Traffic patterns are shifting, agent deployments are multiplying, and cloud environments keep expanding. The point tools enterprises use to manage each layer are not keeping pace. Versa Networks is addressing those challenges with three coordinated updates to its VersaONE Universal SASE Platform. The first is a Cloud Security Posture Management (CSPM) capability that brings cloud risk visibility into the same view as access security. The second is a significant update of its Concerto orchestration platform. The third is an AI agent trust and verification framework due later this month.

New research backs the strategic rationale. Versa’s inaugural State of SASE + AI Report, a survey of 525 senior IT and security decision-makers at U.S. enterprises, found that 35% of organizations suffered a breach in the past year tied to coordination gaps between networking and security teams. Nearly three quarters (73%) say technical integration complexity has delayed or derailed a critical project. Some 99% have named convergence a strategic priority, yet only 30% have done it.

“AI and digital sovereignty are fundamentally changing what customers have to do and what needs to happen,” Kelly Ahuja, CEO of Versa Networks, told Network World.

What the research found

Versa’s report covers organizations across financial services, retail, energy, manufacturing, healthcare, technology and government. Key findings:

• 35% reported a security breach in the past year linked to coordination gaps between networking and security teams
• 53% report higher operational costs from managing redundant tools
• 73% say technical integration complexity has delayed or derailed a critical project
• 99% have named convergence a strategic priority, but only 30% have implemented shared ownership of SASE strategy
• 95% say AI is forcing networking and security teams to collaborate more closely
• 58% cite strengthening security posture as the top driver for convergence, compared to 19% who cited lowering total cost of ownership

Organizations running 50 or more vendors are nearly twice as likely to report delayed application rollouts as those with leaner stacks (61% vs. 34%) and more likely to report inconsistent policy enforcement (57% vs. 40%). The report also surfaces a shadow AI problem. More than 80% of organizations say AI is in use somewhere in their environment, yet fewer than 20% said they knew what it was being used for.

Improving orchestration with Concerto update

The complexity findings in the research point directly at an orchestration problem, and it is one Versa says it has been spending significant engineering resources to solve. “This is where we’ve been spending a lot of engineering cycles on the management and simplifying the complexity, because what we heard from most users is, ‘hey, I’ve got different islands of policy,'” Ahuja said. Concerto 13.1.1 is the response. The release redesigns the SD-WAN configuration experience and unifies security and authentication profiles across SD-WAN and SSE, collapsing those islands into a single construct.

“When you set a policy for a user, whether it’s a site or a cloud, it doesn’t matter where the user is, you actually do it once, and you do it in a consistent way,” he said. The release also adds hierarchical policy templates, letting organizations define a master policy and extend subsets to different user groups and departments without rebuilding from scratch. The target is enterprise-grade SD-WAN without the staffing overhead that has traditionally come with it. “Getting that scale, supporting that scale, but also simplifying how they kind of configure it is absolutely crucial,” Ahuja said.

Orchestration is critical because as enterprises adopt more cloud services and remote work, the number of policies multiplies. Traditional approaches require separate policies for each location, user group, and application. Concerto’s unified approach reduces the administrative burden and ensures consistent enforcement. This is especially important in regulated industries where compliance requires audit trails and centralized control. The hierarchical templates also allow local customization without breaking the overall security posture.

Closing the two-portal problem: CSPM joins VersaONE

Policy configuration is one layer of fragmentation. Cloud risk visibility is another. Cloud Security Posture Management (CSPM) continuously monitors cloud infrastructure for misconfigurations, compliance gaps and security risks. Google’s $32 billion acquisition of Wiz earlier this year underscored how contested that space has become. Versa says its CSPM plans predate the deal. “We were listening to customers, looking at what they’re doing, as opposed to seeing what else is out there in the market,” Ahuja said. “It was already on our plans. We were just kind of working our way through it.”

Most enterprises run ZTNA or a secure internet gateway for user and device posture and a separate CSPM tool for cloud configuration risk, managed by separate teams with no shared context. Versa is adding CSPM directly to VersaONE, extending access security into continuous cloud risk visibility across AWS, Azure, GCP and OCI, with telemetry feeding into Concerto alongside access risk data. “While the industry has been talking about unifying risk intelligence for years, everyone still kind of relies on two different portals, one for doing your ZTNA or secure internet, and then second for cloud,” Ahuja said. “And there’s no way to really kind of share that context and really kind of pull it together. This is what we’re actually solving for.”

The CSPM module includes automated checks for common misconfigurations such as open storage buckets, overly permissive IAM roles, and unencrypted data. It also maps to compliance frameworks like SOC 2, PCI DSS, and HIPAA. By integrating this with the same console used for network and endpoint security, security teams can prioritize risks based on the overall context—for example, a cloud misconfiguration that also exposes a critical application used by remote users would be flagged as higher priority than an isolated risk. This unified risk view reduces the time to detect and remediate issues, which is essential in modern DevOps pipelines where infrastructure changes occur rapidly.

