[wp_tech_share]

My first post-RSAC 2026 post argued that the more important story was not who could assemble the broadest category slide, but where security architecture was actually consolidating. This second blog goes deeper into the meetings themselves. Across 30+ conversations and events, from the largest platforms to early specialists, the same pattern kept recurring: the market is not collapsing into one monolithic control plane, but it is consolidating around a smaller number of them inside the existing pillars of identity, endpoint, network, cloud, application, data, and security operations. What stood out most was not only where those control planes are getting stronger, but how unevenly product maturity is catching up to the architecture being described.

 

Why the Meeting Set Mattered

The breadth of the meeting set mattered because it helped separate conference noise from patterns that repeated across very different vendors. The conversations ranged from companies such as Microsoft, Cisco, Google, Palo Alto Networks, Fortinet, Netskope, Cloudflare, and Broadcom to smaller and earlier companies with narrower starting points, such as AppGate, Cloudbrink, Helmet Security, Neon Cyber, and Zenarmor. That range made it easier to see which themes were structural rather than promotional. It also reinforced that the market still maps back to the existing taxonomy. Identity remains the trust plane. Endpoint remains the local execution plane. Network Security remains the distributed enforcement plane, with SASE increasingly the most ambitious effort to unify that plane across multiple edges. Cloud Security remains the workload and infrastructure context plane, with Cloud-Native Application Protection Platform (CNAPP) increasingly central to prioritization and remediation. Application Security remains the software assurance and remediation plane. Data Security is becoming more central in the policy and governance plane. Security Operations remains the operating layer that turns all of that into action.

That broader structure also helps make sense of another shift that surfaced repeatedly during the week. For much of the past two decades, enterprise security could increasingly assume a user-to-cloud model: users and endpoints on one side, centralized applications and data on the other, with the network in between. That assumption is weakening. Applications, data, and increasingly AI execution are becoming distributed again across endpoints, browsers, branches, private clouds, public clouds, and SaaS. That makes the control-plane problem less about how users reach centralized resources and more about how trust, telemetry, policy, and enforcement remain coherent as both actors and execution environments become more distributed.

 

AI Is Becoming a Force Multiplier for Action Governance

The most consistent message from the meetings was not that AI has created a wholly separate security universe. It was that AI is accelerating a broader move toward action governance. The market is spending less time asking how to secure a model in isolation and more time asking who or what is acting, what it can access, how it is observed, and what policy should govern that behavior.

Microsoft framed that shift through agent identity, registry, observability, and the extension of existing controls across Entra, Defender, Purview, Intune, and Sentinel into agentic environments. Cisco described AI Defense less as a point feature than as a trust layer that can sit behind multiple enforcement points. Even smaller specialists used the same logic, though from a much earlier starting point. In that sense, AI is not the only reason the architecture is shifting. It is an accelerant in both directions: it expands the threat surface enterprises need to govern, and it improves what security platforms can do in threat hunting, investigation, and response.

That distinction matters for vendors and market watchers. The real competitive question is not who can attach the term “AI security” to the most products. It is who can connect authorization, observability, policy, and control into an operating model that enterprises can actually use. The stronger vendors increasingly sounded less focused on treating AI as an isolated layer and more focused on absorbing it into broader control planes.

 

Data Security Is Becoming More Central

If one pillar moved closer to the center of gravity during the week, it was Data Security. That does not mean Data Security replaces the other pillars. It means it increasingly supplies the policy logic that the others enforce. The taxonomy already points in that direction by describing Data Security as the system of record for sensitive-data policy, exposure, and misuse, with enforcement or informed action extending into SSE, CNAPP, Email Security, and AI-related controls. The meetings reinforced exactly that point.

Cyera made the argument most directly by repeatedly framing AI security as fundamentally a data problem. Netskope extended its AI-security story from its existing cloud-security and SASE base into guardrails, red teaming, and posture. Zscaler treated inline AI governance as a natural extension of its control path because that is where traffic is already inspected. Skyhigh tried to widen the conversation from SSE into a broader, data-centric platform story anchored in hybrid enforcement, unified policy, and regulated-industry fit. Even where vendors differed on packaging or scope, the broader direction was similar: data security is becoming more central because the enterprise increasingly needs a policy that follows data consistently across the web, cloud, endpoints, email, and AI-related interaction points.

