From VPN to SASE: How RBA Guides Organizations Through Vendor Evaluation and Selection

Organizations are rapidly moving away from legacy VPNs. Traditional remote access solutions often create bottlenecks, reduce visibility, and no longer align with cloud-first and Zero Trust strategies.

At RBA, we’re helping organizations take the next step beyond traditional VPNs by adopting Secure Access Service Edge (SASE), a cloud-delivered framework that unifies networking and security. We’ve recently expanded our expertise in this area and are excited to help clients explore modern, identity-aware approaches to secure connectivity.

 

Through structured, platform-agnostic Proof of Concept (PoC) evaluations, we guide organizations in identifying the right SASE approach for their unique needs, balancing factors such as user experience, scalability, and operational readiness.

Before diving into our evaluation process, it’s worth understanding why SASE has become such a critical enabler for modern enterprises.

Why SASE Matters

SASE consolidates networking and security into a single, cloud-delivered service. This approach removes the constraints of traditional VPN appliances and enables:

 

• Direct-to-cloud connectivity with consistent policy enforcement
• Integration with modern identity platforms like Microsoft Entra ID
• Zero Trust Network Access (ZTNA) as a baseline for secure access
• Visibility into users, devices, and applications across the enterprise
• Advanced capabilities such as TLS inspection, DLP, and threat protection

For organizations leveraging Microsoft’s Zero Trust security model, SASE is a natural complement that simplifies operations while strengthening security.

Different Approaches to SASE

As SASE continues to mature, vendors are taking distinctly different paths to deliver it. Understanding these approaches helps organizations align their selection with their existing investments, IT operating model, and long-term security strategy.

1. Network-Centric Providers (e.g., Palo Alto Networks, Fortinet)
   These vendors built their SASE offerings on a foundation of mature firewall and SD-WAN technologies. Their strength lies in deep network visibility, threat prevention, and extensive policy control. Many have extended these capabilities into the cloud through global SASE platforms such as Prisma Access and FortiSASE.

• Strengths: Proven network security capabilities, broad integration with on-prem and cloud environments, flexible deployment models
• Considerations: Architectures can vary between cloud-delivered and hybrid models, which may influence management complexity and operational approach

2. Cloud-Native SASE Platforms (e.g., Cato Networks, Netskope)
   These providers were built for the cloud from the ground up, emphasizing simplicity, scalability, and fast user experience. They integrate networking and security as fully managed services delivered from globally distributed points of presence.

• Strengths: Rapid deployment, high performance for distributed users, native cloud integrations
• Considerations: Less focus on on-premises appliances or deep customization; architecture may differ from traditional network operations

3. Platform-Integrated Security Ecosystems (e.g., Microsoft Global Secure Access)
   Microsoft’s Global Secure Access (GSA), part of the Entra family, represents a platform-integrated approach to SASE. Rather than replacing the network layer, Microsoft uses its global identity infrastructure, device compliance controls, and SaaS governance capabilities to provide secure access pathways. GSA combines Entra Internet Access and Entra Private Access with Defender for Cloud Apps to deliver Zero Trust Network Access (ZTNA) capabilities within the Microsoft 365 ecosystem.

• Strengths: Deep identity integration, unified management, and licensing efficiencies for Microsoft 365 E5 customers
• Considerations: Still maturing as a full SASE offering; organizations may need to pair it with third-party solutions for advanced network inspection or SD-WAN functionality

Each approach offers unique advantages depending on an organization’s priorities, whether modernizing network infrastructure, consolidating cloud security, or unifying identity and access under a Zero Trust framework.

Common VPN Challenges We See

Many organizations on legacy VPN platforms continue to accept long-standing risks that impact both security and productivity.

Our Process: Structured PoC Evaluation

When helping organizations evaluate SASE, RBA follows a proven, structured PoC evaluation process. We work with IT and security teams to define requirements and, if desired, run side-by-side vendor pilots to validate functionality in real-world conditions.

Key evaluation areas include: 

• Identity Integration: Compatibility with Entra ID and Conditional Access
• User Experience: Smooth transition from VPN to SASE, both client and clientless options
• Security Capabilities: TLS inspection, DLP, threat protection, and posture validation
• Administration: Visibility, reporting, and ease of management for security and network teams
• Scalability: Multi-tenant designs, global Points of Presence, and automation support

Evaluating Cloud-Native Platforms

Among the SASE solutions we’ve implemented, cloud-native platforms such as Cato Networks often stand out for their simplicity, scalability, and performance. RBA has extensive hands-on experience deploying Cato SASE, which provides valuable perspective when helping clients evaluate cloud-delivered architectures.

Based on our experience, these cloud-native platforms often demonstrate:

• Seamless Entra ID integration for authentication and conditional access
• Consistent performance through a global cloud backbone
• Operational simplicity with a single management console for networking and security
• Infrastructure-as-code support with Terraform for automation and repeatability

Flexibility to roll out advanced features at your pace, such as TLS inspection or posture checks

For many organizations, Cato Networks delivers the right balance of simplicity, security, and scalability.

Partner Perspectives

RBA is expanding its work across leading SASE ecosystems. As a Cato Networks partner, we bring firsthand experience implementing SASE in real-world environments. In parallel, our deep expertise in the Microsoft ecosystem allows us to help clients integrate emerging solutions such as Global Secure Access (GSA) into their broader Zero Trust and M365 strategies.

This dual perspective helps clients evaluate the right balance between cloud-native networking and identity-centric security, based on their environment and maturity. 

When to Consider a Multi-Vendor Evaluation

We recognize that organizations want to evaluate multiple vendors before making a decision. In those cases, RBA provides:

• Platform-agnostic guidance in vendor selection
• Side-by-side PoC evaluations with defined success criteria
• Objective analysis of results to support confident decision-making
• Future-focused roadmaps to align the chosen solution with long-term goals 

How RBA Helps with SASE Transformation

Vendor selection is only one milestone. We partner with organizations through the full journey:

• Architecture and Roadmap: Align SASE with Zero Trust and Microsoft 365 strategy
• Phased Rollouts: Start with VPN-equivalent features, then layer on advanced security
• Infrastructure as Code: Deploy scalable, repeatable configurations
• Change Management: Support IT teams and end-users with documentation, training, and migration playbooks

(I have this slide and other artifacts; we can put in whatever works best)

Get Future-Ready with RBA

Whether you’re exploring cloud-native SASE platforms like Cato Networks, Microsoft Global Secure Access, or evaluating multiple vendors through a structured PoC, RBA can help you navigate the process, validate options, and plan a successful rollout as part of your transition away from traditional VPNs.

Let’s start the conversation today.