The future of networking: secure by design

Network design is being transformed faster than ever, as firms move to meet workers in new environments, apply simplified security on top of complex infrastructure and embrace cloud-native work.

This article is part two of a three-part series, exploring the trends reshaping networking. In part one, we unpacked the rise of cloud-native networking, where service meshes, APIs, and open standards are reshaping connectivity.

However, agility alone is not enough. As threats multiply and data spreads across clouds, branches, and home offices, networks must be secure by design. This means building in zero trust principles, embracing frameworks like secure access service edge (SASE) and security service edge (SSE) , as well as preparing for a quantum-safe future.

In this article, we consider how organizations can navigate these shifts, the barriers they must overcome, and the opportunities that come from treating security as a foundation rather than an afterthought.

Zero trust must be the baseline

The idea that a strong perimeter can protect networks is no longer credible. Remote work, SaaS adoption, and multi-cloud strategies mean attackers can exploit weaknesses far beyond the corporate firewall. Zero trust flips the model, requiring continuous verification of every user, device, and workload.

“Zero trust isn’t a buzzword, it’s a survival strategy,” says Axel Maisonneuve of the BSV Association. He cites the Colonial Pipeline ransomware attack as a stark reminder that a single weak VPN login can bring down critical infrastructure. “The biggest barriers are not technical, but cultural: moving from ‘inside equals safe’ to ‘every access must be verified, always.’ That shift requires leadership buy-in and a willingness to rethink legacy assumptions about trust.”

Kevin Curran, professor of cybersecurity at Ulster University, tells ITPro that while zero trust is realistic, organizations “typically struggle most with identity management, followed by network segmentation”.

“Establishing a robust, centralized IAM is challenging,” he says. “Weak identity governance leads to vulnerabilities that an attacker could exploit.”

Alan Stewart-Brown, VP EMEA at Opengear, adds that resistance to change remains the biggest brake: “Teams often favor VLANs and firewalls and underinvest in identity, segmentation, and continuous verification. The most difficult challenge is making identity and access operational at scale, with policies, health checks, step-up authentication, and role lifecycle management across branches, cloud, and data centers.”

The consensus is clear: zero trust is achievable, but it requires both cultural change and investment in automation. Identity must become the anchor point for security in distributed networks.

SASE and SSE unify access and security

If zero trust is the principle, then SASE and SSE are the architectures that put it into action. These cloud-delivered frameworks combine secure access with networking, ensuring consistent policy enforcement no matter where users connect from.

“Pre-pandemic, a global bank might have had 200 branch offices, each with its own firewall and proxy. Security was inconsistent, depending on where you logged in,” BSV Association’s Maisonneuve explains. “SASE and SSE unify that mess. They enforce the same security policies whether you’re at HQ in London, at home in Lisbon, or in a café in São Paulo.”

Greg Keller, CTO at JumpCloud, tells ITPro that the shift to remote and hybrid work has necessitated an overhaul of the security environment, particularly where consistent identity verification and threat detection is needed.

“As organizations shift away from traditional office environments, cloud-delivered security frameworks are becoming central to protecting distributed workforces and maintaining consistent policy enforcement,” Keller explains.

“With AI integrated into SASE, businesses benefit from smarter threat detection and automated policy management.”

But migration is not straightforward. Stewart-Brown notes that “when enterprises shift from SD-WAN to SASE/SSE, the first problem is policy sprawl. SD-WAN handles routing and QoS (Quality of Service), while cloud security platforms apply separate access and inspection rules. Managed in different consoles, these policies drift, conflict, and leave gaps.”

Nicholas DiCola, VP customers at Zero Networks, emphasizes that application support is another hurdle: “Routing everything through SASE will require testing of applications to ensure they don’t impact the users.”

For enterprises, the key is balancing resilience with user experience. As Maisonneuve warns, if security degrades productivity, employees will find ways to bypass it. The most successful migrations will unify oversight, automate policy enforcement, and focus relentlessly on usability.

Quantum-safe networking is coming

While zero trust and SASE address today’s threats, quantum computing raises questions about tomorrow. Once practical quantum machines emerge, widely used encryption methods like RSA and ECC could be broken, leaving decades of sensitive data vulnerable.

“The urgency is real because attackers are already collecting encrypted data today, intending to decrypt it once quantum computers are powerful enough,” explains Michael Murphy, deputy CTO at Arqit. “This puts industries that handle sensitive, long-lived data – like telecoms, financial services, healthcare and government – at greatest risk.”

Curran agrees, stressing that banking, payments, and national security should move first. But he frames the challenge as medium-term: “Quantum computers capable of breaking current encryption are not yet practical, but the risk of ‘harvest now, decrypt later’ attacks make preparation urgent.”

So, how should enterprises start? Stewart-Brown says the near-term priority is "crypto-agility: the ability to adapt cryptographic algorithms, keys, and protocols quickly and safely when risks, standards, or vendors change”. That begins with an inventory of where cryptography is used and who owns it.

Pragmatism is the watchword. Curran recommends piloting new algorithms such as NIST’s CRYSTALS-Kyber in low-risk environments. Murphy emphasizes symmetric key techniques as an immediate resilience boost.

“Most of the work will be in the certificates used for encryption at rest and in transit,” adds DiCola. “Creating a plan to do that starting now is the most pragmatic path.”

The takeaway is not to rip and replace, but to prepare. Enterprises should adopt hybrid approaches, testing quantum-safe methods alongside existing standards, while keeping an eye on emerging NIST frameworks. Early movers will not just mitigate risk, they will demonstrate resilience to customers and regulators alike.

Toward convergence: security as part of the continuum

Looking ahead, experts suggest that zero trust, SASE/SSE, and quantum-safe technologies will increasingly converge. Curran predicts that as firms adopt more AI policies, they are likely to unify this with zero trust verification, quantum key management, and SASE connectivity.

Murphy adds that “in five years these approaches will be seen less as separate tracks and more as parts of the same resilient framework.”

Maisonneuve frames the goal as “invisible security” – controls that work in the background, seamlessly protecting without slowing the business down. This perspective ties directly back to part one of this series, where cloud-native networking was shown to require not just technology, but cultural change. Security by design represents the next phase of that evolution: it is about making protection native, continuous, and adaptable, rather than bolted on after the fact.

It also sets the stage for part three: programmability and automation. If zero trust defines the principle and SASE/SSE provides the architecture, programmability is the engine that will make them scalable. Infrastructure-as-Code, policy-as-code, and advanced observability will allow enterprises to automate identity checks, enforce segmentation, and embed quantum-safe cryptography into daily operations. As networks become more software-defined, the distinction between security and operations will blur, requiring NetOps teams to balance traditional skills with automation and code-driven agility.

Secure by design networking is no longer optional. As Stewart-Brown emphasizes, relying on static controls like VLANs and firewalls leaves enterprises vulnerable to lateral movement and blind spots. The only sustainable strategy is to embed zero trust, adopt cloud-native frameworks like SASE and SSE, and prepare for a quantum-safe future.

The path forward requires cultural change, investment in identity and automation, and a commitment to resilience over convenience. But the reward is a network that doesn’t just connect the enterprise—it protects it, invisibly and continuously, in a world of constant change.

In the final part of this series, we will explore how programmability and automation will take these principles further, ushering in an era where networks are defined by code, enforced by policy, and continuously observable. The future of networking is hybrid, programmable, and secure by design – and the time to prepare is now.