SASE Was Step One. Now It Has to Work.
Dennis Monner, CEO 
For years, the industry told a simple story: move to the cloud, adopt SASE, and security would follow. It was convincing, and it was necessary. Bringing networking and security together into a cloud-delivered model was a great step forward. But it’s no longer enough.
Because if you look at how things actually play out in most organizations today, that promise hasn’t fully materialized. Not because SASE is wrong, but because it was never the whole answer.
What’s become clear is this: SASE didn’t remove complexity. It moved it. Away from hardware and into operations. And that shift is where many organizations are now struggling.
On paper, a lot has changed. SASE frameworks are in place. Cloud security services have been rolled out. Zero Trust is being introduced, at least in parts.
In practice, though, the picture looks different: Teams are still dealing with fragmented visibility, policies that don’t quite line up across environments, and an increasing operational burden. What was meant to simplify has, in many cases, just created a different kind of complexity – one that’s harder to see, but much harder to manage.
This is the gap the industry doesn’t talk about enough: Security is deployed, but it isn’t consistently run.
A big part of the problem is how we think about platforms. There’s an implicit belief that if you bring enough capabilities together, the system will somehow manage itself. That integration will translate into control.
But that’s not how it works: Even in a well-integrated SASE setup, someone still needs to define and maintain policies, monitor activity, respond to incidents, and continuously adapt configurations as the business changes. None of that disappears just because the architecture looks cleaner.
This is not a technology problem. It’s an operational one.
For a while, many organizations were able to absorb that complexity. But it’s becoming increasingly difficult. Regulation is tightening, with frameworks like NIS2 and DORA pushing accountability higher up the organization. At the same time, AI is accelerating both the speed and sophistication of attacks. And questions around data sovereignty are no longer theoretical; they’re showing up in boardroom discussions and shaping architectural decisions.
All of this raises the bar. Security is no longer about assembling the right components. It’s about running them: consistently, globally, and under pressure. That’s why the conversation around SASE needs to shift.
The question is no longer whether the right tools are in place. It’s who is actually in control of security, end to end. Because in a distributed, always-on environment, control doesn’t come from architecture alone. It comes from execution, from ownership, and from accountability.
SASE laid the foundation for a more integrated approach to security. But a foundation is not the same as an outcome. And security is not something you assemble once and move on from. It’s something you run.
The next phase of SASE won’t be defined by new features or additional capabilities. It will be defined by who can actually make it work, in real environments, with real constraints.
In other words: SASE was step one. Now it has to work.
Leave Complexity
Behind
To learn how Open Systems SASE Experience can benefit your organization, talk to a specialist today.
Contact Us