The timing of Versa’s CSPM launch is notable. Many vendors offer separate CSPM tools, but few have integrated them deeply with SASE platforms. Versa’s approach means that the same orchestration engine that manages branch office connectivity and zero-trust access can also enforce cloud security policies. This aligns with the growing trend of “converged security” where the line between network security and cloud security blurs. Enterprises that have separate teams for these domains often suffer from communication gaps and inconsistent policies. By providing a single pane of glass, Versa helps break down those silos.

AI agents are the next enforcement problem

CSPM extends the platform’s visibility into cloud infrastructure. The next challenge is what happens when AI agents start changing that infrastructure. “One single user prompt can actually trigger many agents coming up, and then they can actually start to make changes inside your environment to policies and configuration, and many of them are invisible to the operator,” Ahuja said. Versa’s response, due around May 21, is a trust and verification framework that applies policy-based access controls to agents the same way they apply to users and devices, functioning as a verification gateway inside the management and orchestration layer. Putting a human in the review path is not a viable answer at this scale.

“Putting a human in the loop will only slow things down, because all of a sudden, you’ve got lots of things that you’re trying to do, but somebody has to observe them and do them,” Ahuja said. For the framework itself, Versa is drawing on what it has already built for user and device access. “We’re looking at all the things that have been done for user and device, sort of secure access from those and seeing which one of those can be applied to agentic stuff as well,” Ahuja said.

AI agents are proliferating across enterprises—from automated incident response bots to code-generating assistants that can modify infrastructure. Without proper controls, these agents can introduce configuration drift, expose sensitive data, or create backdoors. Versa’s framework aims to treat each agent as a “digital identity” with its own set of permissions, similar to how a human user would have role-based access. The agent would need to authenticate and receive authorization for each action it performs, and all actions would be logged and auditable. This is particularly important for compliance, as regulators increasingly require visibility into automated processes.

The agent trust framework aligns with the broader industry push toward “AI governance.” Many organizations are scrambling to understand exactly where AI is used in their environments—the survey showed over 80% have AI in use but fewer than 20% know what it does. By applying security controls to agents, Versa helps close that visibility gap. The framework will likely integrate with the existing policy engine in Concerto, allowing admins to define rules like “AI agents can only modify resources in the staging environment” or “Code generation agents must not have access to production databases.”

Versa’s coordinated updates reflect a recognition that security fragmentation is one of the biggest obstacles to digital transformation. Enterprises are tired of managing dozens of tools that don’t talk to each other. The SASE model promises convergence, but many vendors deliver it in name only—separate modules for SD-WAN, SWG, CASB, and ZTNA that still require separate management. Versa aims to differentiate by truly unifying the management plane with Concerto and by extending that unification to cloud security and AI agents.

The company’s research underscores the urgency: 35% of organizations suffered a breach due to coordination gaps, and 73% say integration complexity has delayed projects. These pain points are likely to drive adoption of integrated platforms. Meanwhile, the rise of AI agents introduces a new dimension of risk that traditional security tools are not equipped to handle. Versa’s early move to secure agentic AI could give it a first-mover advantage in a rapidly emerging category.

Versa’s announcements come at a time when the SASE market is maturing. Established players like Palo Alto Networks and Cisco are also pushing convergence, while cloud-native startups like Netskope and Zscaler offer strong cloud security. Versa’s bet is that its orchestration-centric approach—combined with CSPM and AI agent controls—will resonate with enterprises that value unified management. The company’s survey data suggests that while 99% of organizations see convergence as a priority, only 30% have achieved it, leaving a large addressable market.

Ultimately, the effectiveness of these updates will depend on execution. CSPM built into a SASE platform is only valuable if it provides deep coverage across major cloud providers and integrates seamlessly with existing workflows. The Concerto update must genuinely reduce administrative overhead, not just add more options. And the AI agent framework needs to be flexible enough to handle the diversity of agents emerging in the enterprise—from simple scripts to sophisticated multi-agent systems. Versa’s track record in SD-WAN and security suggests it has the engineering depth to deliver, but the competitive landscape is fierce.

In the coming weeks, as the AI agent trust framework launches and customers begin testing CSPM, the industry will get a clearer picture of whether Versa’s unified vision can help enterprises finally escape the fragmentation trap. For now, the company has laid out a coherent roadmap that addresses the three biggest pain points in modern enterprise security: inconsistent policy management, siloed cloud visibility, and the ungoverned proliferation of AI agents.

Source: Network World News