Hybrid cloud isn’t just a transitional phase – it’s the reality for most businesses. While the promise of cloud-native infrastructure is appealing, the complexity of legacy systems, on-prem dependencies and non-cloud-native workloads means hybrid cloud infrastructure is often the most feasible and flexible option. However, it doesn’t come without its challenges.

So, what does your business need to know to future-proof your hybrid cloud infrastructure? How can the complexities of a hybrid technology stack be navigated with the help of a trusted data partner?

Hybrid cloud isn’t going anywhere (and why that’s okay)

Most businesses aren’t ready (or suited) for full cloud-native infrastructure. This is why the flexibility of hybrid cloud infrastructure, especially for workloads that perform better outside of cloud-native environments, can be especially beneficial.

Beyond flexibility, some of the compelling reasons to retain hybrid setups include:

• Feasibility of full migration
• Performance of certain workloads
• Configurability of services.

In essence, hybrid isn’t a compromise; it can be a strategic advantage. Many businesses find that hybrid infrastructure gives them the best of both worlds: the scalability of cloud with the control and compliance of on-prem. When done intentionally, hybrid can reduce costs and improve efficiency.

Addressing the “lift and shift trap” & hidden complexity

Despite the promise of hybrid cloud infrastructure, the “lift and shift” concept and other hidden complexities should not be ignored. Amidst the rush to move on-prem workloads to the cloud without rearchitecting them, “lift and shift” often replicates inefficiencies, leading to higher infrastructure costs without the expected savings in maintenance or total cost of ownership (TCO).

Instead of reducing costs, businesses may find themselves paying premiums for cloud infrastructure while still managing the same maintenance overhead. Without a strategic approach, cloud migration can become a costly exercise in replication.

Furthermore, maintaining a hybrid stack introduces networking and security challenges. Data must pass through multiple domains, increasing latency, management overhead and the risk of data loss. Hybrid environments also often require more complex connectivity and governance, which can strain IT resources and reduce security posture.

Making hybrid cloud infrastructure work for innovation & transformation

Intentionality is key in the realm of innovation and transformation within hybrid cloud infrastructure. Hybrid may be here to stay, but it should be a strategic and practical choice for businesses, not a default. Businesses must assess which workloads belong where, understand the trade-offs and build a roadmap that balances performance, cost and security. With the right strategy, hybrid can deliver the flexibility, performance and cost-efficiency needed to support innovation and transformation.

The CACI Approach

With deep expertise across on-prem, cloud-hosted and cloud-native environments, CACI brings clarity to complexity, helping clients navigate and make intentional decisions about their hybrid cloud infrastructure. From rearchitecting legacy workloads and systems to optimising cloud-native deployments and scaling new digital services, we work with businesses to build hybrid strategies that unlock innovation, reduce TCO and accelerate transformation.

Whether you’re modernising infrastructure, improving security posture or enabling new digital services, CACI ensures your hybrid environment is not just functional and maintained, but optimised for the future.

With the right partner, hybrid doesn’t have to be complex – it can be your competitive edge. Contact us today to find out more.

Introduction

I’m Georgina Koranchie, a Consultant 1 working in the Data Team within the Property department at CACI. I joined the company in 2023 as a Data Technician Apprentice, and it’s been an incredible journey of growth and learning. This year, I’m proud to be co-organising CACI’s Black History Month celebrations, reflecting on a theme that holds deep personal meaning for me. 

Black History Month is a time to honour the strength, resilience and brilliance of Black people past and present, and to recognise the power of our stories in shaping a better, more inclusive future. This year’s theme, Standing Firm in Power and Pride, reminds me of how each of us contributes to that legacy in our own unique way. 

Roots & inspiration

For me, that pride begins with my roots.  

My mother has always been my greatest inspiration. She came to the UK in the early ‘90s hoping to create a better life, leaving behind her family, everything familiar and putting herself through education as a mature student, all while raising my siblings and me. I watched her build and embrace a community around her, encouraging and uplifting those who shared similar journeys and finding strength in unity. That sense of community has shaped who I am today, both personally and professionally. 

I see that same spirit reflected in women like Kimberly Bryant, founder of Black Girls Code, who created a platform to empower young Black girls in tech and bridge the diversity gap in STEM. Her work represents the very essence of standing firm in pride: using her success to create access and opportunity for others. Her story resonates with my own aspirations: to one day create opportunities and open doors for others like me, helping them navigate and thrive in the corporate tech world. 

Likewise, Martin Luther King Jr. has long been a source of inspiration for me. His dream was not only about racial equality, but also about unity, justice and collective empowerment— principles that continue to shape the world we live and work in today. His courage to speak truth to power reminds me that using our voices matters, even in everyday moments. Standing firm, for me, means doing exactly that: holding space for myself and others in a world where representation still matters deeply. 

My career journey

My career path hasn’t been traditional. I didn’t study computer science at university, and I entered the tech world later than some might expect, but that has become one of my proudest strengths. It means I can relate to others who take non-linear paths and show that there is power in forging your own way. 

Moments of pride for me aren’t just promotions or milestones, they’re the everyday choices to speak up, take on challenges outside my comfort zone and mentor others. 

I still remember the first time I attended a networking event for Black professionals in tech. Walking into that room and seeing hundreds of people from various backgrounds supporting, mentoring and encouraging one another was transformative. I realised that when we come together — united and visible — we don’t just change perceptions, we create new possibilities. 

That moment also changed how I saw myself in corporate spaces. I stopped questioning whether I belonged and started seeing every room as an opportunity — to contribute, to represent and to pave the way for those who would come after me. 

Community & advocacy at work

At CACI, I’ve made it a point to connect with other Black colleagues and minority professionals I’ve met along the way. Together, some of us have created an informal network to check in, encourage and share our experiences. It’s a small act, but it has a big impact — reminding us that we are not alone. That shared sense of community mirrors what I learned from my mother: that strength multiplies when it’s shared. 

Advocating for myself and others has become central to how I navigate my career. Representation and authenticity go hand in hand, and leadership — real leadership — means helping others feel confident enough to bring their full selves to the table. It’s not just about speaking up, but showing up in a way that inspires and empowers. 

For me, diversity isn’t just about representation. It’s about recognising the richness in our differences. As Black people, we are not all the same. My experience as a young Black woman from South West London will differ greatly from that of a middle-aged Black man from Europe. Creating true diversity means valuing voices from all walks of life, each carrying a different story, a different wisdom and a unique understanding of pride and power. 

When we make space for these perspectives, we open ourselves to deeper understanding, empathy and innovation. Every authentic voice contributes to the strength and resilience of our communities and workplaces. 

What keeps me grounded is knowing that visibility matters. Every time we show up authentically, we challenge old narratives and create space for others to do the same. That’s what drives me — seeing others realise their own strength and knowing that we rise higher together. 

A message to others

To younger Black professionals entering the corporate world: your journey is your power. Every experience — whether smooth or challenging — adds to your strength. Seek out community, embrace your individuality and never underestimate the value of your perspective. 

To allies and leaders: continue to create spaces that don’t just include diverse voices but also listen, learn, and act on what you hear. Black History Month reminds us to reflect, reconnect and celebrate diverse voices — not just this month, but every day. 

Standing firm in power and pride means honouring those who paved the way, standing tall in our truth and ensuring that the next generation can do the same with even greater confidence. 

Cloud computing continues to be the engine of digital transformation for organisations across the UK. It enables agility, scalability and innovation, but it also introduces new risks. As cloud adoption accelerates, many IT leaders are discovering that overlooking security and compliance early in the journey can have serious consequences. 

For IT Directors, Digital Transformation Leads, Heads of Innovation and CTOs, embedding security and compliance from the outset is no longer a technical preference – it’s a strategic necessity. 

Cloud security & compliance: More than just technical checkboxes

Security and compliance are often treated as items to be ticked off once workloads are live, but this reactive approach can leave organisations exposed. From GDPR violations to data breaches and operational downtime, the risks of neglecting these areas are significant. 

Regulatory frameworks are becoming more complex and digital sovereignty is increasingly under scrutiny. If sensitive data is stored in the wrong region or accessed without proper controls, the fallout can be severe – both financially and reputationally. Security and compliance must be considered as foundational elements of cloud architecture, not optional extras. 

How cloud security & compliance gets overlooked in the rush to innovate

In many cases, cloud security failures aren’t the result of negligence – they’re the by-product of speed. Teams move quickly to deploy new services, often bypassing governance in favour of agility. This can lead to misconfigured resources, overly permissive access controls and a lack of visibility into where data resides and who can access it. 

Shadow IT is another common issue. When departments provision their own cloud tools without central oversight, it becomes difficult to enforce consistent security policies. Over time, this decentralised approach creates a fragmented environment that’s hard to monitor and even harder to secure. 

Architecting for security from the start

A secure cloud environment begins with a well-defined architecture. At CACI, we use frameworks like AWS’s Well-Architected and Microsoft’s Cloud Adoption Framework to guide organisations in building resilient, compliant cloud foundations. These frameworks are informed by thousands of real-world deployments and help define what “good” looks like in cloud security. 

