Predicts 2026: Transformation of Network Infrastructure, Operations and Services

23 September 2025 - ID G00838133 - 20 min read
By Jonathan Forest, Andrew Lerner,  and 1 more
Networking is going through a significant transformation that will have impacts across multiple markets. To prepare for these changes, heads of I&O should take into account how these shifts will impact network infrastructure, operations and services to minimize risk, maximize value and optimize costs.

Overview

Key Findings

  • Demand to run AI workloads on-premises is increasing, driven by the greater availability of open-source AI models and frameworks, escalating cloud costs and increased need for data privacy or customization.
  • The use of AI agents for network operations (agentic NetOps) is a hyped concept to drive efficiency, but vendor capabilities are either nonexistent or still limited to Day 2 use cases with “humans in the loop.”
  • Zero trust network access (ZTNA) is evolving from a remote-access-only solution to a “universal” model intended to provide location-agnostic secure access for campus users, branch offices and operational technology (OT)/IoT environments.
  • An increasing number of organizations are looking to simplify their office locations primarily by delivering applications from the cloud, managing infrastructure from the cloud and using the internet as a WAN.
  • Most enterprises prioritize security service edge (SSE) over SD-WAN when making secure access service edge (SASE) buying decisions.

Recommendations

  • Build out dedicated network infrastructure to support on-premises AI workloads. This will prevent degrading performance for both AI and existing workloads.
  • Select and differentiate networking vendors by focusing on agentic NetOps roadmap functionality. Test and validate functionality via pilots and speak with reference customers.
  • Redirect strategic investment from stand-alone network access control (NAC) to universal ZTNA (UZTNA). Limit new stand-alone NAC spending to tactical needs, such as authentication and segmentation of unmanaged or headless devices, and plan for UZTNA to be the architectural replacement upon renewal.
  • Prefer coffee shop networking for use cases in which your organization is cloud-first, internet-first, WLAN-first, focused on hybrid working and has a north-south traffic pattern for users.
  • Look for opportunities to consolidate existing SD-WAN and SSE solutions into a SASE platform offering by evaluating incumbent vendors and staying informed on the capabilities of networking and security vendors.

Strategic Planning Assumptions

In 2028, more than half of data center switching spend will support AI workloads, which is an increase from less than 30% today.
By 2030, 50% of organizations will use agentic NetOps with minimal human involvement, up from near 0% in 2025.
By 2030, universal ZTNA will be adopted by 40% of organizations, up from less than 5% in 2025.
By 2030, 45% of customer locations will be served by a coffee-shop-networking-type solution, up from about 15% in 2025.
By 2029, 75% of SD-WAN purchases will be part of a single-vendor SASE platform offering, up from 25% in 2025.

Analysis

What You Need to Know

Network infrastructure, operations and services are going through some of the biggest changes that we have seen in years (perhaps decades). These include the impacts of AI on infrastructure and operations, the impact of cloud adoption and work-from-anywhere trends on architectures and the convergence of networking and security (see Figure 1). Each one individually is a huge trend, but collectively there is expected to be significant transformation in the years to come.
Figure 1: Transformation of Network Infrastructure, Operations and Services
Network infrastructure and operations are evolving through five key trends: AI-powered network fabrics, agent-based network operations, universal zero trust network access (UZTNA), flexible networking for remote locations, and SASE security platforms.
Specifically, we see the following impacts to network infrastructure, operations and services:
  • AI network fabrics: These represent the changing demands on data center networking, where AI will be increasingly immersed in workloads. This will render currently deployed data center switching solutions inadequate.
  • Agentic NetOps: Agentic AI will be incorporated into network operations (agentic NetOps) to drive efficiency, reduce errors, optimize costs and improve the customer experience.
  • UZTNA: As users are more distributed and working from anywhere, and a desire for more on-premises zero-trust solutions is growing, universal ZTNA will drive simplicity and enhanced security.
  • Coffee shop networking: With the continued migration of workloads to the cloud, hybrid work and a desire for WLAN access, more enterprises will make their network environments appear similar to the way users connect at a coffee shop. This will drive simplification and improve the customer experience.
  • SASE platforms: Networking and network security convergence are driving SD-WAN to increasingly be sourced as part of a SASE architecture. To achieve management and sourcing simplicity and improved performance and security, organizations will trend toward more single-vendor SASE platforms.

