SASE adoption has been skyrocketing since the start of the pandemic. Secure access service edge, a term Gartner coined in 2019, combines security and networking in a single, scalable, cloud-based platform that fits well in a world in which employees work from home and mostly access cloud-based apps and services.\nNow Gartner is pushing a new acronym. Turns out, companies might prefer to get their SASE without the \u201cA\u201d \u2014 just security service edge, or SSE. Gartner this month published a Magic Quadrant for SSE (something the company never did for SASE); it's available from vendors listed in the report (here and here, for example).\nHow\u2019s SSE different from SASE?\nSASE combines five major technologies: cloud-access security broker, secure web gateway, zero-trust network access, integrated SD-WAN, and firewall as a service. Few vendors offer all five, and few enterprises are looking to buy all five at the same time in the same package.\nAs a result, the SSE offering, which includes the first three technologies \u2014 CASB, SWG, and ZTNA \u2014 might make better sense, especially in the short term, experts say.\nGartner introduced SSE in its 2021 Strategic Roadmap for SASE Convergence, and it\u2019s predicting IT buyers will gravitate to this bundling option over the next few years. By 2025, 70% of organizations that implement agent-based ZTNA will choose an SSE provider rather than a stand-alone offering, up from 20% in 2021, Gartner predicts. And, by 2025, 80% of organizations buying SSE-related security services will purchase a consolidated SSE solution, rather than stand-alone cloud access security broker, secure web gateway and ZTNA offerings, up from 15% in 2021.\nEventually, however, companies should migrate to the full SASE stack, says John Watts, senior research director at Gartner. \u201cGartner recommends long-term to consolidate SASE offerings to a single vendor or two explicitly partnered vendors,\u201d he says.\nSSE is particularly important for enterprises today, since they have figure out how to securely connect work-from-home employees to enterprise services.\nSSE\u2019s three main components target different areas of exposure:\n\nSecure web gateways help connect employees to the public Internet, such as websites that they might be using for research or cloud apps that are not part of a company\u2019s official SaaS roster.\nCloud-access security brokers connect employees to SaaS applications like Office 365 and Salesforce.\nZero-trust network access connects employees to private corporate applications that run in on-prem data centers or in the cloud.\n\nBy having all three in a single platform, it becomes easier for enterprises to manage and scale security services. Companies can set universal security policies that apply everywhere their employees go and can track user behaviors and traffic across all three channels.\n\u201cIntegration is a natural migration and natural evolution of things, and it made sense to converge all those things together,\u201d says Mike Wood, CMO at SASE provider Versa.\nThe issue of the past is that companies were buying different tech for different flavors of the same problem, says Jason Clark, chief strategy officer at Netskope. \u201cAll of our senses to do security have been separate, and what I see SSE doing is taking this collection of senses and merging them together into one nervous system, into one brain,\u201d says Clark.\nBrink\u2019s moves from VPNs to SSE\nCompanies were trying to get off VPNs even before Gartner came up with the term SASE and before the pandemic created a major shift to a remote workforce.\n\u201cThe problem with VPNs is that everyone needs to connect to the VPN gateway,\u201d says Mustapha Kebbeh, CISO at Brink\u2019s, the global security company best known for their armored trucks.\nWhen employee traffic is backhauled to the data center, it creates unnecessary congestion, he says.\nOften, what employees are accessing are cloud-based apps and SaaS platforms, and adding a hop to the data center is an unnecessary step. \u201cAnd if you\u2019re bringing everyone back to the home office then you bring in additional security risks,\u201d he says.\nBrink\u2019s started to look at other options in 2017 for its global workforce of 75,000 employees. The company began working with a couple of vendors, including Zscaler and what was then called the Zscaler Private Access service. \u201cWe wanted ease of access, applications, and to isolate the uses, with better authentication, and a better user experience,\u201d Kebbeh says.\nBrink\u2019s started with secure web gateway functionality and zero-trust network access, and added the cloud-access security broker later.\n\u201cPrior to the pandemic, we were not a fully remote workforce,\u201d Kebbeh says. But when the company was forced to switch to mostly remote, the technology was in place to support them, and 70% of the workforce has already moved over.\n\u201cBy the time the pandemic hit, we had a fully fledged product \u2013 not yet fully integrated for everyone, but we knew what it looked like,\u201d he says.\nUsage continued to expand since then, he says. \u201cBy the end of [February] we\u2019re shutting down the remaining VPNs at our enterprises.\u201d\nThe moment Brink\u2019s started moving their users from traditional VPNs, the company could see what people were accessing, what applications they were using, and could add additional security capabilities.\nVPNs might have made sense a few years ago, when the majority of applications used by employees were run by enterprises in their data centers. But over the past few years, companies have been rapidly migrating from on-premises platforms to cloud-based ones.