In 2019, Gartner coined the term “SASE,” standing for Secure Access Service Edge. While the concept of delivering all essential network security components through a Cloud-based platform had already been on many cybersecurity solution providers’ roadmaps, Gartner formalized it with a unique term. The core idea behind SASE is to combine SD-WAN networking approaches with cloud-hosted cybersecurity services. This integration allows organizations to enable security features such as Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), Firewall-as-a-Service (FWaaS), Cloud Access Security Broker (CASB), and Data Loss Prevention (DLP) with a single click. These features can then be customized according to the company’s environment and security policies, providing a flexible, integrated security solution.
Adopting cybersecurity as a straightforward SaaS offering marks a significant transformation for the industry. For decades, CIOs and security managers have relied on stacking specialized appliances within their corporate data centers to manage security risks. This “Best of Breed” approach aimed to select the best solutions for each threat, ensuring optimal coverage. However, it came with high complexity, manageable only by companies with large, well-resourced cybersecurity teams. While this method covered specific risks effectively, it often proved unwieldy and costly.
But has shifting from these hardware stacks to a cloud-based platform truly delivered on its promise of simplicity and cost control? According to Ivan Rogissart, Sales Engineer Director for Southern Europe at Zscaler, the answer is definitively yes: “The promise of operational ease has been fulfilled. We have more than three-quarters of the CAC 40 companies among our clients. Those who signed with us around 2010-2012 have already renewed their trust at least three times.” For Zscaler, a company with roots in Secure Web Gateway technology, the movement towards SASE is no longer a subject of debate but a clear trajectory forward.
1. Cloud Providers Are Embracing SASE
Cato Networks, a pioneer in the SASE space, shares insights on the actual benefits realized by its clients. According to Forrester’s Total Economic Impact (TEI) study, Cato’s solutions deliver an average Return on Investment (ROI) of 246%, with implementations paying for themselves in less than six months. Sylvain Chareyre, Vice President of Sales Engineering for EMEA at Cato Networks, emphasizes that “each company’s situation is unique. The ROI heavily depends on deployment speed. The value of SASE lies in simplifying IT operations and making IT more transparent. Human resources are arguably the most powerful lever for reducing costs. Our vision is that SASE will not necessarily cut cybersecurity staff by half but will enable existing teams—focused on maintaining numerous appliances and writing complex commands—to shift their efforts toward more strategic development projects over time.”
Many industry players cite Forrester’s study, often echoing similar conclusions. Overall, there is a consensus that SASE is delivering tangible operational and financial benefits.
Magic Quadrant for Single
Cloudflare, known primarily for its Content Delivery Network (CDN), has become a major player in the SASE arena. With a comprehensive SASE and Secure Service Edge (SSE) platform, Cloudflare offers integrated capabilities including ZTNA, SWG, CASB, FWaaS, email security, Data Loss Prevention (DLP), Routing & Bridging (RBI), and Device Enrollment (DEX). Boris Lecoeur, General Manager of Cloudflare France, highlights the positive impact of TEI studies: “Forrester estimates a 238% ROI among our customers, with notable improvements such as a 30% increase in incident response efficiency and operational gains. The greatest potential lies in solution consolidation. Previously, companies would deploy separate solutions for VPNs, DDoS protection, WAF, and CASB. Now, they’re integrating ZTNA into a unified platform.” He emphasizes that the more cybersecurity modules a client activates on Cloudflare’s platform, the greater the scale advantages and efficiencies gained. “Resources, training, maintenance, and licensing costs are significantly reduced. Managing incoming and outgoing traffic through a single, unified solution yields substantial cost and operational benefits.”
Stan Nabet, France Country Director at Netskope—a Cloud-native cybersecurity firm—attributes the accelerated adoption of SASE partly to the shortage of cybersecurity talents. “You can find experts in Cisco solutions or Check Point firewalls, but the way businesses consume IT has fundamentally shifted. Today, companies need personnel capable of managing an entire stack of modern technologies, which is immensely challenging.”