Strategic Planning Assumptions

Strategic Planning Assumption:
In 2028, more than half of data center switch spending will support AI workloads, which is an increase from less than 30% today.
Analysis by: Andrew Lerner
Key Findings:
  • At the end of 2024, over 80% of spending on data center switches was on non-AI workloads.
  • Demand to run AI workloads on-premises is increasing, driven by greater availability of open-source AI models and frameworks, escalating cloud costs and increased need for data privacy or customization (especially in large government-aided research organizations, security agencies and healthcare organizations). In particular, organizations are increasingly running inference AI workloads on-premises.
  • AI workloads have different requirements than traditional data center workloads. For example, Ethernet packet loss, or out-of-order packet delivery between graphics processing units (GPUs), will significantly reduce GPU efficiency.
Market Implications:
Gartner sees growing demand for on-premises AI workload deployments (primarily for inferencing) due to increasing availability of open-source language models, high cloud costs and security and data privacy concerns with the cloud. However, existing enterprise data center switching deployments were not designed with AI in mind and are thus suboptimal for supporting AI workloads. This is because AI workloads exhibit unique needs, such as lossless connectivity, low latency and high bandwidth requirements.
To address this, Gartner expects an increase in the deployment of dedicated AI network fabrics, which are purpose-built hardware and software, to address on-premises AI workload networking requirements. This also aims to ensure proper resources are allocated, making sure performance is delivered by avoiding impacts from existing workloads. For example, AI network fabrics address packet loss sensitivity, high-speed bursting and in-order packet delivery within or across GPU clusters.
They are composed of two distinct deployments:
  1. Scaling up within an AI system: To support this requirement, we anticipate a dramatic increase in the deployment of scale-up AI fabrics (SAIFs). These are a newly defined networking subsegment that provides high-bandwidth, low-latency physical network interconnectivity and enhanced memory interaction between nearby AI processors (including GPUs and AI accelerators).
  2. Scaling out to connect multiple AI systems: To support this requirement, we expect Ethernet-based data center fabrics that incorporate specific hardware and software optimizations for AI workloads (such as high bandwidth, low latency and workload-aware load balancing).
Recommendations:
  • Build out dedicated network infrastructure to support on-premises AI workloads. This helps prevent degrading performance for both AI and existing workloads.
  • Use SAIF within a single AI system (i.e., scaling up) and use Ethernet-based switches when connecting multiple SAIF systems (i.e., scaling out).
  • Include Ultra Ethernet and Ultra Accelerator Link (UALink) support as a preferred capability in all AI infrastructure and data center switching RFPs.
Related Research
Strategic Planning Assumption: By 2030, 50% of organizations will use agentic NetOps with minimal human involvement, up from near 0% in 2025.
Analysis by: Jonathan Forest
Key Findings:
  • The use of AI agents for network operations (agentic NetOps) is a hyped concept to drive efficiency, but vendor capabilities are either nonexistent or still limited to Day 2 use cases with “humans in the loop.” Vendors are investing heavily in this space, as we expect new offerings to be introduced to the market over the coming months.
  • Up until now, AI and automation have had limited adoption in most enterprise networks due to complexity, unreliability of outputs and unclear business value.
  • A culture of risk avoidance exists within the enterprise network infrastructure and security teams, with a mindset of “if it isn’t broken, don’t fix it.” Hence, there has been general reluctance to adopt previous applications of AI and automation.
  • Agentic NetOps can offer transformational benefits not realized in previous AI and automation technologies by minimizing humans in the loop. Unlike humans, agentic NetOps is much less impacted by constraints such as attention, time, scale, mood and health.
Market Implications:
Agentic NetOps is different from previous versions of AI, as agentic NetOps can operate independently from and on behalf of humans (see Note 1). It is nondeterministic, without predefined workflows to support unknown or unplanned inputs. Simply put, software acts as an agent to perform specific networking tasks that are programmed to operate independently of “human-in-the-loop” involvement, and rather with “human on the loop.”
This will help address existing network operations skills and resource gaps by having personnel acting in a more supervisory and validation capacity. Agentic NetOps is meant to replace or augment network operations roles, processes and functions to drive more efficiency, speed, agility and accuracy of outcomes.
AI agents may be hosted on or extract data from any networking device/component (e.g., switches, routers, SD-WAN devices, access points and firewalls) or tool and may have different and specialized roles. For example, different AI agents may be responsible for monitoring traffic, enforcing security policies or troubleshooting. These AI agents interact with large language models (LLMs) or domain-specific small language models (SLMs) to gain the knowledge for and insights into the actions to take. They can accumulate knowledge and memories as context over time, which influences their behavior and decision making based on more inputs.
Agentic NetOps is and will be delivered by the following types of vendors and providers:
  1. Integrated as part of network/security vendor offerings (e.g., routers, switches, APs, firewalls, SD-WAN, SSE and SASE).
  2. Multivendor over-the-top solutions that integrate with network/security vendor offerings.
  3. Managed network services (MNS) providers that use agentic NetOps as part of their offering.
Gartner estimates that only one-third of network tasks are automated, and earlier applications of AI in network operations are used even less. Ultimately, agentic NetOps will be the turning point of AI moving from being a human support tool to operating processes independently but still directed by humans with guardrails, access rights and defined goals. As a result, enterprise network budgets will shift to more software that delivers agentic NetOps and away from MNS and support. Organizations that fail to do this risk overspending in their network operations function.
Recommendations:
  • Select and differentiate networking vendors by focusing on agentic NetOps functionality. Test and validate functionality via pilots and speak with reference customers.
