Part 1 of our SSE vs SASE series

Something interesting happened in 2024. Gartner, the analysts who practically invented the cybersecurity acronym game, did something that speaks volumes about the current state of network security: they introduced their first Magic Quadrant for single-vendor SASE. Combined with their SSE Magic Quadrant (which debuted in 2022), we now have separate reports evaluating these distinct approaches to secure access.

This wasn't just administrative housekeeping. It's recognition of a fundamental divide in how organisations should approach modern network security, and it validates an argument we've been making for some time: for many businesses, SSE isn't a stepping stone to SASE - it's the destination.

The Billion-Dollar Question: Do You Actually Need a Network?

Before we dive into acronyms and vendor positioning, let's ask the uncomfortable question that many IT departments are avoiding: do you need a corporate network anymore?

If your applications live in AWS, Azure, or SaaS platforms, they're already accessible via the internet. If your users are working from home, coffee shops, client sites, and co-working spaces as much as they're in the office, then you're maintaining expensive infrastructure that serves them perhaps half the time.

This isn't a theoretical discussion. We're seeing organisations spending hundreds of thousands annually on MPLS circuits connecting offices where the primary traffic is email, Teams calls, and cloud application access - all services that work perfectly well over standard internet connections.

How the Internet Became Enterprise Infrastructure

Here's something that often gets conveniently overlooked in vendor presentations about expensive SASE platforms: the internet has fundamentally changed, particularly in markets like the UK and Europe.

Modern fibre broadband delivers symmetrical bandwidth that often exceeds what organisations were paying premium prices for via private circuits just a few years ago. 5G networks provide mobile connectivity that rivals fixed-line performance. Satellite services like Starlink are eliminating the last connectivity dead zones. Multiple providers compete aggressively on price and service levels.

This isn't the unreliable, best-effort internet of the dial-up era. Modern internet infrastructure provides availability and performance that rivals traditional private circuits, often with better resilience through diverse routing and competitive pricing that makes private networking look expensive and inflexible.

The pandemic accelerated a trend that was already underway: users working from anywhere whilst applications live in the cloud. This combination completely changes the networking equation. Why build expensive overlay networks when the underlying infrastructure already connects users to applications more effectively than private networks ever could?

The Single-Vendor Mirage

Walk into any cybersecurity conference and you'll be bombarded with vendors proclaiming their "single-vendor SASE platform" credentials. Network giants have acquired security divisions. Security specialists have bought networking companies. Everyone promises to be the "master of all trades."

The reality is more complex. Building great networking products requires deep expertise in connectivity, routing, and performance optimisation. Building great security products requires different skills: threat intelligence, behavioural analysis, and rapid response to emerging attack vectors.

Very few organisations excel at both. What we're seeing in the market are platforms that feel cobbled together from acquisitions rather than purpose-built integrated solutions. The network appliance manufacturers often struggle with advanced threat detection. The security specialists frequently underestimate the operational complexities of WAN management.

Meanwhile, single-vendor platforms create dependency risks that extend well beyond technical considerations. Renewal negotiations become exercises in vendor power rather than competitive procurement . Adapting to changing requirements becomes difficult when you're locked into one vendor's roadmap and development priorities.

The SSE Alternative: Security Without the Baggage

SSE takes a radically different approach. Instead of building complex networking infrastructure, it assumes the internet provides adequate connectivity and focuses entirely on making that connectivity secure and manageable for enterprise use.

This creates some compelling advantages. Users receive consistent security policies whether they're in the office, at home, or travelling. There's no complex WAN to manage, no expensive circuits to provision, and no network hardware to maintain and refresh.

The operational simplicity is transformative. New offices need internet connectivity and nothing more. User growth is limited only by internet availability, which in most developed markets is ubiquitous. There's no capacity planning for WAN links and no complex traffic engineering.

The cost benefits extend beyond circuit savings. Reduced networking complexity means lower management overhead, less specialist staffing, and elimination of the procurement complexity associated with private networking.

When Vendors Have Vested Interests

It's worth noting who's pushing hardest for SASE adoption. Many of the loudest advocates are vendors and carriers with significant investments in networking hardware, software, and infrastructure. They'll provide you with network infrastructure and "cloud" services running on their networks as part of integrated platforms.

From their perspective, this makes perfect sense. They've invested billions in building these capabilities and need customers to justify those investments. They'll often market SSE as merely a step towards their full SASE offering, with the implication that SSE alone is somehow incomplete or inadequate.

But what if SSE delivers everything you need without the additional complexity and cost?

The Strategic Choice

The decision between SSE and SASE reflects fundamental assumptions about how work gets done, where applications live, and how users connect to them. If you're embracing cloud-first strategies and flexible working models, then the case for SSE becomes compelling.

Consider a typical knowledge worker today. They might start their day checking emails from home over residential broadband, join video calls during their commute using 5G, work from a client office using their guest WiFi, and finish the day in a co-working space. At each location, they need secure access to the same cloud applications and services.

Traditional network-centric approaches struggle with this reality. VPN connections add latency and complexity and can often be avoided when accessing SaaS applications or the Internet. Performance varies depending on the routing path back to corporate infrastructure. Security policies may behave differently depending on the access method.

SSE provides a consistent security experience regardless of how users connect to the internet. Security policies, performance optimisation, and threat protection work identically whether someone is in the corporate office or a coffee shop in another country.

Looking Forward

As we'll explore in the next part of this series, implementing SSE isn't just about choosing different technology, it requires rethinking fundamental assumptions about enterprise networking. The transition involves cultural and operational changes that can be more significant than the technical implementation.

But for organisations willing to challenge traditional networking orthodoxy, the benefits can be transformative: lower costs, better user experiences, improved security, and the flexibility to adapt quickly to changing business requirements.

The internet has become our network. The question is whether you're ready to embrace that reality or continue investing in expensive infrastructure that recreates what already exists.

Next time, we'll explore how to make the transition practically, what to watch out for, and why skipping SD-WAN entirely might be the smartest decision you make this year.
________________________________________

Part 2 of this series will cover practical implementation strategies for SSE adoption. If you're ready to explore how this approach could work for your organisation, get in touch with our team at Principle Networks.