Networking is continuing to show remarkable advances, marked by emerging technologies such as AI and network-specific LLMs, with changing business demands that are paving the way for a more secure and connected future.  

Businesses and industries that recognise the power of adopting these evolving networking technologies and best practices in improving their performance will set themselves up for unparalleled future growth, solution scalability and competitiveness. Those that don’t are increasingly getting left behind.  

So, what are the main networking trends that we have seen in 2025?  

Advanced 5G 

Unlike its 4G and 3G predecessors, the availability of industrialised, private 5G offerings – acting as a more-capable, longer-reaching alternative to wi-fi in specific building scenarios – is leading to the global 5G services market is set to reach an annual growth rate of 59.4% by 2030. 2025 has been particularly pivotal for 5G, with the introduction of 5.5G (also known as 5G Advanced) bringing increased speeds and functionalities set to be deployed in some of the world’s leading markets this year. 

Network services have had to make way for the increased bandwidth and low latency that has come from the rollout of 5G, ensuring a smooth and responsive user experience and the ability to connect even more devices within a small area without compromising on performance. These capabilities have augmented the likes of IoT devices and virtual reality (VR) applications, which require speedy transfer and real-time communication. We expect trends such as VR and augmented reality (AR) – such as the Apple Visio Pro – to accelerate the dependence on not only bandwidth (speed) in networking, but also in latency (lag); the latter of which has often been neglected by many enterprise networking technologies.  

Edge computing migration

Despite its industry presence for years now, edge computing has been gaining prominence in 2025 as a means to support organisations with processing their data closer to the sources of data or users—at the edge of the network. What’s old is in many ways new again, with the content delivery network (CDN) coming back to the fore as a primary on-ramp into public cloud and other aggregated network ecosystems and walled gardens. Both edge and CDN minimise latency and enhance real-time processing capabilities that are not possible purely via the public cloud. By processing data at the edge of the network, the strain on network bandwidth is also alleviated. 

Edge computing will continue influencing network architecture design and redefining the parameters of data processing with the development of smart cities, IoT and AI-powered applications that rely on data processing, with businesses strongly encouraged to migrate workloads to edge computing. The aforementioned 5.5G (5G Advanced) rollout this year directly embeds data centres into telecom networks, reducing latency and enhancing compliance in doing so.  

Multi-cloud networking and environments

As of 2025, single-cloud networking has become much less common for enterprises, with multi-cloud networking (MCN) and environments at the forefront. Compared to the singular platform and vendor approach, multi-cloud networking and environments consist of many tools and solutions that enable networking and connectivity across cloud environments. They mitigate the limitations that come with using traditional network architecture by allowing for seamless integration across multiple cloud environments.  

The key challenge we see in our customer base with multi-cloud networking is the sheer amount of complexity and same-but-different solutions within constructs such as cloud networking, underlay networking and overlay networking. Many customers will have multi-cloud through necessity rather than strategy – for instance, using Microsoft Cloud for Office365 collaboration, alongside AWS for developer-led public cloud and likely a smattering of other PaaS and SaaS cloud offerings. We’re increasingly seeing the rise of cloud exchange gateways as an alternative to Internet exchange (IX), bringing the same complexity of IX management – such as peering management, route policy and the like – down from the ISP domain and into the enterprise domain.  

By 2031, the global market size of multi-cloud networking is projected to reach $19.9 billion USD (£15.7 billion) and grow at a rate of 23.3%. Businesses that embrace multi-cloud networking and environments will find themselves connecting and managing workloads across diverse cloud environments and establishing a secure, high-performance network that will carry out operations as efficiently as possible, steadily flow data between clouds to reduce data silos, optimise data transmission speeds for faster response times and improve customer experiences by evolving along with users. 

AI networking & AIOps

Of all the trends unfolding in the networking space this year, AI is proving to be a substantial one. Networking solutions have become increasingly reliant upon artificial intelligence (AI) for optimisation, maintenance and analytical purposes. AI networking has also bolstered capabilities within industries like network services to develop robust and efficient networks that will continue to support operations.  

Trends such as network observability and network telemetry mean the amount of logging, traces and metrics required to be analysed is becoming untenable for any one human. AIOps is becoming a necessity to augment overworked and often under-tooled network operations staff in delivering, maintaining and optimising increasingly agile, complex and demanding enterprise networks. Into 2025, it helps operations staff prevent faults and detect anomalies or unusual movement, adjust capacity in line with demand and monitor configuration against regulatory standards.  

By continuously influencing how networking infrastructure is built and integrating into network automation tools to enhance decision-making and analyses, AI is proving to be a game-changer when it comes to networking. We’re finding several amazing use cases where the use of an AI tool, such as GPT, enables us to grok an API with a contextually-specific use case, or quickly glean through pages of troubleshooting documentation to find the exact nuance of bug, CVE or PSIRT we’re in the midst of fixing or coding.  

To learn more about the impact of AI on networking through 2025, take a look at our blog on the top network automation trends. 

Intent-based networking (IBN)

Intent-based networking (IBN) has been a groundbreaking networking advancement thanks to its ability to use automation and artificial intelligence (AI) to simplify network management. This technology has rapidly grown in popularity for networking-oriented businesses, as it allows administrators to define a network’s intent and automatically translate and implement these intentions across the wider network infrastructure to optimise its performance, security and scalability.  

IBN eliminates the need for manual configuration—often a requirement of traditional networks– through its automated processing that is based on real-time analytics, ultimately improving efficiency while decreasing the margin of error and revolutionising the ways in which businesses can streamline their network management.  

While still not mature, the concepts of IBN are finding their way into mainstream NMS, OSS – and increasingly even ITSM products, and matching the “as a service” patterns application development teams are used to from the public cloud world.  

How CACI can support your networking journey

At CACI, our trained cohort of network automation engineers, network reliability engineers (NREs) and consultants are well versed in a plethora of IT, networking and cloud technologies, ready and willing to share their industry knowledge to benefit your unique networking requirements. 

We act as a trusted advisor to help your organisation drive better experiences by enabling more effective use of technology and business processes. Our in-house experts have architected, designed, built and automated some of the UK’s largest enterprise networks and data centres. From NSoT through CI/CD, version control, observability, operational state verification, network programming and orchestration, our expert consulting engineers have architected, designed, built and automated some of the UK’s largest enterprise, service provider and data centre networks, with our deep heritage in network engineering spanning over 20 years.  

Take a look at Network Automation and NetDevOps at CACI to learn more about some of the technologies, frameworks, protocols and capabilities we have, from YAML, YANG, Python, Go, Terraform, IaC, API, REST, Batfish, Git, NetBox and beyond.  

Find out more about enhancing your networking journey by getting in touch with us today. 

In today’s hybrid-working world, many employees often work remotely from the branch – at home, hotels, conferences, coffee shops and the like. This effectively moves the network perimeter from the traditional branch and office boundary right into the heart of the endpoint laptop device itself, increasing the possible attack surface for organisational network WANs. Zero Trust is one approach that can help to overcome some of the cybersecurity challenges that hybrid working can create. 

Key considerations to successfully implement Zero Trust Network Access (ZTNA)

Not trusting anything is the goal

Zero Trust is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated. It assumes that no one and nothing on a network can be trusted until it’s proven not to be a threat to organisational security. This means that all users, whether in or outside the organisation’s WAN, must be authenticated, authorised and continuously monitored. 