That is one of the clearest bridges between the control-plane discussion and the tracked markets. SASE increasingly intersects with Data Security because distributed enforcement without a coherent data policy does not scale well. CNAPP increasingly intersects with Data Security because workload and infrastructure context alone are insufficient if the policy layer around sensitive data is disconnected. Data Security is not becoming the control plane for everything, but it is becoming more central to how the others coordinate.

 

Platform Claims Are Facing a Harder Test

The week also made the platform question more concrete. The real issue is no longer whether a vendor participates in several adjacent markets. The harder question is whether it has shared policy, telemetry, analytics, and workflows across multiple control points. That was already the pre-RSAC test, and the meetings gave it more substance.

Microsoft remains one of the clearer examples of a platform claim grounded in coordination across identity, data, endpoint, and SecOps. Cisco is trying to absorb more of its AI, browser, branch, firewall, and SSE logic into a more unified operating model. Broadcom is trying to refactor endpoint, network, and data controls into a tighter story around integration and lower-friction deployment. HPE is pursuing additive convergence by reusing enforcement and technology across its security and networking portfolio without forcing abrupt platform retirement. At the same time, other vendors were candid about what they are not. Akamai was more comfortable with “ecosystem” than “platform.” Cloudflare sounded stronger on composability and deployment simplification than on any claim to own every adjacent control plane. Those differences matter. The market is beginning to separate real cross-plane coordination from adjacency marketing.

This is also where SASE and CNAPP should be understood more precisely. SASE matters because it is emerging as the strongest effort to unify the distributed enforcement plane within Network Security. CNAPP matters because it is becoming the leading context and prioritization plane within Cloud Security. Neither has to become the entire security architecture to matter much.

 

The Architecture Is Moving Faster Than Adoption

If the direction of travel became clearer, the maturity gap also became harder to ignore. Repeated probing on general availability, product depth, and production readiness often produced a more cautious answer than the show-floor narrative suggested. F5 was unusually direct in stating that the market is behind the marketing and that many customers are still not ready. Skyhigh Security clearly distinguished the more stable employee-guardrail problem from the still-fluid agentic AI problem. Cloudflare was candid about the fact that some current controls are still fairly coarse. HPE described deeper prompt and file-level controls as still coming over the next several months. Broadcom made the point differently, arguing that customer readiness and trust, not missing technology alone, remain the gating issue.

That does not undercut the strategic importance of the shift. It clarifies the market’s near-term state. The more realistic progression remains discovery first, monitoring second, selective enforcement third, and only then broader operational trust. In other words, the architecture is moving faster than adoption. That matters not only for product planning, but for how investors and ecosystem participants judge which narratives are likely to monetize sooner and which remain further out on the curve.

 

What it Means for Vendors, Investors, and the Ecosystem

The most useful takeaway from RSAC 2026 is not that cybersecurity is collapsing into a single category, nor that enterprises will become fully autonomous next year. It is that the centers of gravity inside the existing pillars are becoming easier to identify. Identity is broadening. The endpoint is regaining weight as execution moves closer to the device. Network Security is converging toward distributed enforcement, with SASE as the most ambitious unifying model in that pillar. Cloud Security is converging around CNAPP as a context and prioritization plane. Data Security is becoming more central as the policy layer for the other planes. Security Operations remains the operating layer that determines whether those planes produce outcomes.

For vendors, that raises the standard. Participation in more adjacencies is not enough. What matters is whether a vendor can anchor a meaningful control plane, coordinate effectively with the others, and reduce operational burden rather than merely relocating it. For equity analysts and market watchers, it sharpens the filter between real platform progress and conference theater. For service providers, silicon suppliers, and hardware ecosystem participants, it suggests that distributed execution, hybrid placement, and enforcement locality are likely to matter more over time, not less. That is the clearer signal that emerged from the week. That is the clearer signal that emerged from the week.

The third and final installment in this RSAC 2026 series, written for current Dell’Oro clients, will take that one step further by examining what these signals mean for vendor positioning, market structure, and the watch items ahead.

