For many organisations, the network has quietly become one of the most critical components of their digital environment. It underpins access to applications, data, communications and cloud services, yet it’s often still treated as background infrastructure rather than a core part of the operating model.
As hybrid working, cloud adoption and digital services continue to expand, network environments have become more distributed and complex. That complexity is now creating a growing compliance and operational risk for IT leaders, particularly in regulated and public sector environments.
Network complexity is increasing faster than governance
Most organisations today operate a mix of legacy and modern infrastructure. In the UK, government research has shown that more than 25% of central government digital systems are still classified as legacy, costing taxpayers an estimated £45 billion each year[1]. This challenge is not limited to the public sector. In financial services, the Financial Conduct Authority reported in 2024 that 92% of firms continue to rely on legacy technology within their core environments.[2]
Combined with the shift towards hybrid working, where users connect from offices, homes and third-party locations, security controls are increasingly layered across multiple tools and platforms, adding further complexity to already stretched environments.
This level of complexity increases attack surface and makes environments harder to govern. Research from the National Audit Office[3] also highlighted a shortage of digital and technical expertise within organisations as a key factor behind wasted expenditure and slow progress in major digital transformation programmes.
More tools do not necessarily reduce risk
A common response to growing risk is to deploy additional security or networking tools. While these technologies are important, industry research from IBM shows that tool sprawl can increase complexity if not supported by a clear operating model. The fragmented security tooling and limited operational integration reduce visibility, slow response and can increase overall risk despite high levels of investment.
Many breaches and incidents occur not because a control was missing, but because it was misconfigured, poorly monitored or operating in isolation. Attackers increasingly exploit gaps between systems rather than single points of failure.
Without clear accountability and ongoing oversight, even well invested environments can become harder to manage and more exposed to risk over time.
Reframing the network as an operating model
To address this challenge, IT leaders are increasingly reframing the network as a managed operating environment rather than a collection of components. This means designing, operating and governing the network as a single estate, with security and compliance embedded into day-to-day operations. Visibility, monitoring and policy enforcement need to be consistent across users, locations and applications, with clear ownership and accountability.
Guidance from the UK National Cyber Security Centre (NCSC) advises organisations to build security principles into systems early and maintain operational assurance throughout their lifecycle[4]. UK government operational resilience frameworks further stress the need to understand and protect dependencies across critical infrastructure. Together these standards show that security and compliance require continuous governance across applications and network operations alike.
Reducing risk through operational control
Addressing these challenges requires more than incremental technology investment. As network environments grow in complexity, many organisations are recognising the value of working with trusted third parties that can provide operational expertise, consistent governance and ongoing accountability. Independent partners play a critical role in helping IT leaders maintain visibility, manage risk and demonstrate compliance across increasingly distributed environments.
It’s this shift that led Cisco to introduce the Cisco 360 Partner programme, recognising partners that go beyond deployment to support customers in operating, governing and securing their environments over time. The programme reflects the reality that long term business outcomes depend not just on the technology chosen, but on how it is designed, run and managed day to day.
We’re proud to be recognised as a Cisco 360 Partner for its ability to deliver secure, future-ready infrastructure with full end-to-end accountability, turning complex technology into measurable business outcomes.
[1] Source: Tech Monitor: UK government admits over 25% of its digital systems are outdated, January 2025: https://www.techmonitor.ai/digital-economy/government-computing/legacy-technology-costs-uk-public-sector-45bn-annually
[2] Source: LSEG Insights, June 2024: https://www.lseg.com/en/insights/data-analytics/how-much-problem-is-legacy-tech-for-financial-services
[3] Source: Tech Monitor: UK government admits over 25% of its digital systems are outdated, January 2025: https://www.techmonitor.ai/digital-economy/government-computing/legacy-technology-costs-uk-public-sector-45bn-annually
[4] Source: NCSC Risk Management: https://www.ncsc.gov.uk/collection/risk-management
Networking & Connectivity, Cisco, Intelligent Connectivity, Blogs