One of the main benefits of Zero Trust is its ability to improve risk management. By assuming that all users and devices are potential threats, Zero Trust forces organisations to take a more proactive approach to security. This includes:  

• Implementing strong authentication mechanisms 
• Monitoring user behaviour for signs of suspicious activity 
• Segmenting networks to limit the impact of any potential breaches. 

Moving beyond the tuple 

Where traditional firewall and security approaches focused largely on the “tuple” – source IP address, destination IP address and TCP/UDP destination port – Zero Trust Network Architectures (ZTNA) move beyond these three dimensions and allow for additional dimensions of trust verification, such as: 

• Time of Day 
• i.e. John in HR works 9-5, so if he’s logging into a system at 9 p.m., is something suspect? 
• Access Location 
• i.e. Sandra on the reception desk is normally desk-based at front of house. If she suddenly logs in from the third-floor payroll desks, is something amiss? 
• Host Posture 
• i.e. Paul may be logged in with the correct username and password, but if his antivirus isn’t up to date and his laptop last logged into the domain four months ago, do you really want him on the network? 

Other dimensions are available depending on organisational need, but you can quickly see how the dynamic of implicit trust moves instead to explicit verification – moving the notion of trust further down the network stack towards the Network Edge rather than notionally dealing with arbitrary concepts such as trusted networks, trusted VLANs or trusted segments. 

Integrating ZTNA with SASE

Within the Secure Access Service Edge (SASE) framework, a cloud-based security framework unifying networking and security services into a globally distributed platform, ZTNA’s role is to help steer away from network-based towards more identity-based access controls. Through ZTNA, access can be granted based on verified user identities rather than network locations, emphasising the importance of security and flexibility.

When Split Tunnel becomes No Tunnel

Zero Trust requires consideration of encryption of data, securing email, verifying the hygiene of assets and endpoints before they connect to applications. It also involves automating patches to ensure good network hygiene while preventing potential malicious actions. A successful implementation of Zero Trust can help bring context and insight into a rapidly evolving attack surface to the security team while improving users’ experience. 

This moves beyond the nascent “Split Tunnel” approach which an SD-WAN might take – where, for instance, Office365 traffic may bypass (or “split”) from the IPsec or SSL VPN tunnel back to the corporate network WAN and use the native internet connection instead towards a “No Tunnel” approach.  

In traditional Split Tunnel, the notion runs: 

• The default route (0.0.0.0/0) – or the implicit – is sent via the VPN tunnel back to the corporate WAN 
• The “Split” (i.e. Office365 FQDNs and IP ranges) – or the explicit – is bypassed from the VPN tunnel and bypasses the VPN tunnel to the internet direct 

In Zero Trust remote access, this paradigm changes to a notion of: 

• The default route (0.0.0.0/0) – or the implicit – is not sent via the VPN tunnel back to the corporate WAN 
• Every corporate application – or the explicit – is sent on a case-by-case basis down the VPN tunnel towards the corporate WAN 

Adding to this, such VPN tunnels are often temporal in nature and instantiated per-application-request rather than running akin to a singular, long-running IPsec or SSL VPN tunnel session. 

How an organisation can drive the adoption journey

An organisation’s Zero Trust journey begins with understanding what Zero Trust offers. Conceptually, Zero Trust accomplishes this by removing implied trust from any device or user attempting to access resources on a network. Instead of trusting devices based on their location or IP address range as in traditional perimeter-based security models, Zero Trust verifies each request as though it originates from an untrusted network. This verification process includes authentication checks such as multi-factor authentication (MFA), authorisation checks such as role-based access control (RBAC), endpoint health checks such as patch level compliance monitoring or antivirus signature status monitoring. With hybrid working being the norm, compliance requirements that ensure the security of data and resources can be met through ZTNA by providing audit logs and access reports. 

How CACI can support your Zero Trust Network Access adoption

Just as no two organisations look the same, neither do any two Zero Trust Network Architectures or approaches. The entire point of Zero Trust is to wrap in your specific business context and nuances into your technology estate. At CACI Network Services , we have deep heritage and expertise with organisations and networks all the way from SME up to enterprise and public sector. We are well placed to help you get to grips with ZTNA and associated microsegmentation cybersecurity technologies. 

Get in touch with us today and let us help you on your Zero Trust journey. 

Network Automation and NetDevOps are hot topics in the network engineering world right now, but as with many new concepts, it can be confusing to decipher the meaning from the noise in the quest to achieving optimal efficiency and agility of network operations.

A useful starting point would be to first define what network automation is not:

• Network automation is not just automated configuration generation or inventory gathering
• It is not just using the same network management system (NMS) as today but faster
• It is not just performing patching and OS upgrades faster, or network engineers suddenly becoming software developers
• Network automation is not going to work in isolation of changing lifecycle and deployment processes, nor is it a magic toolbox of all-encompassing applications, frameworks and code.

At CACI, we view network automation as both a technology and a business transformation. It is as much a cultural shift from legacy deployment and operations processes as it is a set of tools and technology to implement speed, agility and consistency in your network operations. Infrastructure is changing fast, and with Gartner reporting 80% of enterprises will close their traditional data centres by 2025, the only constant in networking is that change will persist at faster clip.

So, how does Network Automation work? What differentiates network automation from NetDevOps? What difference can it make to modern IT operations, and which best practices, technologies and tools should you be aware of to successfully begin your network automation journey?

How does Network Automation work? 

Network Automation implements learnings from DevOps developments within the software development world into low-level network infrastructure, using software tools to automate network provisioning and operations. This includes techniques such as:

• Anomaly detection
• Pre/post-change validation
• Topology mapping
• Fault remediation
• Compliance checks
• Templated configuration
• Firmware upgrades
• Software qualification
• Inventory reporting.

In understanding how these differ from traditional network engineering approaches, it is important to consider the drivers for network automation in the post-cloud era – specifically virtualisation, containerisation, public cloud and DevOps. These technologies and approaches are more highly scaled and ephemeral than traditional IT Infrastructure, and are not compatible with legacy network engineering practices like:

• Using traditional methodology to manage infrastructure as “pets” rather than “cattle”
  • Box-by-box manual login, typing CLI commands, copy-pasting into an SSH session, etc.
• “Snowflake networks” which don’t follow consistent design patterns
• Outdated (or non-existent) static network documentation
• Lack of network validation and testing.

Network automation aims to change all this, but to do so, must overcome some obstacles:

• Cross-domain skills are required in both networking and coding
• Some network vendors do not supply good API or streaming telemetry support
• Screen scraping CLIs can be unreliable as CLI output differs even between products of the same device family.
• Cultural resistance to changes in both tooling and practice
• Lack of buy-in or sponsorship from the executive level can compound these behaviours.

What differentiates network automation from NetDevOps? 

You may also have heard of “NetDevOps” and be wondering how – or if – this differs from network automation. Within CACI, we see the following key differences:

We often see our clients use a blend of both in practice as they go through the automation adoption curve into the automation maturity path, from ad-hoc automation, through structured automation, into orchestration and beyond:

What difference can network automation make to modern IT operations? 

