For most of enterprise IT history, the network was infrastructure in the truest sense — invisible when working, catastrophic when not. Architects designed it once, operations maintained it, and the business largely forgot it existed until something broke.
That era is over.
The shift to cloud computing, hybrid work, and distributed applications has fundamentally changed what the enterprise network must do. Traffic no longer flows neatly from the branch to the datacentre and back. Users access applications from anywhere, on any device. Applications run in multiple clouds, dozens of SaaS platforms, and increasingly at the edge. The perimeter that once defined the network no longer exists.
The result is that networking and telecommunications decisions that were once largely technical have become strategic. SD-WAN, SASE, private 5G, and unified communications are not product decisions — they are architectural commitments that shape how the organisation operates for years. Getting them wrong is expensive. Getting them right is a competitive advantage.
What Enterprise Networking Actually Covers
Enterprise networking is the set of technologies and disciplines that enable communication between users, devices, applications, and systems — within the organisation and with the outside world.
It spans five major sub-domains. Wide Area Networking connects geographically distributed locations. Local Area Networking connects devices within a site. Network security controls what traffic is permitted and where it can flow. Unified Communications delivers voice, video, and collaboration over the network. And telecommunications manages the carrier relationships and connectivity services that underpin everything.
Each of these has undergone significant transformation in the past five years, driven by cloud adoption, the shift to hybrid work, the rise of zero trust security architecture, and the availability of software-defined management planes that have fundamentally changed how networks are operated.
Why the Network Is the New Security Perimeter
The most important shift in enterprise networking over the past decade is architectural. The traditional model assumed a trusted interior and an untrusted exterior — firewalls at the edge, implicit trust for anything inside. Cloud adoption and hybrid work destroyed that model.
When users work from home, coffee shops, and client sites — and applications run in AWS, Salesforce, Microsoft 365, and a dozen other clouds — there is no meaningful interior. Every connection is, in some sense, crossing a boundary. Treating the network as a security perimeter in the traditional sense is not just insufficient; it actively creates risk by granting implicit trust to connections that have no business being trusted.
Zero trust network architecture — trust no connection by default, verify every request based on identity, device health, and context — is the response to this reality. It is not a product; it is a design principle that shapes how every element of the network is configured and operated.
SASE (Secure Access Service Edge) is the primary architectural framework that operationalises zero trust for enterprise networking. It converges networking and security into a single cloud-delivered service, eliminating the hairpinning of traffic through datacentre-based security stacks that characterised the legacy architecture.
The Sub-Domains That Matter Most
SD-WAN
Software-Defined Wide Area Networking separates the network's control plane from its data plane, enabling centralised management of distributed network infrastructure. In practical terms, it allows IT teams to define routing policies, quality-of-service rules, and failover behaviour through software rather than by manually configuring individual devices at each site.
The business case for SD-WAN is compelling: lower WAN costs through the use of internet broadband alongside or instead of expensive MPLS circuits, improved application performance through intelligent path selection, and dramatically simplified operations through centralised visibility and management.
The strategic question for most enterprises is not whether to adopt SD-WAN but which approach to take. Standalone SD-WAN from vendors like Cisco Meraki, VMware SD-WAN (Broadcom), or Fortinet delivers the networking benefits. Managed SD-WAN from carriers like AT&T, Verizon, or BT offloads the operational complexity. And SASE-integrated SD-WAN from vendors like Palo Alto Prisma SD-WAN, Zscaler, or Cato Networks delivers both networking and security as a unified cloud service.
SASE
SASE (pronounced "sassy," coined by Gartner in 2019) converges WAN capabilities — primarily SD-WAN — with a comprehensive set of network security capabilities delivered as a cloud service. The security stack includes Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS).
The architectural benefit is significant: rather than backhauling traffic from branch offices through a central datacentre for security inspection, SASE applies security at the edge of the cloud — wherever the user or device is located. This eliminates latency, reduces complexity, and enforces consistent policy regardless of where the user connects from.
Gartner identifies two components of SASE: Single-Vendor SASE, where one vendor delivers the full stack, and SSE (Security Service Edge), which is the security-only component without the SD-WAN element. Organisations with existing SD-WAN investments often adopt SSE from a security specialist like Zscaler or Netskope before converging on a full SASE architecture.