  • Estimate the potential network infrastructure resource and cost impact and security risks when implementing agentic NetOps solutions by involving cross-functional teams, including security, for proper analysis.
  • Prepare for agentic NetOps by building processes, procedures and talent around agentic NetOps capabilities as opposed to just plugging it into your existing environment.
  • Start reallocating network spending by shifting some network budgets away from traditional support and managed network services (MNS) to agentic NetOps software licenses and tools.
Related Research:
Agentic NetOps Will Revolutionize Network Operations
Hype Cycle for Enterprise Networking, 2025
Prepare for Generative AI in Network Operations
Market Guide for Event Intelligence Solutions
Strategic Planning Assumption: By 2030, universal ZTNA will be adopted by 40% of organizations, up from less than 5% in 2025.
Analysis by: Mike Leibovitz
Key Findings:
  • ZTNA is evolving from a remote-access-only solution to a “universal” model intended to provide location-agnostic secure access for campus users, branch offices and OT/IoT environments.
  • The primary drivers for UZTNA adoption are growing C-level awareness in zero-trust principles and the urgency to reduce cybersecurity risk, particularly in response to compliance mandates and ransomware threats.
  • UZTNA provides granular, application-level access based on identity and risk score, enabling least-privileged access and consistent policy enforcement across user locations.
  • UZTNA is increasingly viewed as a direct replacement for stand-alone NAC in user access scenarios, offering finer-grained access control and simplifying policy management. However, NAC may retain relevance for IoT/OT environments where identity and behavioral context may be limited.
  • Adoption is challenged by high per-user costs (up to three times higher compared to VPN/NAC), lack of education and awareness, siloed teams and tools, and the complexity of defining and maintaining granular policies at scale.
Market Implications:
Enterprises have been adopting ZTNA for remote user access, as demonstrated by growth of 26.5% from the first quarter of 2024 to the first quarter of 2025 (see Market Share: Enterprise Network Equipment, Worldwide, 1Q25 Update). At the same time, campus users are accessing networks using network access control (NAC).
There is a desire to expand ZTNA for broader zero trust and a consistent user experience by leveraging its identity-based least-privileged access and user risk score, which are updated in near real time for all users, regardless of location. The widespread adoption of universal ZTNA (UZTNA) will have direct consequences for I&O budgets, infrastructure strategy and technology procurement.
This shift is not just technical — it reflects a strategic response to growing C-level pressure to reduce risk, meet compliance mandates and defend against ransomware. UZTNA’s ability to enforce least-privileged access based on identity and risk score, while maintaining consistent policy across locations, makes it a compelling alternative to legacy access models.
The most immediate impact is the decline of stand-alone NAC for user access control, requiring a direct budget reallocation. As the market for stand-alone NAC offerings contracts over time, the head of I&O must plan to shift funds from NAC to UZTNA capabilities, which are increasingly licensed as part of broader SSE or SASE. However, in environments with a high concentration of unmanaged or agentless devices — such as manufacturing, healthcare or smart buildings — NAC will likely continue to play a critical role in device discovery, profiling and enforcement.
This architectural shift also enables a change in campus infrastructure strategy. By abstracting complex, application-level security policy to the UZTNA software layer, the role of the access switch evolves. It no longer needs to serve as a full-stack policy enforcer with deep fabric integration. Instead, it becomes a foundational gatekeeper — focused on initial device onboarding, coarse-grained segmentation and telemetry, particularly for agentless IoT/OT devices for which enforcement must occur at the network layer.
This helps avoid deploying premium access switches with advanced fabric and security licenses. By selecting midtier access switches that support policy enforcement and edge fabric roles, organizations can reduce per-switch total cost of ownership (TCO) by 30% to 50% while still meeting the operational requirements of a UZTNA-aligned campus architecture.
Consequently, the evaluation criteria for secure access solutions must evolve. Any modern platform heads of I&O select must now include:
  • Architectural flexibility: The campus network infrastructure must support both agent-based access for managed devices and agentless capabilities for IoT/OT, bring your own device (BYOD) and third-party users. Furthermore, it must provide on-premises policy enforcement points to prevent the latency and performance issues caused by “hairpinning” local traffic to a cloud service.
  • Adaptive trust and ecosystem integration: A UZTNA solution cannot operate in a silo. It must be able to ingest risk signals from your existing identity providers and security tools (like endpoint detection and response [EDR] and security information and event management [SIEM]) to enable dynamic, risk-based policy adjustments in real time.
Recommendations:
  • Redirect strategic investment from stand-alone NAC to UZTNA. Limit new stand-alone NAC spending to tactical needs, such as authentication and segmentation of unmanaged or headless devices, and plan for UZTNA to be the architectural replacement upon renewal.
  • Standardize on a SASE platform that includes natively integrated UZTNA to unify access control and simplify operations.
  • Mandate a phased UZTNA implementation starting with application discovery in monitor-only mode. Form a cross-functional champions group to manage user expectations during the transition to granular policies.
  • Require ecosystem integration as a purchasing criterion. Ensure any selected UZTNA solution can integrate with your existing security stack (e.g., EDR, SIEM and identity provider [IdP]) to enable an adaptive access control model.
Related Research:
Strategic Planning Assumption: By 2030, 45% of customer locations will be served by a coffee shop networking architecture, up from about 15% in 2025.
Analysis by: Jonathan Forest and Mike Leibovitz
Key Findings:
  • An increasing number of organizations are looking to simplify their office locations by primarily delivering applications from the cloud, managing infrastructure from the cloud and using the internet as a WAN.
