Secure access service edge (SASE) has become an integral part of enterprise network strategies. The country’s enterprises are under pressure to modernise network and security operations at a time when digital transformation is accelerating, data traffic volumes are rising and cyberthreats are becoming more sophisticated. The push towards cloud adoption and the ongoing roll-out of 5G are converging to create demand for integrated network and security solutions. Yet, Indian enterprises are encountering hurdles that are unique to the country’s telecom and regulatory environment. From the difficulty of aligning vendor products with enterprise needs and unpredictable costs in network-as-a-service (NaaS) models, to the necessity of on-premises deployments in compliance-heavy industries, SASE roll-outs are anything but straightforward. What is emerging is a picture of strong intent but uneven execution, with lessons that cut across sectors and organisation sizes…
Choosing the right SASE product
For Indian enterprises, the first and perhaps most pressing obstacle in SASE deployment lies in selecting the right product. The market is crowded with both global vendors and local service providers. Each promotes a full-stack vision of converged security and networking. But in practice, enterprises in India must integrate new cloud-native functions into an existing landscape of multiprotocol label switching (MPLS), virtual private networks, firewalls and legacy systems.
This creates tension between the ideal of a unified platform and the reality of incremental adoption. Many organisations remain wary of vendor lock-in, particularly in compliance-heavy sectors such as banking, financial services and insurance (BFSI). For instance, these firms are bound by Reserve Bank of India and CERT-In guidelines, which demand both operational flexibility and strict oversight of data flows. A single-vendor approach may simplify management but can also restrict adaptability when regulatory or business requirements shift.
Meanwhile, scalability is another pain point. Large enterprises with pan-India operations can easily find global SASE platforms that can deliver the scale the organisations need, but licensing models often make them prohibitively expensive for mid-market firms.
Further, interoperability compounds the issue. Cloud-native SASE platforms are designed to work seamlessly in environments with mature cloud adoption, but many Indian enterprises continue to rely on on-premises applications, enterprise resource planning systems and localised data stores. Integrating these with cloud-delivered security services often requires bespoke solutions, driving up complexity and deployment timelines. The result is that enterprises are often forced into trade-offs such as choosing between depth of features and cost, and between ease of deployment and compliance flexibility.
Challenges in adopting NaaS
NaaS is gaining traction in India as enterprises look for more flexible ways to consume connectivity and security. The appeal is obvious. Instead of investing heavily in hardware and long-term infrastructure, organisations can scale bandwidth, routing and security policies on demand. For Indian enterprises navigating hybrid work, multicloud environments and regulatory pressures, this model aligns well with the need for agility.
Telecom operators have started moving in this direction. Airtel, for example, expanded its NaaS portfolio in 2024 with bundled SASE offerings that allow customers to manage security and connectivity through a single dashboard. Similarly, Reliance Jio has been piloting NaaS-based secure connectivity for enterprises in the manufacturing and retail sectors, focusing on managed security with flexible operations expenditure (opex) models.
Yet adoption remains uneven. Enterprises outside metros continue to struggle with network reliability. In Tier II and Tier III cities, latency and bandwidth fluctuations persist despite ongoing fibre roll-outs. For a SASE model delivered entirely from the cloud, these gaps can undermine performance and security. Pricing is another friction point. Unlike the traditional capital expenditure (capex)-heavy model where hardware is purchased upfront, NaaS follows an opex structure with recurring costs.
There is also the issue of ecosystem readiness. While several vendors have expanded their cloud security points of presence (PoPs) in India, enterprises still need to evaluate provider topology closely, since performance depends heavily on PoP density. Public internet routing generally introduces higher latency and jitter compared to private backbones, which means some global vendor-led NaaS offerings may still route Indian enterprise traffic through distant PoPs, resulting in performance gaps that fall short of enterprise expectations.
On-premises security needs for certain locations
Despite the momentum around cloud-delivered SASE, many Indian enterprises remain tethered to on-premises deployments. Highly regulated industries, such as BFSI, defence and public sector undertakings, must comply with stringent mandates from bodies such as the Reserve Bank of India and the Ministry of Electronics and Information Technology. These often require data localisation, direct oversight of sensitive systems, or, in some cases, on-site inspection capabilities. Such rules limit how far organisations can move workloads and security functions into the cloud.
