Home / Resources / SASE / A Practical Guide to SASE Migration

The reasons behind SASE

The digital business is all about being ready for whatever’s next. Ready for developing new products, delivering them rapidly to the market, and responding effectively to sudden changes in business conditions. Historically, IT solved emerging business needs with point products. For example, adding SD-WAN boxes to offload capacity-constrained and expensive MPLS connections to Internet links, or adding firewalls in branches to enable secure direct Internet access. The result of this approach was technological silos, built upon point solutions that were loosely integrated and separately managed.

Ultimately, IT needs to provide consistent performance and strong security in a cost effective way, to all business resources worldwide. This is an architectural challenge – not a functional problem – that requires the elimination of IT silos and “point solution patches” to address new business requirements. The realisation that IT architecture must evolve is driving the Secure Access Service Edge (SASE).

SASE is a new category defined by Gartner analysts, Neil McDonald (security analyst) and Joe Skorupa (networking analyst). It delivers an architectural transformation of enterprise networking and security that enables IT to provide a converged, agile and adaptable service to the digital business.

The value of SASE

SASE creates a holistic platform that connects all edges to the networking and security capabilities an enterprise requires. This lowers the cost, complexity and risk of supporting the business in a dynamic environment. Here are some of the key benefits a SASE platform provides:


With SASE, IT can deliver optimised networking and strong security to all locations, applications and users, regardless of where they are. Provisioning of new resources and capabilities is fast and simple. All that’s needed is to deploy the right edge client, connect to the SASE platform, and corporate policies drive the network and security experience.


IT can leverage the convergence of network and security to manage all features and policies in a single interface, using a common terminology and gaining deep visibility into network and security events. Cross team collaboration improves the overall service delivery to the business that often involves a combination of availability, performance and security requirements.


With SASE, IT is relieved of the grunt work of maintaining on premises infrastructure. Physical topology, redundancy, scaling, sizing and upgrading is dramatically reduced. IT can now deliver better service to the enterprise, while focusing precious resources and skills on core business issues, rather than generic infrastructure maintenance.

Cost reduction

The simplification of the network and security stack, together with the consolidation of multiple point products, enables both vendors and customers to reduce the overall cost of keeping the infrastructure running.

“Customer demands for simplicity, scalability, flexibility, low latency and pervasive security force convergence of the WAN edge and network security markets.” – Gartner

What is the best time to migrate to SASE?

Migrating to SASE is a long-term project that requires thorough planning, so the sooner you start the better. The ideal time for actual migration would be before digital transformation; still, even during and after transformation, SASE delivers great value. SASE improves IT’s ability to support business needs, delivering high throughput connectivity and easily managed and unified network security.

4 signs it’s time to start planning your SASE migration

Here are four key signs indicating that the time to start planning your SASE migration is now.

Lack of agility

Your current network isn’t flexible enough to adapt to business changes and future initiatives, such as supporting new cloud workloads, addressing the growing mobile workforce, and fostering quick branch expansions.

Cumbersome security

You’re getting overwhelmed by the heavily fragmented security solutions, and find yourself having to install, manage and maintain more and more products in order to secure new and existing sites, applications, data and users.

Poor performance

Your employees are complaining about poor business application performance that affects their productivity. This is especially apparent with latency-sensitive applications, such as voice and video, and the situation only worsens for remote workers.

Limited visibility

You don’t have full visibility into your network, making it hard to control and manage application performance and security. Imagine having to figure out which QoS configuration needs to be adjusted without being able to see the root cause of a voice quality problem.

There can be several other signs that indicate the need to start planning a SASE migration. In a nutshell, if your network can’t support business needs and growth plans, it’s a clear indicator to start your journey to SASE.

Finding the budget for SASE migration

Most SASE vendors support a gradual migration process, during which a SASE platform can co-exist with legacy networks and security products – until they’re fully retired. This ultimately means you can allocate already available budget for your SASE migration, rather than trying to find new budget resources.

“SASE adoption will be driven by network and network security equipment refresh cycles and associated MPLS offload projects. However, other use cases will drive earlier adoption.” – Gartner

3 compelling events that can fund your SASE migration

When considering both current and upcoming spend on your existing legacy network, you’ll realize that the budget for SASE already exists around projects like MPLS contract renewal, security appliance refresh and M&A integration.

