CONVERGENCE OR CHAOS? THE IMPACT OF SASE ON LEGACY GRC FRAMEWORKS

Secure Access Service Edge (SASE) as an emerging solution to enterprise security and networking platforms is a
critical change which has been necessitated by the need to accommodate distributed users, cloud-native applications
and dynamic access demands. Although SASE is an architectural convergence, which implies the delivery of
networking and security services as part of the same cloud-based system, the question of what it means to the
existing Governance, Risk, and Compliance (GRC) framework is not well-studied. The conventional GRC models
were developed upon infrastructures, distinct boundaries, and regular checks on compliance, which are becoming
more and more incompatible with steady and distributed SASE environments.
This paper evaluates the claims of governance convergence or organizational mayhem about the adoption of SASE
using the analysis of its effects on traditional GRC models. The research explores the reconstruction of risk
visibility, ownership of control, auditability and compliance assurance through SASE. The paper finds main areas in
which the misfit between SASE architectures and conventional GRC practices is evident through a systematic
conceptual analysis, and in what circumstances SASE is able to increase the effectiveness of governance. These
findings indicate that in the absence of a specific adjustment of GRC processes, SASE can contribute to governance
fragmentation; nevertheless, when adjusted to the continued and metrics-driven models of governance, SASE can
serve as a driver of integrated and adaptive GRC in contemporary businesses.