Network automation aims to deliver a myriad of business efficiencies to IT operations, helping reduce labour and hours worked, time to deploy and operational costs while improving performance and agility. This has proven to be transformational across our wide and varied client base, with improvements demonstrated in the following ways: 

Increased efficiency 

Much of networking is repetition in differing flavours – reusing the same routing protocol, switching architecture, edge topology or campus deployment. A network engineer is often repeating a task they’ve done several times before, with only slight functional variations. Network automation saves time and costs by making processes more flexible and agile, and force-multiplying the efforts of a network engineering task into multiple concurrent outputs.

Reduced errors 

Networking can be monotonous, and monotony combined with legacy deployment methodology can cause repetition of the same error. Network automation reduces these errors – particularly in repetitive tasks – to lower the chances of reoccurrence. When combined with baked-in, systems-led consistency checking, many common – but easily-avoidable – errors can be mitigated.

Greater standardisation

Networks are perhaps uniquely both the most and least standardised element of the IT stack. While it is easy to have a clean “whiteboard architecture” for higher-level concerns such as application development, the network must often deal with the physical constraints of the real world, which, if you’ve ever tried to travel to a destination you’ve not been to before, can be messy, confusing and non-sensical. Network automation ensures the starting point for a network deployment is consistent and encourages system-level thinking across an IT network estate over project deployment-led unique “snowflake” topologies.

Improved security 

Increased security often comes as a by-product of the standardisation and increased efficiency that network automation brings. Most security exploits are exploits of inconsistency, lack of adherence to best practice or related – which ultimately pivot around “holes” left in a network (often accidentally) due to rushing or not seeing a potential backdoor, open port, misconfiguration or enablement of an insecure protocol. When combined with modern observability approaches like streaming telemetry and AIOps, network automation can help enforce high levels of security practice and hardening across an IT estate.

Cost savings

Given its position as the base of the tech stack, the network is often a costly proposition – with vertically-integrated network vendors, costly telco circuit connectivity, expensive physical world hosting and colocation costs, and so on – the network is often a “get it right first time” endeavour which can be cost-prohibitive to change once live and in service. Network automation encourages cost savings through the creation of right-the-first-time and flexible network topologies and in performing design validation which can minimise the amount of equipment, licensing, ports and feature sets required to run a desired network state.

Improved scalability

As both consumer and enterprise expectations of scale are set by the leading web scalers of the world, the enterprise increasingly expects the flexibility to scale both higher and lower levels of the IT stack to larger and more seamless sizes, topologies and use cases. Network automation aids in achieving this through the enforcement of consistency, modularisation, standardisation and repeatability for network operations.

Faster service delivery

IT service delivery is increasingly moving away from being ticket-led to self-service, with the lower-level infrastructure elements expected to be delivered much faster than the traditional six-to-eight-week lag times of old. As telco infrastructure moves through a similar self-service revolution, so too does the enterprise network require the ability for self-service, catalogue-driven turn-up and modularised deployment. Network automation enables this by optimising network performance to the required parameters of newer services and applications in the modern enterprise.

What are the best practices for network automation?

Network automation is as much a cultural transformation as it is a technology transformation. Much as DevOps disrupted traditional ITIL and waterfall approaches, NetDevOps similarly disrupts current network engineering practices. We find the following best practices to be beneficial when moving towards network automation:

Choose one thing initially to automate

• Pivot around either your biggest pain point or most repetitive task
• Don’t try to take on too much at once. Network automation is about lots of small, repeated, well-implemented gains which instil confidence in the wider business
• People love automation, they don’t want to be automated. The biggest barrier to adopting automation will be keeping colleagues and stakeholders on-side with your efforts by showing the reward of that they provide to them and to the wider business.

Choose tooling carefully

• Stay away from the “latest shiny” and pick open, well-used tools with large libraries of pre-canned vendor, protocol and topology integrations, and human-readable configuration and deployment languages
• Maintain your specific business context during tool selection
• Think ahead for talent acquisition and retention – writing custom Golang provisioning application might be handy today, but you could struggle to get others involved if the author decides to leave the business.

Optimise for code reusability

• Build and use version control systems such as Git, GitHub and Azure DevOps from day one and encourage or even mandate their use
• Advocate for the sharing of functions, modules, routines and snippets written within code, runbooks, IaC and state files within scrapbooks and sandpits. The flywheel of productivity increases exponentially within NetDevOps as increasingly more “we’ve done that before” coding and practices accelerate the development of newer, more complex routines, IaC runbooks and functions
• Code should be written with reuse and future considerations in mind. While it may be tempting to “save ten minutes” so as to not functionise, modularise or structure code, this will catch up with you in the future.

Use templating for configuration generation

• Templating programmatically generates the vendor-specific syntax for a network device based on a disaggregated, vendor-neutral input format (such as Jinja2, Mako or Markdown) which is later combined with data (such as specific VLANs, IP Addresses or FQDNs) to generate the vendor-specific syntax (such as Cisco IOS, Arista EOS or Juniper Junos) for the network device
• The act of creating the templates has an added by-product of forcing you to perform design validation. If your design document doesn’t have a section covering something you need template syntax for, it could well be due for an up-issue
• Templates become a common language for network intent that are readable by all network engineers regardless of their individual network vendor and technology background, aiding in time to onboard new staff and ensuring shared understanding of business context around the IT network.

Which tools, frameworks and languages enable network automation?  

There are a myriad of network automation tools, frameworks, languages and technologies available today. DeThere are a myriad of network automation tools, frameworks, languages and technologies available today. Deciphering these can be confusing, but a good starting point is categorising the distinct types of network automation tooling available:

Network Configuration and Change Management (NCCM)

• Enable patching, compliance and deployment (rollout)
• Often align to network management systems (NMS) or BSS/OSS (Telco space)

Network Orchestration

• Enable programmatic device access (CLI, API, SSH, SNMP)
• Often align to DevOps engineering usage

Policy-based Automation

• Abstract network device box-by-box logic into estate-wide, policy-driven control
• Often align to industry frameworks and controls (SOC2, HIPAA, CIS, PCI/DSS)

Intent-Based Networking Systems (IBNS)

• Translate business intent through to underlying network configuration and policy
• Are starting to become the “new NMS”

It would be exhaustive to list all possible tools, frameworks and languages available today, but these are some of our most seen within our client base today. Our current favourites can be seen in What are the most useful NetDevOps Tools in 2023?:

Tools

• Terraform – An open-source automation and orchestration tool capable of building cloud, network and IT infrastructure based on input Infrastructure as Code (IaC) code via HCL (HashiCorp Configuration Language) that defines all attributes of the device and configuration blueprint required. Terraform is highly flexible and has a vast array of pre-built modules and providers for most network engineering concerns via the Terraform Registry.
• Ansible – An open-source automation and orchestration tool typically used to configure within the device rather than provision the underlying Baremetal or cloud infrastructure the cloud, network or IT device sits atop, which is based on input IaC code via YAML that defines the attributes and device configuration required. Ansible is versatile and has a large cache of pre-built runbooks and integrations for network engineering concerns via Ansible Galaxy.
• NetBox – The ubiquitous, open-source IP Address Management (IPAM) and Data Centre Infrastructure Management (DCIM) tool, which acts as the Network Source of Truth (NSoT) to hold a more detailed view of network devices, topology and state than could be achieved via alternative approaches such as spreadsheet or CMDB. NetBox is highly customisable, with a rich plugin ecosystem and customisable data models via YANG to adapt around business-specific topology data models.
• Git – The de facto version control system, which is the underlying application that powers GitHub and GitLab and supplies a mechanism to store IaC, configuration and code artefacts in a distributed, consistent and version-controlled manner. Git is pivotal in enabling the controlled collaboration on network automation activities across a distributed workforce while maintaining the compliance and controls required within the enterprise environment.
• Nornir – An automation framework written in Python to automate a network, streamlining and simplifying automation for network engineers already versed in Python.

