When geopolitics meets corporate networks
The security of corporate networks can no longer be treated in isolation from the wider geopolitical environment. Heightened tensions, hybrid threats, and deliberate attacks on critical infrastructure have blurred the lines between national security and business continuity.
As a result, network security has become a core element of corporate resilience strategies. The central question is no longer whether to invest in security, but how network architecture and governance can be designed to strengthen resilience across both public and private sectors.
As this report highlights, the Nordic region faces a combination of physical and digital challenges:
Hybrid threats where physical sabotage and cyberattacks reinforce each other.
Supply chain vulnerabilities exposing networks to third-party risks.
AI as a force multiplier, lowering barriers for attackers while enhancing defensive capabilities.
The conclusion is clear: networks are not only technical infrastructures but critical assets for societal resilience. Companies must treat them as part of their security policy, on par with financial and operational risk management.
Companies’ growing need for secure and flexible networks
Enterprises today operate in an environment characterised by mobility, decentralisation, and heightened interdependence. Hybrid ways of working, globally distributed supply chains, and the proliferation of connected devices mean that networks are no longer just an enabler of operations, they are an integral part of risk management.
Several requirements have become central to network design including:
Identity management: Strong and reliable authentication of users and devices, integrated with enterprise identity systems, is now a baseline expectation.
Encryption and integrity: Sensitive traffic must be protected against interception or manipulation, across both user data and control signalling.
Continuity in motion: With employees and devices moving across offices, homes, field sites, and borders, networks must provide seamless handover and consistent quality without compromising security.
Visibility and monitoring: Organisations increasingly need real-time insight into network activity, anomalies, and potential threats in order to respond quickly.
Resilience and redundancy: Redundant links, failover mechanisms, and robust contingency planning are essential to ensure operations continue even when disruptions occur.
Governance and compliance: Networks must support regulatory obligations (e.g. data protection, lawful intercept, critical infrastructure requirements) while aligning with corporate governance frameworks.
The exact balance between these requirements depends on sector, geography, and risk appetite. There is no single “best” technology; instead, enterprises require architectures that are secure and flexible by design. Managed Wi-Fi, software-defined overlays, fibre underlay, and private mobile networks each contribute different strengths. The challenge lies in combining them into coherent solutions that scale with business needs while maintaining robust protection.
Secure network architectures: options and examples
Enterprises have multiple pathways to embed security directly into their connectivity choices. No single technology provides all the answers; rather, resilience comes from selecting and combining solutions that fit operational needs.
Managed Wi-Fi and LAN solutions remain indispensable in most office environments. When properly designed with strong authentication, such as certificates or WPA3-Enterprise, and paired with centralised policy control, Wi-Fi can provide secure access for a wide range of devices. Integrated with software-defined overlays, it also offers granular access management, endpoint protection, and visibility into user behaviour.
Software-defined networking, including SD-WAN and Secure Access Service Edge (SASE), adds another layer of flexibility. SD-WAN is transport-agnostic, operating across both fixed and mobile links, which allows enterprises to apply a single security and traffic management framework regardless of the underlying connectivity. By routing traffic intelligently and enforcing policies at the edge, SD-WAN enables enterprises to adapt their networks quickly to changing needs. SASE frameworks go further by combining connectivity and cloud-based security in a single architecture, bringing together functions such as firewalls, identity-based access, and traffic inspection. This makes it possible to secure hybrid workforces and branch offices without replicating heavy on-premise infrastructure.
Mobile Private Networks (MPN) provide a different set of strengths. Built on mobile technology (4G/ 5G and beyond), they embed carrier-grade security features: SIM or eSIM-based identity ensures that no device is anonymous, traffic can be isolated from the public internet, and both signalling and data are encrypted by default. With newer 5G releases, additional capabilities also enables network slicing, which allows sensitive services to be segmented into secure traffic domains. Industrial control systems, healthcare devices, or other mission-critical functions can therefore operate separately from less sensitive traffic, reducing risks of compromise. MPNs are designed for low latency and high reliability, making them well suited to mission-critical applications such as remote machinery control, automated logistics, or connected medical equipment. Another decisive factor is indoor coverage. In manufacturing, logistics, or healthcare, uninterrupted connectivity inside large or complex facilities is a prerequisite for digitalisation. Where Wi-Fi often struggles with interference or patchy reach, mobile networks deliver consistent coverage across both indoor and outdoor environments.
In addition to fully dedicated deployments, operators such as Telenor Norway also offer Mobile Network as a Service (MNaaS). This model allows enterprises to access secure, isolated connectivity on demand without the need to invest in their own spectrum or core infrastructure, lowering the barrier to adoption while still providing the benefits of segmentation, reliability, and indoor coverage.
