Cumulative secure access service edge (SASE) spending across Security Service Edge (SSE) and Software-Defined WAN (SD-WAN) is forecast to reach $97-billion between 2025 and 2030, according to Dell’Oro group.
This level of spending is nearly three times larger than the total SASE outlays recorded over the prior five-year period (2020 to 2024) and reflects a structural shift in how enterprises design networks. Security policy is increasingly defined upstream by risk governance requirements – and connectivity is engineered to execute that policy consistently across users, applications, and locations.
“Security policy is no longer a downstream control that follows network design; it is becoming the architectural layer that dictates how access and connectivity are built,” says Mauricio Sanchez, director, Enterprise Security and Networking at Dell’Oro Group. “What stands out in this forecast is not just growth, but scale, as enterprises align enterprise WAN networking and security decisions around governance, accountability, and audit readiness rather than treating SD-WAN and SSE as independent technology choices.”
Additional highlights from Dell’Oro’s SASE and SD-WAN report include:
- SSE is increasingly positioned as the authoritative policy layer for access control, inspection, and audit readiness as enterprises respond to tighter risk governance, disclosure expectations, and AI-era threat exposure. Buyers are prioritising centralised policy definition with consistent enforcement across distributed users, applications, and cloud environments.
- SD-WAN is evolving into the execution layer for enterprise security policy, determining how traffic is routed to cloud-delivered controls and where enforcement occurs. As security decisions move upstream, SD-WAN selection is increasingly influenced by its ability to align routing, performance, and visibility with centralised policy requirements.
- Access Routers continue to lose strategic relevance as enterprises prioritise architectures where security policy, visibility, and auditability are defined centrally rather than embedded in fixed-function hardware. As SD-WAN and SSE absorb routing, access control, and inspection roles, Access Routers are increasingly retained only where regulatory, latency, or legacy constraints require them.