Frameworks 

• Robot framework: A generic test automation framework allowing network automation code and IaC runbooks to run through acceptance testing and test-driven development (TDD) via a keyword-driven testing framework with a tabular format for test result representation. It is often used in conjunction with tools such as pyATS, Genie, Cisco NSO and Juniper NITA.
• PEP guidelines: Short for Python Enhancement Proposals (PEP), these are to Python what RFCs are to network engineering, and provide prescriptive advice on setting out, using, structuring and interacting with Python scripts. The most commonly known of these is the PEP8 – Style Guide for Python.
• Cisco NADM: The Cisco Network Automation Delivery Model (NADM) is a guide on how to build an organisation within a business around an automation practice, addressing both the human aspect as well as some of the tooling, daily practices, procedures, operations and capabilities that a network automation practice would need to take traction in an IT enterprise landscape.

Languages

• Python: The de facto network automation coding language, utilised as the underlying programming language in tools from NetBox, Nornir, Batfish, SuzieQ, Netmiko, Scrapli, Aerleon, NAPALM and more, popularised by its extensive network engineering-focused library within PyPi. Python is the Swiss army knife of NetDevOps, able to turn its hand to ad-hoc scripting tasks through to full-blown web application development using Flask or API gateway hosting using FastAPI.
• Golang: An upcoming programming language, which benefits over Python in terms of speed via a compiler-based approach, parallel-execution, built-in testing and concurrency capabilities when compared to Python. On the downside, it has a significantly steeper learning curve than Python for new entrants into the realm of development and has far fewer network engineering library components available to use.

What does the future of network automation look like? 

Machine learning (ML) in conjunction with AI are becoming increasingly embedded into network operations and the demand for network automation and NetDevOps professionals is undoubtedly on the rise. This is a trend that we at CACI expect to continue as budgetary pressures from the macroeconomic climate accelerate and trends like artificial intelligence (AI) begin to challenge the status quo and push businesses to deliver seamless, scalable network fabrics with more expectation of self-service and less tolerance of outage, delay or error. With this, automation will continue to shift from reactive scripts to intelligent networking capabilities. 

We see more of our clients moving up through the automation maturity path towards frictionless and autonomous network estates and expect this to accelerate through the coming years with ancillary trends such as NaaS (Network as a Service), SDN (Software Defined Networking) and NetDevOps set to continue and embed the NetEng Team firmly into the forthcoming platform engineering teams of tomorrow. 

How can CACI help you on your network automation journey?

With our proven track record, CACI is adept at a plethora of IT, networking and cloud technologies. Our trained cohort of high calibre network automation engineers and consultants are ready and willing to share their industry knowledge to benefit your unique network automation and NetDevOps requirements. We are a trusted advisor that ensures every team member is equipped with the necessary network engineering knowledge from vendors such as Cisco, Arista and Juniper, along with NetDevOps knowledge in aspects such as Python for application Development, NetBox for IPAM and NSoT, Git for version control, YAML for CI/CD pipeline deployment and more.

Our in-house experts have architected, designed, built and automated some of the UK’s largest enterprise, service provider and data centre networks, with our deep heritage in network engineering spanning over 20 years across a variety of ISP, enterprise, cloud and telco environments for industries ranging from government and utilities to finance and media.

Get in touch with us today to discuss more about your network automation and NetDevOps requirements to optimise your business IT network for today and beyond.

Managing multiple vendors has become a logistical nightmare for many businesses as the tech landscape evolves. Between ballooning vendor lists, overlapping services and spiralling costs, the need for effective vendor consolidation has become greater than ever. 

Vendor consolidation isn’t just a trend, it’s a strategic move that empowers businesses to optimise their systems, reduce operational inefficiencies and drive meaningful cost savings. If your business is looking to achieve cost optimisation and streamline operations, this blog outlines the five key steps CACI recommends taking to successfully execute vendor consolidation. 

What is vendor consolidation and why does it matter? 

Over the past decade, IT innovation has led to an explosion of niche solution providers with expert capabilities. With the number of tech vendors increasing tenfold from 2012 to 2023, multi-vendor models that have worked in the past now introduce complexities, redundancies and inflated management costs. By consolidating vendors, businesses can: 

• Simplify vendor relationships 
• Improve service integration 
• Strengthen security postures 
• Reduce shadow IT risks 
• Achieve significant cost efficiencies. 

However, rushing into consolidation without a thoughtful approach can create more problems than it solves, which is why a strategic framework is essential. 

CACI’s five key steps to perfecting a vendor consolidation strategy 

Define your vendor consolidation goals 

The first step to successfully consolidating is clearly defining what the goals and desired outcomes are. 

Are you aiming to: 

• Lower operating costs?
• Streamline vendor management?
• Reduce security vulnerabilities?
• Improve service quality? 

Before taking action, identify your pain points, consider future growth strategies, assess regulatory compliance requirements and prioritise your goals. Your consolidation efforts must align with broader business strategies, not just short-term savings. These factors will then guide the entire process and help measure success once the consolidation is complete. 

A clear vision will provide a roadmap to measure success once the transition is complete. CACI works across multiple verticals and is well placed to advise on and provide industry best practise. We can complete a requirements assessment to support this step to align with a business’ goals and provide a strong foundational step for consolidation. 

Assess your current vendor landscape 

Before you optimise, you must diagnose. 

Large and varied vendor estates often result from aggressive growth periods, prioritising expansion over efficiency. This leads to underutilised software, overlapping services and unmanaged contracts, complicating the accurate measurement of the value being brought to the business. 

A strategy must therefore begin with assembling a detailed inventory of: 

• Vendors 
• Products/services 
• Service-level agreements (SLAs) 
• Contract expiration dates 
• Internal stakeholders. 

Once the full landscape has been mapped, a deep analysis of how each product is performing should be completed and each vendor should be evaluated through both objective and subjective lenses: 

Objective evaluation: 

• SLA performance 
• Incident history 
• Service costs versus delivered value 
• Service duplication across vendors 
• ROI and proven cost savings to date. 

Subjective evaluation: 

Vendor flexibility, transparency, and reputation. 

Strategic importance to your business 

User experience and training support 

Gathering this information and conducting interviews with key users will help build a holistic vendor profile. Knowing who truly delivers value and who doesn’t will guide strategic decisions. Considering security architecture will further impact strategic decision-making. Firewalls, for example, are vital as the first line of defence against cyber threats. However, businesses can often manage a diverse array of firewalls from multiple vendors. This flexibility can complicate security and compliance due to organic security policy growth from new applications and services, rapid deployment of policy changes to meet project deadlines, temporary fixes to address immediate issues which are not revisited and more.  

