What matters most at a glance
- A modern network is a stack, not a box: cabling, switching, routing, wireless, security, and monitoring all matter.
- UK fibre availability is strong enough in 2026 that fibre-first planning is realistic for many sites, but not all buildings.
- The right connectivity choice depends on uptime, cloud usage, user density, and whether one site can afford to go offline.
- Managed or co-managed support often makes more sense than fully in-house operations unless you already have deep network skills.
- Zero trust, segmentation, and tested failover are not extras anymore; they are the difference between a stable network and a fragile one.

What a modern network actually includes
I start with the stack because too many buying conversations jump straight to a firewall quote. A useful design usually has six layers: cabling and power, switching, routing and WAN, wireless, security, and monitoring. If one of those layers is weak, the whole network feels unreliable even when the core hardware is fine.
| Layer | What it does | What good looks like | Common mistake |
|---|---|---|---|
| Physical layer | Cabling, racks, patching, power, UPS | Cat6A for 10GbE to the desk when needed; fibre for backbone links and long runs | Underestimating power, cooling, or cable quality |
| Switching | Connects devices inside a site | Enough PoE budget for APs, phones, cameras, and spare ports | Buying access switches with slow uplinks |
| Routing and WAN | Moves traffic between sites and cloud services | Clear failover policy, dual links where uptime matters, SD-WAN where multiple sites need central control | Single-circuit dependency |
| Wireless | Office mobility and guest access | Proper site survey, clean channel plan, AP density based on users, not floor area | Assuming one AP per room is enough |
| Security | Controls who can reach what | Segmentation, MFA, ZTNA, and sensible firewall policy | Flat network plus broad VPN access |
| Operations | Monitoring and change control | Alerts for latency, packet loss, jitter, and AP/client health | Only noticing problems when users complain |
PoE means Power over Ethernet, and it matters because a great wireless design can fail if the switch cannot power the access points properly. I also see too many Wi-Fi 7 upgrades fail on the wired side: if the access switch uplink is still 1 GbE, the access point never gets to show what it can do. SD-WAN, or software-defined wide area networking, becomes useful when multiple sites need central traffic rules instead of site-by-site tuning. I like to keep a spare-port and spare-power margin, because networks rarely shrink after day one. Once those pieces are clear, the UK access question becomes the real constraint.
Why UK connectivity choices look different in 2026
UK connectivity has improved enough that fibre-first planning is now a rational default for many sites. Ofcom's spring 2026 data says full fibre is available to 24.9 million UK residential premises, or 82% of homes, while gigabit-capable broadband reaches 89%. That does not remove the need for a survey, but it does change the starting point: in many places, the design brief is no longer "what can we get?" but "what service level do we actually need?"
| Option | Best for | Why I choose it | Trade-offs |
|---|---|---|---|
| Business broadband over FTTP | Small offices, low-risk branches, cost-sensitive teams | Widely available, quick to install, good enough for everyday cloud use | Shared capacity, weaker SLA, and variable upstream performance |
| Leased line or Ethernet circuit | HQs, voice-heavy environments, regulated sites, cloud-dependent teams | Predictable latency, strong SLA, and cleaner upload performance | Higher monthly cost and longer lead times |
| Dual broadband with 4G or 5G failover | Branches that cannot afford long outages but do not need a leased line | Resilience without locking every site into premium circuits | Wireless backup is only as good as local coverage and data allowance |
| Fixed wireless or satellite | Remote, temporary, or hard-to-reach locations | Useful where fibre rollout or wayleave work is slow | Latency, line-of-sight, and weather-related variability |
As a rough UK planning figure, a leased line often starts around £200 per month and moves up quickly with speed, build complexity, and SLA. The cheapest quote is rarely the cheapest network once downtime, support hours, and failed video calls are counted. My rule is simple: every critical site should have a primary path and a tested backup path, even if the backup is modest. The next question is who owns that day-to-day resilience.
