Cloud

How SSEs Boost Cloud-Native Application Security

A security service edge simplifies security across cloud, multicloud and hybrid cloud environments.

Eric Marchewitz is a field solution architect with a 23-year career in cybersecurity solutions, working for such companies as PGP Security, McAfee, Cisco and Check Point. He is a recovering CISSP and cloud practitioner. Marchewitz helps architect solutions and bring in the proper resources and specialists to solve security challenges in all areas.

The phrase “cloud-native apps” gets thrown around a lot. But 9 times out of 10, what we’re really talking about is Software as a Service, especially among state and local government agencies that don’t necessarily have the in-house staff to develop, manage and secure their own apps in the cloud.

Many state and local government agencies are eager to transition whatever applications and functions they can into a SaaS environment and minimize what they must keep on-premises. Some functions are easier to offload onto SaaS than others, but the consensus among agencies I speak to is that they prefer the ease of SaaS.

Nevertheless, many IT decision-makers remain wary of security in the cloud. In fact, 59% of respondents to a survey conducted by Fortinet cited security as the main barrier to cloud adoption.

Fortunately, as cloud has become a fundamental part of IT environments, securing cloud-native apps — apps you’ve built in the cloud, or SaaS apps — has become easier and often more effective than securing on-premises applications.

Click the banner for more information about simplifying cloud adoption.

Taking a Simple Approach to Cloud Security

Whether you’re building or buying in the cloud, the benefits are fundamentally the same: You don’t have to purchase as many dedicated resources and you get near limitless scalability.

However, when you’re building an app in the cloud, or “lifting and shifting,” you’re at greater risk of mirroring your existing problems or security issues in the cloud and adding new concerns.

DIVE DEEPER: The latest research highlights key challenges organizations face with cloud.

SaaS, on the other hand, is more convenient because the bulk of your risk revolves around how users access these applications on endpoints. You lose some control over the application layer, but another way of looking at it is that you have one less thing to worry about, provided you’re shopping for SaaS solutions that are compliant with industry regulations.

In both cases, you still must manage secure access to the application to prevent misuse, data loss and any sort of credential harvesting. Nothing does this more simply, affordably and effectively as a security service edge.

Why SSE and Cloud Need to Be Coupled

An SSE governs security policy and application access and usability for cloud environments. It helps you determine what users are allowed to do, when they’re allowed to do it and how they’re allowed to do it.

At a basic level, an SSE provides a secure web gateway to govern what apps are accessible, which can help avoid shadow IT, especially in hybrid and remote environments. It also provides a web application firewall to monitor and filter HTTP traffic. Application programming interface security and web encryption also come standard with SSEs. In most cases, SSEs scrutinize HTTP traffic much more granularly than a web administrator would have time for. It’s far easier to build in and execute predefined rules with SSE.

LEARN MORE: Modernize your security environment with SASE and SSE solutions.

Another benefit of SSEs is that they rely on zero-trust network architecture. Unlike VPNs, which enable access to an entire network, ZTNA grants access to the specific application requested. Couple this with strong identity and access management and you end up with a highly secure cloud environment.

Read CDW’s latest cloud report to prepare for cloud challenges.

See why states are moving to the cloud for improved citizen services.

You can even use an SSE to run queries against your AI engine to make sure it’s not revealing vulnerable information or trade secrets.

There are obviously other ways to secure SaaS and cloud-native apps without an SSE. But the benefit of an SSE is its simplicity. It can do so much for state and local government agencies.

Whether you’re moving applications to the cloud or subscribing to SaaS apps, you should be combining those cloud-native applications with an SSE. There are dozens of reputable brands offering mature solutions, including Prisma from Palo Alto Networks and Zscaler’s SSE, just to name two. Secure Access from Cisco even has an integrated AI assistant that can translate conversational prompts into security controls.

SSE and SaaS: A Match Made in the Cloud

The reason organizations shift to SaaS is because it’s easier to manage and more predictable. Too often, agencies spin up servers and attempt to build their own applications, later to learn that they’re incurring far higher costs than they initially anticipated. This is less likely with SaaS.

Obviously, not all applications can be SaaS applications, and there will always be a need for on-premises infrastructure. But those that can be moved to SaaS should be, and they should be protected with an SSE. Like SaaS, an SSE is managed through simpler interfaces; it’s an operational expenditure model; it can be accessed internally or externally, making it ideal for hybrid cloud environments; and, most important, it can offer greater security by design.

Don’t be afraid of the cloud on security grounds. Just be judicious about which workloads belong in the cloud and smart about how you secure them.

This article is part of StateTech’s CITizen blog series.