To remedy this, CACI’s network automation experts have developed a Firewall Optimisation Assessment to generate actionable insights, analysis and remediation suggestions for network security appliance configuration. With over 20 years of operational experience in network security engineering across many businesses, we undertake assessments across leading security device vendors including Palo Alto, Fortinet, Cisco and Checkpoint.

Are you confident that your firewall configurations are consistent and easy to manage? That there are no security weaknesses such as overly permissive policies or insecure protocols? That the rulebase is necessary and not leftover from testing? That the policies are configured according to industry best practice? If not, CACI can help.

Our Firewall Optimisation Assessment offers many benefits, including:

• Identification of security weaknesses
• Increasing operational efficiency
• Eliminating the need for reworking firewall RFC change requests
• Scaling your firewall for security posture
• Validating your security posture against known assessment criteria
• Progressing towards implementing governance-as-code.

Communicate your goals and priorities to vendors

Transparency with current vendors is crucial. By communicating goals, priorities and current challenges to vendors, more information can be gathered on the full capabilities of what each product and service can offer. Through this, opportunities for expanded partnerships or service integrations can also arise. Key areas to examine include: 

• Managed services experience 
• Industry expertise 
• Service range and frameworks 
• Innovation capacity 
• Governance standards 
• Global and local resource presence. 

Often, a single vendor may offer additional services you currently purchase from others. At CACI, we regularly uncover these overlaps, offering clients enhanced solutions across network services, logistics, and mar-tech platforms. 

Tip: Use third-party analyst reports like Gartner Magic Quadrants to benchmark vendor capabilities against the broader market. 

Develop and implement a transition plan 

With insights in hand, it’s time to build your strategy. 

Prioritise vendors that: 

• Can cover multiple service areas 
• Maintain high standards of quality, security, and support 
• Offer strategic partnerships, not just transactional relationships. 

At this stage, address critical risk factors: 

• Contractual obligations and penalties 
• Regulatory and compliance impacts 
• Potential downtime risks. 

Perform a thorough ROI analysis, weighing financial metrics alongside strategic benefits like increased agility, improved compliance posture, and enhanced integration. This risk assessment will significantly improve the efficacy of the transition plan and prevent new challenges from emerging during the consolidation process. 

Best practice: Phase your transition for minimal disruption. Pilot smaller changes before scaling consolidation efforts across the business. 

Continuously monitor and optimise 

Vendor consolidation isn’t a “set it and forget it” process. Ongoing monitoring and tracking is key. 

Establishing clear KPIs and SLA benchmarks to measure vendor performance will contribute hugely to the successful management of ongoing, optimal operations. Conduct annual evaluations to: 

• Identify new consolidation opportunities 
• Validate vendor alignment with business goals 
• Maintain cost and performance optimisation. 

Regular reviews foster a culture of continuous improvement, ensuring your vendor strategy evolves alongside your business.
CACI offers both shared and dedicated managed services which can provide 24/7 monitoring, helping businesses continuously improve, develop and innovate to achieve optimisation goals. 

Common pitfalls to avoid during vendor consolidation 

While consolidation offers powerful benefits, be mindful of these common mistakes: 

• Over-consolidating: Diversification can mitigate risk. Avoid relying solely on one provider for critical systems. 
• Underestimating transition complexity: Budget time and resources for integration, training and risk mitigation. 
• Ignoring stakeholder input: Early engagement with users ensures buy-in and identifies potential friction points. 
• Focusing only on cost: Strategic value, security posture and service quality must weigh heavily in decisions. 

By navigating these challenges thoughtfully, you can realise maximum benefits without unintended setbacks. 

How CACI can help you master vendor consolidation 

At CACI, we understand that vendor consolidation is more than an operational exercise — it’s a strategic transformation. Our team partners with businesses to: 

• Map vendor ecosystems 
• Identify strategic partners 
• Design transition roadmaps 
• Mitigate consolidation risks 
• Drive operational efficiencies.

Ultimately, any consolidation exercise needs to enhance a business’ capabilities, increase efficiencies and drive agility. If, based on these considerations, your business is ready to move forward with strategic vendor consolidation, CACI is working with multiple clients to explore and implement strategies to optimise their systems, improve operational inefficiencies and drive cost-effectiveness. Ready to elevate your vendor consolidation game? 

Contact CACI today to learn more about our tailored vendor consolidation strategies and how they can help you streamline operations, enhance resilience and position your business for future growth.

Cisco have recently complemented their various Training and Learning Platforms (including Cisco Digital Learning, Cisco Learning Network and Cisco Live) with a new user-friendly offering: Cisco U. While some of the content is pricy, we’ve found some completely free-of-charge network automation courses that we think you should know about. 

What are the Cisco U pricing plans?

Unlike other Cisco training platforms, no special user account is required– just use the same Cisco Connection Online (CCO) account you currently use as a NetEng to login to the main Cisco Portal for activities such as Cisco Certification Tracker, Cisco Software Downloads and Cisco TAC Case Manager. 

Cisco U currently has three Pricing Plans: 

1. Cisco U Free – £0 per year 
2. Cisco U Essentials – ~£1,200 per year (or 15 Cisco Learning Credits) 
3. Cisco U All Access – ~£3,800 per year (or 48 Cisco Learning Credits) 

Generally, the difference between the subscription levels is around the specialism of content available. For more interactive and live tutorial content, higher subscription levels are required. As a summary of the differences: 

Note: Cisco Learning Credits (CLC) are prepaid vouchers that you may already have an allowance of if you act as a Cisco VAR (value-added reseller) or have a large enough Cisco contract. 

What free content is available? 

Although some of those prices may seem a little steep for individuals, there is a great deal of free content available within the network automation realm, especially for those looking to learn about topics such as: 

• Practices: NetDevOps, pipelines, pull requests, version control, CI/CD 
• Data Structures: YANG, YAML, JSON, XML 

• Coding: Python, PIP, PyPI, Netmiko, pyATS, Genie, EXPRESSO, Bash 
• Tooling: Ansible, Terraform, Cisco NSO, Vim, Linux, API 
• Protocols: gNMI, RESTCONF, NETCONF, REST API 

Here’s a curated summary of some of our favourite and completely free of charge courses: 

What does the future of Cisco Learning look like? 

This looks like a promising step in consolidating all the disparate Cisco Learning platforms, systems and content into one centralised, easily-searchable and visually-appealing place. Sure, the pricing may seem steep at present – and as an individual general network engineering learner, you’d get better bang for your buck going via CBT Nuggets, INE, Pluralsight or Udemy – but for free network automation-specific content, Cisco U is a surefire winner for anyone wanting to break into the world of NetDevOps. 

How CACI can supplement your network automation efforts

In the midst of a network automation initiative and struggling to get the right NetDevOps-qualified professionals to help drive your latest automation, dashboard or observability project forward?

Let us help and see how your business can fully utilise our talented NetDevOps NRE, SRE, developer, automation and coding experts to cut through your engineering backlogs. 