Enterprise Wireless
Wi-Fi 6 (802.11ax) and Wi-Fi 6E have become the baseline for enterprise wireless deployments, delivering higher throughput, better performance in dense environments, and improved power efficiency for IoT devices. Wi-Fi 7 (802.11be) is beginning to appear in enterprise deployments, with multi-link operation and 4K QAM delivering significant performance improvements for latency-sensitive applications.
The rise of cloud-managed wireless — Cisco Meraki, Aruba Central, Juniper Mist (AI-driven) — has transformed wireless operations. AI-driven networking, pioneered by Juniper Mist, uses machine learning to identify and resolve wireless issues proactively, reducing Mean Time to Resolution (MTTR) significantly.
Unified Communications and UCaaS
Unified Communications as a Service (UCaaS) has displaced on-premises PBX as the default for enterprise voice and collaboration. Microsoft Teams, Cisco Webex, and Zoom have captured the majority of the UCaaS market, with the pandemic accelerating a transformation that was already underway.
The strategic complexity in UCaaS is integration — ensuring that voice quality meets business requirements across the full range of connectivity scenarios, that the platform integrates with existing business applications, and that the organisation has a credible plan for the remaining on-premises telephony infrastructure.
Private 5G
Private 5G networks — dedicated cellular infrastructure deployed within enterprise environments — are moving from early adopter to early majority in specific industry verticals. Manufacturing, logistics, ports, airports, and large campus environments are deploying private 5G for use cases that require the combination of high bandwidth, ultra-low latency, and coverage in environments where Wi-Fi struggles: large warehouses, outdoor areas, and high-interference industrial settings.
The vendor landscape includes traditional RAN vendors (Ericsson, Nokia), hyperscalers (AWS Private 5G, Azure Private Multi-Access Edge Compute), and specialist providers (Celona, Druid Software). The business case is strongest for organisations with specific latency requirements — robotics, autonomous guided vehicles, real-time quality inspection — rather than as a general Wi-Fi replacement.
The Gartner Magic Quadrant Landscape
SD-WAN Magic Quadrant
The SD-WAN market has consolidated significantly. Gartner's Magic Quadrant for SD-WAN identifies the Leaders as Cisco (with Meraki and Catalyst SD-WAN), Fortinet (FortiSASE), and VMware SD-WAN (now Broadcom). Palo Alto Networks, Cato Networks, and Versa Networks occupy strong Challenger and Visionary positions.
The most significant trend in the MQ is the convergence of SD-WAN with security — every major SD-WAN vendor is building or acquiring security capabilities, while security vendors are adding SD-WAN to their SASE platforms. The standalone SD-WAN market is effectively being absorbed into the broader SASE market.
SSE / SASE Magic Quadrant
Gartner's Magic Quadrant for Security Service Edge identifies Zscaler, Netskope, and Palo Alto Networks as consistent Leaders. Microsoft has entered the SSE market with its Entra Internet Access offering, leveraging its identity platform as a differentiator. Cato Networks is a notable Visionary — the only vendor to have built both SD-WAN and SSE natively on a single platform from the ground up.
Vendor Comparison — Enterprise Networking
| Dimension | Cisco | Palo Alto | Zscaler | Cato Networks | Fortinet | VMware (Broadcom) |
|---|---|---|---|---|---|---|
| Category | SD-WAN + Security | SASE (Prisma) | SSE / SASE | Single-vendor SASE | SD-WAN + FortiSASE | SD-WAN |
| MQ Position | Leader | Leader | Leader | Visionary | Challenger | Leader |
| SD-WAN | ★★★★★ | ★★★★☆ | ★★★☆☆ | ★★★★☆ | ★★★★☆ | ★★★★★ |
| ZTNA | ★★★★☆ | ★★★★★ | ★★★★★ | ★★★★☆ | ★★★★☆ | ★★★☆☆ |
| SWG / CASB | ★★★★☆ | ★★★★★ | ★★★★★ | ★★★★☆ | ★★★☆☆ | ★★★☆☆ |
| Single-platform | ★★★☆☆ | ★★★★☆ | ★★★☆☆ | ★★★★★ | ★★★★☆ | ★★★☆☆ |
| Ease of deployment | ★★★☆☆ | ★★★☆☆ | ★★★★☆ | ★★★★★ | ★★★★☆ | ★★★☆☆ |
| Enterprise scale | ★★★★★ | ★★★★★ | ★★★★★ | ★★★☆☆ | ★★★★☆ | ★★★★★ |
| Pricing model | Complex | Premium | Premium | Flat / simple | Competitive | Licensing complex |
| Best for | Large enterprise, existing Cisco | Security-first SASE | Cloud-first, ZTA priority | Midmarket, simplicity | Cost-conscious, existing Fortinet | Existing VMware/SD-WAN base |
The UCaaS Comparison
| Dimension | Microsoft Teams | Cisco Webex | Zoom | RingCentral |
