The Time to Get SASE is Now

For far too long the gaps in security, visibility, and an optimal user experience that were forced upon us all due to COVID have persisted. Users and devices dispersed everywhere, couple this with the rapid adoption of Cloud, Software as a Service (SaaS) applications, and AI (even my mom uses AI!) and the idea of a definable “network perimeter” has dissolved. Even as offices reopened, the workforce didn’t “snap back.” Users stayed mobile. Applications stayed cloud-native. Data stopped living neatly inside a data center. The perimeter didn’t just blur during the pandemic, it disappeared entirely, and it’s not coming back.

Traditional remote or hybrid user network security controls force us to choose between security (backhauling to on-prem firewalls) or user experience (bypassing security direct to internet).

I’m still frequently encountering environments where remote users hairpin traffic back to a data center hundreds (or thousands) of miles away just so it can hit a firewall. At the same time, those same users are allowed to break out locally when performance becomes unbearable. The result? Two security models, inconsistent policy enforcement, and nobody fully confident in what’s actually protected. If any of this sounds familiar, it’s usually a sign that the environment has outgrown the security architecture, not that the team is doing something wrong.

In comes Secure Access Service Edge (SASE). The term “SASE” was first introduced by Gartner in 2019. I’ve been hyped on SASE since 2021! I learned about the technology, concepts, and architecture. I understood this was exactly what was needed following the monumental shifts in the way businesses were forced to operate following the pandemic. SASE attached Next-Gen Firewall type security services to users via cloud services that were often closer to users than backhauling to where company owned physical firewalls were deployed. This was made possible by SASE vendors standing up physical Points of Prescence (PoPs) all around the globe (generally in data centers or a colocation facilities) that allowed SASE clients to use full blown security services in the PoP closest to them. BAM security without degrading the user experience. We no longer must choose, we can have the best of both worlds!

Security Service Edge (SSE) can perform similar security functions for users, but SASE brings your physical locations into the fold by unifying your security policies into your edge security devices and adding Software-Defined Wide Area Network (SD-WAN) capabilities. SASE bridges networking and security together for a unified solution across your users, locations, and resources while SSE leaves you a bit disjointed.  SSE is often a great first step, especially for organizations focused primarily on remote users. But over time, I see teams struggle with fragmented policy models: one set for users, another for branches, another for cloud workloads. SASE simplifies this by treating the edge as a single security domain, regardless of whether that edge is laptop, branch router/firewall, or cloud firewall.

I view SSE and SD-WAN initiatives as steppingstones to ultimately reaching SASE. Almost all businesses have an edge to secure somewhere whether its physical locations, data centers, or cloud infrastructure and that edge should be integrated into your corporate network security to avoid gaps and added complexity.

Here are some common real world use cases I’m seeing that are driving SASE adoption:

1. Displacing traditional remote access VPN with Zero Trust Network Access (ZTNA)
   1. Outcome: Reduce attack surface through continuous identity and posture-based access controls that provide access to only the applications needed, not the whole network.
2. Reallocating spend away from costly circuits, legacy hardware, and operational overhead
   1. Outcome: Utilize IT spend into improvements that directly enhance user experience, productivity, and security while reducing complexity and administrative overhead.
3. Securing remote user internet access
   1. Outcome: Ensure corporate security policies are enforced for remote users and internet traffic is filtered through security controls without degrading the user experience by backhauling.
4. Getting visibility and control into SaaS, AI and data usage
   1. Outcome: Allow users to utilize SaaS, AI, and company sensitive data in a safe, controlled, approved manner without crippling productivity or innovation.
5. Unifying corporate security policy across all users and locations while optimizing resource connectivity
   1. Outcome: Allow users to connect anywhere securely and consistently while simplifying administration and reducing policy drift.

SASE can appear overwhelming, game-changing solutions can seem that way at first, but we’ve created a structured approach here at Blue Mantis to help simplify and streamline the process. The steps of the approach can be altered to alleviate your immediate challenges, fit within budget requirements, and be molded to best fit your business. One of the biggest misconceptions I see is that SASE requires a massive, rip‑and‑replace event. It doesn’t. In practice, the most successful SASE adoptions are iterative starting with remote access, expanding into secure internet access, and eventually pulling branches and cloud edges into the same policy framework.

I’ve been excited about SASE for years not because it’s a buzzword, but because it finally aligns security architecture with how people actually work. You shouldn’t have to choose between being productive and being protected. With SASE, you don’t have to. If you’re feeling the strain of legacy designs in a modern world, this journey is worth starting. SASE adoption is a journey and I’d love to be a part of that journey with you.