Let’s take a closer look at these key events, representing budgeted projects that can effectively fund your SASE migration:

MPLS contract renewal

MPLS services are expensive, and even more so when bandwidth must be added. A SASE offering, which includes a global private backbone and natively integrated SD-WAN, can augment and ultimately replace MPLS altogether. SD-WAN aggregates multiple high capacity Internet links, providing a significant last-mile bandwidth increase over MPLS with built-in redundancy. Leveraging the private backbone for the middle-mile guarantees network performance and availability to any enterprise, regardless of size and geographical distribution.

Security appliance refresh

IT is expected to continuously maintain a strong security posture across the enterprise. Today, most network security spend is related to purchasing security appliances, such as NGFW, UTM and IPS. As existing network security appliances reach their end-of-life, you can use their refresh budget for migrating your network security to SASE. Since SASE delivers all network security needs from a cloud service, you’ll no longer have to worry about appliance life-cycle management.

Budgeted business initiatives

Business initiatives such as cloud migration, regulatory compliance and M&A integration all come with a budget. Take an M&A integration project for instance: The intended budget for aligning the different networks and security stacks into a single SASE platform, can be rerouted to your SASE migration. Don’t be concerned about the extent of the migration project. The right SASE vendor will facilitate your needs with a gradual plan, catered to your budget and based on the pace of your business transformation.

How to best plan your SASE journey

Enterprises too often underestimate the impact a network has on driving a business to be more efficient, competitive and secure. The business value SASE promises to deliver is so impactful that the market is bound to see a battle among SASE-wannabe vendors. This is why careful planning, including searching for the right vendor, is essential for a successful migration.

3 tips for a successful migration

We’ve simplified the challenges of planning a SASE migration into the following practical recommendations:

Eliminate SASE wannabe vendors

  • Listing the available and relevant SASE vendors can be simple if you remain focused on what is and what isn’t SASE (see more on this below). This will immediately reduce the list to just a few valid vendors, saving you the time and effort associated with background research and screening processes. A real SASE vendor will include the following architectural capabilities as part of its offering:
  • Convergence SASE delivers multiple, distinct network and security services, including SD-WAN, SWG, CASB, SDP/ZTNA, DNS protection and FWaaS, all from a single, unified software stack with single-pass processing. Packets need to be decrypted only once for all inspection and routing operations, guaranteeing optimal performance and efficiency.
  • Cloud-native Architecture The SASE architecture leverages key cloud capabilities including elasticity, adaptability, self-healing and self maintenance. This provides a platform that is highly efficient, always available, and easily adapts to emerging business requirements.
  • Support for All Edges SASE creates one network for all company resources; data centres, branch offices, cloud resources and remote users. For example, SD-WAN appliances support physical edges, while mobile clients and client less browser access connect users on the go.
  • Globally Distributed To ensure the full networking and security capabilities are available everywhere, and deliver the best possible experience to all edges, SASE PoPs must be globally distributed, expanding their footprint to deliver a low-latency service to enterprise edges.

Make sure your SASE doesn’t require additional products

  • Verify that your vendor of choice can replace point products like MPLS, SDWAN, NGFW, UTM, SWG and VPN with its SASE platform. Pay special attention to security players that claim to have a SASE offering but, in reality, will refer you to a different vendor to buy SD-WAN alongside their SASE. And, beware of networking players offering another vendor’s security solution. A true SASE platform delivers SD-WAN and network security that are natively integrated. In addition, make sure the SASE platform incorporates these capabilities:
  • Global private backbone to guarantee network performance and availability to all geographies.
  • Built-in WAN optimisation for maximising throughput and application performance.
  • Cloud optimisation for connecting cloud resources efficiently and securely.
  • Advanced threat prevention for protecting against known/unknown network attacks and malware.
  • Flexible management models for having the option to manage everything (not just analytics or read-only rights) on your own.

Set up a SASE PoC

  • A PoC is the ideal way to ensure your vendor of choice will deliver on the promise of SASE. Verify that the PoC covers both SD-WAN and security capabilities, and that all are provided from a single vendor and managed from a single pane of glass. Make sure you’re getting a natively converged solution, and not multiple applications and an orchestration layer.

Get in touch

Learn more about how SASE through CyberOne could benefit your business.

Complete the form for a prompt response from our team.