He also notes the limitations of a “Best-of-Breed” approach for securing increasingly expansive attack surfaces. “Gartner has acknowledged the drawbacks of this strategy, recognizing that risk coverage is suboptimal with disparate solutions. Gaps inevitably remain that are not protected. Relying on a single, integrated platform provides a better ROI and lowers Total Cost of Ownership (TCO). A unified solution delivers a comprehensive cybersecurity portfolio managed through a single agent and centralized console, simplifying operations.”
2. Cybersecurity Aligns with the SASE Model
The traditional cybersecurity industry has responded to these new cloud-native actors by revamping existing offerings and launching extensive, often costly, projects to create unified platforms. Major players are undertaking significant restructuring efforts to consolidate their cybersecurity solutions into integrated SASE frameworks.
Fortinet, which boasts over fifty cybersecurity products, is actively streamlining its catalog into an all-in-one SASE package. Tarik Boumaza, Business Development Manager for Cloud at Fortinet France, clarifies: “Our strategy is straightforward: provide a complete SASE offering that integrates SD-WAN and cybersecurity. Today, 32 solutions—such as firewalls, Secure Internet Access, ZTNA, CASB, and DLP—are part of this model. New functionalities are continuously added to address evolving threats and user needs.”
A key factor reducing costs is Fortinet’s simplified licensing structure. “Many Fortinet solutions are included under a single FortiSASE license. There’s no tiered package model; instead, core components like Secure Gateway, Firewall, CASB, DLP, ZTNA, and SD-WAN are all included by default,” Boumaza points out.
The company also offers advanced options, such as Remote Browser Isolation (RBI), and a comprehensive plan allowing customers to connect cloud services like Google Cloud, leveraging partnerships without passing through Fortinet infrastructure.
3. SASE Projects Span 3 to 5 Years
Eric Antibi, CTO at Palo Alto Networks, explains that the rise of cloud has greatly facilitated SASE adoption. “Few organizations undertake a complete overhaul in a single step. Instead, they address new use cases initially with select SASE functionalities, integrating them as extensions to their existing infrastructure, often starting with a hybrid architecture,” he says.
He emphasizes that Palo Alto excels at managing users and devices accessing applications regardless of location, whether onsite or remote, and whether the applications are hosted locally or in the cloud. “This flexibility allows us to deploy incremental projects, such as replacing VPNs with Zero Trust Network Access, and then expanding to other modules,” he notes.
Antibi states that a full SASE “Big Bang” approach is rare, with most initiatives taking three to five years to complete. Typically, organizations begin with a specific use case—like deploying a secure web proxy—and then gradually extend the platform’s capabilities as they replace legacy solutions like VPNs.
He predicts that enterprise browser solutions, including remote browser isolation, will be the next major security evolution. “While initially seen as just one component of SASE, these solutions are becoming strategic projects. A secure enterprise browser is expected to replace over a third of current Virtual Desktop Infrastructure (VDI) solutions. Gartner foresees enterprise browsers displacing a significant portion of VDI offerings.”
Ivan Rogissart adds that RBI will serve as an alternative to Citrix server farms for VDI access, drastically simplifying deployment and reducing costs. “This approach eliminates the need for large server farms and the associated ongoing maintenance,” he explains.
4. MSSPs Play a Critical Role in Transition
A key challenge in adopting SASE is that organizations cannot switch instantaneously. Each company has existing contracts, legacy systems, and specific operational requirements. Transitioning to a SASE environment typically involves gradual evolution over several years.
Eric Bohec, COO of Nomios—a Managed Security Service Provider (MSSP)—notes: “Every client has a unique history and business context that influences migration. Existing SSE solutions and operational dependencies shape how the shift occurs. Moving to SASE is never a ‘Big Bang’—it’s a phased process. We analyze the current setup to develop a smooth migration plan over two to three years, shifting from MPLS networks and appliances toward cloud-based SASE solutions.”
The promise of SASE is concrete: moving key network and security functions out of the organization’s data centers into the Cloud. This shift shifts the financial model from CAPEX investments to operational expenditures (OPEX), with SaaS platforms managed and maintained by service providers. The burden of ongoing operational maintenance (MCO) shifts from the enterprise to the solution provider, streamlining security management and reducing internal resource demands.
