Beyond SASE Go-Live: Operating and Optimising a Modern, Secure Network in the AI Era

By Larissa Kolver, Head of Cyber Security at Securecom

Author Introduction

As a security leader, I’ve seen too many organisations treat SASE as a destination rather than a journey. Celebrating ‘go-live’ is natural, but the real value and risk reduction happen in the operational lifecycle that follows. From my experience, shifting from a migration mindset to continuous optimisation is how you turn a new platform into a genuine business enabler.

Outline

  • SASE go-live is the start of a new operational lifecycle.
  • Shift from managing boxes to managing policy and experience.
  • Critical first 90 days for stabilisation and tuning.
  • New KPIs reflect converged security and network.
  • Optimise for Generative AI risks like data leakage.
  • TotalNET Zero Trust provides a unified managed service.
  • Plan for continuous optimisation and ROI check-in.

Key Takeaways

The real value of a modern network and security platform is unlocked over the first 12 to 24 months through disciplined operations, clear KPIs and continuous optimisation – particularly as AI driven threats and data flows evolve. A managed platform is as much an operating model change as it is a technology shift.

  • SASE value unlocks over the first 12 to 24 months.
  • Move from a “migration mindset” to “optimisation mindset”.
  • Align NetOps and SecOps teams post-implementation.
  • The first 90 days balances security with business continuity.
  • Track new KPIs: MTTR, Policy Change Velocity, Application Latency.
  • Enable Generative AI but block sensitive data uploads.
  • Securecom TotalNET Zero Trust is a single point of accountability.
  • Full ROI includes decommissioning legacy hardware and software.

Introduction

The contract is signed, the hardware has been swapped out, and your sites have migrated from MPLS to SD-WAN. The project team is celebrating a successful “go-live.” But for the CIO and the Head of Operations, the real work, and the real opportunity, is just beginning.

A successful Secure Access Service Edge (SASE) deployment is not a destination; it is the start of a new operational lifecycle. While the initial migration solves immediate pain points like high WAN costs or rigid bandwidth, the strategic value of a SASE platform is unlocked incrementally over the first 12 to 24 months.

In the AI era, where threat landscapes shift daily and shadow IT creates new data leakage risks overnight, a “set and forget” approach to network security is no longer viable. To realise the full Return on Investment (ROI), which can reach over 100% in three years for optimised deployments , organisations must transition from a “migration mindset” to an “optimisation mindset.”

This guide outlines what changes after go-live, how to manage the critical first 90 days, and how to operate your modern network to handle the complexities of Generative AI.

From Project to Platform: What Changes After Go-Live

The shift from legacy MPLS and perimeter-based firewalls to a converged SASE architecture represents a fundamental change in your operating model. You are moving from managing boxes and circuits to managing policy and user experience.

In the legacy model, IT teams spent significant cycles “keeping the lights on”, patching firewalls, troubleshooting VPN concentrators, and negotiating bandwidth increases for specific circuits. In a modern SASE environment, specifically one delivered as a managed service, the infrastructure layer is abstracted. The focus shifts to:

  • User Experience: Instead of asking “is the link up?”, you ask “is the application performant?”
  • Data Context: Instead of blocking ports, you are inspecting content for sensitive data.
  • Policy Evolution: Instead of static firewall rules, you are managing dynamic, identity-based access policies.

This transition requires your internal teams (NetOps and SecOps) to break down silos. Because networking and security are now converged into a single software stack, troubleshooting a slow application requires understanding both the SD-WAN path selection and the Cloud Access Security Broker (CASB) policy inspection. The most successful organisations use the post-implementation phase to formally align these teams, often moving toward a unified “platform operations” approach.

The First 90 Days: Stabilising, Tuning, and Building Trust

The period immediately following migration, often called “hypercare”, is critical for user adoption. Even with a flawless technical deployment, the shift to Zero Trust Network Access (ZTNA) and full SSL inspection can introduce friction if not tuned correctly.

During these first three months, your primary goal is to balance security rigour with business continuity.

1. Tuning False Positives

Modern Security Service Edge (SSE) platforms are incredibly granular. You might find that a legitimate business workflow is flagged by a Data Loss Prevention (DLP) rule or that a specific SaaS application struggles with SSL decryption. The first 90 days should be dedicated to “allow-listing” legitimate traffic and refining risk ratings.

2. Shifting from “Monitor” to “Block”

It is common practice to deploy security policies in “monitoring mode” during migration to avoid disrupting operations. Now is the time to systematically switch these to “block” mode. This must be done in phases, perhaps by department or user group, to ensure you don’t inadvertently halt critical business processes.

3. Validating Performance Gains

You likely built your business case on the promise of improved bandwidth and lower latency. Now, you need to prove it. Use the Digital Experience Management (DEM) tools inherent in your SASE platform to show the difference in page load times and throughput compared to the old MPLS backhaul architecture.

Dashboards and KPIs That Matter

You cannot optimise what you do not measure. However, legacy metrics like “uptime” or “packet loss” barely scratch the surface of a SASE environment. To drive continuous improvement, you need new Key Performance Indicators (KPIs) that reflect the converged nature of the solution.

Operational Efficiency KPIs

  • Mean Time to Resolution (MTTR): With a single console for network and security, troubleshooting time should drop significantly. Track this to prove the operational efficiency gains.
  • Policy Change Velocity: How fast can you deploy a new security rule globally? In a legacy environment, this might take days. In SASE, it should be minutes.

User Experience KPIs

  • SaaS Application Latency: Monitor the round-trip time to critical apps like Microsoft 365 or Salesforce. This confirms the value of your local internet breakouts.
  • Device Health Score: Are older laptops causing perceived network issues? Modern agents provide visibility into endpoint health that can distinguish between a “slow network” and a “slow PC.”

