Navigating Cultural and Organisational Change in SASE Adoption

Secure Access Service Edge (SASE) is more than a technical upgrade — it’s a rethinking of how organisations connect and protect their digital assets in a cloud-first, hybrid-working world. As such, while the technologies behind SASE often get the most attention, one of the most significant — and frequently underestimated — hurdles to adoption is cultural and organisational change.

For CIOs, CISOs, and Heads of IT or Security, the move to SASE can bring undeniable business benefits: agility, simplified operations, and stronger security. But achieving those outcomes requires more than just a well-crafted RFP or a smooth technical deployment. It requires new ways of working, collaborating, and thinking.

This blog post explores the cultural and organisational shifts that leaders must anticipate and manage to unlock the true value of SASE.

A Quick Recap: What Changes with SASE?

SASE blends networking and security into a single, cloud-delivered architecture. This convergence fundamentally alters:

  • Where security and networking functions live (i.e., moving away from physical locations)
  • How traffic is routed and inspected (closer to the user, not the data centre)
  • Who manages what (network teams now touch more security, and vice versa)
  • How access is granted (shifting to identity-based models like Zero Trust)

Each of these shifts carries organisational implications. Traditional structures, team boundaries, and mindsets may no longer align to the new architecture.

Why Cultural and Organisational Change Matters

In most organisations, networking and security have grown up in parallel but separate silos. They have different goals, different KPIs, different tools, and often, different views of risk and performance.

  • Networking teams focus on uptime, bandwidth, routing, and availability.
  • Security teams focus on threat prevention, compliance, and risk management.

SASE blurs these lines. And that’s where the friction starts.

Five Key Cultural and Organisational Shifts to Navigate

1. Breaking Down Silos Between Teams

SASE demands a collaborative model where networking and security teams work side-by-side to design, implement, and manage policies. But in many organisations, these teams have never needed to collaborate deeply. They may even have conflicting priorities.

What to watch for:

  • Resistance to joint decision-making
  • Confusion over who owns what in the new architecture
  • Policy conflicts or duplicated efforts

What leaders can do:

  • Establish a shared governance model for SASE
  • Set joint success metrics that align both teams
  • Encourage co-design of policies, particularly for ZTNA and SD-WAN components

2. Upskilling and Role Evolution

The move to cloud-based, identity-driven security and software-defined networking often requires new skills. Teams accustomed to managing physical firewalls or traditional MPLS may not be ready for cloud orchestration, API integration, or policy automation.

What to watch for:

  • Skills gaps around cloud networking or Zero Trust principles
  • Reluctance to adopt automation or orchestration tools
  • “Not my job” attitudes when responsibilities shift

What leaders can do:

  • Invest in training and cross-skilling early
  • Encourage hands-on learning through pilots and labs
  • Recognise and reward adaptability and curiosity

3. Shifting to a Policy-Based Mindset

Traditional network management often relied on static configurations — IP ranges, VLANs, physical topologies. SASE shifts this to a policy-based model where access decisions depend on identity, device posture, and context.

This requires teams to think differently — to abstract away from infrastructure and focus on business logic, user behaviour, and data sensitivity.

What to watch for:

  • Difficulty translating legacy rules into modern access policies
  • Overly permissive or overly restrictive policy defaults
  • Complexity in maintaining consistent policy sets across services

What leaders can do:

  • Provide clear guidance on access governance
  • Involve business stakeholders in defining policies
  • Promote tools and platforms that simplify policy management

4. Adopting Agile, Iterative Deployment Approaches

Legacy infrastructure projects were often large, monolithic, and slow-moving. SASE, in contrast, is well-suited to iterative, phased rollouts — for example, starting with remote access or a few branch locations.

Yet many teams (and leadership structures) are still geared toward big-bang deployments and traditional project milestones.

What to watch for:

  • Overly rigid deployment planning
  • Inflexibility when pilots surface unexpected challenges
  • A “wait until it’s perfect” mindset

What leaders can do:

  • Adopt an agile delivery model for SASE projects
  • Frame early deployments as learning exercises, not proofs of perfection
  • Celebrate progress, not just final outcomes

5. Building Shared Ownership of Risk

In a SASE environment, decisions around access, configuration, and policy are more distributed — and so is responsibility. Security is no longer just the job of the CISO’s team; it’s embedded in every part of IT and business operations.

This shift can cause confusion, or even finger-pointing, when things go wrong.

What to watch for:

  • Lack of clarity over who owns specific risks or incidents
  • Gaps in policy enforcement due to unclear accountability
  • Mismatched expectations between business and IT teams

What leaders can do:

  • Define shared accountability models for access and security
  • Include SASE-related risks in broader enterprise risk frameworks
  • Make security a visible, collective goal — not a blame game

Strategies for Managing Cultural Change

Successfully navigating the organisational side of SASE adoption requires more than awareness. It demands proactive, people-first leadership. Here are some practical strategies:

  • Start with vision and context
    Help teams understand why the change is happening, what outcomes are expected, and how it supports the organisation’s broader goals.

  • Identify cultural blockers early
    Use workshops, surveys, and informal conversations to surface resistance or misunderstandings.

  • Use pilots to build momentum
    Small wins in focused areas (e.g., remote access, test branches) can create buy-in and reveal key lessons.

  • Reinforce with leadership behaviours
    When senior leaders model collaboration across functions and embrace new ways of working, others follow suit.

  • Align incentives and recognition
    Acknowledge cross-functional success. Reward people not just for technical excellence, but for adaptability and cooperation.

Conclusion: Technology is Easy, Culture is Hard

The promise of SASE is real — improved agility, reduced risk, and better user experiences. But too many organisations underestimate the human and organisational effort required to get there.

For leaders, this means treating cultural change not as a soft side issue, but as a core pillar of the SASE journey. The technologies involved may be cloud-native, automated, and cutting-edge. But the success of SASE ultimately rests on people — their mindsets, their skills, and their willingness to work in new ways.

By planning for organisational change with the same care as technical design, leaders can ensure that SASE delivers not just technical outcomes, but lasting business value.

If your SASE initiative is stalled or struggling, the problem may not be the tech. Take a step back and ask: do our people have the clarity, skills, and culture needed to thrive in this new model? The answer could make all the difference.