GigaOm Radar for Secure Service Access (SSA)v3.0

1. Summary

Secure service access (SSA) represents a significant shift in how organizations consume network security. Replacing multiple point products with a single integrated platform offering full interoperability and end-to-end redundancy, SSA shifts security consumption from either a data center- or edge-centric model to one that is ubiquitous and user-centric. Leveraging cloud-native, layered security functions, SSA meets each organization’s unique needs irrespective of network architecture, cloud infrastructure, user location, or device.

However, while some vendors deliver a single integrated platform offering full interoperability and end-to-end redundancy, others are repackaging existing point products or developing a common UI and going to market with an SSA solution. In addition, many vendors are incorporating framework acronyms into their product names, either limiting solution features and functionality or creating further confusion as additional capabilities are added or new frameworks emerge.

Representing features and capabilities widely adopted and well implemented in the industry, the following table stakes are the minimum required for solutions to be included in the GigaOm Radar for SSA.

• Standardized software-defined architecture: SSA depends on the availability of a ubiquitous cloud-native software-defined architecture supporting a broad range of use cases and scenarios across a shared infrastructure. Running over an existing private, public, or managed network via global PoPs, software-defined applications accelerate time-to-value by eliminating the need to deploy and commission hardware.
• Location-independent service delivery: Services are independent of user location and available to any user using any device anywhere in the world. With the shift toward a distributed workforce, remote users must have the same access to resources and services as if they were physically located in a corporate office.
• User-centric policy enforcement: Policies are enforced based on the identity and behavior of the user (application, device, or human) accessing the resource. Therefore, well-designed, converged network and security systems should enable the user journey, providing authenticated users with authorized access to resources and services as easily and quickly as possible.
• Distributed policy enforcement: Instead of the enterprise data center being the access gateway to the network, policies are enforced, and threats are detected and eliminated at multiple data touchpoints. Ideally, defense-in-depth should be implemented within multiple open systems interconnection (OSI) model layers, with Layer 3 and 4 firewalls filtering traffic at the packet level and Layer 7 firewalls filtering content for granular protection.
• Cloud-native convergence: Networking and security are converged into a single cloud-native platform. Services are available in the cloud as a software as a service (SaaS) offering independent of specific hardware requirements. Cloud-native refers to platforms specifically designed to take advantage of a cloud delivery model to increase speed, scalability, and agility.

Once the table stakes are met, each solution is scored on key criteria and evaluation metrics. Key criteria are the basis on which organizations decide which solutions to adopt for their particular needs, while evaluation metrics determine the impact the solution may have on the organization.

This GigaOm Radar report highlights key SSA vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating SSA Solutions,” we describe in more detail the capabilities and metrics that are used to evaluate vendors in this market.