Without an SSE solution (or any parts of SSE), you’re missing a lot of the security landscape. Unfortunately, that’s likely to get worse as your university increases its use of mobile, cloud, IoT and other such technologies. If you don’t have SSE in place, you’ll continue to lose control and visibility over your university’s security posture.

Fallacy: SSE Is the Only Security Solution You Need

While SSE is quickly becoming indispensable, it’s not the only security solution your university needs. For example, SSE doesn’t provide many security controls for individual devices, other than some zero-trust capabilities. You still need anti-virus services, encryption for stored data, patch and configuration management, and so on. To watch for signs of trouble and investigate incidents that occur, you will also need technologies like centralized log management; security information and event management; and security orchestration, automation and response.

And don’t forget that your users still need training, with frequent refreshers, on how to avoid social engineering attacks. Phishing is endemic, and technology can only do so much to prevent it. Educating your students, faculty and staff about social engineering and how to recognize and respond to it is a good start; conducting periodic phishing exercises is even better.

LEARN: How security maturity assessments can protect against cybercriminals.

Fact: It’s Important to Evaluate Both SSE Solutions and Providers

When you’re considering SSE for your university, be sure to evaluate both the solution — the technologies — and the provider responsible for operating and maintaining those technologies.

In evaluating providers, look for a mature company that’s been doing cloud-based security solutions for at least several years. Ask the company about its software development practices and its supply chain safeguards, because attacks are increasingly entering environments from compromised vendor software.

For evaluating the SSE solution itself, there are at least three major considerations.

The first is the quality of each component of the SSE in terms of performance, accuracy (such as false positives and false negatives) and usability.

The second is how tightly integrated all of the SSE components are. Having a piecemeal collection of tools loosely thrown together behind an interface, with no deep integration and data sharing among the tools, will dilute many of SSE’s promised benefits.

Finally, many SSE adopters are choosing to implement SSE as a step — a big step — in implementing a full-fledged SASE solution. If you think your university might want to transition to SASE in the coming years, make sure to look at the SASE products offered by SSE vendors and the migration path you’d take to move from SSE to SASE with their solutions.

UP NEXT: Use workforce training to maximize ROI on cybersecurity tools.