Whether migrating legacy workloads, building cloud-native applications or operating in a hybrid model, the architecture must reflect the unique risks and requirements of each scenario. Security isn’t one-size-fits-all: it must be tailored to the workload, the data and the business context. 

Shift left: Embedding security into the development lifecycle

One of the most effective ways to reduce risk is to integrate security early in the development process – a practice known as “shifting left.” By embedding security into CI/CD pipelines, teams can identify vulnerabilities before workloads reach production, reducing rework and accelerating delivery. 

This proactive approach ensures that workloads are secure by design, not just secure by default. It also fosters a culture of shared responsibility, where developers, architects and security teams collaborate from the beginning rather than retrofitting controls later.

Defence in depth & limiting blast radius

Modern cloud threats require layered protection. Defence in depth introduces multiple safeguards across the environment, so if one control fails, others remain intact. This approach is particularly important in multi-cloud or hybrid environments, where complexity can increase exposure. 

Equally critical is the concept of limiting blast radius, which ensures that if one asset is compromised, it doesn’t jeopardise the entire environment. Segmenting workloads, applying fine-grained access controls and enforcing least privilege principles all help contain threats and reduce lateral movement. 

Even small missteps like sharing credentials or resetting machines without proper controls can introduce vulnerabilities. Architectural discipline is key to maintaining a secure posture. 

Landing Zone Accelerators: Secure foundations at speed

For organisations looking to move quickly without compromising security, Landing Zone Accelerators (LZAs) offer a fast-track to secure cloud environments. These pre-configured environments provide guardrails, segmentation and automated policy enforcement from day one. 

Rather than granting broad permissions to “just get things working,” LZAs encourage incremental, secure buildouts that maintain architectural integrity. They help teams avoid the temptation to open everything up and instead focus on building with security embedded throughout. 

Cloud security & compliance are continuous disciplines

Security and compliance aren’t one-time tasks – they’re ongoing disciplines. Cloud environments are dynamic, with new workloads, users and integrations added regularly. Each change introduces potential risk, which is why continuous monitoring, automated patching and regular reviews are essential. 

Tools like AWS Security Hub, GuardDuty and Inspector can help maintain visibility and enforce policies across the workload lifecycle. However, tools alone aren’t enough.

Organisations need a strategy that combines automation with governance and cultural alignment.

The CACI approach: Secure by design, resilient by default

At CACI, we help organisations build secure, scalable cloud environments that support long-term growth. Our approach is grounded in architectural best practices, automation and real-world experience. We start by understanding your current environment, identifying risks and designing frameworks that embed security and compliance from the outset. 

We don’t just implement tools; we build strategies. From governance frameworks to workload segmentation and continuous optimisation, we provide the support needed to stay secure, compliant and resilient in a fast-moving digital landscape. 

Want to explore how your organisation can build a secure cloud foundation that enables innovation? 
Speak to our cloud architecture specialists today. 

In the first blog of this two-part series, we explored the business impact of network automation and how to build a compelling case for investment. In this follow-up, we focus on practical strategies to keep the C‑suite engaged and the common mistakes to avoid when shaping your automation roadmap.

How to keep C-Suite interested

Long-term network automation strategies will only be successful if the C-suite has consistent buy-in on its implementation and maintenance. This can be achieved through:   

• Providing progress updates: Sharing network automation progress updates with C-suite staff will help quantify its impact on the business and keep momentum high in terms of maintaining it. 
• Highlighting ROI for the business: Cost reductions, increased capacity or resources and overall performance are all high interest to C-suite staff. Ensuring the C-suite is aware of how network automation affects these will be critical. 
• Demonstrating alignment with the business’ strategic goals: Highlighting the ways in which network automation consistently aligns with the business’ strategic goals will help C-suite staff visualise the long-term business outcomes. 
• Adapting to changes: C-suite members’ business priorities are likely to change over time. Remaining flexible and willing to re-align to changing priorities as needed will ensure long-term success of network automation within the business.
• Adhering to Environmental, Social and Governance (ESG) priorities: Despite the technical nature of network automation, there has been increased emphasis for C-suite members to encourage wider organisations to drive energy efficiencies, leverage sustainable hardware, optimise access and align to governance standards.  
• Futureproofing via AI: For C-suite members, AI is more than just embracing technology and maintaining a competitive advantage. AI-readiness means meeting customers’ evolving expectations, navigating operational complexities with ease and automating at scale. 

It is often the case where organisations’ focus on network automation, while well-intended, results in them biting off more than they can chew rather than breaking down more tactical, low-hanging fruit. Despite this having an immediate impact, it can be less visible to senior executives. In general, network automation should be applied to try and achieve two key areas for immediate impact:  

1. Improve the consistency of network deployment  
2. Reduce noise within network operations.  

6 common mistakes to avoid when developing a network automation strategy

Some of the common mistakes we see that diverge these two key aims include:

Trying to do too much too soon 

The key with any automation in winning over detractors is incremental consistency over widespread adoption. We often find that small, tactical, lower-level automations with well-scoped outcomes for low-hanging fruit can exceptionally impact the overall consistency of deployment for this element and kickstart the incremental flywheel of trust. This is due to lower-level engineers and operations staff seeing the immediate benefit of automation and beginning to organically adopt these approaches within other higher-value, business-impacting tasks. 

Successfully adopted and maintained automation efforts nearly always look like bottom-up, grassroots endeavours, where buy-in through adoption and proven time efficiency or consistency outcomes have been recognised by low-level engineering resources closest to the network who can advocate for the approach to other peers on their level to the wider organisation. Quantifiable results which prove IT’s ability to deliver are key in achieving grassroots adoption which flows up the organisational hierarchy, rather than trying to mandate this as a top-down approach. Human psychology is as big a factor in network automation’s success in an organisation as technical prowess, given the personal friction many engineers will have to automation as something which could affect their personal wellbeing or circumstances.  

Focusing on the wrong use cases (selection bias)

Use cases which resonate with the business context faced by your organisation are pivotal in creating network automations that are immediately impactful and reap actual business rewards. Executive-led automation efforts can focus too intently on senior IT leaders’ specific issues that may be perceived as higher-affecting but are often more niche and low-scale than more commodity – but wider-scale – issues as seen by engineering and deployment resources.   

Network automation should focus on the daily toil rather than the aspirational state. For example, more dividend will be yielded by automating a firewall rule request process which several of your engineers unknowingly gatekeep as a bottleneck to your application development and implementation projects than would be from, for example, automating network configuration backups, which will likely already be catered for by a disaster recovery process, no matter how human-intensive that may be.   

Tool-led strategy adoption

Network automation is a complex area of abstractions and principles built atop chains of other abstractions or fundamentals. For this reason, it can be tempting to lean on the lowest common denominator within the field – often the “lingua franca” of the tooling and framework buzzwords such as Terraform, Ansible, IaC, YAML, YANG and so on.   

While countless types and competing network automation tools exist, this doesn’t always mean they’re developed for or relevant to your business’ specific issues. It’s also worth being mindful of “resume-driven development” here– while the “new shiny” might look great to your engineering and architecture teams, it doesn’t always mean it’s best for your business context, budget or other regulatory constraints.   

Automation in isolation of process review and improvement

There’s a reason “garbage in, garbage out” is a phrase– automating the garbage to go faster doesn’t get rid of its existence. Automation often lives in the space between process and technology, so improvements in one can feedback into the other. Automation tends to inform improvements to existing business processes through its installation than for static business processes that were perfect all along.   

The mere act of undergoing an automation journey can also be an exponential value-add when focusing on and improving business processes which would otherwise not have been explored. This ensures a double win from both optimising the business process itself and enables an extended reach of that into the network and IT plane, speeding up the process and improving its efficiency. This virtuous flywheel can often become a force-multiplier that tremendously benefits the organisation for relatively little upfront effort. 

Targeting only one component within Environmental, Social and Governance (ESG) priorities

Environmental, Social and Governance (ESG) priorities are meant to be holistic rather than siloed, and network automation can address each component if carefully designed. Organisations may accidentally place too much emphasis on optimising one of the three components, however. To avoid this, the focus should remain on all-encompassing initiatives that enable reliable network access, enforce governance best practices and encourage operational efficiencies.

Avoiding AI limitations through design, blind spots or scalability

Network automation strategies can face limitations when integrating AI if the design inhibits workflow and ultimately decision-making, if blind spots through siloed or inaccurate data arise or if future planning hasn’t been considered. Futureproofing AI is critical for organisations to avoid wasting resources, costly errors or shaky foundations into the future. 

How can CACI help?

CACI’s expert team comprises multidisciplined IT, networking infrastructure and consultant and automation engineers with extensive experience in network automation. We can support and consult on every aspect of your organisation’s network from its architecture, design and deployment through to cloud architecture adoption and deployment, as well as maintaining an optimised managed network service. 