Managed, co-managed, or in-house
That resilience is only valuable if someone owns it properly after go-live. I usually split delivery models into three buckets: in-house, managed, and co-managed. In-house gives the most control, managed services buy coverage and predictable response because the SLA, or service level agreement, sets the response and restore commitments, and co-managed sits between them when an internal IT team wants to keep architecture decisions but hand off monitoring, patching, or field support.
| Model | Best fit | Strength | Watch-out |
|---|---|---|---|
| In-house | Larger IT teams with network specialists | Fast internal decision-making and deeper knowledge of the environment | Skill gaps, holiday cover, and out-of-hours support can become fragile |
| Managed | SMEs, multi-site businesses, lean IT teams | Monitoring, escalation, and maintenance are bundled into an SLA | Visibility can get poor if reports are generic or the provider is too opaque |
| Co-managed | Teams that want control without carrying everything themselves | Good balance between local ownership and external coverage | Needs a clear responsibility split, or issues fall between the cracks |
I lean toward co-managed arrangements for most mid-sized organisations because they reduce the single-person dependency that quietly breaks a lot of networks. The quality test is not the sales deck; it is the support model, the escalation path, the spare hardware policy, and whether the provider can actually restore service when a circuit or switch fails. From a budget perspective, this is where people forget to count software licences, monitoring, replacement stock, and the labour cost of internal troubleshooting.
If one site carries too much business risk, I would rather pay for a stronger SLA than gamble on a slightly cheaper monthly bill. Once the operating model is set, security becomes much easier to design properly rather than bolt on later.
Security belongs in the architecture
Security is where network projects stop being a cabling exercise and become architecture. The NCSC's 2026 ZTNA guidance points in the same direction I would: do not trust the network by default, verify each access request, and limit what a user or device can reach to only what it actually needs.
- Start with identity, not location. Zero trust means the office floor is not a badge of trust. User identity, device posture, and context should decide access.
- Segment by purpose. Keep guest Wi-Fi, corporate devices, and IoT or operational technology traffic apart. VLANs, or virtual LANs, are the first layer of separation; microsegmentation is the tighter version.
- Use ZTNA where app access is enough. A full VPN often gives more network access than a contractor or remote employee needs. ZTNA, or zero trust network access, narrows that path.
- Keep admin paths separate. Management interfaces, backups, and monitoring systems should not sit on the same flat network as everyday users.
- Log the useful things. Firewall events, DNS lookups, switch health, AP joins, and authentication failures tell a better story than raw alert volume.
SASE, short for secure access service edge, can make sense when branch connectivity and security need to be delivered together, but it is not a shortcut around basic segmentation or good local design. The point is not to buy more security logos; it is to reduce the number of places where one compromised device can move sideways through the estate. Once access is controlled properly, the rollout itself becomes much less risky.
A rollout plan that avoids rework
The smoothest rollouts I see are the ones that treat the network like a change programme, not a hardware swap. Circuit lead times, wayleave issues, and building access can easily outrun the time it takes to rack the equipment, especially in older UK offices and mixed-use buildings.
- Map the current estate. Inventory circuits, switches, APs, firewalls, cabling, public IPs, and the applications that break first when the network falters.
- Set failure targets. Decide what can be down for five minutes, one hour, or a full business day. That tells you whether failover is optional or mandatory.
- Design by site type. A headquarters, a branch, a warehouse, and a remote worker do not need the same profile.
- Pilot before wide rollout. Test roaming, printing, voice, video, VPN or ZTNA, and circuit failover in one controlled location first.
- Validate the boring parts. Check rack space, cooling, UPS sizing, PoE budgets, and configuration backups before cutover.
- Measure the first month hard. Track packet loss, latency, jitter, Wi-Fi client counts, and support tickets so you can catch problems before users learn to work around them.
I prefer to see a one-page rollback plan for every cutover. If the team cannot explain how they will reverse the change, the rollout is too aggressive. That discipline leads directly to the last decision: what to prioritise once the network is live.
The decisions that still matter after go-live
The networks that age well are usually not the ones with the most expensive kit. They are the ones that were designed with a second path, clear segmentation, usable monitoring, and enough headroom in the cabling and power layers to absorb growth without another panic refresh.
- Buy resilience before raw speed. A slightly faster single circuit is less useful than a modest primary link with a working backup.
- Treat Wi-Fi as a density problem, not just a coverage problem. Good access point placement matters, but so does client count per radio and the quality of the uplink behind it.
- Review the network every time the business changes shape. Cloud migrations, VoIP rollouts, video-heavy collaboration, and IoT expansion all change what "enough" looks like.
- Keep spare parts and config backups where they are easy to reach. Waiting overnight for a replacement switch is fine until the site cannot function without it.
For most UK organisations in 2026, the smartest investment is a network that is easy to observe, simple to recover, and hard to accidentally flatten. That is what turns infrastructure from a recurring problem into a dependable base for the rest of the business.