Complexity is a choice. SASE migrations shouldn’t take years.

Source: Cloudflare Blog

2026‑03‑09
5 min read

For years, the cybersecurity industry has accepted a grim reality: migrating to a zero‑trust architecture is a marathon of misery. CIOs have been conditioned to expect multi‑year deployment timelines, characterized by turning screws, manual configurations, and the relentless care‑and‑feeding of legacy SASE vendors.

But at Cloudflare, we believe that kind of complexity is a choice, not a requirement. Today we are highlighting how our partners are proving that what used to take years now takes weeks. By leveraging Cloudflare One—our agile SASE platform—partners like TachTech and Adapture are showing that the path to safe AI and Zero Trust adoption is faster, more seamless, and more programmable than ever before.

Slashing timelines from 18 months to 6 weeks

The traditional migration path for legacy SASE products—specifically the deployment of Secure Web Gateway (SWG) and Zero Trust Network Access (ZTNA)—often stretches to 18 months for large organizations. For a CIO, that represents a year and a half of technical debt and persistent security gaps.

By contrast, partners like TachTech and Adapture are proving that this marathon of misery is not a technical necessity. Using a unified connectivity cloud, they have compressed these timelines from 18 months down to just six weeks.

“Cloudflare has taken the ‘wizardry’ out of zero trust,” says Kyle Jerome Thompson, a solutions architect at TachTech with 30 years of experience. “Unlike legacy solutions that require continual care and feeding, Cloudflare Access is lightweight and ‘no‑touch’ after deployment. It commoditizes security the way you think about plumbing or electricity—it just works, it’s cost‑effective, and it lets our customers get back to their real day jobs.”

Why legacy migrations stall

Legacy migrations typically fail when they are treated as a series of hardware replacements rather than a software transformation. Traditional vendors often require complex service chaining, where traffic is passed from one inspection cluster to another. This creates a “trombone effect,” adding latency and making troubleshooting nearly impossible.

When you decouple the security policy from the physical network, migration speed improves. Our partners focus on three pillars to accelerate this transition:

• Identity‑first on‑ramps – Instead of rebuilding network segments, they use existing identity‑provider (IdP) groups to define access.
• Consolidated policy engines – A single pass for both SWG and ZTNA eliminates the need to “sync” different products.
• Cloud‑native connectors – Lightweight daemons like cloudflared provide instant connectivity without opening inbound firewall ports.

Scaling at the speed of business

The story is similar at Adapture, whose mission is to improve IT performance and mitigate risk for clients. For one customer, a modest contractor‑focused footprint quickly exploded from 600 seats to a 5,000‑seat deployment of Cloudflare Access.

This rapid elasticity proved that Cloudflare’s easy‑to‑use SASE platform bypasses legacy deployment hurdles—a transition Adapture characterized as seamless.

“Organizations can’t afford an implementation that stretches across months,” says Greg O’Connor, VP of Strategic Alliances at Adapture. “Cloudflare is creating a new standard when it comes to SASE implementation, bringing our clients to the cutting edge of SASE.”

The power of an extensible edge

In global infrastructure, unique environments and highly specialized workflows are the norm. A hallmark of the Cloudflare One architecture is that it is software‑defined and extensible, allowing partners to unblock specific requirements without compromising the organization’s overall security posture.

Cloudflare One is a truly composable and programmable platform, enabling proactive partners to move beyond static GUIs and build without bounds.

For example, when Thompson at TachTech encountered a developer team using Arch Linux, they didn’t have to sacrifice visibility or create a security exception. They extended the Cloudflare One client to support that environment by:

1. Extracting the binaries from the Ubuntu .deb package.
2. Creating a custom PKGBUILD so the client could run as a native service on Arch.

This ensured consistent device‑posture checks—verifying disk encryption and firewall status—even on non‑standard developer workstations.

Beyond connectivity: the fast path to safe AI

As organizations move toward agentic workflows, O’Connor notes, “both threats and security measures are moving faster than ever.” Across the industry, the role of the SWG is evolving. It is no longer just about blocking malicious URLs; it’s about controlling the flow of data into Large Language Models (LLMs).

Cloudflare One serves as the fast path to safe AI adoption by integrating security directly into the user’s path to the Internet.

Our goal is to set our partners up for success across a wide variety of customer challenges. Rather than managing disparate security tools, our partners deploy the Cloudflare One platform to deliver secure, programmable, and scalable networking—empowering businesses to innovate at the speed of today’s digital world.

Cloudflare AI Security Suite

Cloudflare AI Security Suite provides a unified defense across the entire AI lifecycle. This native set of controls allows organizations to:

Secure your workforce as they use AI

For employees leveraging public LLMs, Cloudflare One offers a “safe harbor” that balances innovation with strict data‑governance.

• Shadow AI visibility – Instantly discover and categorize unapproved third‑party AI tools being used across your network via the Shadow AI dashboard.
• AI confidence scores – Move beyond “block‑all” policies by grading models on their compliance posture (SOC 2, ISO 42001) and data‑handling reliability before sanctioning them.
• DLP AI prompt protection – Secure intellectual property by using AI‑powered Cloudflare Data Loss Prevention (DLP) to block sensitive source code, PII, or financial data from being submitted to public training sets.

Secure your AI‑powered apps

For the AI‑powered applications your team builds and hosts, we provide a dedicated Firewall for AI to protect model integrity.

• LLM discovery – Automatically discover and label every LLM endpoint exposed to the internet, giving immediate visibility into your AI attack surface.
• Request validation – Prevent “AI‑jacking” by blocking prompt injections and malicious inputs designed to coerce your model into producing wrong or embarrassing outputs.
• Response scrubbing – Ensure your model doesn’t accidentally “hallucinate” sensitive internal data back to a customer by scrubbing responses for PII or toxic topics before they cross the wire.

Secure agentic AI

As autonomous agents become more common, MCP server portals provide a central registry and least‑privilege control over how AI interacts with corporate resources like Slack or Confluence. This returns visibility and control to IT admins, preventing data‑heist and rogue‑action scenarios.

The Cloudflare AI Security Suite acts as a secure intermediary between users and AI ecosystems, providing visibility, data protection, and governance for public, private, and agentic AI applications.

Accelerate your migration

If you are a CIO still tethered to a multi‑year migration roadmap, you are operating at a competitive disadvantage. Cloudflare One integrates your network and security into a single fabric that is fast, safe, and infinitely more programmable than legacy solutions.

Don’t let the fear of a difficult migration keep you trapped in a legacy mindset. Our partners prove every day that moving to SASE can be fast, effective—and—easy.

Connect with a Cloudflare One expert to start mapping your migration.

Why choose Cloudflare?

• Network protection – Cloudflare’s connectivity cloud safeguards entire corporate networks.
• Application development – Helps customers build Internet‑scale applications efficiently with Workers.
• Performance acceleration – Accelerates any website or Internet application.
• DDoS mitigation – Defends against large‑scale attacks.
• Application security – Keeps hackers at bay.
• Zero Trust journey – Guides you toward a Zero Trust architecture.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you’re looking for a new career direction, check out our open positions.

Tags: SASE • Cloudflare One