To learn more about the impact of network automation and how to sell its value to the C-suite, please read our e-book “How to sell the value of network automation to the C-suite”. You can also get in touch with the team here.  

This blog kicks off a two‑part series on the business value of network automation and how to win C‑suite buy‑in. Part two will share proven tactics for sustaining executive engagement and highlight common pitfalls to avoid when building your automation strategy.

Why is network automation critical for businesses in 2025?

Network automation orchestrates how you plan, deploy and operate network services across data centres, clouds and the edge. Done well, it lifts service reliability, reduces change risk and compresses time‑to‑value by removing repetitive, manual tasks that are prone to error. The business case has only strengthened in the AI era, as AI‑assisted operations and modern application traffic put new pressure on network scale and agility. Recent global studies show leaders expect automation to underpin this shift, with 60% planning AI‑enabled predictive network automation across domains within two years.

Adoption is accelerating. Gartner forecasts that by 2026, 30% of enterprises will automate more than half of their network activities, up from under 10% in mid‑2023. This trend reflects how Infrastructure & Operations teams are using analytics, AIOps and intelligent automation to boost resilience and service velocity. At the same time, market evidence still shows significant headroom. Independent community surveys and analyst research indicate many organisations have automated less than half of day‑to‑day network tasks, citing skills, organisational and technology barriers as the top obstacles.

The ROI picture is also clearer than ever. Prior research from EMA found that around half of data‑centre network automation projects achieved ROI within two years, and more recent enterprise networking studies highlight how a modernised, automated network directly improves customer experience, employee productivity and revenue growth. Meanwhile, Cisco’s 2025 networking research quantifies the cost of inaction: 77% of organisations report major outages over the last two years, with the impact of a single severe disruption extrapolated to $160B globally, underscoring the value of automation for risk reduction.  

How to create a successful business case

Step 1: Lead with evidence 

According to an article by Enconnex, the weakest link in data operations tends to be humans, with human error accounting for ~80% of all outages. Existing pipelines in businesses tend to operate sequentially and manually, increasing the probability of human error through the involvement of multiple individuals in the chain of events.   

Step 2: Outline a strategic software development process  

Ensuring each step of the operational process from integration to delivery is tested and accounted for and outlining this in a cohesive plan for the C-suite level will help earn their trust. Developing a process flow that outlines a long-term strategy and what the business will achieve through network automation will further encourage this crucial buy-in. A visualisation tool or platform to convey this can significantly enhance their understanding. 

Step 3: Stage a production deployment in a test environment 

Unlike application testing, network testing is often difficult because the network itself doesn’t exist in isolation and is nearly always the lowest level of the technical stack. This makes performing tests complex. While the applications within a development or pre-production environment are often considered non-production, the underlying network to these application test environments is nearly always considered “production” in that it must work, in a production-like, always-on, fault-free state for the applications atop it to be tested and fulfil their function. Replicating complex enterprise, data centre or even cloud networks often come at a price. Organisations can typically only duplicate or approximate small proportions of their network estate. As a result, staging looks more like unit testing in software development by making small but incremental gains and applying them exponentially to the production network looking to be automated.   

While many organisations may opt for a waterfall, agile or other project management approach, we nearly always find that an agile-like, iterative, unit-tested approach to developing network automations – such as scripts, runbooks, playbooks and modules — are more beneficial in pushing automation both into the organisation and into wider adoption than any other approach.  

Step 4: Prove that benefits will be reaped through the staged production 

One of the benefits of modern network engineering is quickly leveraging the commoditisation of the vertically integrated network hardware stack the industry has embarked upon over the last decade. It is now easier – and cheaper – than ever before to spin up a virtual machine, container or other VNF/NFV-equivalent of a production router, switch, firewall, proxy or other network device that will look, feel, act and fail in the same way that its production network equivalent device would. When combined with software development approaches like CI/CD pipelines for deployment and rapid prototyping of network automation code, this can be a winning combination to rapidly pre-test activities within ephemeral container-like staging environments and maintain dedicated staging areas which look like production. 

How can CACI help?

CACI’s team comprises multidisciplined IT, networking infrastructure and consultant and automation engineers with extensive experience in network automation. We can support and consult on every aspect of your organisation’s network from its architecture, design and deployment through to cloud architecture adoption and deployment, as well as maintaining an optimised managed network service. 

To learn more about the impact of network automation and how to sell its value to the C-suite, please read our e-book “How to sell the value of network automation to the C-suite”. You can also get in touch with the team here. 

Network automation has become increasingly prevalent in enterprises and IT organisations over the years, with its growth showing no signs of slowing down.  

In fact, as of 2025, the Network Automation Market size is estimated at USD 31.02 billion (GBP 23.30 billion), expected to reach USD 84.69 billion (GBP 63.60 billion) by 2029. By 2028, a growth rate of nearly 30% is predicted in this sector in the UK. Within CACI, we are seeing a higher demand for network automation than ever before, supporting our clients in NetDevOps, platform engineering and network observability.  

So, how is the network automation space evolving, and what are the top network automation trends that are steering the direction of the market in 2025? 

Hyperautomation

With the increasing complexity of networks that has come with the proliferation of devices, an ever-growing volume of data and the adoption of emerging technologies in enterprises and organisations, manual network management practices have become increasingly difficult to uphold. This is where hyperautomation has been proving itself to be vital for operational resilience into 2025.  

As an advanced approach that integrates artificial intelligence (AI), machine learning (ML), robotic process automation (RPA), process mining and other automation technologies, hyperautomation streamlines complex network operations by not only automating repetitive tasks, but the overall decision-making process. This augments central log management systems such as SIEM and SOAR with functions to establish operationally resilient business processes that increase productivity and decrease human involvement. Protocols such as gNMI and gRPC for streaming telemetry and the increased adoption of service mesh and overlay networking mean that network telemetry and event logging are now growing to a state where no one human can adequately “parse the logs” for an event. Therefore, the time is ripe for AI and ML to push business value through AIOps practices to help find the ubiquitous “needle” in the ever-growing haystack. In the network realm, this not only includes automating devices, but orchestrating workflows across multi-domain and vendor environments that AI helps make possible.  

Through the ability to analyse real-time network data, patterns or issues, AI helps networks transform intelligently. Enterprises shifting towards hyperautomation this year will find themselves improving their security and operational efficiency, reducing their operational overhead and margin of human error and bolstering their network’s resilience and responsiveness. When combined with ITSM tooling such as ServiceNow for self-service delivery, hyperautomation can truly transcend the IT infrastructure silo and enter the realm of business by achieving wins in business process automation (BPA) to push the enterprise into true digital transformation.  

Increasing dependence on Network Source of Truth (NSoT)

With an increasing importance placed on agility, scalability and security in network operations, NSoT is proving to be indispensable in 2025, achieving everything the CMDB hoped for and more.  

As a centralised repository of network-related data that manages IP addresses (IPAM), devices and network configurations and supplies a single source of truth from these, NSoT has been revolutionising network infrastructure management and orchestration by addressing challenges brought on by complex modern networks to ensure that operational teams can continue to understand their infrastructure.

It also ensures that data is not siloed across an organisation and that managing network objects and devices can be done easily and efficiently, while also promoting accurate data sharing via data modelling with YAML and YANG and open integration via API into other BSS, OSS and NMS systems.  

Enterprises and organisations that leverage the benefits of centralising their network information through NSoT this year will gain a clearer, more comprehensive view of their network, generating more efficient and effective overall network operations. Not to mention, many NSoT repositories are much more well-refined than their CMDB predecessors, and some – such as NetBox – are truly a joy to use in daily Day 2 operations life compared to the clunky ITSMs of old. 

Adoption of Network as Service (NaaS)

Network as a Service (NaaS) has been altering the management and deployment of networking infrastructure in 2025. With the rise of digital transformation and cloud adoption in businesses, this cloud-based service model enables on-demand access and the utilisation of networking resources, allowing enterprises and organisations to supply scalable, flexible solutions that meet ever-changing business demands.  

As the concept gains popularity, service providers have begun offering a range of NaaS solutions, from basic connectivity services such as virtual private networks (VPNs) and wide area networks (WANs) to the more advanced offerings of software-defined networking (SDN) and network functions virtualisation (NFV). Instances where AI-powered NaaS is possible offer even faster onboarding, more effective operations and enhanced connectivity, all of which can be automated at scale. 

These technologies have empowered businesses to streamline their network management, enhance performance and lower costs. NaaS also has its place at the table against its aaS siblings (IaaS, PaaS and SaaS), pushing the previously immovable, static-driven domain of network provisioning into a much more dynamic, elastic and OpEx-driven capability for modern enterprise and service providers alike. 

Network functions virtualisation (NFV) and software-defined networking (SDN)

A symbiotic relationship between network functions virtualisation (NFV), software-defined networking (SDN) and network automation is proving to be instrumental in bolstering agility, responsiveness and intelligent network infrastructure as the year is underway. As is often opined by many network vendors, “MPLS are dead, long live SD-WAN”; which, while not 100% factually correct (we still see demand in the SP space for MPLS and MPLS-like technologies such as PCEP and SR), is certainly directionally correct in our client base across finance, telco, media, utilities and increasingly government and public sectors.  

