Martin May, Business Development: Networking at Duxbury Networking

For years, the VPN has been the default solution for securing remote access. It created an encrypted tunnel, pushed all traffic through a central concentrator, and gave companies peace of mind that users working outside the office could connect “safely.”

But the world has changed. The central office is no longer the hub for all traffic, and applications no longer live neatly behind the perimeter. We support SaaS, multi-cloud, hybrid working, and remote staff connecting from anywhere, using a range of connectivity options from fibre to LTE. In this environment, VPNs are showing their age and their limitations.

Where VPNs fall short

The cracks in VPNs are familiar to most IT teams. Performance drops as more traffic is backhauled through a single gateway. Latency frustrates users who want their collaboration apps to work. Security gaps appear when devices stay connected too broadly, often exposing networks far more than necessary. The administrative burden of provisioning, patching, and maintaining concentrators across sites consumes scarce technical resources.

In South Africa, these problems are amplified. Our connectivity is diverse. There is a mix of fibre, fixed wireless, and mobile broadband. That makes “always back to HQ first” an even bigger bottleneck. At the same time, staff need reliable access to cloud services like Microsoft 365, Salesforce, or industry-specific SaaS platforms, which do not benefit from traffic being tunnelled through an on-premises VPN.

The SASE alternative

Secure Access Service Edge (SASE) completely redefines remote access. Instead of sending everything through a VPN concentrator, security policies are delivered through distributed points of presence (PoPs), which are closer to where users and applications actually reside.

This model reduces latency because traffic no longer makes unnecessary detours. It improves scalability because new users or branches connect to the nearest cloud PoP rather than overwhelming the central infrastructure. And it strengthens security, because access is granted on a least-privilege, per-session basis, often using Zero Trust Network Access (ZTNA).

The result is a system that feels more natural to the way organisations work today: decentralised, cloud-first, and mobile.

Practical benefits

• Better user experience: Staff logging in from Durban, Nairobi, or Cape Town connect to nearby enforcement points, not back to a server in Johannesburg. That means faster response times and fewer complaints.
• Adaptive security: With SASE, every connection is checked against identity, device posture, and policy. That is a far cry from the “all or nothing” model of VPNs.
• Operational simplicity: IT teams manage one unified framework rather than juggling VPN concentrators, firewall rules, and overlapping policies.
• Resilience: Cloud-delivered enforcement points mean there’s no single concentrator that can fail and bring access down for everyone.

Vendors like HPE Aruba Networking are demonstrating how this works in practice. Their unified SASE solution combines SD-WAN and SSE, bringing together strong connectivity with policy-driven security. For South African companies with branch offices, distributed sites, or mobile workforces, that makes adoption less about “ripping and replacing” and more about evolving step by step into a model that scales.

Time to ask the tricky question

October is Cybersecurity Awareness Month. While advice on phishing emails and password hygiene has its place, I think it is just as crucial for IT leaders to ask a more difficult question: are we still relying on VPNs that no longer fit the way our organisations actually work?

If the answer is yes, then it is time to consider SASE. The technology is about aligning security with reality. Staff are everywhere. Apps are everywhere. The network must follow, and so must the protection.

VPNs had their moment. But for today’s distributed enterprise, SASE is the smarter path forward.