In part two of this article based on research conducted by S&P Global Market Intelligence, we look at the outcomes, challenges and lessons for organisations in the APAC region to improve security, network resilience and business outcomes.

The adoption of Secure Access Service Edge (SASE) has become a strategic imperative for organisations in the Asia-Pacific (APAC) region, and aims to bolster cybersecurity, improve network performance and enhance business agility.

The case studies in the qualitative research commissioned by S&P Global Market Intelligence on behalf of Verizon Business Group¹ shows a timeline of APAC organisations’ journeys.

Source: Shutterstock

“We learned that the global pandemic was an accelerant of digital transformation that underpinned a broad spectrum of readiness and capability for customers. Initially, they were compelled to change their operating environments very rapidly, then many went through a process to understand and appreciate the value they can unlock from that transition by migrating to a SASE environment,” said Rob Le Busque, Regional Vice President at Verizon APAC.

“We see the adoption of SASE continue to accelerate among enterprise and government customers in this region for two reasons. First, there is an intrinsic cost benefit to moving to SASE architecture. Second, the cyber attack surface is increasing and becoming more complex; SASE provides the ability to containerise applications or servers under attack,” said Le Busque.

Delivering outcomes from SASE

The research revealed the value for CIOs in examining the differences between a project’s expected outcomes versus the reality. For SASE, many expect reduced risk, cost savings and improved productivity and/or user experience.

While most participants with complete (or nearly complete) SASE projects reported that they achieved their expected outcomes, they also discovered some unexpected results.

For example, a large mining and metals organisation in Singapore reported: “One unexpected benefit of a SASE framework is to have synergies and convergence of interests between infra/network and security where usually it is a fight between what performance/user experience versus security constraints will be considered (which is rare enough to be highlighted!). Here we have a common ground where both can be conciliated.”

Effects of SASE on the overall digital transformation journey

While most participating organisations in the research did not consider their SASE deployment a part of a larger digital transformation initiative, some said that SASE helped their larger transformation project by reducing risk and simplifying user experience.

“We started off with streamlining connectivity and the effort that spearheaded the related identity and access management projects are now supporting almost all the other applications as well. So, yes, there was an acceleration effect in our DX journey,” said a regional information security manager for a large IT services firm in Australia.

“We hear from our customers that SASE shortened provisioning times and access to networks on traditional VPN architectures. This solves the first principle issue of connecting dynamic users to dynamic applications. SASE provides capability and uplift to do that as organisations,” said Rob Le Busque.

Key benefits from SASE, according to the research, included:

• Unified security architecture,
• Enhanced user experience,
• Scalability and flexibility,
• Improved compliance and governance.

Source: Shutterstock

Identifying top SASE deployment roadblocks

Several themes emerged regarding the barriers participants encountered and expected to encounter during SASE implementation.

Technical debt was most cited as the barrier to overcome before gaining the rewards of SASE. “You need to invest time up front to fully understand all aspects, rather than piecing it all together in a troubleshooting mode during project implementation,” said a CIO of a large Hong Kong-based Insurance organisation.

The main deployment roadblocks included:

• Legacy infrastructure challenges: Legacy systems and outdated network architectures pose integration challenges during SASE adoption. CIOs should address compatibility issues, data migration complexities, and ensure integration with existing IT environments to maximise the benefits of SASE while minimising disruptions to business operations.
• Skills gap and talent acquisition: The shortage of skilled cybersecurity professionals and network engineers is a significant barrier to effective SASE implementation. CIOs should invest in talent development, upskilling initiatives, and partnerships with managed security service providers (MSSPs) to bridge the skills gap and build internal expertise for managing SASE solutions effectively.
• Change management and organisational alignment: Implementing SASE often requires cultural and organisational changes to move to a Zero Trust security model, including the adoption of agile practices, and increasing collaboration between IT and business functions. CIOs must address resistance to change, communicate the benefits of SASE to stakeholders and align the organisation’s goals with security and digital transformation initiatives.

Lessons Learned from SASE Implementation

The final section of the study focused on gathering participants’ insights they gained during a SASE implementation project.

• Needs assessment: Participants noted the need for a strong requirements framework and business case development before initiating the project. They recommended taking a ‘security first’ approach and advised prospective implementors not to run SASE implementation like a network infrastructure alteration. They cited the importance of obtaining support from key stakeholders and establishing strong governance structures.
• Upskill, plan and prepare: Participants emphasised increasing internal competencies and resources in advance. A common theme was the importance of understanding the data, application and device assets involved in or affected by SASE.
• Vendor/partner selection: Study participants recommended focusing on vendor competencies, examining specific SASE requirements and comparing vendor claims versus actual competencies, although they reported this was difficult. Participants also mentioned the importance of using a tried-and-tested partner and establishing strong vendor and partner relations.
• Deployment planning: Respondents said using a standardised deployment model was particularly important, as well as planning and scheduling the rollout.

Conclusion

SASE implementation offers significant outcomes such as unified security, enhanced user experience, scalability and compliance for organisations in APAC. However, barriers such as legacy infrastructure, skills gaps, and resistance to organisational change require planning, talent development, and effective change management.

By learning from industry best practices, and emphasising user-centric design and continuous monitoring, CIOs can collaborate with CISOs to successfully navigate SASE adoption, strengthen cybersecurity resilience, and drive business agility.

Download the full report to read the findings in detail, and to talk to an expert on SASE deployment best practices and technologies, contact a Verizon representative near you.

¹ “SASE Enables Zero-Trust Networking, Improves Business Agility, Reduces Costs and Streamlines Digital Transformations”