Netskope named a Leader in the 2022 Gartner® Magic Quadrant™ for Security Service Edge. Get the Report.

  • Products

    Netskope products are built on the Netskope Security Cloud.

  • Platform

    Unrivaled visibility and real-time data and threat protection on the world's largest security private cloud.

Netskope Named a Leader in the 2022 Gartner Magic Quadrant™ for SSE Report

Get the report Go to Products Overview
Netskope gartner mq 2022 sse leader

Netskope delivers a modern cloud security stack, with unified capabilities for data and threat protection, plus secure private access.

Explore our platform
Birds eye view metropolitan city

Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn more
Lighted highway through mountainside switchbacks

Prevent threats that often evade other security solutions using a single-pass SSE framework.

Learn more
Lighting storm over metropolitan area

Zero trust solutions for SSE and SASE deployments

Learn more
Boat driving through open sea

Netskope enables a safe, cloud-smart, and fast journey to adopt cloud services, apps, and public cloud infrastructure.

Learn more
Wind turbines along cliffside
  • Our Customers

    Netskope serves more than 2,000 customers worldwide including more than 25 of the Fortune 100

  • Customer Solutions

    We are here for you and with you every step of the way, ensuring your success with Netskope.

  • Training and Certification

    Netskope training will help you become a cloud security expert.

We help our customers to be Ready for Anything

See our Customers
Woman smiling with glasses looking out window

Netskope’s talented and experienced Professional Services team provides a prescriptive approach to your successful implementation.

Learn more
Netskope Professional Services

Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn more
Group of young professionals working
  • Resources

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog

    Learn how Netskope enables security and networking transformation through security service edge (SSE).

  • Events & Workshops

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

Episode 14: Enabling Security from the Top-Down

Play the podcast
Black man sitting in conference meeting

Read the latest on how Netskope can enable the Zero Trust and SASE journey through security service edge (SSE) capabilities.

Read the blog
Sunrise and cloudy sky

SASE Week

Netskope is positioned to help you begin your journey and discover where Security, Networking, and Zero Trust fit in the SASE world.

Learn more
SASE Week

What is Security Service Edge?

Explore the security side of SASE, the future of network and protection in the cloud.

Learn more
Four-way roundabout
  • Company

    We help you stay ahead of cloud, data, and network security challenges.

  • Why Netskope

    Cloud transformation and work from anywhere have changed how security needs to work.

  • Leadership

    Our leadership team is fiercely committed to doing everything it takes to make our customers successful.

  • Partners

    We partner with security leaders to help you secure your journey to the cloud.

Netskope enables the future of work.

Find out more
Curvy road through wooded area

Netskope is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

Learn more
Switchback road atop a cliffside

Thinkers, builders, dreamers, innovators. Together, we deliver cutting-edge cloud security solutions to help our customers protect their data and people.

Meet our team
Group of hikers scaling a snowy mountain

Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn more
Group of diverse young professionals smiling

Announcing Security Service Edge (SSE) for Dummies, the Industry’s First SSE Book!

Jan 13 2022

Security Service Edge (SSE) describes the evolving security stack crucial to a Secure Access Service Edge (SASE) journey, with core platform requirements that include CASB, SWG, and ZTNA capabilities. SASE is an architecture—really, a long-term journey that will change how we all think about security and networking. But SSE, as part of SASE, is a set of cloud-delivered security services you can acquire and make the most of today.

Still, it can be difficult to separate clear, advice-driven information about SSE from what’s becoming an avalanche of industry buzz and marketing around both SSE and SASE. That’s why we’re so excited to release Netskope’s new book, Security Service Edge (SSE) for Dummies, the first SSE resource of its kind. True to the world-famous Dummies series it now joins, this book is intended to be your practical, no-B.S. explainer for SSE, its importance relevant to concepts like SASE, Zero Trust, and secure digital transformation, and fundamentally, how to build and deliver SSE capabilities.

