Hybrid working is now embedded, cloud applications proliferate, and data moves continuously between users, devices and locations. UK organisations now manage more cloud identities than traditional endpoints, and more than half of enterprise traffic originates outside the office. As a result, network reliability, security and performance have shifted from operational concerns to board-level priorities.
In this landscape, traditional upgrade cycles are struggling. Infrastructure ages faster than planned, vulnerabilities emerge sooner, and the cost and disruption of major refresh projects often outweigh their short-term value. Rip and replace was manageable when networks evolved slowly and most services lived on-premises. Today, with digital change accelerating every quarter, it has become both financially and operationally misaligned with the pace of business.
CIOs increasingly need an alternative – a way to improve security and performance without dismantling what already works; a way to modernise continuously instead of in disruptive, high-risk increments. Secure Access Service Edge (SASE) provides that alternative, offering a more flexible and sustainable approach to network transformation.
SASE brings together networking and security into a single, cloud-delivered architecture built around identity and context. Rather than relying on physical appliances and perimeter-based controls, SASE applies consistent security and access policies wherever users connect. It provides a unified platform for Zero Trust access, cloud inspection, secure connectivity and centralised policy management, all delivered at the edge.
Within this model, modernisation becomes something organisations can achieve progressively, capability by capability, instead of through large, disruptive refresh cycles.
A defining strength of SASE is its ability to enhance rather than replace. Because core intelligence – from inspection to policy enforcement – lives in the cloud, modern capabilities can be introduced without retiring existing infrastructure immediately. This means organisations can phase out legacy VPNs, firewalls and proxies gradually, shifting controls to the SASE fabric as teams are ready. This protects previous investment, reduces operational risk and avoids the single-event disruption associated with traditional refresh programmes.
Zero Trust is increasingly expected by boards, insurers and regulators, but implementing it on top of legacy architecture can be complex. SASE embeds Zero Trust principles into its design, allowing identity-first access to be introduced incrementally. Remote workers, cloud applications or specific high-risk groups can be prioritised first, with the model expanding as maturity grows. This staged approach enables a strategic security shift without overwhelming teams or slowing delivery.
SASE’s modularity gives CIOs the flexibility to begin with the areas that matter most. Whether the pressure is unreliable VPN performance, fragmented security tooling, inconsistent cloud visibility or branch connectivity challenges, SASE allows targeted improvements that deliver immediate impact. Each new capability stands on its own, yet contributes to a cohesive architectural evolution. This creates a rhythm of early wins – visible improvements that build momentum and strengthen stakeholder confidence.
Perhaps the most transformative aspect of SASE is the shift in operating model. New sites, applications or services can be onboarded quickly, without the lengthy engineering cycles associated with legacy networks. Policies can be updated centrally and applied everywhere in minutes. Continuous cloud-delivered updates ensure the environment remains current without additional hardware investment. Instead of ageing the moment it is deployed – a common issue cited by UK CIOs – the network becomes a living platform that adapts to change as it happens.
Incremental modernisation delivers advantages that rip and replace cannot match. It avoids high-risk cutovers at a time when organisations depend on uninterrupted operations. It replaces large, infrequent capital events with predictable operational expenditure. It enables teams to build capability steadily rather than navigating a single, overwhelming transition. And critically, it ensures that modernisation aligns with the organisation’s needs – keeping pace with evolving applications, new security expectations, and changing workforce behaviour.
Steady progress creates confidence. Teams see improvement rather than disruption. Leaders can demonstrate value earlier. Change becomes a continuous habit, not a rare, stressful event.
SASE offers a practical, measured alternative to the outdated cycle of rip and replace. It enables organisations to strengthen their architecture step by step, modernising without pause, rebuilding without disruption, and improving security without overspending. For CIOs, this is not just a technical evolution but a strategic one – a shift from reactive infrastructure management to proactive, business-aligned modernisation.
It’s a model that grows with the organisation, protects existing investment and ensures the network remains ready for whatever comes next.
Network Services Practice Lead
David leads the development of Roc’s network strategy and portfolio, shaping and refining customer propositions to strengthen performance and experience whilst delivering value.
Partnerships sit at the heart of how most organisations now operate. Whether it’s suppliers, delivery partners, or internal teams, very little is achieved in isolation. Yet partnership is also one of the areas where good intentions often outpace good design.
The best kind of change is often the kind you don’t notice happening. Systems run smoother, processes feel easier, people stop sighing at their screens – and suddenly everything just works a little better.
True modernisation is less about speed – and more about substance. We talk about modernisation as if it’s a race – a finish line you can cross and then move on. It isn’t.
The modern enterprise has shifted beyond recognition.
Hybrid working is embedded, cloud adoption continues at pace, and data now moves across a range of devices, locations, and applications. As this digital footprint expands, the traditional network perimeter has dissolved.
AI has altered the physics of cybersecurity. Threats now move faster than policies can adapt, and defences evolve in real time. The traditional idea of resilience – static controls, periodic reviews, and defined perimeters – no longer fits.
In an era where many students invest over £60,000 in a university education, the question of value for money has become a defining factor in university choice. But “value” is not universal.
AI is now woven into every part of cybersecurity operations. It analyses behaviour, identifies anomalies, and increasingly, takes action on its own. It’s faster, tireless, and in many cases more consistent than any analyst could be. But with that progress comes a harder question: how much decision-making are we prepared to give away?
There’s no escaping the squeeze. Demand is rising, budgets are flat, and no one’s in the mood for another “game-changing” announcement. People have heard so many promises of ‘once in a generation’ transformation that hype doesn’t hold much weight anymore.
There’s a moment every organization faces when it has to stop pretending the cracks aren’t there. The systems that don’t quite talk to each other. The processes everyone works around. The decisions that were right once — but no longer are.