NFV enables the decoupling of hardware from software, as well as the deployment of network services without physical infrastructure constraints. SDN, on the other hand, centralises network control through programmable software, allowing for the dynamic, automated configuration of network resources. Together, they streamline operations and ensure advanced technologies will be deployed effectively, such as AI-driven analytics and intent-based networking (IBN).  

We’re seeing increased adoption of NFV via network virtual appliances (NVA) deployed into public cloud environments like Azure and AWS for some of our clients, as well as an increasing trend towards packet fabric brokers such as Equinix Fabric and Megaport MVE to create internet exchange (IX), cloud exchange (CX) and related gateway-like functionality as the enterprise trend towards multicloud grows a whole gamut of SDCI cloud dedicated interconnects to stitch together all the XaaS components that modern enterprises require. 

Intent-based networking (IBN)

As businesses continue to lean into establishing efficient, prompt and precise best practices when it comes to network automation, intent-based networking (IBN) has been an up-and-coming approach to implement. This follows wider initiatives in the network industry to push “up the stack” with overlay networking technologies such as SD-WAN, service mesh and cloud native supplanting traditional Underlay Network approaches in Enterprise Application provision. 

With the inefficiencies that can come with traditional networks and manual input, IBN has come to network operations teams’ rescue by defining business objectives in high-level, abstract manners that ensure the network can automatically configure and optimise itself to meet said objectives.

Network operations teams that can devote more time and effort to strategic activities versus labour-intensive manual configurations will notice significant improvements in the overall network agility, reductions in time-to-delivery and better alignment with the wider organisation’s goals. IBN also brings intelligence and self-healing capabilities to networks— in case of changes or anomalies detected in the network, it enables the network to automatically adapt itself to address those changes while maintaining the desired outcome, bolstering network reliability and minimising downtime. 

As more organisations realise the benefits of implementing this approach, the rise of intent-based networking is expected to continue, reshaping the network industry as we know it. The SDx revolution is truly here to stay, and the move of influence of the network up the stack will only increase as reliance on interconnection of all aspects becomes the norm. 

How CACI can support your network automation journey? 

CACI is adept at a plethora of IT, networking and cloud technologies. Our trained cohort of network automation engineers and consultants are ready and willing to share their industry knowledge to benefit your unique network automation requirements. 

From NSoT through CI/CD, version control, observability, operational state verification, network programming and orchestration, our expert consulting engineers have architected, designed, built and automated some of the UK’s largest enterprise, service provider and data centre networks, with our deep heritage in network engineering spanning over 25 years. 

Take a look at Network Automation and NetDevOps at CACI to learn more about some of the technologies, frameworks, protocols and capabilities we have, from YAML, YANG, Python, Go, Terraform, IaC, API, REST, Batfish, Git, NetBox and beyond. 

To find out more about enhancing your network automation journey, get in touch with us today.  

Call it Secure Access Service Edge (SASE), call it Secure Services Edge (SSE), call it Zero Trust Network Architecture (ZTNA), even call it the Service Edge — whatever the label, modern secure access looks nothing like the SSL/IPsec VPNs you’ve used for years. That’s because the application landscape has changed: apps live in multiple clouds, SaaS dominates, teams are distributed, and users expect fast, secure access from anywhere. VPNs were designed for a world where the data centre was the centre of everything. That world is gone. 

From “castle and moat” to cloud-native access 

Historically, enterprises kept most apps on-prem and routed remote users through a small number of VPN concentrators. That model tolerated wasteful backhaul, brittle firewall changes, and long change cycles because traffic and users were predictable. When remote work went mainstream, the limitations became obvious: VPN concentrators saturated, latency spiked, and IT teams were buried in firewall change tickets and routing problems. 

SASE/SSE/ZTNA solve that by making access app-centric instead of network-centric. Instead of extending a user into your LAN (Layer-3 network extension), ZTNA authenticates and authorises each user-to-app session and only opens the exact access required. The heavy lifting is done in cloud PoPs close to the user or at app locations, reducing latency, avoiding backhaul, and enabling consistent policy enforcement across cloud, on-prem and branch. 

What actually changes 

• Performance — traffic to SaaS or cloud apps exits locally (closest PoP), not via an overloaded corporate gateway. That reduces latency and frees WAN circuits. 
  
• Security — micro-segmentation and per-session access reduce lateral movement; policies are applied at the application layer, not by blunt network tunnels. 
  
• Scale & resilience — providers run global PoPs and elastic control planes; you gain capacity without building a global VPN fabric. 
  
• Operational simplicity — fewer firewall rule churns, fewer emergency change requests, and a centralised policy model that spans clouds and branches. 

Why it matters in practice 

SASE is not just “VPN in the cloud.” It’s a new architecture: orchestration + control plane + distributed enforcement. It transforms remote access from a brittle network extension into an auditable, programmable security service that aligns with modern app architectures and business needs. 

Practical migration advice

Move in phases. Start with low-risk SaaS apps and pilot ZTNA connectors close to your cloud workloads. Run hybrid models during migration: keep legacy VPNs for stateful or non-cloudable apps while shifting web and SaaS traffic to SSE. Test legacy application behaviour (authentication, session stickiness, IP expectations) early — those are the usual blockers. Use PoVs to validate user experience, telemetry and failover behaviour before a full rollout. 

How CACI can help you transition to SASE and SSE

Making the move from legacy VPNs to modern secure access isn’t just a technology shift — it’s an architectural transformation. At CACI, we specialise in designing and deploying SASE and SSE solutions that fit your business model, application landscape and security posture. From initial assessments and phased migration planning to PoC validation and full-scale rollout, our experts ensure performance, resilience and compliance at every stage. Whether you need ZTNA for SaaS, hybrid models for legacy apps or global PoPs for distributed teams, we’ll help you build a secure access strategy that scales with your future.

Ready to start your transition? Get in touch with CACI today to discuss your secure access roadmap.

Modern networks are dynamic: multi-vendor, multi-cloud, API-driven and constantly changing. The old configuration-management playbook – manual discovery, Excel exports and a static CMDB – can’t keep up. The result is stale data, fragile automation, slow incident response and risk that compliance asks remain theoretical, not operational. 

A Network Source of Truth (NSoT) solves this by becoming the canonical, machine-readable representation of your network estate: devices, topology, configurations, policies and relationships. Unlike a traditional CMDB, an NSoT is designed to be updated continuously by automated collectors and to be consumed directly by automation pipelines, orchestration systems and analytics engines. This is not “one more database” — it’s the operational spine for an automated, auditable network. 

Out with the CMDB, in with the Source of Truth 

The CMDB was built for a world of physical assets, servers, printers, desktops. It struggles with today’s logical constructs: nested virtualisation, container overlays, service meshes, and sidecar proxies. Its rigid data model and legacy structure make it a poor fit for modern IT. 

CMDB’s rigid data model and legacy data structure has opened the door to a series of contenders within the space, largely grouped together under the umbrella of “Source of Truth”. Some notable examples in the NetDevOps and DevOps spaces include:  

• NetBox – An open-source NSoT platform that models network infrastructure and integrates with notable automation tools to gain accurate, real-time data  

• Ansible – An open-source automation engine supporting IT functions including configuration management, application deployment and orchestration  

• MAAS – An open-source solution offering the self-service provisioning of operating systems and implementation of all public cloud standard features. 

Instead of CMDBs, many organisations are now turning to Source of Truth practices. This is often a repository or database used to store configuration data for an organisation’s IT environment.  

Source of Truth is a DevOps practice 

The key “why” behind all this can be easily summarised when contrasting the strengths and weaknesses of the CMDB against the NSoT further. In short, the Source of Truth is a DevOps practice that seeks to simplify configuration management by listing all configuration items and their relationships in a single location. This one version of truth can then be used for deployment automation, infrastructure management and much more. 

Another key attribute of the SoT is the use of data-driven, structured data models such as YANG, which naturally integrates with well-used DevOps data structures such as YAML and JSON for frictionless flow between the ITSM process and the intended infrastructure outcome required.  

Integration Integration in the age of disaggregation 

Increasingly, we see IT departments stretched with their ITIL-based approaches and ITSM systems which were designed for singular, homogenous deployments of IT network infrastructure within the confines of the on-premises data centre – unable to cope as increasing amounts of their application workload estate migrates off-premises into the various public cloud PaaS, SaaS and hybrid cloud models of today.