  • For these corporate locations, there is less need for local east-west security and mesh topologies, as most or all traffic is going north-south (from corporate location to the cloud), with less infrastructure on-premises.
  • There is a desire to deliver a consistent user experience that allows users to connect in the office in a similar way to how they connect at remote locations, such as a coffee shop.
  • Most organizations are defaulting to a WLAN-first connection for users to connect to the network.
Market Implications:
Network teams are interested in mimicking the employee experience of working at a coffee shop and extending that experience to employees within corporate locations. Thus, coffee shop networking can improve and deliver a consistent employee experience when accessing applications, simplify office location network infrastructure and potentially optimize network investments (see Note 2).
This is a response to hybrid work environments and hoteling arrangements where employees are increasingly working from anywhere (including only part-time at a corporate office) and accessing applications primarily delivered from the cloud. This is particularly important as, even with return to office (RTO) mandates, Gartner research indicates that about half of employees are hybrid (employees who work remotely less than one day to four days a week in an average week).
We estimate that approximately 15% of enterprise sites are currently interested in or deploying this type of solution. In this scenario, organizations may prefer no SD-WAN or, more likely, lighter-weight SD-WAN functionality because of the reduced architectural complexity and features required, and fewer simultaneous users in the office.
Additionally, there is a preference for WLAN as the primary access connection medium due to its simplicity and consistency. Finally, this is also part of the move away from private WAN implementations, since there is little need to connect to other corporate sites. Hence, the WAN connectivity choice is usually public internet circuits.
We expect the following trends to continue, resulting in increased adoption of coffee shop networking when networks are refreshed:
  1. Delivery of a consistent user experience for hybrid workers when in the office
  2. Hybrid work and/or work from anywhere is here to stay for the majority of organizations
  3. Desire for less on-premises infrastructure (e.g., lightweight SD-WAN) with the continued migration to the cloud
  4. Emphasis on mobility using WLAN for access
  5. Reliance on public internet circuits and simpler WAN topologies
  6. Desire for simplicity and cost optimization
Recommendations:
  • Prefer coffee shop networking for use cases in which your organization is cloud-first, internet-first, WLAN-first, focused on hybrid working and has a north-south traffic pattern for users.
  • Include coffee shop networking as an architectural option when building, refreshing or modernizing branch or campus infrastructures.
  • Rightsize your SD-WAN on-premises capabilities as a function of network complexity and aligned with the number of users at branch locations.
  • Prioritize a WLAN design by focusing on resilient coverage and accessibility at branch locations.
Related Research
Is SD-WAN Dead?
Rethink Enterprise Networks for the Hybrid Workforce
Reference Architecture Brief: Modern Office Network Design for a Coffee Shop-Style User Experience
Strategic Planning Assumption: By 2029, 75% of SD-WAN purchases will be part of a single-vendor SASE platform offering, up from 25% in 2025.
Analysis by: Jonathan Forest
Key Findings:
  • Most enterprises prioritize security service edge (SSE) over SD-WAN when making SASE buying decisions.
  • Stand-alone SD-WAN solutions without a full suite of integrated security capabilities have decreasing market relevance.
  • As vendor capabilities improve and enterprise networking and security teams collaborate and integrate more, the evolution from dual-vendor SASE to single-vendor SASE platforms will accelerate.
  • Enterprises are focused on management and sourcing simplification as well as cost optimization.
Market Implications:
SD-WAN functionality is commonly delivered as part of a broader security offering, such as next generation firewall (NGFW) or SASE (see Note 3). Stand-alone SD-WAN products that don’t address security are becoming less relevant.
Today, we primarily see SD-WAN and SSE offerings being integrated and deployed as dual-vendor SASE (i.e., one vendor for SD-WAN and another vendor for SSE). Dual-vendor SASE is more popular in the near term, since there is significant market penetration of existing SD-WAN or SSE. Oftentimes, a different vendor is chosen from the original deployment to complete the solution (i.e., adding SD-WAN or SSE when the other is already deployed), since a limited number of vendors currently offer complete SASE platform solutions.
In 2025, approximately 75% of SASE client inquiries involve dual-vendor SASE, while 25% involve SASE platforms (i.e., single-vendor). A few years ago, the percentage was even higher for dual-vendor SASE client inquiries. As the market matures, the capabilities gap between single-vendor offerings with SASE platforms and best-of-breed dual-vendor SASE offerings will continue to close (see Note 1).
We also expect organizations to have more coordination and collaboration between networking and network security roles, which will drive the purchase of SASE platform offerings. SASE platform offerings simplify sourcing and offer a tighter technical integration, which ultimately provides a better user experience. As existing dual-vendor SD-WAN and SSE offerings are refreshed, a consolidation to single-vendor SASE platform offerings will accelerate.
The advantages of a single-vendor SASE platform vendor offering are:
  1. Unified/simplified management
  2. Ease of use/administration
  3. Enhanced performance due to optimal traffic flows and single-pass scanning
  4. Improved security posture
  5. Simplified sourcing and potential price savings
Recommendations:
  • Prioritize unified SASE platforms by selecting vendors that operate with a single management console to reduce tool sprawl and simplify management.
  • Choose vendor offerings by focusing on areas of differentiation, such as: Networking functionality, ease of administration, securing access to the web, cloud services and private applications.
  • Look for opportunities to consolidate existing SD-WAN and SSE solutions into a SASE platform offering by evaluating incumbent vendors and staying informed on the capabilities of networking and security vendors.
  • Simplify sourcing and optimize costs by comparing with dual-vendor SASE offerings and competing SASE platform vendor proposals.
Related Research:
Magic Quadrant for SASE Platforms
Critical Capabilities for SASE Platforms
Strategic Roadmap for SASE Convergence