 

Related RSAC 2026 blogs:

After RSAC 2026: Which Security Control Planes Are Taking Root

Beyond the Acronyms: What I Will Be Watching at RSAC 2026

[wp_tech_share]

The signals are confusing.  AI boom, global trade war, supply shortages, competitors merging––it takes focus and lots of analysis to cut through the upheaval in the Local Area Networking market and predict the future trends. Luckily, we have decades of historical data and some finely tuned models to enable us to make these top three predictions for the enterprise networking market in 2026.

1. Wi-Fi 7 will dominate enterprise wireless connectivity

For some enterprises, the pristine 6 GHz band will be too alluring to resist. Other organizations will be nearing the end of their WLAN equipment’s lifecycle and, seeing a growing number of Wi-Fi 7- capable devices in their ecosystem, will want to future-proof the network. Yet others may be in the midst of a massive digital transformation project, needing the best quality WLAN to carry steady streams of data feeding their digital operations.

Whereas private 5G deployments will also grow, we expect enterprise adoption of private cellular to remain constrained to a niche, high-end portion of the market.  Only especially difficult radio conditions, or very tight security and performance requirements, will justify the additional cost and complexity of private cellular. We don’t expect much cannibalization of private cellular gobbling up the WLAN market either.  Enterprises that choose private cellular for their operations are focusing on new use cases and will continue to deploy WLAN as well.

Predictions for 2026 - Enterprise Networking Market

There’s no doubt: enterprise-class Wi-Fi 7 will become mainstream in 2026. With no second, enhanced version (like Wi-Fi 5 Wave 2, or Wi-Fi 6E) to dilute the take up, we expect the Wi-Fi 7 adoption curve to become steeper than it was for any other enterprise WLAN technology.

 

2. The AIOps business case will prove itself in

AI FOMO is rampant. Enterprises see so much potential with AI, but there are associated risks, and it can be difficult to extract tangible benefits.  However, many enterprises have already witnessed dramatic results from using Machine Learning to ease the burden of IT Operations; including shorter deployment times, a dramatic drop in the number of trouble tickets, and faster time to problem resolution. Layering in AI capabilities makes LAN management applications easier to use and more accessible across an organization.

AIOps platforms are available from most of the major enterprise IT vendors. AI and Machine Learning capabilities often have license fees that are recurring in nature, driving up enterprises’ LAN equipment costs. This premium may have dissuaded enterprises from adopting AIOps in the past.

However, over the past few years, vendors have added features and increased the value of those licenses, including 24×7 support bundled into the recurring fee. Now, by paying the equivalent of a fraction of a network engineer’s salary in license fees, a mid-sized enterprise can reduce hours spent on operations and level-one support in order to allocate more of their valuable networking experts’ time to AI projects.

Predictions for 2026 - Enterprise Networking Market - Dell'Oro Group

Every enterprise’s business case will be different, but with networking expertise in high demand, we predict that in 2026, the labor savings will outweigh the additional license costs for the majority of mid-to-large sized enterprises.

 

3. 2026 Local Area Networking market will beat $30 B––but still not surpass 2023

The pandemic may seem far away, but the ripple effects are still being felt.  After surviving the supply constraints of 2021 and 2022, vendors unleashed a tsunami of WLAN APs and campus switches into the market in 2023, making it the top grossing year of all time for LAN equipment revenue.  Following the high volume of shipments, enterprises took time to work through the excess inventory, causing double-digit revenue declines for vendors in 2024. In 2025, the demand-driven market returned, but so has the specter of supply constraints.  The AI buildout has caused a shortage of semiconductor components, the most immediate being memory.

The high WLAN and campus switch prices of 2022 and 2023 began to erode in early 2025, but in 4Q25, LAN equipment vendors raised prices to compensate for escalating component costs. Higher prices can dampen demand; however, the need to replace ageing infrastructure will be a counterweight.  Enterprises must invest in their LANs in order to modernize their operations, and an upgrade to Wi-Fi 7 requires more switching power and higher bandwidth ports.  Weighing the puts and takes, we believe the market will continue to grow in 2026, with vendors applying what they learned during the last supply crunch to avoid the worst in this one.  The 2026 market will be well into the $30 B range, but we will need to wait one more year for revenues to beat the highs of 2023.  Tune back in at the end of 2026 for more on that prediction.

