SASE Adoption Accelerates, But Execution Gaps Are Holding Enterprises Back

New Open Systems survey shows 8 in 10 US/UK organizations stuck in the Zero Trust “middle state.”

A new survey of 505 IT and security leaders across the United States and the United Kingdom reveals a growing disconnect between ambition and reality: while enterprises are rapidly advancing Zero Trust and SASE strategies, most remain unable to fully operationalize them at scale.

Hybrid environments are now the default – visibility is not

The 2026 SASE & Zero Trust Survey, conducted by Open Systems in collaboration with Cybersecurity Insiders, shows that hybrid environments have become the default operating model. Organizations are securing remote workers, SaaS applications, datacenters, multi-cloud workloads, branch locations and third-party access simultaneously. Yet 67–68% of respondents cite lack of end-to-end visibility as their biggest operational challenge, closely followed by inconsistent user experience, performance issues and growing ticket volumes.

Read More: ITTech Pulse Exclusive Interview Dr. Vijay Balasubramaniyan, Chief Executive Officer, Pindrop

Zero Trust is progressing – but most remain stuck in the middle

Zero Trust adoption is clearly underway. Only 13–14% of organizations still rely solely on traditional WAN and VPN architectures, and most have introduced ZTNA and application-level access controls. However, progress stalls beyond early phases: just 8–9% report a fully integrated Zero Trust architecture, leaving the vast majority operating in a prolonged “middle state”.

Execution capacity, not strategy, is the real constraint

The primary obstacle is not strategy or intent, but execution. Nearly half of respondents report significant difficulty operating VPN and ZTNA in parallel, resulting in duplicated policies, fragmented tooling and increased operational overhead. Skills shortages and integration challenges further limit teams’ ability to run modern architectures consistently – reinforcing that execution capacity, not architecture, is now the primary constraint.

“Enterprises are no longer debating whether Zero Trust and SASE are the right direction – that decision has been made,” said Stefan Keller, Chief Product Officer at Open Systems. “What’s slowing progress is the ability to execute day to day. Hybrid complexity, legacy infrastructure and limited internal capacity are colliding at the same time.”

To address this execution gap, organizations are rethinking how SASE is delivered. 78% of US and 85% of UK respondents say they prefer a co-managed or fully managed SASE operating model, combining internal oversight with dedicated 24×7 operational expertise. Expectations around automation are similarly pragmatic: organizations prioritize AI for monitoring, anomaly detection, incident response and ticket automation, focused on reducing operational noise rather than experimentation.

Read More: Cybersecurity Compliance in 2026: Navigating Global Regulations Without Slowing Innovation

“SASE is no longer a product deployment, it’s an operating model,” added Stefan Keller. “Customers want visibility-first platforms, shared responsibility and partners who can operate alongside them as environments grow more complex.”

The findings point to a clear conclusion: enterprises are ready for Zero Trust, ready for SASE – and now need operating models that match the realities of hybrid, cloud-first environments.

Write to us [⁠wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.