.svg)
For the last two years, Gartner have been recognising a trend of customers deploying single vendor SASE solutions – 50% in 2025, with a predicted 60% in 2026 and 75% in 2027. The benefits of this approach are pretty obvious - better integration of network and security platforms, single management plane, commercial advantages, and common security policy.
Whilst I am myself an advocate of single vendor SASE, I thought it might be worth exploring some of the reasons to buck the trend. Immediately, the following three come of mind.
- Operational Ownership
- Vendor Choices
- Best In Breed
Operational Owner: To clarify SASE = SD-WAN + SSE and SD-WAN is primarily a network function, while SSE is mainly a security function. There are many organisations with distinct Network and Security teams handling these functions and, in some cases, there may even be different managed service providers, which will make the split in operational ownership difficult. This is not in itself a reason to choose different vendors, but it does negate some of the integration benefits.
Vendor Choices: For those among the 50% to 75% deploying single vendor SASE solutions, there may be a limited choice outside of the four options listed on the Gartner SASE Magic Quadrant Leaders (Palo Alto, Fortinet, CATO, and Netskope). Although Cisco offers both SD-WAN (Cisco Catalyst SD-WAN and SSE (Cisco Secure Access), the reality is that they are different platforms, with little integration. Cisco does provide Cisco Secure Connect based on its Meraki range, but this lacks support for enterprise features such as VRFs and has only recently introduced support for IPv6. Similarly, other vendors such as HPE offer but SD-WAN and SSE but without integration.
Best in Breed: Perhaps this is extension of vendor choices with, but I think it’s worth calling out on its own. Zscaler are the Gartner Leader in SSE but only a Visionary on SASE. Despite having a fully feature and mature SSE platform, Zscaler lacks a true enterprise SD-WAN capability. There are Branch Connectors, but these come in limited form-factors and do not provide VRF functionality.
While I would broadly advocate for single vendor SASE solutions, one size never fits all, and if your operational structure doesn’t align to a single vendor solution, then it may be worth considering a mix best of breed options aligned to your environment and operational model.
Disclaimer: I am a Network Architect and not an industry analyst, so my content is based on my experience of the networking industry and what I witness in my day-to-day role. If I have gotten anything factually wrong, my apologies and feel free to correct me. Let me know what you think, especially if you disagree, I am always open to changing my mind, so at least one of us will learn something.
Further Reading: