Secure Access Service Edge (SASE) has quickly become one of the most talked‑about frameworks in enterprise networking and security, says Dave McGrail, Head of Business Consultancy at Xalient.
By converging wide‑area networking with cloud‑delivered security services, SASE promises to simplify infrastructure, strengthen resilience, and enable organisations to support increasingly distributed workforces. Yet, despite the hype, the reality is that most organisations are still at the beginning of their SASE journey.
A recent survey undertaken by Xalient reveals that only 7pc of respondents globally report having fully optimised, proactive, and business‑aligned SASE capabilities. The vast majority remain in early or tactical stages, where deployments are fragmented, under‑leveraged, and often disconnected from the broader business strategy. This gap between aspiration and execution highlights the need for a structured, cross-functional approach to take organisations looking to implement SASE on a journey towards maturity.
While SASE adoption continues to increase, most organisations lack a staged maturity model, meaning they are not realising business benefits to their full potential. Below, we have outlined practical guidance and a phased methodology for enterprises to approach SASE as a strategic driver of resilience, agility, and security, rather than merely a tactical solution.
Stage 1: Tactical Initiation
For many organisations, the SASE journey begins with a minimum viable product (MVP) or pilot phase. Deployments are typically limited in scope and often focused on a single use case, such as secure remote access. Integration between networking and security functions is minimal, and decisions are reactive, driven by immediate needs such as an urgent cloud migration.
To optimise at this stage, organisations should establish cross‑functional governance mechanisms between IT Network and Security teams. Clear KPIs tied to business outcomes, not just technical performance, are essential. Prioritising foundational components such as SD‑WAN and key Secure Service Edge (SSE) features (eg. ZTNA to replace VPNs, and SWG) helps build a scalable base. Early mapping of future use cases can prevent siloed expansion and lay the groundwork for broader adoption.
Stage 2: Operational Expansion
As awareness of SASE’s strategic potential grows, organisations begin to expand deployments. This stage often includes adoption of broader components such as Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), and public cloud connectivity. Early efforts to consolidate legacy infrastructure and reduce complexity also emerge.
Optimisation here requires a gap analysis to identify underutilised components and ensure investments are delivering value. Aligning SASE capabilities with enterprise‑wide initiatives such as Zero Trust or cloud‑first strategies helps embed SASE into the organisation’s broader digital transformation. Structured training, change management, and continuous communication are critical to building internal expertise, while integrating threat intelligence and policy enforcement across domains strengthens security posture.
Stage 3: Strategic Integration
At this stage, SASE becomes embedded into enterprise architecture and security strategy. Network and Security teams operate with shared goals and unified tooling, and deployment decisions are driven by business outcomes such as resilience, compliance, and cost efficiency.
Optimisation strategies include leveraging predictive analytics and automation to enhance threat detection and response. Continuous evaluation of ROI across departments ensures that ongoing investment is justified. Use cases expand to include B2B connectivity, secure cloud migration, and remote workforce enablement. Crucially, executive stakeholders must be engaged to ensure SASE remains aligned with strategic priorities and is recognised as a driver of business value.
Stage 4: Optimised and Business‑Aligned
The final stage represents full maturity. Here, SASE is predictive, business‑aligned, and treated as a core capability rather than a discrete project. Security and performance are continuously monitored and refined, and the organisation leverages SASE data to inform broader risk management and digital transformation efforts.
Optimisation involves benchmarking performance against industry standards and peer organisations, maintaining agility by reassessing architecture and vendor fit, and fostering a culture of continuous improvement across IT and security functions. At this level, SASE becomes a proactive enabler of resilience and agility, supporting long‑term business goals.
While the technical roadmap may be clear, organisations face persistent barriers that hinder progress. Back to our research, 96 per cent of respondents reported barriers to adoption. Citing issues such as funding constraints which often slow investment and internal politics as well as misaligned value propositions. Different priorities between IT Network and Security teams can also stall maturity. Network leaders tend to focus on refining MVPs and infrastructure efficiency, while Security leaders push for advanced features and proactive threat defence. Without alignment, deployments risk becoming fragmented and under-leveraged.
Treating SASE as a Strategic Investment
Organisations should view SASE as a strategic investment rather than a short-term solution to a particular problem. By maturing deployments thoughtfully and aligning them with business outcomes, enterprises can unlock the full value of SASE. This means moving beyond reactive deployments or one-off use cases to embrace predictive analytics, automation, and integrated governance, and cross functional collaboration.
When fully optimised, SASE delivers more than secure connectivity. It enables organisations to adapt quickly to changing business conditions, support distributed workforces, and reduce complexity across IT environments. It strengthens compliance, improves cost efficiency, and enhances resilience against evolving cyber threats.
