Security risk, not routing, is driving SASE
According to a recently published forecast report from Dell’Oro Group, the trusted source for market information about the telecommunications, security, networks, and data center industries, cumulative Secure Access Service Edge (SASE) spending across Security Service Edge (SSE) and Software-Defined WAN (SD-WAN) is forecast to reach $97B over the 2025–2030 period. This level of spending is nearly three times larger than the total SASE outlays recorded over the prior five-year period (2020–2024) and reflects a structural shift in how enterprises design networks. Security policy is increasingly defined upstream by risk governance requirements, and connectivity is engineered to execute that policy consistently across users, applications, and locations.
“Security policy is no longer a downstream control that follows network design; it is becoming the architectural layer that dictates how access and connectivity are built,” said Mauricio Sanchez, Sr. Director, Enterprise Security and Networking at Dell’Oro Group. “What stands out in this forecast is not just growth, but scale, as enterprises align enterprise WAN networking and security decisions around governance, accountability, and audit readiness rather than treating SD-WAN and SSE as independent technology choices,” added Sanchez.
Additional highlights from SASE and SD-WAN 5-Year January 2026 Forecast Report:
• SSE is increasingly positioned as the authoritative policy layer for access control, inspection, and audit readiness as enterprises respond to tighter risk governance, disclosure expectations, and AI-era threat exposure. Buyers are prioritizing centralized policy definition with consistent enforcement across distributed users, applications, and cloud environments.
• SD-WAN is evolving into the execution layer for enterprise security policy, determining how traffic is routed to cloud-delivered controls and where enforcement occurs. As security decisions move upstream, SD-WAN selection is increasingly influenced by its ability to align routing, performance, and visibility with centralized policy requirements.
• Access Routers continue to lose strategic relevance as enterprises prioritize architectures where security policy, visibility, and auditability are defined centrally rather than embedded in fixed-function hardware. As SD-WAN and SSE absorb routing, access control, and inspection roles, Access Routers are increasingly retained only where regulatory, latency, or legacy constraints require them.
Above, Mauricio Sanchez, Sr. Director, Enterprise Security and Networking at Dell’Oro Group
