SASE At The Half-Decade Mark: What CIOs And CISOs Need To Know Now

Ciaran Roche is the co-founder and CTO of Coevolve, with over 22 years of experience delivering solutions for global enterprises.

Secure Access Service Edge (SASE) made a splashy debut in 2019 when Gartner introduced it as a transformative approach to converging networking and security in the cloud. Five years on, the hype persists, with vendors from every corner proclaiming they offer the ultimate SASE solution.

For CIOs and CISOs, however, the pressing question is whether SASE truly delivers tangible benefits—or if it’s just another buzzword. I'll examine how SASE has evolved over the past half-decade, whether it’s lived up to its lofty promises and how businesses can chart the right path forward without getting lost in vendor noise.

SASE's Original Promise

SASE was initially pitched as a one-stop shop for enterprise connectivity and security. By unifying traditionally separate solutions—such as software-defined WAN (SD-WAN), secure web gateways, firewall-as-a-service and zero-trust network access—SASE aimed to reduce complexity, drive down costs and deliver a consistent user experience across any location. Its cloud-centric model was especially attractive to organizations moving key workloads off-premises, promising both agility and easy scalability.

The concept resonated with IT leaders who saw an opportunity to replace cumbersome, multi-vendor stacks with a streamlined architecture. Centralized policy management held out the hope of stronger security controls and clearer visibility into network traffic.

All in all, SASE promised to address the frustrations of legacy infrastructure and the rapid shift to cloud services—something IT leaders had been seeking for years. It’s no wonder it quickly became the darling of technology press and conference circuits worldwide.

The Reality Check: Where We Are In 2025

Despite the buzz, real-world SASE deployments often differ substantially from the idealized all-in-one solutions trumpeted by vendor marketing.

One reason is that vendors originating from different domains like firewall appliance manufacturers, SD-WAN providers and specialized security service vendors tend to interpret SASE in ways that favor their legacy offerings. This fragmented ecosystem can leave IT leaders confused about whether any single vendor truly delivers a complete SASE solution.

Industry analysts indicate that SASE adoption is growing rapidly: Reputable sources predict that most enterprises will adopt at least a partial SASE strategy in the coming years. However, these same reports caution that many deployments end up being "SASE-like" rather than the comprehensive, integrated suite initially promised.

In practice, organizations grapple with overlapping or incomplete feature sets, skill shortages and the difficulty of merging new solutions with existing networks. As we’ll explore, success often hinges on strategic planning, careful vendor selection and skilled implementation support.

The Rising Influence Of Zero-Trust Architectures

One of the most significant shifts in the SASE conversation is the heightened focus on zero-trust principles, which assume no user, device or application is inherently trustworthy, whether inside or outside the corporate network. Instead, every request must be continuously verified, with identity and device posture checked before granting access.

This approach is particularly crucial as remote and hybrid workforces have become the norm, introducing a range of unmanaged devices and networks. By incorporating zero trust into their SASE strategies, organizations can better protect sensitive data, ensure consistent security policies across distributed environments and mitigate the growing risk of sophisticated cyber threats.

Evaluating SASE Solutions: What IT Leaders Need To Know

When evaluating SASE options, IT leaders must look past the hype and buzzwords to identify solutions that align with their unique business requirements and enable genuine business advantages. To ensure the best choice, the following steps should be considered as a framework for decision making.

1. Start with clarity. What problems are you trying to solve? Is it reducing complexity, enhancing security, improving user experience or all of the above?

2. Assess vendor capabilities. Compare solution features such as real-time threat analysis, performance optimization and integration with existing cloud services against your use case to identify solution gaps.

3. Adopt a hybrid-friendly approach. Given the ongoing shift and normalcy of hybrid work, identify solutions that enable secure and reliable remote access at scale.

4. Future-proof your organization. As technology continues to advance rapidly, it’s key to look for vendors and partners that invest in emerging technologies and standards.

5. Prioritize operational expertise. Not all organizations have the internal skill sets to manage SASE intricacies. An experienced partner can help craft a strategic rollout, ensure optimal configuration and maintain robust security as business requirements evolve.

What's Next For SASE

Five years into its journey, SASE still holds the promise of a more unified and flexible network security environment. Yet, it’s clear organizations must navigate a crowded market and evolving frameworks like zero trust and SSE to realize those gains.

The takeaway for IT leaders is that the right approach—backed by expertise and careful planning—can yield significant benefits in agility, user experience and risk reduction. As the technology matures, leaning on a trusted partner can make the difference between a confusing patchwork and a future-ready SASE deployment.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?