How single-vendor SASE can deliver better security results

For many organizations, secure access service edge has become a critical initiative to modernize their network and security approaches to better support hybrid work, cloud-centric environments and generative AI application use. Yet even six years after SASE was introduced as a concept, many organizations still have difficulty seeing themselves deploy a truly unified, single-vendor SASE architecture.

This is not for lack of effort within the vendor community. Over the last few years, there has been significant focus on evangelizing single-vendor strategies. But customer reception has been lukewarm in some cases. In fact, 2023 research from Omdia, a division of Informa TechTarget, found that only 2% of organizations expected to use a single SASE vendor when their initiative was complete, while 13% expected to use two, leaving 83% that anticipated using three or more vendors for SASE.

Fast-forward to 2025 and the numbers look slightly better, but the overall trend remains. Specifically, Omdia research found that 17% expect to use one SASE vendor and 24% expect to use two. Still, a majority of organizations (58%) anticipate using three or more vendors.

Considering the reality most enterprises face regarding their network and security infrastructure, these numbers are understandable. Historically, organizations have likely used separate vendors for networking, firewall, secure web gateway, secure access, cloud security, data security, etc. The idea of standardizing on one or even two vendors can seem impossible when the starting point is five or more technology providers.

Yet beyond that general sentiment, when we asked specifically why organizations expected to use either one vendor or multiple vendors for SASE, a misconception seemed to emerge. Among those that expect to use multiple vendors for SASE, more than two-thirds (69%) said they would do so for better security efficacy, while an additional 42% cited defense in depth as a driver of this multivendor approach. For those anticipating using a single vendor for SASE, 46% said they would do so for more efficient operations, and 42% said simplified solution management. Just under half (46%) cited better security efficacy as a reason to use a single vendor.

Better security results are on the radar for proponents of both approaches, but a much stronger driver for multivendor organizations. This again likely ties back to traditional security practices. Defense in depth and diversification have been important security concepts for years, and in many ways remain so. But security and operational efficiency are not mutually exclusive. While using multiple vendors might enable security teams to benefit from different threat detection engines, global intelligence networks and AI/ML-based analytics, it increases management complexity, which can lead to misconfigurations and, ultimately, security incidents. With misconfigurations remaining a significant factor in many notable security breaches, it should be a priority for every organization to limit unforced errors and excel at the basics.

This is not to say diversification should be ignored. Rather, my point ties to the broader platform discussion occurring in the industry. Security teams should think about platforms as centers of gravity for convergence within specific areas of the tool stack. Multiple vendors are still necessary, but for related areas, it makes less and less sense to use different vendors with an expectation of better security results.

With regard to SASE, securing employee access to public, private, SaaS and GenAI applications and protecting the data employees are accessing using -- or sharing with -- those applications are all directly related. Introducing multiple, siloed tools only increases the chances that a policy will be incorrectly applied at some point.

All that said, I don't anticipate a massive shift in single-vendor SASE perceptions. We'll continue to see incremental movement from the multivendor camp toward single-vendor, but it will take time.

Organizations in the early stages of planning for or implementing SASE should consider a single-vendor approach as part of their longer-term strategy, even if it takes time to achieve.

John Grady is a principal analyst at Omdia who covers network security. Grady has more than 15 years of IT vendor and analyst experience.

Omdia is a division of Informa TechTarget. Its analysts have business relationships with technology vendors.