A Look Back

In response to your requests, we are taking a look back at some key predictions from previous years. We have intentionally selected predictions from opposite ends of the scale — one where we were wholly or largely on target, as well as one we missed.

Evidence

Gartner takes thousands of inquiries on networking-related topics each year.

Note 1: Agentic NetOps

Agentic NetOps leverages goal-driven autonomous AI agents with capabilities such as memory, planning, sensing, tooling and policy guardrails that have been granted rights by the organization to operate network tasks and processes independently. AI agents may work independently or as part of a system to communicate autonomously with other AI agents, devices and tools. This enables them to manage the network infrastructure life cycle with minimal to no human involvement.

Note 2: Coffee Shop Networking

“Coffee shop networking” is a style of networking that includes a combination of technologies, enabling a simplified and consistent employee experience, regardless of the employee’s location. The user experience is: Grab a seat, connect, work from anywhere. The same experience applies whether the employee is in the office, at a coffee shop or working from home. Enterprises typically refer to coffee shop networking in the context of simplifying their corporate office networks.

Note 3: SASE Platforms

Secure access service edge (SASE) platforms deliver converged network and security-as-a-service capabilities, such as software-defined WAN (SD-WAN) and secure access to the web, cloud services and private applications, regardless of the user’s location, the device used or where that application is hosted (commonly referred to as security service edge or SSE). These offerings primarily use a cloud-centric architecture delivered as a platform by one vendor. According to Gartner client interactions and surveys, the majority of enterprises prioritize network security over SD-WAN when making buying decisions.