Predictions for 2026 - Enterprise Networking Market - Dell'Oro Group

About the Author

Siân Morgan joined Dell’Oro Group in 2022 and is responsible for the Ethernet Switch—Campus, Wireless LAN, Campus NaaS and Public Cloud-Managed LAN market research program. She's known for delivering comprehensive quantitative insights into the Enterprise LAN market and the adoption of Public and Private Cloud-Managed platform adoption, including AI. With over 25 years of senior management experience in telecom and network technologies, such as 5G, OpenStack, LTE, IMS, and Wi-Fi, Ms. Morgan has held various roles in pre-sales, R&D, and post-sales support. Fluent in both French and English from a decade in Europe, her research is widely cited in industry publications. Ms. Morgan is also a frequent industry conference speaker.

Read articles Siân Morgan has written or been featured in...

[wp_tech_share]

Over the past several years, we have watched security spend migrate from hardware appliances toward cloud-delivered and subscription models. In this blog, I outline three predictions for 2026 that describe how that pattern solidifies into a durable template: security budgets increasingly split between cloud-delivered security services at the edge and an AI-infused, centralized SecOps layer that looks a lot like “next-gen SIEM.”

On the edge, SASE/Security Service Edge (Secure Access Service Edge/SSE) and cloud Web Application Firewalls (WAFs) become the default way to protect users and applications. In the middle, distributed cloud networking quietly supplies the connective tissue. At the center, next-generation Security Information and Event Management (SIEM) platforms fuse SIEM, Security Orchestration, Automation, and Response (SOAR), Extended Detection and Response (XDR), observability, and Cloud-Native Application Protection Platform (CNAPP)-style cloud visibility into a single, service-delivered control surface.

Prediction 1 – Edge security spend consolidates around SASE/SSE and cloud WAF

From a budget perspective, the branch and user edge is already moving decisively toward as-a-service delivery. SASE, particularly the SSE half of that equation, has been growing at a solid double-digit rate, while legacy access routing and on-premises secure web gateways have been shrinking. WAF has also emerged as one of the most dynamic parts of the network security landscape as more applications and APIs are exposed directly to the Internet.

Put simply, enterprises are standardizing around two cloud-delivered edge controls:

  • SASE/SSE for user and branch access, combining secure web gateway, CASB, ZTNA, and firewall-as-a-service capabilities delivered through globally distributed points of presence.
  • Cloud WAF for Internet-facing web and API traffic as part of secure application delivery platforms.

The immediate drivers are familiar: hybrid work, SaaS adoption, and a steady shift away from private WAN circuits and appliance-based security toward Internet-centric architectures. However, there is also a deeper architectural undertow. Underneath SSE and cloud WAF, distributed cloud networking and early WAN-as-a-service offerings are emerging to connect branches, clouds, and security service edges over a programmable fabric rather than static routers.

In 2026, we expect security and networking teams to budget less for discrete “boxes” at the branch and more for recurring spend on SASE/SSE, WAF, and the underlying cloud connectivity. Physical access routers and appliance SWGs will continue to shrink as a share of branch networking and security spend, reinforcing that the edge is now a service, not a rack of gear.

 

Prediction 2 – “Next‑gen SIEM” becomes the gravitational center of SecOps

If SASE/ SSE and WAF are where packets are inspected, next-gen SIEM is where evidence is assembled and acted upon. We use “next‑gen SIEM” here as a SecOps solution construct, not a product SKU. In this view, a next-gen SIEM is a SecOps solution that combines:

  • Classic SIEM for log and event aggregation.
  • SOAR or extended orchestration, automation, and response (XOAR) for workflow and playbook automation.
  • XDR for cross‑control point detection and response.
  • Observability and digital experience monitoring (DEM) for performance and user‑experience telemetry.
  • CNAPP for configuration, identity, and cloud workload context.

A reflection of enterprises’ pivot in this direction is the recent explosive growth of the CNAPP market. In our analysis, the CNAPP market grew nearly 40% in 2024. Cloud-native security tool consolidation, end-to-end coverage, and DevSecOps integration are the core buying drivers.

