“Can we reinvent secure networking itself so that we can deliver something measurably better to the world?" asks Galeal Zino, Co‑founder and CEO of NetFoundry.
That question has defined Zino’s career, from building massive networks for voice, video, IoT, and mission‑critical applications to founding NetFoundry. And it’s that ambition which lies at the heart of NetFoundry’s mission.
Enterprises once connected their sites and data centers with private, carrier‑managed WAN links. Today, they are increasingly relying on public internet connections, spurred by cloud adoption, SaaS, and hybrid work, to carry applications, workloads, and data.
It’s this vision, embedding identity‑first Zero Trust directly into the network fabric, that led Cisco Investments to invest in NetFoundry, the company behind “secure networks of one” and the open‑source platform, OpenZiti.
Pioneering Secure Networks of One
From its outset, NetFoundry’s mission was clear: solve the limitations Zino experienced in decades of enterprise networking by transforming the network into an active enforcer of identity, authentication, and policy.
That vision became the foundation for NetFoundry’s “secure networks of one” mantra: bespoke, application‑native connections purpose‑built for a single workload, API, or environment. This identity-based micro‑segmentation enables enterprise workflows to connect without exposure of critical infrastructure, working seamlessly across diverse environments and connectivity methods, and has gained traction with NetFoundry’s customers in highly regulated markets, from financial services to industrial IoT and healthcare, that also require flexible deployment options such as agent-based, direct installation, and SDKs, all of which NetFoundry offers.
From silicon to cloud, customers quickly realized we could do things for them that no one else could," Zino recalls. “Not only stronger security, but also velocity and innovation since software-only overlay approach enables automation.
To realize their vision at scale, Zino and his team created OpenZiti, a widely adopted open‑source platform for building identity‑first, Zero Trust networking directly into software. By making this capability available as open source, NetFoundry empowers developers and enterprises to embed Zero Trust into any application or environment.
A Smarter Network Model
SD-WAN, SASE, and VPN leverage systems above the network layer, like application logic, firewalls, or identity providers, to manage identity, authentication, and authorization. NetFoundry complements these established approaches by enabling identity, authentication, and authorization to be enforced within the network, providing an additional layer of security and control that integrates seamlessly with existing architectures. The overlay model enables authorization to extend to third-party networks, unmanaged devices and even into applications via the SDKs.
NetFoundry's network architecture is focused on identity, authentication, and authorization, before a packet ever enters the network," Zino explains. “Businesses spin up these overlays in minutes, as software.
Even in environments like banking, manufacturing, and healthcare, workloads still often travel over public internet, basic site‑to‑site VPNs, or private APNs. NetFoundry injects secure, identity‑first Zero Trust and micro-segmentation directly into these flows, as software, and provides self-hosted and NetFoundry hosted options for the overlays.
Advancing Networking and Security Convergence
Cisco’s investment in NetFoundry reflects Cisco’s commitment to advancing the convergence of networking and security, a core pillar of our future‑ready architecture. NetFoundry’s ability to embed identity‑first Zero Trust directly into the network fabric complements Cisco’s initiatives in secure access, segmentation, and policy enforcement, including operational technology and highly regulated industries. By extending security controls to the very point of application‑to‑application connectivity, NetFoundry aligns with our vision to deliver intelligent, adaptive infrastructure that meets the demands of today’s distributed enterprise.
Looking Ahead
As workloads, from multi‑cloud architectures and IoT to AI‑enabled applications, become more distributed, dynamic, and identity‑first, application‑native Zero Trust networking is positioned to become the standard rather than the exception. AI workloads, with their nondeterministic workflows, multi‑agent interactions, and complex data flows across hybrid environments, amplify the need for identity- first, secure-by-design, adaptive networking.
“AI wasn't our original focus, but it amplifies exactly the challenges we were designed to solve," Zino notes.
By embedding security in the network itself, NetFoundry enables enterprises to reduce their attack surface while maintaining performance and without compromising compliance, business continuity, or risk reduction.
Backing NetFoundry reinforces Cisco’s mission to deliver secure, dynamic, and future‑ready networks, meeting the demands of AI, OT, and the next generation of enterprise workloads.