Geography compounds the issue. Enterprises with operations in semi-urban and rural regions frequently encounter bandwidth gaps and inconsistent last-mile reliability. Manufacturing plants, research and development (R&D) facilities and government offices outside metro hubs cannot rely solely on cloud-delivered security without risking disruption. This makes hybrid deployment models a necessity, where cloud-native SASE functions are combined with localised on-premises gateways to ensure compliance, performance and resilience. While this approach balances regulatory demands with modernisation goals, it creates a dual environment that IT teams must manage. Moreover, for many mid-sized enterprises with limited staff, this added complexity presents a significant operational challenge.
No single superior SASE platform
A consistent reality in India’s enterprise security market is that no single SASE platform can address every requirement. Global vendors offer strong, cloud-native portfolios with mature capabilities, but these often fall short when it comes to localised compliance or the breadth of PoPs needed to serve India’s diverse geography. Indian telecom operators and managed service providers, on the other hand, bring scale in connectivity and familiarity with local regulatory frameworks, yet they typically rely on partnerships with multiple security vendors to deliver a complete SASE stack.
This divergence forces enterprises into trade-offs. A single-vendor approach can simplify procurement and support, but it often limits feature depth in certain areas, leaving gaps around compliance or customisation. Multivendor models offer more flexibility but come with integration challenges, complex service-level agreements and a greater burden of vendor management.
In practice, most enterprises are navigating a patchwork approach. Large organisations with distributed networks may prioritise network optimisation and choose telco-led solutions, while highly regulated sectors weigh compliance and gravitate towards platforms that allow tighter control over data flows. Mid-market enterprises, meanwhile, face the additional hurdle of cost alignment, which pushes them to experiment with modular deployments rather than commit to comprehensive SASE stacks.
Outlook
The trajectory of SASE in India is being shaped by three converging forces – regulatory frameworks, enterprise digital transformation and the readiness of service providers. Each of these factors will determine how quickly adoption scales and how challenges are addressed over the next two years.
On the regulatory front, India’s data protection and cybersecurity landscape is in flux. India’s regulatory shifts are key to SASE adoption dynamics. The Digital Personal Data Protection Act, 2023, in general, requires organisations to follow core principles such as consent management, purpose limitation, data minimisation, security safeguards and breach reporting. These requirements apply to all data fiduciaries, including any processing directed at Indian data principals, regardless of where it occurs. Cloud-delivered SASE models will only succeed if they demonstrate compliance with these obligations, which places the onus on vendors and telecom partners to offer verifiable assurance around localisation, data residency and lawful interception. Vendors that fail to adapt to these evolving requirements risk being sidelined in highly regulated markets.
Digital transformation trends are also accelerating demand. With employees, suppliers and customers spread across multiple geographies, the pressure to secure cloud apps, SaaS tools and edge devices has intensified. The focus has shifted from awareness to execution, with pilots moving into production and proofs of concept being scaled into live environments. For instance, HDFC Bank is actively embracing zero-trust architecture, having already decommissioned MPLS networks in over 450 branches in favour of cloud-delivered security and identity-based access, a transition that mirrors foundational SASE principles.
For service providers, the road ahead is equally pivotal. Indian telecom operators and managed service providers are positioning themselves as central players in the ecosystem, leveraging their networks and customer relationships to deliver SASE in partnership with global technology vendors. However, the next phase of differentiation will not be about connectivity alone. It will hinge on the ability to bundle security with Naas, provide transparent billing models, and ensure wide-reaching points of presence that cover Tier II and III markets.
Projections indicate that the market will expand from $2.31 billion in 2024 to $28.54 billion by 2032, reflecting a CAGR of 36.9 per cent. However, considering other factors, the outlook for SASE in India is neither uniform nor straightforward. Adoption will be fastest in sectors with strong compliance drivers and large distributed footprints, while mid-market enterprises will proceed cautiously, balancing cost with complexity.