Architecturally, next-gen SIEMS are a response to the collision of two worlds:

  • Traditional SecOps built around monolithic apps, north-south traffic, and data center-centric logging.
  • Modern app environments built on containers, microservices, and hybrid cloud

In 2026, we expect more RFPs to converge on this next-gen SIEM pattern. Buyers will look for a single SaaS platform that can ingest logs, telemetry, and cloud data; power AI-assisted investigations; and orchestrate responses across SASE/SSE, WAF, endpoint, and on-premises and cloud controls.

 

Prediction 3 – Security budgeting finishes its shift from capex to opex

The common thread between cloud-delivered edge controls and next-gen SIEM is not just architecture—it is the commercial model. Both are overwhelmingly sold as subscription services.

Across SASE, CNAPP, and broader network security, vendors are leaning into subscription licensing because it lets them monetize more features, deliver updates continuously, and smooth revenue over time. Our forecasts assume a continued shift from perpetual licenses and hardware-heavy deals toward SaaS and virtual consumption, with subscription models explicitly called out as a structural assumption for both network security and distributed cloud networking.

For CIOs and CISOs, this shows up in the budget spreadsheet as:

  • Smaller, more targeted hardware refresh projects.
  • Growing multi-year SaaS commitments for SASE/SSE, WAF, CNAPP, and next-gen SIEM.
  • Increased financial scrutiny of overlapping subscriptions, driving consolidation toward integrated platforms (for example, single-vendor SASE or a single primary analytics plane for SecOps).

We believe 2026 is the year this shift becomes the default assumption rather than a trend to watch. New initiatives will start life in opex, and capex-heavy proposals will increasingly be the exception that must be justified.

 

Net‑net for 2026

Security budgets will increasingly organize around two SaaS pillars—cloud-delivered security at the edge (SASE/SSE and WAF) and a centralized, AI-infused next-gen SIEM that absorbs CNAPP and traditional SecOps functions. Everything else, from distributed cloud networking to legacy appliances, will be evaluated on how well it supports or can be subsumed into those two spend templates.

[wp_tech_share]

Part 3 of a 3-Part CNaaS Blog Series:

We should look at history to predict seismic shifts in the IT equipment industry.

Campus NaaS is poorly defined in the industry, leading to market confusion. In this series of blogs, Siân Morgan explores the differences and similarities of the offers on the market and proposes a set of definitions to help enterprises and vendors speak the same language.

In 1998, when Netflix shipped its first DVD (Beetlejuice), not many foresaw the impact that the company would have on the entertainment industry.  It took nine years for Netflix to shift from DVD rental to streaming, and another 18 years for streaming to eclipse broadcast and cable TV viewing combined, in 2025. In September, KPop Demon Hunters became Nextflix’s most watched title, with 325 million views in the first 91 days.

The cloud delivery model transformed television and has the potential to transform the LAN equipment industry (although ideally without any soul-sucking demons).

CNaaS has already outpaced Netflix’s nine-year runway.  Some of the LAN-as-a-Utility vendors began developing hardware in stealth mode in 2015, and the first CNaaS revenue was recognized in 2018. In 2021, HPE brought the concept of a cloud-inspired LAN offer to mainstream when it announced its deal with Home Depot. Figure 1 shows a few of the key milestones in the short history of CNaaS.

Like the streaming market was in 2014, CNaaS is still a relatively new concept, and most enterprises can be forgiven for struggling to visualize how the offer may change their business.

In the first blog of this series, I introduced the characteristics that appear in cloud-inspired offers, including “as-a-Service” offers for LAN connectivity, which we label as CNaaS or Campus Network as a Service.  To different degrees, CNaaS offers are outcome-oriented, elastic, priced as opex, and maintenance-free.  In the second blog, I explained that the CNaaS offers can be classified into three categories:

    • Turnkey CNaaS, which are bespoke offers to large enterprises,
    • Enabler CNaaS for which vendors deliver enhancements to MSPs to expand the service providers’ addressable market, and
    • LAN-as-a-Utility CNaaS, for which vendors have developed LAN hardware to automate many operational tasks and to allow the vendors to provide ongoing network monitoring for enterprises.

