How Developers Can Benefit From SSE

If you’ve been following the developments in the networking and security space, SASE and SSE are all the rage.  The advent of “Cloud” led to distributed applications, SaaS, and then the events of 2020 created the distributed workforce.  The first pushed legacy networking and security solutions to the limit, the second sent them over the red line and the third exploded the engine.  Gluing your network and security together using technologies like IPSec VPNs, split tunneling, and firewalls everywhere with a healthy amount of praying you won’t get hacked does not cut the mustard anymore.  This approach is risky, expensive, and most importantly, puts an undue burden on a business’s most critical resource, its human capital, and its workforce.  But this article is not about how to secure the hybrid workforce.  There has already been much ink spilled about this area already. Instead, let’s explore how solutions like the Security Service Edge (SSE) can help another critical group be more productive as well as secure, your developers..

Meet the Wizards of IT

In any IT shop, the developers are the creators.  They are the magical wizards who construct and integrate the applications a business runs on.  To perform their art, the developer must rely on stable infrastructure and processes provided by the rest of IT.  This is often where the rub happens.  While demanding and exacting are often terms used by the teams supporting the developers, the wizards have a point.  Consider how DEV, TEST, and QA environments are created.  As much as the developers demand (and rightfully so) a digital replica of “Production” doing so is an intensive challenge fraught with risk and cost.  How do you stand up an exact replica with all the systems and resources (costly)?  How do you include all production data (risky from a security perspective) as well as how do you grant access to these environments?  What about networking?  How do you manage all the networking needs such as IP addresses, routing, and packet switching while also managing the requirements for security?  This can get expensive from both technology and a human capital perspective, not to mention all the bespoke scripting which must go into such an endeavor.

The Wrong Way to Grant and Secure Access to Environments

36 months ago, I was asked to provide such an environment.  The need was real.  The company I worked for had just spent 4 years migrating off three monolithic ERP systems supporting their core business, our retail functions, and distribution.  Like many companies, they moved to a distributed set of applications running on-prem, in the Clouds, and several SaaS solutions.  As each of these environments needed to be integrated, changes in one must be validated in the other.  For instance, if a developer adjusted how an order coming into the main system was presented, would it flow through to the rest of the system?  In the legacy monolithic environment, testing was straightforward.  It involved one or two IBM AS400s partitioned out.  Testing was easy to do.  With a distributed solution, the testing involved a federation of systems.  Many more moving parts!  After a few outages involving bad data, I was asked if we could create digital triplets consisting of DEV, TEST, and Q/A.  After several weeks of meetings, the answer was “yes” but it would cost the company $2M in hardware and software as well as five new people.  The finance team quickly shelved the idea.  A substantial part of the cost and headcount was on the infrastructure side.  Replicating the environments, the networking, maintaining security, and the staff to manage it was the majority of the cost.

SSE - The Right Way to Grant and Secure Access

Enter the Security Service Edge or SSE.  Simply put, it is cloud-delivered network and security based on zero trust principles. It starts with identity and allows IT and security to deliver the applications the employee needs and only those applications, nothing else.  Even better, the technology is agnostic to the communications medium, and location.  The service can be delivered on campus, remotely, or even at home. It follows and adapts to the needs of the modern employee.  This set of solutions can also be leveraged by the developer to gain access to their environments without exposing sensitive data or creating collisions with production systems.  Here is an example.  

Say a retail company migrated to a new distributed ERP solution.  The new solution runs on-prem, in the Cloud, and requires a SaaS component.  The production version could be replicated into its digital triplets of DEV, TEST, and Q/A.  Then each could be accessed and secured using an SSE solution.  The result is zero trust access governed by adaptive trust through both identity and device posture.  This means I can now have full replicas (including the exact IP addresses) of production with secured access and validation.  With this bubble in place, I can test each environment under real-world conditions.  Need to test iPhone access from a remote location to make sure the mobile app can input data.  Easily done with full security along with digital experience monitoring.  Need to allow a 3rd party vendor access to make an update to a service.  Again, easily done with an agentless solution (again, full security, digital experience along with the ability to monitor their access in near real-time).  Better yet, using SSE does not require the high FTE and infrastructure overhead of the past. You can fulfill the requirements for the developers at a fraction of the cost and manpower demanded in the past.  

SSE is not just for the remote workforce.  It can also be a game changer for developers.  If you want to hear more, check out episode 20 of the Incubator Podcast.