at Cambridge, Mass.-based Forrester Research. “They have all the pieces,” he says.
“It will put pressure on Netskope and Zscaler,” he says. But the smallest vendor will be hit the hardest, he adds. “They didn’t have a lot to offer in the first place. And with the startup environment being the way it is, I don’t think they have room to hang out and hope for an acquisition.”
Enterprises currently using a smaller vendor for SSE might start thinking about switching, Holmes says, or might hang on for the short term. “In the long term, there are other changes coming that might make all this obsolete,” he says. For example, several companies, including Google and Palo Alto, have recently rolled out enterprise browsers, which have all necessary security technologies built right in.
The main factors working against Microsoft in the SSE space are that most of the companies who need it already have a solution in place and that some companies are looking for a full SASE solution.
When the pandemic first hit, there was a great deal of interest in SSE, says Holmes. “I was getting calls all the time. But those calls have really dried up – it’s been months. Microsoft is really late to this party. Everyone who was going to go in this direction already went there.”
The main opportunities would be enterprises who are renewing their subscriptions and aren’t happy with their current vendors, or customers of smaller SSE vendors that folded.
For companies looking for an SSE vendor, Microsoft could be an attractive option because the product is going to be significantly cheaper than others, Holmes says. Plus, many enterprises already use Microsoft for key services, and the SSE services are tied into Microsoft’s user identity ecosystem.
“A lot of organizations will adopt this eventually because it’s Microsoft, and the price is lower, and they trust Microsoft – whether it’s better or not,” he says. “That happens over and over and over, and that’s not news to anybody. This is going to happen to SSE as well.”
Source:: Network World