In our increasingly digital world, safeguarding the digital infrastructure and information systems that uphold financial companies is now critical. Two key regulatory frameworks, DORA and NIS2, have emerged as essential regulations designed to enhance the protection of financial companies’ operations and systems.

In the first of our series of blogs, we introduced the topic of DORA and NIS2 and explained the new financial regulations. Here I will be exploring how these regulations will impact UK financial companies.

DORA applies to a range of financial institutions including banks, investment companies, payment service providers and critical third-party service providers that operate within the EU. UK-based operators that service the EU market must therefore comply with DORA and NIS2.  

Companies that fall under this scope will be impacted in the following ways: 

Broader compliance requirements 

UK-based financial companies that service the EU must comply with the new requirements set out by DORA and NIS2 that intend to improve operational resilience and cybersecurity. These requirements include third-party security management, supply chain risk, vulnerability disclosure practices, risk management measures, incident reporting and more.

The stiffened regulatory oversight and supervision as a result of this causes UK companies to have to reassess their operational processes and reporting mechanisms and develop a risk management framework.  

Harmonising cybersecurity measures

NIS2 aims to harmonise cybersecurity measures across the EU, including UK operators that service the EU market, to maintain a consistent level of cybersecurity and resilience. This harmonisation will align UK companies with the cybersecurity standards and practices of other EU member states. UK financial companies may need to create incident response plans or revisit their existing reporting mechanisms to adhere to this.  

Standardising and strengthening operational resilience DORA prioritises the maturity of cyber, operational and technology resiliency in financial companies. It consolidates regulatory initiatives and aligns with the Bank of England, Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) requirements, strengthening operational resilience in the financial services sector.

UK financial companies will need to create extensive testing programmes to guarantee the resilience of their systems and perform gap analyses to align with DORA’s latest requirements.  

Varying impact on distinct types of firms 

DORA’s impact will vary based on the size and maturity of financial companies. For example, established multinational banks with existing operational resilience strategies may face minor impact.

On the other hand, smaller banks, fintech companies, insurance firms, fund management firms and wealth management firms may require substantial strategy changes and a redistribution of resources to meet DORA’s requirements.  

Promote information sharing 

DORA encourages a collaborative culture among financial companies by promoting the exchange of cyber-threat information and intelligence. This proactive approach strengthens the overall resilience of the financial sector.  

Impact on ICT third-party service providers

DORA not only applies to regulated financial companies, but also has implications for the ICT third-party service providers that support them. Providers of cloud computing services, software, data analytics and data centres must comply with DORA, ensuring a level playing field for all. UK financial companies must align with each ICT service partner to assess and document any potential associated risk and ensure their contracts include all key elements.  

Incident reporting & response management

DORA mandates UK financial companies to report any major ICT-related incidents to local authorities. It also stipulates the reporting of any cyber threats on a voluntary basis, and to inform customers of incidents.

With this in mind, UK financial companies will need to revisit their supplier contracts to ensure they meet all incident response requirements including identifying and recording all incidents, reporting to regulators within designated timeframes and pursuing remediation action.  

Impact of NIS2 on US financial companies 

While NIS2 is a regulation specific to EU member states, its impact can still be felt in financial companies across the US. Compliance with regulations in the US is overseen by agencies including the Securities and Exchange Commission (SEC), the Consumer Financial Protection Bureau (CFPB) and more.

NIS2’s implementation means that certain US companies operating within the EU or that conduct business with EU member states will need to align their cybersecurity and information security practices to ensure NIS2 compliance is maintained.

Compliance is not only mandatory, but is strongly encouraged for financial companies that wish to retain their customers’ and investors’ trust. 

How can CACI help?

With over 20 years’ experience in helping deliver effective IT and security strategies to financial companies, CACI can help you navigate the changes and challenges brought on by DORA. Our experienced security and compliance experts can bolster your understanding of your network assets, help you conduct maturity assessments, address compliance gaps regarding the fulfilment of DORA implementation requirements, and much more.  

For further insight into the impact of DORA and NIS2 on financial companies in the UK, key considerations for senior management and best practices for achieving compliance, please read our whitepaper “Compliance with DORA and NIS2: Essential steps for UK financial companies”. You can also get in touch with the team here.

Following the recent announcement of Cisco creating its own Continuing Professional Development (CPD) scheme, the Cisco Continuing Education Program, it is now possible to recertify your CCNP or CCNA certification using an exam-free approach. With some studying and time applied, this can even be done free of charge! So, what are the credits you can earn for recertification and how do you go about earning them? 

What is a CE credit? 

Cisco Continuing Education Credits (CE Credits) is a programme that offers Cisco certification holders flexible options to recertify by completing a variety of eligible Continuing Education (CE) items. The programme is designed to help professionals stay up to date with the latest technologies and trends in the industry, including Python, network automation, NetDevOps and beyond. CE credits are similar in form to CPD points seen in other fields, and can be earned through the following means: 

• Attending online training courses in Cisco Learning Network 
• Taking online training courses in Cisco Digital Learning 
• Attendance of in-person events at Cisco Live conferences 
• Watching online webinars on Cisco Product Launches 

How can you earn CE credits? 

The amount of CE credits earned will depend on the type of activity and its duration. For example, you can earn 12 CE credits for a 14-hour Cisco course delivered via the Cisco Digital Learning platform or earn a generous 40-65 credits for attending a five-day Cisco instructor-led training course offered by authorised Cisco Learning Training Partners. You can also earn small amounts of “top up” credit here and there through ad-hoc, time-bound initiatives. 

How points contribute towards certificate renewals 

The CE Credit process has some legwork to it, as CE Credit issuance isn’t automatic. The process roughly looks as follows: 

1. Attend the training session, course or webinar for its full duration.
2. Note down the official course name, date when you began and date when you finished. 
3. For online courses, you should expect to receive a completion certificate at the end, which is a PDF document with a certificate number in it. You’ll need this certificate validation code later on.  
4. Log in to the Cisco CE Credit User Portal with your Cisco.com CCO account and click “Submit Items” in the top right side to enter the details of the training course, webinar or online learning you have completed. 
5. Ensure you have the course name, start date, end date and certificate validation code and PDF version of the Completion Certificate to hand to submit.
6. Wait a few days for the credit status to change from “Pending” to “Earned” on the Cisco CE User Dashboard. 

Within 24-48 hours, your CE Credits will then also show against your Cisco CertMetrics under Certifications -> Cert Status -> Pick your CCNP/CCNA Certificate -> View More. This shows the progress these points make towards the recertification, where the following table is handy to know: 

Certification 

Renewal Period 

Renewal (CE Credit-only) 

Renewal (Exam + CE Credit) 

Associate (i.e. CCNA) 

3 years 

Earn 30 CE credits 

Specialist 

3 years 

Earn 40 CE credits 

Professional (i.e. CCNP) 

3 years 

Earn 80 CE credits 

Earn 40 CE credits + Pass 1 Professional exam 

Expert (i.e. CCIE, CCDE) 

3 years 

Earn 120 CE credits 

Earn 40 CE Credits + Pass 1 Technology exam(OR)Earn 40 CE Credits + Pass 2 Professional exams(OR)Earn 80 CE Credits + Pass 1 Professional exam 

Activity 

Type 

Credits 

Expiration Date 

Cost 

Rev Up to Recert: Python 

Online Videos 

15 CE Credits 

April 20 2023 

£free 

Cisco DevNet Associate Fundamentals 

Online Course 

48 CE Credits 

April 30 2023 

£99 

How CACI can support your recertification process

If you need qualified Cisco professionals to help your business thrive, why not get in touch to see how we can help you fully utilise our talented CCNA, CCNP, CCIE and other vendor expertise for your business network. 

