SASE - Endless journey or reachable utopia?

Why the Path to SASE Isn’t Straightforward

Despite its transformative appeal, the journey to adopting a Secure Access Service Edge (SASE) framework is rarely straightforward. Organizations often find themselves grappling with the intricate balance between established legacy infrastructure and their strategic future aspirations. This inherent tension makes the SASE journey a complex, multifaceted undertaking.

Here’s why the path isn't a simple, linear progression:

‍

1. No one size fits all

SASE isn't a singular product you purchase; it's a strategic architectural shift. Consequently, the optimal strategy differs significantly based on an organization's unique context, including:

• Existing Technology Landscape: From traditional MPLS networks and on-premise security appliances to disparate VPN solutions, the starting point varies widely.

• Workforce Distribution: The blend of remote, hybrid, and office-based employees dictates access and security requirements.

• Regulatory & Compliance Demands: Specific industry regulations (e.g., GDPR, HIPAA) or regional data residency requirements profoundly influence design choices.

• In-house Expertise & Resources: The availability of skilled network, security, and cloud professionals impacts implementation and ongoing management.

What works for one enterprise may be wrong for another. That’s why SASE journeys tend to be unique and iterative, tailored to both technical requirements and business goals.

2. Where Do You Start? SD-WAN First? SSE First?

One of the most significant dilemmas for IT leaders embarking on SASE is determining the initial entry point.

Some organizations opt to begin with SD-WAN (Software-Defined Wide Area Network), primarily driven by a desire to optimize WAN performance, enhance network agility, and reduce reliance on expensive MPLS. Others prioritize the Secure Service Edge (SSE) components – deploying Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), and Cloud Access Security Broker (CASB) – particularly when cloud adoption, remote work enablement, or improved data protection are the dominant drivers.

However, the reality for most organizations is not a clean slate. They are contending with:

• Entrenched Legacy Networks: Often, a mix of traditional MPLS or complex hybrid WANs, not modern SD-WAN deployments.

• Fragmented Security Stacks: A patchwork of disparate security solutions from multiple vendors across endpoint, perimeter, and cloud environments, leading to security gaps, inconsistent policy enforcement, and significant operational overhead.

• Lack of Unified Tooling: The absence of integrated management platforms hinders centralized visibility, control, and effective threat detection crucial for a pervasive SASE strategy.

This challenging starting point typically steers organizations towards two principal adoption trajectories:

1. Incremental Adoption: A phased approach where SD-WAN and SSE capabilities are adopted separately, gradually layering new functionalities over time.

2. Rip-and-Replace: A more ambitious commitment to a single-vendor SASE platform, aiming for end-to-end integration and a unified architecture.

Both paths present distinct advantages and disadvantages:

• Single-Vendor Solutions offer tighter integration, streamlined management, and centralized policy orchestration. This can simplify deployments and reduce vendor sprawl. However, they may involve compromises in specific areas like specialized security posture, connectivity performance, or deployment flexibility, and can introduce vendor lock-in concerns.

• Best-of-Breed Approaches leverage leading individual components, potentially offering superior features and performance for specific use cases. The trade-off, however, is significantly higher complexity, increased integration overhead across multiple interfaces, and the potential for greater management burden.

There is no universally "correct" answer; the optimal choice is solely determined by what best aligns with your organization's specific environment, budget constraints, and strategic goals

3. Cultural and Organisational Inertia

Perhaps the most underestimated challenge in the SASE journey is overcoming deeply ingrained cultural and organizational silos. SASE fundamentally requires collaboration among teams that have traditionally operated in relative isolation – network engineers, security operations, and cloud architects. This necessary shift in mindset, processes, and organizational structure often proves to be a more formidable hurdle than the technological implementation itself. Breaking down these barriers is essential for successful SASE adoption and realizing its full strategic potential.

‍

How Organisation Size Influences SASE Adoption

SASE adoption doesn’t look the same for every organisation. The journey often varies based on size, complexity, and maturity.

Small Organisations

Often cloud-native with minimal legacy baggage, small companies can move quickly.

• Likely to adopt a simplified, cloud-delivered SASE solution from a single vendor

• Budget-conscious, but benefit from reduced CapEx and minimal integration headaches

• Strong appeal in terms of ease-of-use, quick deployment, and baked-in security

Medium-Sized Enterprises

These companies tend to have hybrid environments and more internal stakeholders.

• A phased adoption is typical—starting with SSE or SD-WAN, depending on where the pain is greatest

• They must balance innovation with the need to support legacy systems and compliance

• Vendor selection is crucial: solutions must integrate well with what’s already in place

Large Enterprises

Complex infrastructure, strict compliance needs, and global scale create a demanding environment.

• SASE adoption is often a multi-year strategy, tied to broader transformation efforts

• Likely to combine multiple vendors or platforms to meet performance and security demands

• However, the long-term benefits—particularly around centralised policy enforcement, ISO27001 alignment, and unified access control—make SASE highly attractive

So, Is SASE an Endless Journey?

Not quite. But it is a journey, not a destination.

For some, SASE will come together piece by piece over several years. For others, especially 'born-in-the-cloud organisations', it may be attainable in a much shorter time.

The key isn’t how fast you get there; it’s about building a roadmap that’s sustainable, flexible, and aligned with your business goals.

As you consider your own path to modernizing security, where do your challenges align with these common hurdles?

‍

‍

‍