What is security service edge (SSE)?

Security service edge (SSE) refers to the security components of the secure access service edge (SASE) model. SSE secures access to the Internet and to applications for remote users.

Learning Objectives

After reading this article you will be able to:

  • Understand SSE and SASE
  • List the three core components of SSE
  • Learn about Cloudflare One

Related Content


Want to keep learning?

Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!

Refer to Cloudflare's Privacy Policy to learn how we collect and process your personal data.

Copy article link

What is security service edge (SSE)?

Security service edge (SSE) is the security aspect of secure access service edge (SASE). SASE is a cloud-native IT model that combines wide area network (WAN) edge networking and security services in a way that is better suited, compared to traditional network architectures, for how modern businesses operate.

SASE can be divided into two sets of interwoven capabilities: networking services and security services.

The networking side of SASE: WAN edge services

Gartner, the research and advisory firm that first coined the term "SASE," considers wide area network (WAN) edge services, including software-defined wide area networking (SD-WAN), to be the networking capability upon which SASE is built. WANs connect local networks across vast distances. Moving those capabilities to the edge better serves branch offices, mobile users, and cloud infrastructure. Edge-delivered WAN services are also more scalable and flexible than traditional, MPLS-based WANs.

The security side of SASE: SSE

SSE includes three core components, along with some additional capabilities:

  1. Zero Trust Network Access (ZTNA): ZTNA, according to Gartner, "creates an identity- and context-based, logical access boundary around an application or set of applications."
  2. Cloud access security broker (CASB): Includes a number of different cloud security technologies to protect software as a service (SaaS) applications.
  3. Secure web gateway (SWG): Sits in between remote and office users and the Internet to apply acceptable use and security policies for threat and data protection.

Together, these areas make up SSE — with other security capabilities like firewall-as-a-service (FWaaS) and remote browser isolation (RBI) often included as well. When cloud-centric edge WAN services and SSE are delivered from the same network architecture, an organization can fully deploy a SASE model.

How does Cloudflare help organizations adopt SSE?

Cloudflare has a network with over 330 locations around the world, and Cloudflare has long been a leader in security, network performance, and edge computing. The Cloudflare One platform includes all the aspects of SSE listed above, and it combines this with network-as-a-service for a full SASE deployment. Learn more about Cloudflare One.