As Network Consultants and Deployment Engineers, we see first-hand the issues that CMDB-based approaches create and frustrations throughout. Contrast this with a NSoT-led approach, where we might instead see the ability to: 

• Simplify configuration management: By using a single source of truth, organisations can avoid the complexity and cost of managing multiple CMDBs across their hybrid IT network, compute, storage and application estate. 
• Improve collaboration: Using a central repository for configuration data helps improve collaboration between development and operations teams (hence why they call it DevOps). 
• Enable automation: With a centralised source of configuration data, it becomes easier to automate repetitive tasks such as deployment and testing, freeing up valuable development and operations resource time away from undifferentiated heavy lifting tasks. 
• Facilitate auditing and compliance: A centralised repository of configuration data also makes it easier to track changes and ensure compliance with IT security standards such as SOC2, HIPAA, NIST, PCI-DSS, CESG and DORA. 

How CACI can help bolster your configuration management journey

Along with a strong heritage in Network Infrastructure Engineering and Consulting, we have a strong set of ITSM Consultants available to help with your CMDB migration programmes – across the spectrum from service design, project and programme management and through to data and solution architecture.  

Let us help and see how we can unlock the value of the CI data you have to bring you closer to the point of application observability over just plain asset visibility. 

The telecommunications industry is steadily moving towards the public cloud for mission-critical backend systems, particularly Operational Support Systems (OSS) and Business Support Systems (BSS). These platforms underpin the business and revenue models of modern telcos. With pioneers such as Totogi and the rise of cloud-native architectures, the management plane of a telco network is increasingly interacting with cloud service provider offerings.

So, what is driving this rethink and how can telcos stay ahead?

Pressure to maximise revenue through increased agility

Legacy, monolithic OSS/BSS stacks are struggling to keep pace with growing service diversity across 3G, 4G, 5G, edge and IoT, rising customer expectations and competitive pressure from MVNOs and hyperscalers. Agility is now the key differentiator. Telcos need to launch, adapt and monetise services quickly, something traditional systems cannot deliver.

Disaggregation and open APIs

The old vertically integrated model is giving way to disaggregated architectures powered by open APIs. This shift matters because vendor lock-in is no longer sustainable in a cloud-first world. Composable OSS/BSS enables faster innovation and easier integration with third-party ecosystems, while standards such as TM Forum Open APIs are accelerating interoperability and reducing time to market.

Automation and intelligence

Managing sprawling, hybrid networks with manual processes is no longer viable. Operators are adopting advanced analytics and automation for predictive maintenance and anomaly detection, network automation to reduce operational overhead and smarter orchestration to optimise performance and resource allocation.

Cloud-native OSS/BSS

Cloud-native principles such as microservices, containerisation and orchestration are transforming telco operations. These approaches enable elastic scalability for unpredictable demand, lower total cost of ownership through pay-as-you-go models and faster feature deployment without disruptive upgrades.

Monetising the network with data

Telcos hold vast amounts of data but need modern analytics to unlock its value. This includes dynamic pricing and personalised offers, churn prediction and retention strategies, and real-time policy enforcement for fair usage and quality of service.

How CACI can support your move towards a connected industry 

We help telcos modernise OSS/BSS without costly rip-and-replace programmes. Our expertise in cloud-native architectures, open API integration and network automation enables operators to modernise the network for agility, monetise assets through data-driven insights and reduce costs while improving resilience.

With a strong track record in telecoms and enterprise transformation, we can help you future-proof your network and unlock new revenue streams, get in touch today.

Cloud computing has become the backbone of digital transformation for organisations across the UK and beyond. As cloud adoption accelerates, however, many IT leaders are facing a new challenge: cloud sprawl. Understanding what cloud sprawl is, why it happens and, crucially, how to prevent it, is now essential for IT Directors, Digital Transformation Leads, Heads of Innovation and CTOs who want to control costs, reduce risk and unlock the full value of their cloud investments. 

What is cloud sprawl?

Cloud sprawl happens when cloud resources, such as applications, services and infrastructure grow unchecked across an organisation. It usually starts with the best intentions from teams wanting to move quickly and creating new environments and services as a result. Over time, this leads to a patchwork of workloads, platforms and tools, many of which are underused, duplicated or simply forgotten.

Why is cloud sprawl a problem?

Cloud sprawl can quietly drain your budget, increase security risks and complicate everyday operations. Some of the most common issues include:

• Rising costs: Idle or underused resources, redundant SaaS subscriptions and forgotten cloud instances all add up. Industry analysts estimate that up to 30% of cloud spend is wasted due to sprawl. 
• Security and compliance risks: Untracked assets can become vulnerabilities, especially if they aren’t patched or monitored. Data may be stored in regions without proper regulatory controls. 
• Operational complexity: IT teams are stretched thin managing a maze of platforms, permissions and integration points. 

How does cloud sprawl happen?

Cloud sprawl is rarely intentional and more often the by-product of rapid digital transformation, decentralised decision-making and the result of the ease with which anyone can now provision infrastructure at the click of a button. Common causes include:

• Multiple teams or departments adopting cloud independently, often with different providers or platforms. 
• Lack of governance or clear policies around provisioning, tagging and decommissioning resources. 
• Shadow IT, where business units bypass central IT to get things done quickly. 
• Mergers, acquisitions or legacy migrations that bring in new cloud estates with little integration.

How to prevent cloud sprawl: practical steps

Preventing cloud sprawl doesn’t require a complete IT overhaul, but it does demand clearer oversight and smarter consolidation. To start regaining control, consider:

1. Conducting a cloud inventory 

A comprehensive inventory is the foundation for effective management, so beginning by auditing your current cloud landscape, including which apps and services are active, who owns them and the value they deliver will be pertinent.  

2. Establishing cloud governance policies  

Good governance is the backbone of cloud control. Set clear rules for cloud procurement, usage and approval. Define who can spin up resources and under what conditions. Standardise on approved tools and platforms to reduce duplication.  

3. Consolidating and standardising 

Where teams are using similar tools, consolidate onto a single platform. For example, unify file-sharing or collaboration tools across departments to reduce complexity and simplify cost management. 

4. Implementing monitoring and alerts 

Visibility is critical for preventing waste, so using cloud management tools to monitor spend, detect idle resources and track usage trends will be critical. Setting automated alerts to flag anomalies or unexpected spikes in usage will further support this.  

5. Educating and aligning your teams 

Most cloud sprawl happens with good intentions. Equip your teams with guidance on approved tools and platforms and make it easy for them to do the right thing. Regular training and communication help reduce shadow IT. 

6. Reviewing and optimising regularly 

Cloud environments are dynamic and require ongoing attention. By scheduling regular reviews, you can identify and decommission unused resources, right-size workloads, and renegotiate contracts where needed. Leveraging best practices such as the AWS Well-Architected Framework can help ensure your cloud setup remains secure, efficient, and cost-effective. The savings you unlock through optimisation can be reinvested to fuel your next wave of innovation. 

7. Embedding security and compliance from the start 

Every new cloud resource is a potential risk if not properly secured. Build security and compliance into your provisioning process, not as an afterthought. Automate patching, monitoring, and reporting to maintain a secure posture, and implement preventive and detective guardrails to enforce policies and catch misconfigurations early. Ensure you have clear visibility into where sensitive data resides and who has access to it, so you can act quickly if issues arise.

The CACI approach: practical, proven and partnership-led

At CACI, we see cloud as an enabler, not an end in itself. Our approach is grounded in practical experience, helping organisations regain control, reduce waste and build a foundation for sustainable innovation. 

We start by understanding your current environment, mapping out where sprawl and hidden costs are lurking. We then work with you to design governance frameworks, implement visibility tools and optimise your workloads. Our partnerships with leading cloud providers mean we can offer best-in-class solutions tailored to your needs. 

We recognise that cloud is never “done” but is an ongoing journey. We provide ongoing support, regular reviews and continuous optimisation, so you can focus on what matters: innovation.

Want to explore how your organisation can reduce cloud waste and regain control? 

Speak to our cloud optimisation specialists today.  

Networking is continuing to show remarkable advances, marked by emerging technologies such as AI and network-specific LLMs, with changing business demands that are paving the way for a more secure and connected future.  

Businesses and industries that recognise the power of adopting these evolving networking technologies and best practices in improving their performance will set themselves up for unparalleled future growth, solution scalability and competitiveness. Those that don’t are increasingly getting left behind.  

So, what are the main networking trends that we have seen in 2025?  

Advanced 5G 

Unlike its 4G and 3G predecessors, the availability of industrialised, private 5G offerings – acting as a more-capable, longer-reaching alternative to wi-fi in specific building scenarios – is leading to the global 5G services market is set to reach an annual growth rate of 59.4% by 2030. 2025 has been particularly pivotal for 5G, with the introduction of 5.5G (also known as 5G Advanced) bringing increased speeds and functionalities set to be deployed in some of the world’s leading markets this year. 

Network services have had to make way for the increased bandwidth and low latency that has come from the rollout of 5G, ensuring a smooth and responsive user experience and the ability to connect even more devices within a small area without compromising on performance. These capabilities have augmented the likes of IoT devices and virtual reality (VR) applications, which require speedy transfer and real-time communication. We expect trends such as VR and augmented reality (AR) – such as the Apple Visio Pro – to accelerate the dependence on not only bandwidth (speed) in networking, but also in latency (lag); the latter of which has often been neglected by many enterprise networking technologies.  