In practice, many organisations combine these approaches. Fibre and Wi-Fi may serve office and fixed sites, MPNs can secure mobile operations, and SD-WAN can provide overarching traffic control. In the hospitality sector, for example, Scandic has tested hotel environments where Wi-Fi continues to serve guest services, but an MPN provides the backbone for internal operations. This interplay of technologies often yields the most resilient and cost-effective solutions.
Security is strongest when architecture enforces identity, encryption, and isolation by design. Whether through managed Wi-Fi, SD-driven overlays, or mobile private networks, the unifying principle is to build networks where resilience is woven into the fabric of connectivity rather than added on top.
Case study: Hydro – secure networks in heavy industry
Hydro, one of the world’s largest aluminium producers, operates energy-intensive facilities that run 24/7. In such environments, even small disruptions can halt production and create major safety risks.
At its plants, Wi-Fi had proven unsuitable due to interference and patchy coverage. To address this, Hydro worked with Telenor Norway to establish a mobile private network. The solution, initially based on 4G and prepared for 5G, offered reliable coverage across the industrial site, with traffic kept separate from the public internet and designed for resilience through multiple connections and fallback options. This connectivity has supported Hydro’s ‘connected worker’ vision, where staff use shared devices and digital tools to capture data, receive early warnings, and take corrective action in real time. By combining secure architecture with practical functionality, the network has strengthened both operational continuity and workplace safety.
Hydro’s experience shows how mobile private networks, when tailored to industrial conditions, can enhance resilience and productivity in ways traditional connectivity cannot.
Behind the fence: the role of physical security
Cyber resilience cannot be separated from physical safeguards. Even the most advanced encryption or access control loses its value if sites are left vulnerable to intrusion, power supplies fail without redundancy, or contingency planning is inadequate. For telecom operators, resilience depends on managing the physical and digital layers as one integrated framework.
Physical protection starts with access control at network sites, shielding sensitive equipment from unauthorised interference. It extends to redundancy in power and transmission systems to ensure continuity, even under severe disruption. Monitoring and preparedness are equally critical: incidents ranging from vandalism to extreme weather can only be contained if they are detected early and handled through predefined procedures.
Finally, governance ties these elements together, requiring suppliers and partners to uphold the same standards, so that resilience becomes a collective responsibility across the value chain. Telenor Denmark provides a practical illustration.
Telenor Denmark’s integrated approach
Physical and digital security are managed as one integrated framework. At network sites, access is strictly controlled and supported by layers of protection, ensuring that sensitive equipment is not exposed to unauthorised individuals. Critical functions such as power and transmission are built with redundancy, so that operations can continue even when unexpected disruptions occur.
This is complemented by continuous monitoring and contingency planning. Incidents such as vandalism, extreme weather, or technical faults are detected quickly and addressed through predefined procedures, reducing the risk that local problems spread into wider outages. Regular drills and preparedness exercises ensure that teams are ready to act under pressure.
Equally important is the governance dimension. Security standards extend beyond Telenor Denmark’s own facilities to the broader ecosystem of suppliers and partners. Contractors are held to strict requirements, and equipment providers must demonstrate transparency, security by design, and compliance with international standards. In this way, resilience becomes a shared responsibility across the entire value chain rather than a task for one operator alone.
By combining physical safeguards, operational readiness, and strong governance, Telenor Denmark demonstrates how national infrastructure can be designed to withstand disruption. The result is a network where resilience is not an add-on but a principle built into every layer, providing greater reliability for the businesses and institutions that depend on it.
For Nordic operators, governance also extends beyond national borders. True resilience often requires cross-border redundancy for example, being able to fail over to a data centre or hot-standby capacity in a neighbouring country if a domestic outage occurs. Yet such solutions are not always straightforward. Privacy requirements and national autonomy concerns can create barriers to sharing or storing data across borders, even when it would improve resilience. This tension between security through cooperation and restrictions on cross-border data flows highlights the importance of dialogue within the industry and with regulators.
Perspective: From networks to resilience
Security cannot be reduced to a checklist of compliance requirements. Regulations such as NIS2 provide a baseline, but true resilience depends on how enterprises integrate security into their overall risk management.
The challenge is undeniably multidimensional. Geopolitical instability, hybrid threats, and AI-driven risks make networks more exposed than ever. At the same time, enterprises face growing demands for flexible architectures that can secure both people and data across mobile, distributed, and cloud-based environments. Case studies from across the Nordics, such as Hydro’s connected industrial plants or Telenor Denmark’s physical safeguards, illustrate how resilience can be embedded into both digital and physical layers of infrastructure.
The key lesson is that networks are no longer a background utility; they are a strategic asset that underpins national security, business continuity, and competitiveness. Secure and resilient networks reduce operational risks, protect sensitive data, and maintain trust with customers and partners.
The message is clear: organisations must build and use connectivity solutions that anticipate evolving threats and support long-term resilience.