There is another dimension by which available CNaaS offers vary:  by scope of technology.  CNaaS vendors include a mix of technologies such as LAN, WAN, data center connectivity, private cellular, firewalls, ZTNA, as well as higher-order applications, such as workflow management and software for smart-building management.

Can the CNaaS opportunity be quantified?

To quantify the opportunity for CNaaS vendors, we first reduce the service to a “core offering,” that is, the common elements present in every vendor’s service: Wireless LAN and Campus Switching. This allows market growth of the core to be baselined and tracked as it evolves. However, it will not represent the total opportunity for a vendor who includes other technologies such as firewalls, ZTNA, or an ISP marketplace, not to mention the professional services that can be bundled with the offers.

Next, this core CNaaS market must be defined in relation to other existing markets. We consider whether its trajectory will be independent, or whether it will evolve as a subset of a larger market, subject to the same prevailing trends as its parent.  All of the CNaaS on the market are constructed with Public Cloud-managed LAN technology, and so we consider CNaaS to be a subset of the Public Cloud-managed LAN market.  (Public Cloud-managed LAN is made up of LAN offers with management or control applications that are hosted in the cloud facilities of the vendor or a third party). Analyzing the manner in which the Public Cloud-managed LAN market grew and became widely adopted can provide valuable insights into the CNaaS trajectory.

Although it is a subset of the Public Cloud-managed LAN market, CNaaS has one very important difference: the way in which revenue is recognized by vendors.  Whereas Public Cloud-managed LAN vendors, such as Cisco, HPE, and CommScope already recognize a material amount of recurring software revenue, nearly all of their hardware revenue is recognized in the quarter in which it is shipped.

CNaaS offers reduce the revenue recognized in the early years of a contract; as vendors sell more CNaaS, the revenue for past shipments accumulates. Figure 2 compares the theoretical revenue profile of a vendor selling CNaaS with the revenue profile of the same equipment sold as capex.  This principle is captured by the “fish model” proposed by Thomas Lah in his blog.

Impact of CNaaS on Mfg Revenue Profile - DellOro Group

Finally, to quantify the CNaaS opportunity, we must consider whether it is accretive to the total market: will it result in an expansion of overall spending on LAN equipment, or is it a competitive tool to win share of existing market revenues?

I have identified three accretive opportunities related to CNaaS:

    • The CNaaS opportunity is expected to increase enterprise spending on AIOps software features designed to simplify and automate network operations. This will shift spending from human resources, growing overall LAN-related software revenue.
    • Simplification of the MSP workflow delivered by Enabler CNaaS will result in an expansion of MSP revenue from a broader segment of enterprises.
    • Vertical-specific CNaaS solutions blending different technologies and higher order applications (such as smart buildings, private wireless/WLAN networks, or the digitization of manufacturing) will drive new use cases and expand enterprise IT spending.

The CNaaS opportunity can be sized by considering the factors described above, alongside an analysis of shipment data, historical trends, and interviews with vendors, enterprises, and channel partners.  The conclusion of this analysis is that a shift in LAN delivery model can take several years, but the opportunity it brings is alluring.  Increased margins, a deeper, ongoing relationship with customers, and the future stability of a higher total contract value will drive vendors to develop rich CNaaS offers.  The commoditization of connectivity and the increasing complexity of networks will drive adoption by enterprises. I predict that in 2029, a mere 11 years after the offer became commercially available, it will represent over 10% of the Public Cloud-Managed LAN market.

CNaaS Opportunity 2029 Chart - DellOro GroupWith the broadest access to MSPs as a channel of delivery, we expect Enabler CNaaS to remain the largest category.  LAN-as-a-Utility CNaaS will remain the fastest growing variant, with the growth driven by new entrants gaining scale.

In his explanation of the “fish model”, Thomas Lah laid out two critical steps for SaaS companies wanting to “swallow the fish”, and these recommendations also ring true for CNaaS vendors. First, make sure to align sales compensation to the subscription model, without inflating incentives and associated costs.  Second, focus on ensuring a high rate of subscription renewals. As Netflix is well aware, customer churn determines whether a recurring revenue business succeeds or fails.