Edge computing migration

Despite its industry presence for years now, edge computing has been gaining prominence in 2025 as a means to support organisations with processing their data closer to the sources of data or users—at the edge of the network. What’s old is in many ways new again, with the content delivery network (CDN) coming back to the fore as a primary on-ramp into public cloud and other aggregated network ecosystems and walled gardens. Both edge and CDN minimise latency and enhance real-time processing capabilities that are not possible purely via the public cloud. By processing data at the edge of the network, the strain on network bandwidth is also alleviated. 

Edge computing will continue influencing network architecture design and redefining the parameters of data processing with the development of smart cities, IoT and AI-powered applications that rely on data processing, with businesses strongly encouraged to migrate workloads to edge computing. The aforementioned 5.5G (5G Advanced) rollout this year directly embeds data centres into telecom networks, reducing latency and enhancing compliance in doing so.  

Multi-cloud networking and environments

As of 2025, single-cloud networking has become much less common for enterprises, with multi-cloud networking (MCN) and environments at the forefront. Compared to the singular platform and vendor approach, multi-cloud networking and environments consist of many tools and solutions that enable networking and connectivity across cloud environments. They mitigate the limitations that come with using traditional network architecture by allowing for seamless integration across multiple cloud environments.  

The key challenge we see in our customer base with multi-cloud networking is the sheer amount of complexity and same-but-different solutions within constructs such as cloud networking, underlay networking and overlay networking. Many customers will have multi-cloud through necessity rather than strategy – for instance, using Microsoft Cloud for Office365 collaboration, alongside AWS for developer-led public cloud and likely a smattering of other PaaS and SaaS cloud offerings. We’re increasingly seeing the rise of cloud exchange gateways as an alternative to Internet exchange (IX), bringing the same complexity of IX management – such as peering management, route policy and the like – down from the ISP domain and into the enterprise domain.  

By 2031, the global market size of multi-cloud networking is projected to reach $19.9 billion USD (£15.7 billion) and grow at a rate of 23.3%. Businesses that embrace multi-cloud networking and environments will find themselves connecting and managing workloads across diverse cloud environments and establishing a secure, high-performance network that will carry out operations as efficiently as possible, steadily flow data between clouds to reduce data silos, optimise data transmission speeds for faster response times and improve customer experiences by evolving along with users. 

AI networking & AIOps

Of all the trends unfolding in the networking space this year, AI is proving to be a substantial one. Networking solutions have become increasingly reliant upon artificial intelligence (AI) for optimisation, maintenance and analytical purposes. AI networking has also bolstered capabilities within industries like network services to develop robust and efficient networks that will continue to support operations.  

Trends such as network observability and network telemetry mean the amount of logging, traces and metrics required to be analysed is becoming untenable for any one human. AIOps is becoming a necessity to augment overworked and often under-tooled network operations staff in delivering, maintaining and optimising increasingly agile, complex and demanding enterprise networks. Into 2025, it helps operations staff prevent faults and detect anomalies or unusual movement, adjust capacity in line with demand and monitor configuration against regulatory standards.  

By continuously influencing how networking infrastructure is built and integrating into network automation tools to enhance decision-making and analyses, AI is proving to be a game-changer when it comes to networking. We’re finding several amazing use cases where the use of an AI tool, such as GPT, enables us to grok an API with a contextually-specific use case, or quickly glean through pages of troubleshooting documentation to find the exact nuance of bug, CVE or PSIRT we’re in the midst of fixing or coding.  

To learn more about the impact of AI on networking through 2025, take a look at our blog on the top network automation trends. 

Intent-based networking (IBN)

Intent-based networking (IBN) has been a groundbreaking networking advancement thanks to its ability to use automation and artificial intelligence (AI) to simplify network management. This technology has rapidly grown in popularity for networking-oriented businesses, as it allows administrators to define a network’s intent and automatically translate and implement these intentions across the wider network infrastructure to optimise its performance, security and scalability.  

IBN eliminates the need for manual configuration—often a requirement of traditional networks– through its automated processing that is based on real-time analytics, ultimately improving efficiency while decreasing the margin of error and revolutionising the ways in which businesses can streamline their network management.  

While still not mature, the concepts of IBN are finding their way into mainstream NMS, OSS – and increasingly even ITSM products, and matching the “as a service” patterns application development teams are used to from the public cloud world.  

How CACI can support your networking journey

At CACI, our trained cohort of network automation engineers, network reliability engineers (NREs) and consultants are well versed in a plethora of IT, networking and cloud technologies, ready and willing to share their industry knowledge to benefit your unique networking requirements. 

We act as a trusted advisor to help your organisation drive better experiences by enabling more effective use of technology and business processes. Our in-house experts have architected, designed, built and automated some of the UK’s largest enterprise networks and data centres. From NSoT through CI/CD, version control, observability, operational state verification, network programming and orchestration, our expert consulting engineers have architected, designed, built and automated some of the UK’s largest enterprise, service provider and data centre networks, with our deep heritage in network engineering spanning over 20 years.  

Take a look at Network Automation and NetDevOps at CACI to learn more about some of the technologies, frameworks, protocols and capabilities we have, from YAML, YANG, Python, Go, Terraform, IaC, API, REST, Batfish, Git, NetBox and beyond.  

Find out more about enhancing your networking journey by getting in touch with us today. 

In today’s hybrid-working world, many employees often work remotely from the branch – at home, hotels, conferences, coffee shops and the like. This effectively moves the network perimeter from the traditional branch and office boundary right into the heart of the endpoint laptop device itself, increasing the possible attack surface for organisational network WANs. Zero Trust is one approach that can help to overcome some of the cybersecurity challenges that hybrid working can create. 

Key considerations to successfully implement Zero Trust Network Access (ZTNA)

Not trusting anything is the goal

Zero Trust is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated. It assumes that no one and nothing on a network can be trusted until it’s proven not to be a threat to organisational security. This means that all users, whether in or outside the organisation’s WAN, must be authenticated, authorised and continuously monitored. 

One of the main benefits of Zero Trust is its ability to improve risk management. By assuming that all users and devices are potential threats, Zero Trust forces organisations to take a more proactive approach to security. This includes:  

• Implementing strong authentication mechanisms 
• Monitoring user behaviour for signs of suspicious activity 
• Segmenting networks to limit the impact of any potential breaches. 

Moving beyond the tuple 

Where traditional firewall and security approaches focused largely on the “tuple” – source IP address, destination IP address and TCP/UDP destination port – Zero Trust Network Architectures (ZTNA) move beyond these three dimensions and allow for additional dimensions of trust verification, such as: 

• Time of Day 
• i.e. John in HR works 9-5, so if he’s logging into a system at 9 p.m., is something suspect? 
• Access Location 
• i.e. Sandra on the reception desk is normally desk-based at front of house. If she suddenly logs in from the third-floor payroll desks, is something amiss? 
• Host Posture 
• i.e. Paul may be logged in with the correct username and password, but if his antivirus isn’t up to date and his laptop last logged into the domain four months ago, do you really want him on the network? 

Other dimensions are available depending on organisational need, but you can quickly see how the dynamic of implicit trust moves instead to explicit verification – moving the notion of trust further down the network stack towards the Network Edge rather than notionally dealing with arbitrary concepts such as trusted networks, trusted VLANs or trusted segments. 

Integrating ZTNA with SASE

Within the Secure Access Service Edge (SASE) framework, a cloud-based security framework unifying networking and security services into a globally distributed platform, ZTNA’s role is to help steer away from network-based towards more identity-based access controls. Through ZTNA, access can be granted based on verified user identities rather than network locations, emphasising the importance of security and flexibility.

When Split Tunnel becomes No Tunnel

Zero Trust requires consideration of encryption of data, securing email, verifying the hygiene of assets and endpoints before they connect to applications. It also involves automating patches to ensure good network hygiene while preventing potential malicious actions. A successful implementation of Zero Trust can help bring context and insight into a rapidly evolving attack surface to the security team while improving users’ experience. 

This moves beyond the nascent “Split Tunnel” approach which an SD-WAN might take – where, for instance, Office365 traffic may bypass (or “split”) from the IPsec or SSL VPN tunnel back to the corporate network WAN and use the native internet connection instead towards a “No Tunnel” approach.  

In traditional Split Tunnel, the notion runs: 

• The default route (0.0.0.0/0) – or the implicit – is sent via the VPN tunnel back to the corporate WAN 
• The “Split” (i.e. Office365 FQDNs and IP ranges) – or the explicit – is bypassed from the VPN tunnel and bypasses the VPN tunnel to the internet direct 

In Zero Trust remote access, this paradigm changes to a notion of: 

• The default route (0.0.0.0/0) – or the implicit – is not sent via the VPN tunnel back to the corporate WAN 
• Every corporate application – or the explicit – is sent on a case-by-case basis down the VPN tunnel towards the corporate WAN 

Adding to this, such VPN tunnels are often temporal in nature and instantiated per-application-request rather than running akin to a singular, long-running IPsec or SSL VPN tunnel session. 