Cisco IOS and Nokia SR Linux are two popular operating systems used in networking. While both have their strengths, they differ in several ways– SR Linux is chiefly a microservices-led, containerised network operating system (NOS), while Cisco IOS is a monolithic NOS, with Cisco having made enhancements to their approach in the NOS under IOS-XR, IOS-XE and NX-OS. So, what are the main differences between these two operating systems, and how do you know which one is right for you and your business? 

Breaking down the differences between Cisco IOS and Nokia SR Linux

Architecture

One of the main differences between Cisco IOS and Nokia SR Linux is their architecture. Cisco IOS is a monolithic operating system, meaning that all features are integrated into a single image. This can make it difficult to upgrade or modify specific features without affecting the entire system. In contrast, Nokia SR Linux is a modular operating system, which allows for more flexibility in upgrading or modifying specific features without affecting the entire system. 

Command-line interface (CLI) 

Another difference between the two operating systems is their command-line interface (CLI). Cisco IOS uses a proprietary CLI that can be difficult to learn and use for those who are not familiar with it. On the other hand, Nokia SR Linux uses a standard Linux CLI that is more familiar to many users. 

Security features & capabilities 

In terms of security, both operating systems have strong security features. However, Cisco IOS has been around longer and has had more time to develop its security features. Additionally, Cisco has a larger market share than Nokia in the networking industry, making it a bigger target for hackers. 

Support and documentation 

Another difference between the two operating systems is their support and documentation. Cisco has an extensive support network and documentation library due to its large market share. In contrast, Nokia’s support network and documentation library may not be as extensive due to its smaller market share. 

Containerlab.io and SR Linux 

Containerlab.io is an open-source tool that supplies a CLI for orchestrating and managing container-based networking labs. It allows users to create virtual network topologies using Docker containers, making it easy to test and experiment with different network configurations.  

One of the main benefits of Containerlab is its ease of use. It provides a simple command-line interface that allows users to quickly create and manage container-based networking labs. Users can specify the number of containers they want to create, the type of network topology they want to use and other configuration options. 

The open-source project is backed by Nokia SR Linux and has a great deal of flexibility in supporting a wide range of containerised routers, including FRRouting, Quagga, Bird, Juniper and others. It enables network engineers to experiment with different routing protocols and configurations as well as virtual wiring, VNETs, VXLAN and other topologies. Not to mention, it’s easy to integrate with network automation tools such as Ansible and Terraform. 

How can CACI help you choose between the two? 

Both Cisco IOS and Nokia SR Linux have their strengths and weaknesses, and they differ in several ways– their architecture, CLI, security features and support/documentation. Ultimately, choosing between the two will depend on individual needs and preferences. 

Why not get in touch to see how we can help your business fully utilise data centre network operating systems (NOS) such as Cisco IOS, IOS-XE, IOS-XR, Nokia SR Linux and others. 

Entering a new era of communications security

Following the introduction of the Telecommunications (Security) Act in November 2021, telecommunications providers large and small must now comply with ‘one of the toughest telecoms security regimes in the world’ or risk financial penalties up to £10m.

The UK government has marked out ambitious targets to connect 15 million premises to full fibre by 2025, with nationwide connection expected to be delivered by 2033. While much of the population is to be covered by 5G networks by 2027.1 Bringing far more than just increased speed, 5G will soon be central to daily life in the UK – from connective vehicles to smart factory production lines.

Yet, as the advancement in network technology accelerates and becomes further embedded in our daily lives, the threats posed from nation states and cyber criminals continue to grow. Research by Skybox Security reported a 106% increase in malware and a record-breaking 18,341 new vulnerabilities in 2020.2 Despite this, findings from the 2019 UK Telecoms Supply Chain Review Report carried out by the Department for Digital, Culture, Media & Sport (DCMS) revealed that there was little to incentivise communications providers to manage cyber security risks.

Additionally, the lack of diversity across the UK telecoms supply chain raises the possibility of critical national infrastructure balancing on single suppliers, posing a range of risks to the security and resilience of UK telecommunications networks.

Introduced into UK law in November 2021, the UK Telecommunications (Security) Act aims to tackle the risks highlighted in the Telecoms Supply Chain Review Report by raising the bar on telecommunications network security. A core element of The Act is the establishment of a new regulatory framework for telecommunications security. The framework comprises three key components:

1. New Telecoms Security Requirements (TSR)

At the heart of the framework, the TSR marks a significant shift away from The National Cyber Security Centre (NCSC)’s now closed telecoms assurance standard model known as CAS(T). Overseen by Ofcom and Government, the new requirements will provide clarity on how providers will be expected to design and manage their networks to ensure they’re meeting the new higher bar of network security standards.

2. Establishing an enhanced legislative framework

In addition to statutory compliance of the TSR, the Act strengthens Ofcom powers to enable monitoring and assessment of operators’ security. This is to include technical testing, interviewing staff, and entering providers’ premises to view equipment and documentation. Failure to meet the new legal duties could leave providers facing hefty fines of up to ten per cent of turnover, or £100,000 per day if directives continue to be contravened.

3. Managing the security risks posed by suppliers

Telecommunications providers will need to ensure that they are managing the security risks posed by all suppliers. This will be addressed by:

• Working closely with vendors on assurance testing of equipment, systems, and software
• New powers for the government to impose controls on telecommunications providers’ use of goods, services or facilities supplied by ‘high risk’ vendors.

Security-first is the new mantra across the industry as minimising risks to critical national infrastructure will soon become part of day-to-day operations. Bringing together legal, technical and industry perspectives, this report explores the opportunities and obstacles ahead, and how to chart your course for success in the new security era.

Telecoms (Security) Act: Three Pillars

Key considerations for communications leaders

Clear visibility is critical

Protecting your network, applications and data has never been more critical. However, blind spots, missing data, and the risk of dropped packets make management and protection of these challenging, not to mention the scale and complexity of many providers’ hybrid network infrastructure. Nonetheless, providers must ensure they are able to monitor security across the entirety of their network and can act quickly when issues arise.

Security and service quality will need to be carefully balanced

Whilst enhancing security is the ultimate goal of The Act, this cannot be at the cost of network performance. Outages themselves can put providers in breach of the regulations. Security scans are a key line of defence for network security, helping to identify vulnerabilities which can be exploited if the correct mitigation steps aren’t followed, so ensuring you have a robust vulnerability management process is critical. Incorporating the right vulnerability scanning tools and following the required change management processes to correctly implement tools will help to secure your network whilst minimising any potential performance impact to your existing infrastructure or service outages.

Auditing abilities are a new superpower

Demonstrating compliance with the new legislation may pose a significant challenge to providers, particularly as they attempt to flow down security standards and audit requirements into the supply chain. However, implementation of robust auditing processes to identify and eliminate weaknesses and vulnerabilities are a must for keeping providers on the right side of the regulations.

