Let’s talk about Zero Trust in SASE and SSE. Only about 35% of organisations have fully deployed it, according to recent industry polls. At first glance, that might sound like a red flag - 65% haven’t cracked it! But dig deeper, and it’s not universal failure. It’s just a very steep learning curve - one that reflects growth, adaptation, and the sheer complexity of securing today’s digital landscape with everything, everywhere.

The Shift Driving the Climb

Zero Trust within Secure Access Service Edge (SASE) - blending SD-WAN and security - and Security Service Edge (SSE) - its security-centric sibling perfect for the upwardly mobile workforce - marks a radical break from secure the office and Data Centre. Traditional security was a castle-and-moat game: build a perimeter, trust what’s inside, suspect and inspect everything else. Roll forward the COVID years, apps in many clouds, remote workers, and IoT devices have torched that playbook. Zero Trust steps in with a new rule: no one gets a free pass. Every user, device, and connection must prove itself, always. That’s not a tweak—it’s a tectonic shift, and IT teams can’t just flip a switch to master it.

The 35% stat (think Gartner or Forrester polls) doesn’t mean the other 65% are failing. Many are mid-climb - like running pilots, rolling out phases, or tackling partial deployments because BAU does not go away. It’s like learning to ride a bike: wobbling isn’t defeat; it’s finding balance. The steepness? It’s all about what’s required to get this right.

What’s Steepening the Curve?

• New Skills, New Mindset: Ditching old habits (like leaning on VPNs or firewalls) for continuous verification takes retraining. Over 40% of teams lack Zero Trust expertise, surveys say. That’s not a flop - it’s a gap closing with time.

• Tech Rewiring: SASE/SSE demands cloud-native tools; ZTNA, secure web gateways, CASBs, that clash with legacy systems. About 60% of firms hit integration snags. They’re not stalled; they’re rebuilding mid-flight.

• Moving Targets: Threats evolve fast - 80% of 2024 breaches tied to cloud mis-configurations prove it. Zero Trust isn’t a set-it-and-forget-it fix; it’s a foot chase. The 35% are just ahead in the race, that could be simply as they don't have that amount of legacy.

• Sheer Scale: Applying Zero Trust across thousands of users, devices, and apps is daunting. A 2024 report says 90% of firms have a plan, but only a third hit full coverage. The rest are scaling a mountain, not quitting it. Changing personnel add to this lag.

Proof of Momentum

Rewind to 2018: Gartner pegged mature SASE adoption at under 1%. Fast forward to 2025, and 35% fully deploying Zero Trust is a jump worth noting. That’s not a failure rate - it’s momentum. The stakes are high - securing a distributed world - but the climb’s underway. The 35% (often big players or early adopters) reap tighter security and smoother remote work. The 65%? They’re not flunking; they’re mid-lesson, inching upward.

Why This Reframe Matters

Calling it a learning curve shifts the vibe from defeat to real progress. That 35% isn’t a cap - it’s a milestone. As tools evolve (think AI-driven tools and policies) and know-how spreads, more will summit. The curve’s steep because the problem’s massive - securing a borderless, highly distributed workforce and cloud-first world - but the trend is upward.

It’s evolution, not collapse.