How an organisation can drive the adoption journey

An organisation’s Zero Trust journey begins with understanding what Zero Trust offers. Conceptually, Zero Trust accomplishes this by removing implied trust from any device or user attempting to access resources on a network. Instead of trusting devices based on their location or IP address range as in traditional perimeter-based security models, Zero Trust verifies each request as though it originates from an untrusted network. This verification process includes authentication checks such as multi-factor authentication (MFA), authorisation checks such as role-based access control (RBAC), endpoint health checks such as patch level compliance monitoring or antivirus signature status monitoring. With hybrid working being the norm, compliance requirements that ensure the security of data and resources can be met through ZTNA by providing audit logs and access reports. 

How CACI can support your Zero Trust Network Access adoption

Just as no two organisations look the same, neither do any two Zero Trust Network Architectures or approaches. The entire point of Zero Trust is to wrap in your specific business context and nuances into your technology estate. At CACI Network Services , we have deep heritage and expertise with organisations and networks all the way from SME up to enterprise and public sector. We are well placed to help you get to grips with ZTNA and associated microsegmentation cybersecurity technologies. 

Get in touch with us today and let us help you on your Zero Trust journey. 

Network Automation and NetDevOps are hot topics in the network engineering world right now, but as with many new concepts, it can be confusing to decipher the meaning from the noise in the quest to achieving optimal efficiency and agility of network operations.

A useful starting point would be to first define what network automation is not:

• Network automation is not just automated configuration generation or inventory gathering
• It is not just using the same network management system (NMS) as today but faster
• It is not just performing patching and OS upgrades faster, or network engineers suddenly becoming software developers
• Network automation is not going to work in isolation of changing lifecycle and deployment processes, nor is it a magic toolbox of all-encompassing applications, frameworks and code.

At CACI, we view network automation as both a technology and a business transformation. It is as much a cultural shift from legacy deployment and operations processes as it is a set of tools and technology to implement speed, agility and consistency in your network operations. Infrastructure is changing fast, and with Gartner reporting 80% of enterprises will close their traditional data centres by 2025, the only constant in networking is that change will persist at faster clip.

So, how does Network Automation work? What differentiates network automation from NetDevOps? What difference can it make to modern IT operations, and which best practices, technologies and tools should you be aware of to successfully begin your network automation journey?

How does Network Automation work? 

Network Automation implements learnings from DevOps developments within the software development world into low-level network infrastructure, using software tools to automate network provisioning and operations. This includes techniques such as:

• Anomaly detection
• Pre/post-change validation
• Topology mapping
• Fault remediation
• Compliance checks
• Templated configuration
• Firmware upgrades
• Software qualification
• Inventory reporting.

In understanding how these differ from traditional network engineering approaches, it is important to consider the drivers for network automation in the post-cloud era – specifically virtualisation, containerisation, public cloud and DevOps. These technologies and approaches are more highly scaled and ephemeral than traditional IT Infrastructure, and are not compatible with legacy network engineering practices like:

• Using traditional methodology to manage infrastructure as “pets” rather than “cattle”
  • Box-by-box manual login, typing CLI commands, copy-pasting into an SSH session, etc.
• “Snowflake networks” which don’t follow consistent design patterns
• Outdated (or non-existent) static network documentation
• Lack of network validation and testing.

Network automation aims to change all this, but to do so, must overcome some obstacles:

• Cross-domain skills are required in both networking and coding
• Some network vendors do not supply good API or streaming telemetry support
• Screen scraping CLIs can be unreliable as CLI output differs even between products of the same device family.
• Cultural resistance to changes in both tooling and practice
• Lack of buy-in or sponsorship from the executive level can compound these behaviours.

What differentiates network automation from NetDevOps? 

You may also have heard of “NetDevOps” and be wondering how – or if – this differs from network automation. Within CACI, we see the following key differences:

We often see our clients use a blend of both in practice as they go through the automation adoption curve into the automation maturity path, from ad-hoc automation, through structured automation, into orchestration and beyond:

What difference can network automation make to modern IT operations? 

Network automation aims to deliver a myriad of business efficiencies to IT operations, helping reduce labour and hours worked, time to deploy and operational costs while improving performance and agility. This has proven to be transformational across our wide and varied client base, with improvements demonstrated in the following ways: 

Increased efficiency 

Much of networking is repetition in differing flavours – reusing the same routing protocol, switching architecture, edge topology or campus deployment. A network engineer is often repeating a task they’ve done several times before, with only slight functional variations. Network automation saves time and costs by making processes more flexible and agile, and force-multiplying the efforts of a network engineering task into multiple concurrent outputs.

Reduced errors 

Networking can be monotonous, and monotony combined with legacy deployment methodology can cause repetition of the same error. Network automation reduces these errors – particularly in repetitive tasks – to lower the chances of reoccurrence. When combined with baked-in, systems-led consistency checking, many common – but easily-avoidable – errors can be mitigated.

Greater standardisation

Networks are perhaps uniquely both the most and least standardised element of the IT stack. While it is easy to have a clean “whiteboard architecture” for higher-level concerns such as application development, the network must often deal with the physical constraints of the real world, which, if you’ve ever tried to travel to a destination you’ve not been to before, can be messy, confusing and non-sensical. Network automation ensures the starting point for a network deployment is consistent and encourages system-level thinking across an IT network estate over project deployment-led unique “snowflake” topologies.

Improved security 

Increased security often comes as a by-product of the standardisation and increased efficiency that network automation brings. Most security exploits are exploits of inconsistency, lack of adherence to best practice or related – which ultimately pivot around “holes” left in a network (often accidentally) due to rushing or not seeing a potential backdoor, open port, misconfiguration or enablement of an insecure protocol. When combined with modern observability approaches like streaming telemetry and AIOps, network automation can help enforce high levels of security practice and hardening across an IT estate.

Cost savings

Given its position as the base of the tech stack, the network is often a costly proposition – with vertically-integrated network vendors, costly telco circuit connectivity, expensive physical world hosting and colocation costs, and so on – the network is often a “get it right first time” endeavour which can be cost-prohibitive to change once live and in service. Network automation encourages cost savings through the creation of right-the-first-time and flexible network topologies and in performing design validation which can minimise the amount of equipment, licensing, ports and feature sets required to run a desired network state.

Improved scalability

As both consumer and enterprise expectations of scale are set by the leading web scalers of the world, the enterprise increasingly expects the flexibility to scale both higher and lower levels of the IT stack to larger and more seamless sizes, topologies and use cases. Network automation aids in achieving this through the enforcement of consistency, modularisation, standardisation and repeatability for network operations.

Faster service delivery

IT service delivery is increasingly moving away from being ticket-led to self-service, with the lower-level infrastructure elements expected to be delivered much faster than the traditional six-to-eight-week lag times of old. As telco infrastructure moves through a similar self-service revolution, so too does the enterprise network require the ability for self-service, catalogue-driven turn-up and modularised deployment. Network automation enables this by optimising network performance to the required parameters of newer services and applications in the modern enterprise.

What are the best practices for network automation?

Network automation is as much a cultural transformation as it is a technology transformation. Much as DevOps disrupted traditional ITIL and waterfall approaches, NetDevOps similarly disrupts current network engineering practices. We find the following best practices to be beneficial when moving towards network automation:

Choose one thing initially to automate

• Pivot around either your biggest pain point or most repetitive task
• Don’t try to take on too much at once. Network automation is about lots of small, repeated, well-implemented gains which instil confidence in the wider business
• People love automation, they don’t want to be automated. The biggest barrier to adopting automation will be keeping colleagues and stakeholders on-side with your efforts by showing the reward of that they provide to them and to the wider business.

Choose tooling carefully

• Stay away from the “latest shiny” and pick open, well-used tools with large libraries of pre-canned vendor, protocol and topology integrations, and human-readable configuration and deployment languages
• Maintain your specific business context during tool selection
• Think ahead for talent acquisition and retention – writing custom Golang provisioning application might be handy today, but you could struggle to get others involved if the author decides to leave the business.

Optimise for code reusability

• Build and use version control systems such as Git, GitHub and Azure DevOps from day one and encourage or even mandate their use
• Advocate for the sharing of functions, modules, routines and snippets written within code, runbooks, IaC and state files within scrapbooks and sandpits. The flywheel of productivity increases exponentially within NetDevOps as increasingly more “we’ve done that before” coding and practices accelerate the development of newer, more complex routines, IaC runbooks and functions
• Code should be written with reuse and future considerations in mind. While it may be tempting to “save ten minutes” so as to not functionise, modularise or structure code, this will catch up with you in the future.