Knowledge is power

With any significant legislature change comes a period of uncertainty as businesses adapt to change, so getting to grips with the new regulation changes ahead of the game is key. Many providers have already begun the search for talent with the technical skills and experience to deliver their TSR programmes; however, with the jobs market at boiling point, some providers may find utilising external partnerships provides a more practical route to successful delivery as well as a means to upskill and educate internal teams.

You’ll be tested

In 2019, OFCOM took over TBEST – the intelligence-led penetration testing scheme – from DCMS and has been working with select providers on implementation of the scheme. Whether through TBEST or not, providers will be expected to carry out tests that are as close to ‘real life’ attacks as possible.

The difficulty will be in satisfying the requirement: “that the manner in which the tests are to be carried out is not made known to the persons involved in identifying and responding to security compromises.” Providers may need to work with an independent vendor to ensure compliant testing.

Costs are still unclear

While the costs for complying with the new regulations are still undermined, an earlier impact assessment of the proposed legislation carried out by the government indicated that initial costs are likely to be hefty: “Feedback from bilateral discussions with Tier 1 operators have indicated that the costs of implementing the NCSC TSR would be significant. The scale of these costs is likely to differ by size of operator and could be of the scale of over £10 million in one off costs.”

Culture may challenge change

Technology will, of course, be at the forefront of communications leaders’ minds, yet the cultural changes required to successfully embed a security-first mindset are of equal importance and must be considered in equal measure. Change is never easy, particularly when there is a fixed deadline in place; however, delivery that is well designed and meticulously planned is key. Ultimately, the onus will be on leaders to craft a clear vision – achieving network security that is intrinsic by design – as well as mapping out the road to get there.

Roadmap to Compliance: How to prepare for the regulatory road ahead

Identify your gaps

Understanding your current state is the first step in achieving a successful transformation. A full audit of your security strategies, plans, policies, and effectiveness will expose your weaknesses and gaps, enabling you to take the right actions to protect your business and ensure compliance.

Prioritise your most pressing threats

While gathering data can provide better visibility of your network, taking reactive action to lower your risk isn’t the most efficient approach. Establishing levels of prioritisation will ensure your resources are being used to reduce risk in the right areas.

Get the right people in place

From gap analysis to operating model design, programme delivery, and reshoring, it’s likely you’ll need more people in place and new competencies developed. Getting the right partnerships and people now is key to getting ahead.

Plan to avoid legacy issues

Today’s telecommunications industry is built on multi-generational networks and legacy systems continue to underpin critical infrastructure. While extracting these systems is not going to happen overnight, dealing with your legacy should be an integral part of planning

Implement transparent designs

Failing to disclose evidence of a breach could result in a £10m fine, so built in transparency and traceability are key to your programme. Consider the likely information requests that are to come to ensure your design changes enable clear tracking and reporting.

Embed a security-first focus

Mitigating the risks facing the UK’s critical national infrastructure is the driving force behind the TSRs, and telecommunications providers will need to ensure that this mindset is embedded in the everyday. Buy-in from the business is core to any cultural shift, so align your leadership with a shared, cross-functional vision and get some early delivery going to build gradual momentum.

Prepare for future cybersecurity legislation

In November 2021, the Government announced The Product Security and Telecommunications Infrastructure Bill (the PSTI) to ensure consumers’ connected and connectable devices comply with tougher cybersecurity standards. As cybersecurity evolves, so too will the threats to organisations, and telecommunications providers must be prepared for more regulatory oversight.

Embrace the benefits of built-in security

Ultimately, security that is built in rather than bolted on will enable providers to offer better protection and performance for customers, as well as foster trust with greater transparency. While the industry may not have been seeking the Telecoms Security Act, its passing prompts action to remove the constraints of old and reimagine and reshape to seize the opportunities of a new era.

Start your security transformation now: How CACI can help

The Telecoms Security Act is clear – security is everyone’s priority, from executive to employee. However, embedding a security conscious culture from top to bottom requires significant resource and expertise to steer towards success. With the clock already counting down, telecommunications providers are under pressure to begin their TSR compliance journey whilst ensuring that existing change programmes stay on track.

In today’s global market where demand for security resource and competence is fierce and available talent is few and far between, companies may struggle to find the in-house resources and expertise required to meet the new regulations. With over 20 years’ experience in telecommunications, CACI can guide you through the challenges and change brought by the TSR. From auditing your current security and addressing shortfalls to full Telecoms Security Framework implementation guidance and upskilling of your internal resource, our highly experienced security and compliance experts can help prepare your organisation for the new security era.

Contact us

If you’re looking for help with your security needs and TSR compliance, please contact our expert team today.

The Zero Trust Network Architecture deployment cycle

Below is a typical deployment cycle as created by the U.S. National Institute of Standards and Technology. Before you bring ZNTA to your company, you need to first assess your system and user inventory and then perform a business process review to understand the current state of your operations.

After creating the initial inventory, you should put in place a regular cycle of maintenance and updating as well as continuing to evaluate your business processes to progressively improve your architecture.

The Zero Trust Maturity Model

As I said in my previous blogs, Zero Trust is a transformative journey and you must invest considerable time and resources to build a mature Zero Trust Network Architecture. The model below shows you a gradient of Zero Trust implementation across five distinct pillars, where minor advancements can be made over time towards optimisation. It can be described using three stages, with increasing levels of protection, detail and complexity of adoption.

All these descriptions are used to identify maturity for each Zero Trust technology pillar and to provide consistency across the maturity model:

• Traditional – Manual configurations and assignment of attributes; static security policies; pillar-level solutions with coarse dependencies on external systems; least-function established at provisioning; proprietary and inflexible pillars of policy enforcement; manual incident response and mitigation deployment.

• Advanced – Some cross-pillar coordination; centralised visibility; centralised identity control; policy enforcement based on cross-pillar inputs and outputs; some incident responses to predefined mitigations; increased detail in dependencies with external systems and some least-privilege changes based on posture assessments.

• Optimal – Fully automated assigning of attributes to assets and resources; dynamic policies based on automated/observed triggers; assets have self-enumerating dependencies for dynamic least-privilege access (within thresholds); alignment with open standards for cross-pillar interoperability; centralised visibility with historian functionality for point-in-time recollection of state.

Unlike other technologies which are ‘all or nothing’ capabilities, Zero Trust is an extendable spectrum of capability. I know some companies may find it hard to reach the ‘Optimal’ stage because they must invest far more resources than they are comfortable with. Even though their technological capability may be mature enough, their IT team also needs to be upgraded and end-users educated in parallel. Technology and company culture are interdependent.

How CACI can help

CACI has cybersecurity experts who can improve the protection levels of your business. Capabilities include Zero Trust Network Architecture, Threat Analytics, Systems Hardening, Network Analytics and Next Generation Firewalls. We can perform a risk assessment to advise you on what cybersecurity you need.

Together, we can rethink your cybersecurity strategy in this cloud-first world – have you incorporated Zero Trust Model as part of your plan? To build the future of trust from ‘zero’, have a read of our Zero Trust Model whitepaper where we cover everything in this blog series.

Notes:

• [1] Zero Trust Network Architecture (nist.gov)
• [2] Zero Trust Maturity Model (cisa.gov)