Dell’Oro Group Tracks CNaaS Trends, Market Dynamics and Revenue Forecasts in the Advanced Research Report: CNaaS and Public Cloud-Managed LAN

About the Author

Siân Morgan joined Dell’Oro Group in 2022 and is responsible for the Ethernet Switch—Campus, Wireless LAN, Campus NaaS and Public Cloud-Managed LAN market research program. She's known for delivering comprehensive quantitative insights into the Enterprise LAN market and the adoption of Public and Private Cloud-Managed platform adoption, including AI. With over 25 years of senior management experience in telecom and network technologies, such as 5G, OpenStack, LTE, IMS, and Wi-Fi, Ms. Morgan has held various roles in pre-sales, R&D, and post-sales support. Fluent in both French and English from a decade in Europe, her research is widely cited in industry publications. Ms. Morgan is also a frequent industry conference speaker.

Read articles Siân Morgan has written or been featured in...

[wp_tech_share]

Part 2 of a 3-Part CNaaS Blog Series:

Focusing on Enterprise Needs, the Three CNaaS Variants Become More Than Solutions Looking for a Problem

Campus NaaS is poorly defined in the industry, leading to market confusion. In this series of blogs, Siân Morgan explores the differences and similarities of the offers on the market and proposes a set of definitions to help enterprises and vendors speak the same language.

The first danger sign came when Henry Ford named the Edsel, Ford Motor Company’s ambitious new car concept, after his son. The idea for a premium mid-market car was laden with high expectations, and after ten years and $250 million spent planning, the Edsel was launched with fanfare in September 1957. Three months later, sales plummeted. Ford had projected it would sell 200,000 Edsel cars a year.  Instead, 118,287 were sold over the three years the Edsel was in production.  Ford had misunderstood what customers wanted.

In the first blog of this series, we defined the technological characteristics of CNaaS, but bearing in mind the Edsel backfire, it is important to address the way CNaaS fulfills real customer needs.

All of these offers are focused on two common customer requirements:

    1. The increasing complexity of Local Area Networks, coupled with a lack of skilled IT resources.

This requirement has been amplified by the recent wave of AI innovation. Most enterprises are focused on developing an AI roadmap, and many would prefer to reallocate resources from maintaining the LAN to higher-value projects.

    1. Enterprises’ desire to reduce capital expenditures while prioritizing IT investments.

Typical CNaaS offers include hardware financing that allows LAN hardware, software and services to be bundled into one recurring fee. Some enterprises may find the opex price structure alluring because it helps with cost allocation, better matches the company’s revenue streams, or fits better with funding cycles. However, companies that are measured or restricted by financial covenants based on their EBITDA, or entities that are prevented from committing to multi-year contracts, will prefer to purchase their LAN equipment outright. To cater to these enterprises, some CNaaS vendors have structured their pricing to appear as capital leases on enterprises’ books. Other CNaaS vendors have the option of a capex acquisition model.

The three CNaaS variants address enterprises IT requirements in different ways

To match the multitude of CNaaS options, vendors have approached the service from different angles. Among the offers available, it is possible to classify them into three categories, based on the vendors’ business objectives outlined in Figure 1.

 

 

Turnkey CNaaS—Led by Large Vendors
    • Who offers it: Large, incumbent vendors with broad portfolios are well-placed to offer this type of “high-touch” offer, targeting large enterprises directly and without the support of an MSP.
    • How it works: These offers can be financed by the vendors such that service price is aligned with an enterprise’s business model. For instance, a vendor could blend and distribute the service price to fluctuate in step with the enterprise’s cyclical revenue. The price could also be structured to match the geographic distribution of an enterprise’s revenue centers.

 

    • Market impact: This type of offer has a more traditional delivery model than the other two CNaaS categories.  Turnkey CNaaS was responsible for virtually all of CNaaS revenue in 2020 and was the largest category of CNaaS revenue in 2024.