\nAs a result, the use of SaaS apps has exploded, says Netskope\u2019s Clark. A company that had 300 SaaS apps three years ago might have 3,000 today, he says.\nAccording to a July 2021 Netskope report, in the first six months of 2021 alone, cloud app adoption increased 22% \u2014 and concerningly, a majority of those apps are shadow IT, unmanaged and often freely adopted by business units and users.\nAccording to data Netskope released last month, the average enterprise has around 1,000 SaaS applications.\n\u201cTraditional cybersecurity strategies and tools cannot adequately protect the distributed, application-centric enterprise,\u201d says John Grady, senior analyst for cybersecurity at Enterprise Strategy Group.\nSecurity needs to be able to follow people and data, and that\u2019s really the big outcome of SSE, says Jim Fulton, VP of product marketing at cybersecurity company Forcepoint.\n\u201cSSE grew up around the fact that SASE security took off, was amazingly successful and was already taking off faster than Gartner expected before the pandemic, and it started accelerating even faster after the pandemic,\u201d he says.\nThe internet is becoming the new corporate network, says Amit Bareket, cofounder and CEO of cybersecurity company Perimeter 81.\n\u201cWhat we\u2019re going to see now is that security services are moving from on-premise appliances to cloud-based solutions, like SASE and SSE,\u201d he says.\nSSE and SD-WAN have different buyers and value propositions\nWhen Brink\u2019s was looking for a security solution for its remote workforce, SD-WAN wasn\u2019t a consideration \u2014 they already had SD-WAN from Velo Networks, it worked well, and it combined easily with Zscaler\u2019s SSE offering.\nThe important thing is to have seamless integration, Kebbeh says. Having everything in one product would be a harder sell. So it makes sense, he says, for SSE to be a separate technology category.\nKebbeh is one of the founding members of the SSE Forum, an industry group whose other members include executives from GlaxoSmithKline, Coca-Cola, DocuSign and Kayak. It\u2019s organized by cybersecurity vendor Axis Security.\nThe SSE Forum was launched last month, says Chris Hines, Axis Security\u2019s VP of product marketing, with 15 founding members. The idea is to create a consortium of thought leaders to drive the development of an SSE roadmap, he says.\n\u201cSecurity is starting to drive IT,\u201d Hines says. As companies are migrating more resources to AWS or Azure, SD-WANs are becoming less relevant. \u201cIf 90% of your traffic is to SaaS, then do you need the SD-WAN at all?\u201d Hines says.\nWhen a company does have an SD-WAN, that buying decision often comes from a different side of the company than the security team enabling a remote workforce, says Sanjit Ganguli, vice president for transformation strategy at Zscaler, one of the top three Gartner Magic Quadrant leaders for SSE. \u201cA lot of the networking teams are making different buying decisions than those that are making security buying decisions,\u201d Ganguli says\nTop SSE vendors\nThe three leaders in Gartner\u2019s Magic Quadrant for SSE \u2013 Zscaler, Netskope, and McAfee Enterprise \u2013 have full SSE capabilities and strong market positioning.\nZscaler\nZscaler was one of the early leaders in this space, and it has recently consolidated its position with acquisitions and support for more API integrations with SaaS applications. It\u2019s known for ease of use and a large market share, Gartner says, as well as strong partnerships with SD-WAN vendors and tighter integrations.\nRelying on SD-WAN partners fits in with the SSE philosophy, says Zscaler\u2019s Ganguli.\n\u201cSSE takes a very network-agnostic approach,\u201d he says. \u201cWe don\u2019t care how you connect \u2014 we care about the security. The SSE part, where we focus, is on all the security controls. One fo the benefits of Zscaler is that because we\u2019re creating that secure tunnel, it actually abstracts the network entirely. We provide a secure overlay.\u201d\nNetskope\nNetskope\u2019s total private funding of an estimated $1 billion makes it one of the best-funded private companies in the SSE market, Gartner says. Like Zscaler, Netskope has been acquiring other companies to consolidate its position,\nAccording to Netskope\u2019s Clark, 60% of the questions he gets from customers are about the company\u2019s CASB offerings, 30% about the secure web gateway, 9% about ZTNA and the final 1% about the egress firewall which allows users to connect to legacy systems like mainframes.\nBut it\u2019s all the same problem, he says, how to connect users to their applications securely.\n\u201cPreviously, all this security has been separate,\u201d he says. \u201cNow, I\u2019m securing them with the same technology, it\u2019s just that my controls are going to be different.\u201d\nMcAfee Enterprise\nMcAfee isn\u2019t often thought of as an SSE company, and its ZTNA offerings are more recent. Plus, it\u2019s gone through some ownership changes. The fact that the company name is associated with an anti-virus product doesn\u2019t help.\nBut the company does now offer a complete and tightly integrated suite of SSE services, Gartner says, including SWG, CASB and ZTNA. McAfee calls its SSE product the MVISION Unified Cloud Edge.\nOther players in Gartner\u2019s Magic Quadrant for SSE\nCisco and Palo Alto Networks are deemed challengers in Gartner's SSE Magic Quadrant.\u00a0Niche players are\u00a0Broadcom, Forcepoint, Iboss, and\u00a0Versa. Bitglass (acquired by Forcepoint in October 2021 but listed separately in the MQ) and Lookout are dubbed visionaries.\u00a0\nFor honorable mentions, Gartner lists:\u00a0Akamai,\u00a0Cato Networks, Cloudflare, Menlo Security, Microsoft, and Proofpoint.