|---|---|---|---|---|
| Market position | Dominant | Enterprise niche | SMB to enterprise | UCaaS specialist |
| Voice quality | ★★★★☆ | ★★★★★ | ★★★★☆ | ★★★★☆ |
| Video | ★★★★☆ | ★★★★★ | ★★★★★ | ★★★☆☆ |
| M365 integration | ★★★★★ | ★★★☆☆ | ★★★☆☆ | ★★★☆☆ |
| Contact centre | ★★★☆☆ | ★★★★★ | ★★★★☆ | ★★★★☆ |
| AI features | Copilot — strong | AI Assistant | AI Companion | RingSense AI |
| Best for | Microsoft-centric orgs | Security-conscious, voice-heavy | Video-first, simpler setup | Telco-replacement UCaaS |
What the MQ Doesn't Tell You
The convergence of networking and security is the most important strategic context. Organisations that purchase SD-WAN and security separately — from different vendors, on different roadmaps — are creating integration complexity that erodes both the performance and security benefits they were trying to achieve.
Choose Cisco if: You have significant existing Cisco infrastructure and want to leverage existing investments. Cisco's breadth — from campus switching to SD-WAN to security — makes it the lowest-disruption choice for large enterprises already in the Cisco ecosystem. The complexity is real, but so is the ecosystem depth.
Choose Palo Alto Prisma if: Security is your primary driver and you are willing to pay a premium for the most capable security stack in the market. Palo Alto's SASE platform is technically strong but architecturally more complex than single-platform alternatives.
Choose Zscaler if: You are cloud-first, have already committed to zero trust architecture, and your primary use case is secure internet and SaaS access for a distributed workforce. Zscaler's ZIA (Internet Access) and ZPA (Private Access) products are best-in-class for their specific use cases.
Choose Cato Networks if: You are a mid-to-large enterprise looking for a genuinely unified SASE platform — one vendor, one platform, one console. Cato built SD-WAN and SSE on the same platform from day one, which is genuinely differentiated. The trade-off is less ecosystem depth than Cisco or Palo Alto.
Choose Fortinet if: Cost is a significant factor and you have existing Fortinet security infrastructure. FortiSASE delivers a credible integrated stack at a lower price point than the pure-play SASE vendors.
The Honest Assessment
The enterprise networking market is in a period of architectural transition that most organisations are navigating poorly. The dominant failure mode is incremental — adding SASE capabilities on top of existing network architecture rather than rethinking the architecture from first principles.
The organisations that get this right treat the transition to SASE as an architectural programme, not a product procurement. They define their zero trust policy before selecting technology. They rationalise their vendor landscape rather than adding to it. And they measure network outcomes — application performance, security incidents, operational costs — rather than technology specifications.
The private 5G opportunity is real but narrow. For most enterprises, the ROI is not there yet. For manufacturing, logistics, and large campus environments with specific latency or coverage requirements, it is worth a serious evaluation.
UCaaS consolidation around Microsoft Teams is real and accelerating, driven by the M365 licensing bundling that makes Teams effectively free for organisations already paying for Microsoft 365. The question for most enterprises is not whether to adopt Teams but how to manage the telephony transition and what to do with the contact centre.
What to Do Next
Three questions for IT leaders reviewing their networking strategy:
1. Are you still backhauling cloud and SaaS traffic through a datacentre security stack? If yes, this is your biggest latency and cost problem. SASE evaluation should begin immediately.
2. How many networking vendors do you currently have, and what is the integration overhead? Vendor rationalisation — converging toward fewer, more integrated platforms — is typically worth more than any individual product upgrade.
3. Does your network team have the skills to operate a software-defined, cloud-managed network? The skills required to operate SD-WAN and SASE are meaningfully different from those required to operate traditional MPLS and campus networking. Training investment is not optional.
The next post in this category covers IT Operations and Observability — how enterprises monitor, manage, and maintain the infrastructure this post describes.