Risk and Security KPIs

  • Shadow IT Visibility: Track the number of unmanaged cloud apps being discovered. A good SASE platform will decode thousands of cloud services to assign risk ratings.
  • DLP Incidents per Month: Measure how much sensitive data (credit card numbers, source code, PII) is being blocked from leaving the environment.

Managing AI Era Risks: Data Protection and Generative AI

Perhaps the most urgent reason to optimise your SASE platform post-go-live is the explosion of Generative AI (GenAI). Staff are increasingly using tools like ChatGPT, Gemini, and Claude to boost productivity, but this introduces significant risk regarding data leakage and copyright.

Legacy firewalls are often blind to the context of these interactions. They see “HTTPS traffic to OpenAI” and allow it. A modern, optimised SASE platform allows you to be far more granular.

Visibility and Control

You need to know who is using which AI tools. Is it the Marketing team using Jasper, or developers pasting code into ChatGPT? Continuous optimisation involves reviewing these usage logs weekly to spot trends.

Context-Aware Data Protection

Simply blocking AI tools often leads to “Shadow AI” where users find workarounds. A better approach is to enable the tools but restrict the data. You can configure your DLP policies to allow access to ChatGPT but block the upload of files containing “Internal Only” headers, source code, or customer data patterns. This capability, often powered by AI/ML classifiers itself, is a key differentiator of advanced SASE platforms.

How TotalNET Zero Trust Supports Continuous Optimisation

Operating a converged network and security stack requires specialised skills that many mid-sized New Zealand organisations lack in-house. This is where the operating model of Securecom TotalNET Zero Trust becomes a long-term strategic advantage.

TotalNET Zero Trust is not just a technology deployment; it is a managed service backed by an Integrated Operations Centre (IOC). This means that after the initial migration, Securecom continues to act as your single point of accountability.

The “Power of One” in Operations

TotalNET Zero Trust leverages the Netskope One Client, which converges SD-WAN, ZTNA, CASB, and DLP into a single lightweight agent. For your operations team, this means:

  • No Agent Fatigue: You aren’t stitching together a VPN client, a web filter agent, and an endpoint (EDR) agent. One client handles it all, reducing conflicts and improving device performance.
  • Unified Policy Engine: A policy change made in the central console applies everywhere, remote users, branch offices, and HQ, simultaneously.

Local Expertise

Post-go-live support is delivered by Securecom’s NZ-based team, who have direct access to Level 2/3 vendor support. This local presence is vital for continuous tuning, ensuring that your specific compliance needs (such as NZ data residency) are met and monitored.

Planning Your 12-24 Month Roadmap and ROI Check-in

As you settle into steady-state operations, you should revisit your original business case. The projected ROI of up to 113% over three years is achieved not just by cutting MPLS costs, but by retiring the legacy hardware and software that is no longer needed.

Month 6: Conduct a “Tool Rationalisation Audit.” Have you successfully decommissioned the old VPN concentrators? Are you still paying for a separate web gateway or proxy service that TotalNET Zero Trust has now replaced?

Month 12: Review your MPLS exit strategy. By now, your SD-WAN performance data should give you the confidence to sever any remaining backup MPLS links, fully realising the potential 40% reduction in WAN costs.

Month 18: Focus on advanced security features. Now that the basics are humming, look at enabling User Entity and Behaviour Analytics (UEBA) to detect insider threats or compromised accounts based on behavioural anomalies.

Next Steps for Your Team

Optimisation is a continuous process. To ensure you are getting the most out of your modern network:

  1. Agree on a 90-day hypercare plan with your partner, including weekly reviews of false positives and user feedback.
  2. Define your top 5 KPIs across user experience, risk, and operational efficiency, and build a dashboard that tracks them monthly.
  3. Schedule quarterly optimisation workshops to review new features (especially regarding AI protection) and validate that you are on track to realise your ROI targets.

A modern, borderless network is a powerful asset. By actively operating and optimising it, you turn a cost-saving project into a business enabler that supports innovation and growth in the AI era.

How do I get started with TotalNET Zero Trust?

If you would like to understand how TotalNET Zero Trust could be operated and optimised in your environment, including what a 12-month service roadmap might look like, contact us to discuss your specific context.

Contact us today to discuss how Securecom TotalNET Zero Trust delivers real business outcomes: https://www.securecom.co.nz/contact-securecom/

TotalNET Zero Trust Blog Series

Are you ready to simplify and secure your network for AI, cloud and hybrid work?

  1. Is your network holding the business back from AI, Cloud and Hybrid Work?
  2. Building the business case to modernise your network with SASE
  3. Evaluating modern network and security options without getting lost in SASE hype
  4. How to de-risk your SASE decision with one accountable NZ provider
  5. Beyond SASE Go-Live: Operating and Optimising a Modern, Secure Network in the AI Era

 

About the Author:

Larissa Kolver PMP®, AgilePM® – Head of Cyber Security, Securecom

Larissa is a seasoned cyber resilience leader who blends disciplined project governance with hands-on security engineering with over a 10-year career across financial, health and safety and technology sectors. At Securecom she heads the Security Operations function, translating continuous attack-surface insights into actionable remediation plans that executives can measure. Larissa is passionate about turning board-level risk appetite into practical cadence – replacing once-a-year checkbox tests with data-driven assurance tied to every release. Her mission is simple: help Kiwi businesses stay one step ahead of attackers while keeping compliance costs in check.

Email: larissa.kolver@securecom.co.nz

Ready to modernise secure access?

Book a TotalNET Zero Trust assessment workshop and receive a clear, ROI-driven roadmap to simplify your network and security stack.

"*" indicates required fields