Use templating for configuration generation

• Templating programmatically generates the vendor-specific syntax for a network device based on a disaggregated, vendor-neutral input format (such as Jinja2, Mako or Markdown) which is later combined with data (such as specific VLANs, IP Addresses or FQDNs) to generate the vendor-specific syntax (such as Cisco IOS, Arista EOS or Juniper Junos) for the network device
• The act of creating the templates has an added by-product of forcing you to perform design validation. If your design document doesn’t have a section covering something you need template syntax for, it could well be due for an up-issue
• Templates become a common language for network intent that are readable by all network engineers regardless of their individual network vendor and technology background, aiding in time to onboard new staff and ensuring shared understanding of business context around the IT network.

Which tools, frameworks and languages enable network automation?  

There are a myriad of network automation tools, frameworks, languages and technologies available today. DeThere are a myriad of network automation tools, frameworks, languages and technologies available today. Deciphering these can be confusing, but a good starting point is categorising the distinct types of network automation tooling available:

Network Configuration and Change Management (NCCM)

• Enable patching, compliance and deployment (rollout)
• Often align to network management systems (NMS) or BSS/OSS (Telco space)

Network Orchestration

• Enable programmatic device access (CLI, API, SSH, SNMP)
• Often align to DevOps engineering usage

Policy-based Automation

• Abstract network device box-by-box logic into estate-wide, policy-driven control
• Often align to industry frameworks and controls (SOC2, HIPAA, CIS, PCI/DSS)

Intent-Based Networking Systems (IBNS)

• Translate business intent through to underlying network configuration and policy
• Are starting to become the “new NMS”

It would be exhaustive to list all possible tools, frameworks and languages available today, but these are some of our most seen within our client base today. Our current favourites can be seen in What are the most useful NetDevOps Tools in 2023?:

Tools

• Terraform – An open-source automation and orchestration tool capable of building cloud, network and IT infrastructure based on input Infrastructure as Code (IaC) code via HCL (HashiCorp Configuration Language) that defines all attributes of the device and configuration blueprint required. Terraform is highly flexible and has a vast array of pre-built modules and providers for most network engineering concerns via the Terraform Registry.
• Ansible – An open-source automation and orchestration tool typically used to configure within the device rather than provision the underlying Baremetal or cloud infrastructure the cloud, network or IT device sits atop, which is based on input IaC code via YAML that defines the attributes and device configuration required. Ansible is versatile and has a large cache of pre-built runbooks and integrations for network engineering concerns via Ansible Galaxy.
• NetBox – The ubiquitous, open-source IP Address Management (IPAM) and Data Centre Infrastructure Management (DCIM) tool, which acts as the Network Source of Truth (NSoT) to hold a more detailed view of network devices, topology and state than could be achieved via alternative approaches such as spreadsheet or CMDB. NetBox is highly customisable, with a rich plugin ecosystem and customisable data models via YANG to adapt around business-specific topology data models.
• Git – The de facto version control system, which is the underlying application that powers GitHub and GitLab and supplies a mechanism to store IaC, configuration and code artefacts in a distributed, consistent and version-controlled manner. Git is pivotal in enabling the controlled collaboration on network automation activities across a distributed workforce while maintaining the compliance and controls required within the enterprise environment.
• Nornir – An automation framework written in Python to automate a network, streamlining and simplifying automation for network engineers already versed in Python.

Frameworks 

• Robot framework: A generic test automation framework allowing network automation code and IaC runbooks to run through acceptance testing and test-driven development (TDD) via a keyword-driven testing framework with a tabular format for test result representation. It is often used in conjunction with tools such as pyATS, Genie, Cisco NSO and Juniper NITA.
• PEP guidelines: Short for Python Enhancement Proposals (PEP), these are to Python what RFCs are to network engineering, and provide prescriptive advice on setting out, using, structuring and interacting with Python scripts. The most commonly known of these is the PEP8 – Style Guide for Python.
• Cisco NADM: The Cisco Network Automation Delivery Model (NADM) is a guide on how to build an organisation within a business around an automation practice, addressing both the human aspect as well as some of the tooling, daily practices, procedures, operations and capabilities that a network automation practice would need to take traction in an IT enterprise landscape.

Languages

• Python: The de facto network automation coding language, utilised as the underlying programming language in tools from NetBox, Nornir, Batfish, SuzieQ, Netmiko, Scrapli, Aerleon, NAPALM and more, popularised by its extensive network engineering-focused library within PyPi. Python is the Swiss army knife of NetDevOps, able to turn its hand to ad-hoc scripting tasks through to full-blown web application development using Flask or API gateway hosting using FastAPI.
• Golang: An upcoming programming language, which benefits over Python in terms of speed via a compiler-based approach, parallel-execution, built-in testing and concurrency capabilities when compared to Python. On the downside, it has a significantly steeper learning curve than Python for new entrants into the realm of development and has far fewer network engineering library components available to use.

What does the future of network automation look like? 

Machine learning (ML) in conjunction with AI are becoming increasingly embedded into network operations and the demand for network automation and NetDevOps professionals is undoubtedly on the rise. This is a trend that we at CACI expect to continue as budgetary pressures from the macroeconomic climate accelerate and trends like artificial intelligence (AI) begin to challenge the status quo and push businesses to deliver seamless, scalable network fabrics with more expectation of self-service and less tolerance of outage, delay or error. With this, automation will continue to shift from reactive scripts to intelligent networking capabilities. 

We see more of our clients moving up through the automation maturity path towards frictionless and autonomous network estates and expect this to accelerate through the coming years with ancillary trends such as NaaS (Network as a Service), SDN (Software Defined Networking) and NetDevOps set to continue and embed the NetEng Team firmly into the forthcoming platform engineering teams of tomorrow. 

How can CACI help you on your network automation journey?

With our proven track record, CACI is adept at a plethora of IT, networking and cloud technologies. Our trained cohort of high calibre network automation engineers and consultants are ready and willing to share their industry knowledge to benefit your unique network automation and NetDevOps requirements. We are a trusted advisor that ensures every team member is equipped with the necessary network engineering knowledge from vendors such as Cisco, Arista and Juniper, along with NetDevOps knowledge in aspects such as Python for application Development, NetBox for IPAM and NSoT, Git for version control, YAML for CI/CD pipeline deployment and more.

Our in-house experts have architected, designed, built and automated some of the UK’s largest enterprise, service provider and data centre networks, with our deep heritage in network engineering spanning over 20 years across a variety of ISP, enterprise, cloud and telco environments for industries ranging from government and utilities to finance and media.

Get in touch with us today to discuss more about your network automation and NetDevOps requirements to optimise your business IT network for today and beyond.

In today’s digital-first world, organisations are sitting on mountains of data — but what happens when that data is poorly organised? 

Across industries, we regularly see brands struggling with data that is fragmented, duplicated, inconsistent or stored in disconnected silos. Instead of unlocking valuable insights, teams find themselves lost in a maze of spreadsheets, dashboards and conflicting reports.

The result? A dataset that’s hard to use, impossible to interpret and offers little value to the business. 

The challenge: data without direction 

One of the most common challenges we uncover in our Digital Analytics work is disorganised data. Whether it stems from legacy systems, ungoverned tracking implementations, or unclear data ownership, the impact is always the same: 

• Time wasted trying to piece together insights 
• Poor decision-making based on unreliable or incomplete data 
• Low confidence across teams in the outputs of digital reporting 
• Missed opportunities to personalise experiences and optimise performance 

The irony is that most brands already have access to the data they need — they just can’t make sense of it. 

Build a data foundation that drives growth 

Modern marketing ecosystems generate data across dozens of platforms — web analytics, CRM, media, social, app, customer service and more. Without a clear data strategy and strong governance, it’s easy for chaos to take root. 

What starts as a few inconsistent naming conventions in your analytics platform quickly evolves into larger problems: 

• Metrics that don’t align across teams 
• Broken tracking disrupting customer journey analysis 
• Difficulties with attribution and ROI measurement 
• Paralysis when trying to prioritise digital investments 

The truth is, data disorder doesn’t just affect your analysts — it affects leadership decision-making, marketing effectiveness, and ultimately, the customer experience. 

How CACI brings clarity to digital data 

At CACI, we specialise in bringing structure, clarity and control to digital data ecosystems. Our Digital Analytics consultants work with brands to audit their current set-up, streamline tracking implementation, and align measurement frameworks to real business goals. 

Our proven approach: 

• Uncovers data issues at source, not just the symptoms 
• Builds a trusted foundation for consistent, accurate insight 
• Enables cross-channel visibility with a single source of truth 
• Empowers teams with dashboards and tools they can trust and use 

We go beyond just fixing the data — we design ecosystems that scale with your business, support smarter decisions, and create a foundation for advanced analytics, personalisation and experimentation. 

Take control of your digital data 

If your organisation is struggling with messy, misaligned or underperforming data, it’s time to take back control. Poorly organised data isn’t just a technical issue — it’s a barrier to growth. 

Let’s turn your data into a strategic asset. 

Use our Digital Analytics Self-Assessment Checklist to evaluate your current capabilities and uncover opportunities for growth. It’s a practical first step toward unlocking the full potential of your digital strategy.