SASE in 2026: What Changed This Year
A retrospective on the SASE market in 2026 — the trends that materialized, the vendors that moved, and what it means for practitioners heading into 2027.
In January 2025, every analyst predicted that single-vendor SASE would dominate by year-end. They were right about the direction but wrong about the timeline — most organizations are still running multi-vendor stacks and will be for another 2-3 years. Here is what actually changed in 2025-2026, stripped of the vendor hype and analyst revisionism.
The year GenAI broke shadow IT wide open
The single biggest shift in 2025–2026 was the explosion of GenAI application usage inside enterprises. ChatGPT, Copilot, Gemini, Claude, and hundreds of smaller AI tools were adopted by employees faster than any technology category in the history of enterprise IT. CASB vendors reported that the average enterprise went from 3 GenAI tools in January 2025 to over 40 by January 2026.
This was a shadow IT problem at unprecedented scale. Unlike previous waves of shadow SaaS adoption (Dropbox in 2012, Slack in 2015), GenAI tools posed a data exfiltration risk by design — users paste sensitive data into prompts, and that data may be used for model training or stored outside the enterprise's control.
SASE vendors responded by shipping GenAI-specific DLP controls, CASB categories for AI applications, and inline coaching that warns users before they paste sensitive data into AI tools. By mid-2026, GenAI security was table stakes for any SSE evaluation. Vendors that were late to ship these controls (notably Fortinet and some smaller players) lost competitive evaluations as a direct result.
What this means for practitioners
If you deployed SASE before 2025 and have not updated your policies for GenAI, you have a gap. Check your vendor's release notes — most shipped GenAI controls as an included update. At minimum, you need CASB discovery of AI applications, DLP policies that cover AI prompts, and a documented policy for which AI tools are sanctioned versus blocked.
Vendor consolidation accelerated
The SASE market continued its march toward consolidation in 2025–2026. Two trends drove this. First, customers overwhelmingly preferred single-vendor SASE over best-of-breed. Gartner's 2026 survey data showed that 72% of new SASE projects selected a single vendor, up from 58% in 2024. The operational complexity of integrating multiple point products was a bigger pain point than any single vendor's feature gaps.
Second, SSE-first vendors realized they needed SD-WAN, and SD-WAN-first vendors realized they needed SSE. This drove acquisitions and partnerships throughout the year.
Notable vendor moves
- Cisco completed the integration of Secure Access and Viptela into a single management console, finally delivering on the unified SASE promise they have been building toward since 2017
- Palo Alto expanded Prisma Access with AI Access Security and strengthened their SD-WAN with native cloud provider integrations
- Zscaler continued to dominate in pure SSE but faced increasing pressure from customers who wanted SD-WAN without a third-party integration
- Netskope expanded its PoP footprint aggressively and shipped the best GenAI DLP controls in the market with its inline coaching approach
- Fortinet launched converged FortiSASE with both SD-WAN and SSE built in-house, appealing to existing FortiGate customers
- Cloudflare expanded Cloudflare One with deeper ZTNA and CASB features, leveraging its 330+ city edge network for latency advantages
ZTNA replaced VPN at scale
2025 was the year that VPN-to-ZTNA migrations went from early adopter to mainstream. Multiple large enterprises (10,000+ users) completed full VPN decommissions and reported the results publicly. The numbers were consistently positive: 80–95% reduction in remote access helpdesk tickets, sub-second connection times replacing 10–15 second VPN connects, and elimination of lateral movement attack surface.
The most interesting development was ZTNA 2.0 adoption. Palo Alto coined the term, but the concept — continuous trust verification during the session, not just at connection time — was adopted by most vendors under various names. By late 2025, continuous trust verification was expected in any ZTNA product evaluation.
What this means for practitioners
If you are still running VPN, you are now in the late majority. The migration playbooks are well-established, the vendor platforms are mature, and the ROI data is abundant. The question is no longer whether to migrate but how fast you can execute. Budget for 90 days if you are under 2,000 users, 6 months if you are over 10,000.
DEM became a differentiator
Digital Experience Monitoring moved from "nice to have" to "must have" in SASE evaluations during 2025. The catalyst was the complexity of troubleshooting performance issues in a cloud-delivered architecture. When a user complains that an application is slow, the problem could be the endpoint, the local ISP, the SASE PoP, the internet backbone, or the application itself. Without DEM, identifying the root cause requires manual traceroutes and guesswork.
Vendors responded with deeper DEM capabilities. Palo Alto's ADEM, Zscaler's Digital Experience, and Cisco's ThousandEyes integration all matured significantly. The standout feature was synthetic monitoring — proactive tests that detect performance degradation before users complain.
The compliance wave hit
NIS2 (effective October 2024) and DORA (applicable from January 2025) created a compliance-driven SASE buying wave in the EU. Organizations that had been evaluating SASE for operational benefits suddenly had regulatory deadlines pushing them to deploy. The result was accelerated timelines, budget approvals that had been stalled for quarters, and a premium on vendors that could demonstrate EU data residency and compliance documentation.
This trend is not slowing down. As NIS2 enforcement begins in earnest across EU member states in 2026, expect continued compliance-driven SASE adoption in Europe. For practitioners outside the EU, the lesson is that compliance can be a powerful lever for securing SASE budget — even if your regulatory environment is less prescriptive than NIS2.
Predictions for 2027
Predictions are dangerous, but here are three I am willing to make:
- AI-native security operations will replace rule-based policies for at least one SASE component (likely DLP) in at least one major vendor. The current approach of writing regex patterns and keyword dictionaries for DLP will be supplemented by ML models that understand context and intent.
- At least one major SASE acquisition will close in 2027, likely an SSE-first vendor acquiring an SD-WAN company or vice versa. The number of independent SASE vendors will decrease.
- Branch office SASE (replacing on-premises firewalls with cloud-delivered security for branch traffic) will become the primary growth driver, overtaking remote user SSE as the largest use case by revenue.
Bottom line
SASE in 2026 is no longer an emerging category. It is a mature, $13B+ annual market with established vendors, proven deployment playbooks, and abundant reference customers. The technology works. The remaining challenges are organizational (getting networking and security teams to collaborate), operational (managing the day-to-day complexity of cloud-delivered security), and strategic (choosing the right vendor for a 3–5 year platform commitment). If you are starting your SASE journey in 2026, you have the advantage of learning from everyone who went before you.
Sources
- Gartner, "Magic Quadrant for Security Service Edge" (2024) — gartner.com
- Gartner, "Market Guide for Single-Vendor SASE" (2024) — gartner.com
- CISA, "Zero Trust Maturity Model" Version 2.0 (2023) — cisa.gov
- Cloudflare, "What is SASE?" — cloudflare.com/learning
- Fortinet, "FortiSASE" — fortinet.com
Related on sase.cloud
One email per publish. Unsubscribe anytime.