A new report titled “Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection” highlights critical shortcomings in the current architectures of Security Service Edge (SSE) platforms. Organizations are on board with using these frameworks to lock down hybrid work and Software as a Service (SaaS) access. They are discovering that current SSE implementations do not go far enough to tackle the threats associated with user activity between browser tabs.
The report shows how SSEs are often able to filter out entire domains, such as chat.openai.com. A lot of organizations are reluctant to implement outright, blanket bans on Generative AI tools. Rather, they try to strike a compromise between keeping their environments secure while enabling their users to use the applications they need. This is why a nuanced approach is absolutely critical. First we’re becoming aware of the substantial risks posed in those few last moments of user engagement.
Risks Within Browser Tabs
Unfortunately, authors warn that existing SSE architectures are inadequate to observe and manage risky behavior happening within tabs, or browser windows. That’s why users love to log into their SaaS applications, such as Notion, Slack or Google Drive. They often do so with their own identities, particularly when using these tools on BYOD or hybrid devices. This practice creates profound security implications including identity hijacking and shadow SaaS. It erodes the value of our solutions.
While deeply entrenched projects can alter entire environments, organizations are extremely susceptible in this last mile of tangible engagement, where standard SSE safeguards often don’t reach. Users severely undermine their security when they use poorly protected online tools. This loophole leaves organizations without a viable option in a critical area that they can’t afford to overlook. As a result, businesses are reassessing their playbooks to more effectively safeguard these invaluable user engagements.
Gaps in Current SSE Implementations
Those discussions, combined with the analysis in the report itself, suggest clear gaps in current SSE implementations that need a response. While SSE platforms have become the de facto architecture for securing access to hybrid work and SaaS tools, they were not originally designed to observe or control browser-based activities effectively. This limitation creates a substantial disconnect between what organizations expect from their security frameworks and what these systems are manned to actually provide.
Organizations face pressure from all sides – funders, government agencies, the public. One major pain point being the explosion of shadow SaaS applications that fall outside of their visibility and governance. Adding personal identities into professional spaces makes it even more challenging. This practice further exposes the system to unwanted intrusion and exploitation of access credentials.
The Need for Enhanced Browser-Native Security
The report provides several recommendations, including the need to make browser-native security controls interoperable by default. Doing this will serve to address the current gaps in today’s SSE architectures. And today, organizations can further increase their return on security by adopting better security controls that focus on browser activity. This forward-thinking strategy protects against identity theft and fraud.
This move to solutions native to the browser recognizes that the biggest threats are on the browser tab itself. Organizations can significantly improve their security posture by remediating these vulnerabilities. By taking a proactive approach, their user interactions are protected from constantly evolving threats.