Below is an excerpt. You can grab your free copy of Security Service Edge (SSE) for Dummies here. Enjoy!

Successful implementation of SASE and SSE is much more than swapping out technology. Zero Trust changes some basic assumptions about how security works. In the on-premises, network-based model, the assumption is that the network is secure and we must verify a person’s identity before granting access. So, we trust the network and verify the user. The typical paradigm granted the person access to everything or nothing—“allow” or “block” were the only choices. 

Zero Trust changes this model as follows: 

  • When a person requests access, that request is evaluated in the context of several conditions. Identity is one of them, but the system also considers where the person is, the time of day, the device, the type of network connection, and many other variables.
  • The application to which the person is being connected is also part of that context. 
  • The desired service level is also an important factor. Is this a life-or-death use of an application or a video game played for fun? 
  • How the network path is protected may change based on the application being used. If someone is accessing their personal email account, an ordinary Internet connection is used, with Transport Layer Security (TLS) protection negotiated between their email server and email client. If a doctor is accessing patient records, a secure, encrypted, and authenticated path is established, regardless of the capabilities of the underlying network or application. 

Based on this context, the confidence level of the person’s session is determined, and the person may be trusted either a little bit or a lot. A person requesting access at an unusual time from an unusual location to a highly-sensitive application (an instance of a low confidence level) likely will encounter a multi-step authentication process. The access granted may be limited to a small set of data and functions, and then in a read-only mode. A worker who’s accessing at their customary time from a secure location (an instance of a high confidence level) may get full access to all data and application capabilities. 

Consider this example of a doctor accessing electronic health records via SSE that illustrates Zero Trust principles at work in SSE and how SSE helps bring Zero Trust principles to life: 

  • A doctor is carrying a facility-owned tablet as they treat a patient in the hospital. Based on the doctor’s identity, location, device, and other factors, the SSE determines it is safe to give the doctor full access to the patient’s records. 
  • The doctor walks across the street for a cup of coffee. They pop open a personal laptop, connect to the shop’s network, and try to access patient records. The SSE recognizes the doctor but identifies that the hospital does not own the laptop and that the laptop is on an unknown network. The doctor is allowed to view and comment on the records but can’t alter the data. 
  • The doctor is eating dinner at home; alerted to a crisis, they log their child out of Minecraft to use the family PC to access the patient’s records. The SSE recognizes that this computer is less secure than the hospital’s tablet. Instead of denying access, the SSE provides a series of prompts that enable the doctor to verify their identity further and frame the nature of the reason they need access. The SSE then provides the doctor with a secure set of resources to respond to the emergency —for example, inside an isolated browser session under control of the SSE. 

Within network security, you often hear the term Zero Trust Network Access (ZTNA). ZTNA is an excellent choice for augmenting your virtual private network (VPN) to accommodate more remote access scenarios. With ZTNA, users don’t receive access to an entire portion of a network that could allow connections to many services. Instead, ZTNA grants the worker a connection only to the application they’re seeking to use and—as shown in our doctor story—only the minimum access needed to perform the task at hand.

Implementing SSE using Zero Trust principles shrinks the attack surface and is far more data-driven, thus greatly improving the overall security posture. The level of risk presented by a person, an application, or a website undergoes continuous reevaluation. Security is adapting in real time based on changes in context. 

If we take a closer look at this model and how it functions in the most advanced form, some important ideas emerge that can guide our efforts, among them:

  • Context
  • Least privilege
  • Risk scoring
  • Resource concealment
  • Continuous adaptive trust

Get your copy of Security Service Edge (SSE) for Dummies to learn about all of these concepts in detail.

author image
Chad Berndtson
Chad Berndtson is global head of content and communications at Netskope. He joined the team in 2020 following several years building successful content, communications, and social media teams at Palo Alto Networks, Tanium, and Fortinet. Earlier in his career, Chad was a technology journalist focused on networking, security, and other IT topics at the dawn of the cloud era.