 

Enabler CNaaS—Scaling Through MSPs
    • Who offers it: Enabler CNaaS is typically offered by incumbent LAN equipment vendors that maintain deep channel relationships with MSPs. Unlike Turnkey CNaaS, the vendor keeps the vendor–MSP partnership intact.  Exceptionally, Shasta Cloud is a startup in this category.  Shasta leverages TIP’s OpenLAN initiative and requires a service provider or partner to label and deliver the offer to customers.
    • How it works: The innovation lies in the business model. Vendors develop tools to simplify acquisition and may finance the hardware. This helps the MSPs to bundle professional services with vendor hardware and software, creating a more attractive package for enterprises. Even without explicit support from vendors, MSPs can build their own version of CNaaS, which we label “MSP-Led”.  This approach often involves in-house development from an MSP.
    • Market examples: This category of CNaaS is made up mainly of incumbent LAN equipment vendors leveraging existing MSP relationships.

 

    • Market impact: We expect Enabler CNaaS to comprise most of CNaaS revenue from 2026 to 2029. MSPs are established globally and have the capability of scaling up the sales of these solutions to mid-to-large enterprises quickly, once they commit to selling opex-structured offers.

 

LAN-as-a-Utility— A New Model for Campus Networks
    • Who offers it: Whereas the innovation of Turnkey and Enabler CNaaS offers is centered on the business model and acquisition process, LAN-as-a-Utility vendors have developed entirely new hardware and software designed to automate network delivery and operations.
    • How it works: Initially, most LAN-as-a-Utility offers were acquired by enterprises directly from vendors, and purchased based on a standard, outcome-oriented price per area or number of connected devices. Because LAN-as-a-Utility offers are designed to automate the day-to-day monitoring of enterprise network equipment, they risk reducing business opportunities for MSPs. However, MSPs are also valuable routes to market for LAN-as-a-Utility vendors. For this reason, there has been a gradual shift in the relationship between the LAN-as-a-Utility vendors and channel partners, with the vendors allowing the partners to take on more of the initial design and site surveys, as well as ongoing network monitoring.

As the LAN-as-a-Utility vendors have become more established, their approach to pricing has also evolved. As the vendors encountered a diverse set of enterprises with different needs, they began presenting a more nuanced pricing approach, with custom pricing depending on location, space and enterprise requirements.

    • Market examples: Each of the four most active vendors in this category includes different components in their offers; however, all are involved in developing in-house software and in monitoring the networks on an ongoing basis.

 

    • Market impact: LAN-as-a-Utility vendors are challenging the established IT equipment industry. These offers resonate best with small-to-mid sized enterprises that have very small, or non-existent, IT teams.  By outsourcing the network and its monitoring with the protection of an outcome-oriented SLA (Service Level Agreement), these enterprises can obtain a high-quality network without the associated labor costs and without large outlays of capital. LAN-as-a-Utility CNaaS vendors now report that a significant number of their deals are arriving via channel partners. However, it will take time for these newcomers to build a channel presence as large as the incumbent vendors.  Although this variant of CNaaS has the smallest share of revenue out of the three variants, it also has the most impressive growth rate.

Turnkey, Enabler and LAN-as-a-Utility CNaaS are all different offers, leading to a variety of customer experiences.  However, they are all delivered with public cloud-managed equipment, and with automation as a central feature.  The CNaaS construct represents three different ways to address enterprises’ need for IT simplification.

Which of the three is likely to be more successful?  How big is the overall market? These questions will be addressed in the final blog of this three-part series.

Dell’Oro Group Tracks CNaaS Trends, Market Dynamics and Revenue Forecasts in the Advanced Research Report: CNaaS and Public Cloud-Managed LAN

About the Author

Siân Morgan joined Dell’Oro Group in 2022 and is responsible for the Ethernet Switch—Campus, Wireless LAN, Campus NaaS and Public Cloud-Managed LAN market research program. She's known for delivering comprehensive quantitative insights into the Enterprise LAN market and the adoption of Public and Private Cloud-Managed platform adoption, including AI. With over 25 years of senior management experience in telecom and network technologies, such as 5G, OpenStack, LTE, IMS, and Wi-Fi, Ms. Morgan has held various roles in pre-sales, R&D, and post-sales support. Fluent in both French and English from a decade in Europe, her research is widely cited in industry publications. Ms. Morgan is also a frequent industry conference speaker.

Read articles Siân Morgan has written or been featured in...