9 min Security

GTT well-positioned to provide SASE in a dynamic world

Insight: Security

GTT well-positioned to provide SASE in a dynamic world

GTT is fully committed to SASE, or Secure Access Service Edge. It does so in its own way. We spoke with Mark de Haan, SVP Central Europe at GTT Communications. What makes Secure Connect, the SASE offering from GTT, unique? Why, as a customer, should you go for GTT and not for one of the many dozens of other vendors in the market that claim to provide a service within the SASE framework?

The infrastructure of (enterprise) organizations can cause many headaches. Especially when it comes to security, life hasn’t become any easier in recent years. With the move to the cloud, the traditional security model for on-premises environments has proven inadequate. Organizations today combine modern cloud-based environments with legacy on-prem environments. In addition, as a result of the pandemic, a lot has also changed in the past few years in terms of where employees need to access an organization’s infrastructure.

In other words, the infrastructure of organizations has become a lot more complex, De Haan points out. “Your users are everywhere and the internet is the new network,” he sums up the developments succinctly. You cannot secure this complex environment according to a traditional hub-spoke security architecture. This architecture simply cannot scale with today’s distributed environments in an affordable and workable way. So you end up creating security gaps before you know it, unless you seal everything, of course. But that results in a bad user experience for the employees. At the end of the day, this will also have a negative impact on the organization as a whole.

SASE as a solution for new security issues

As an organization, you can of course choose not to make the move to the cloud and not offer employees the flexibility to work where they want or where it is convenient. However, the first part of this is unrealistic and undesirable. Organizations need to leverage the cloud (more and more) to stay in the game. The second is also not desirable these days. Think of the rise of the so-called workation, De Haan says. Employees increasingly expect organizations to be flexible in this area. If they don’t go along with that, they are missing out on potentially good employees.

The complex infrastructure as outlined above will irrevocably lead to a larger attack surface. Put briefly, you can no longer catch everything with firewalls. They no longer represent the perimeter. “Identity is the perimeter nowadays, it doesn’t matter where you are,” says De Haan. On top of that, when it comes to cybersecurity, it all has to be user-friendly.

These new security issues clearly require a completely new approach from organizations. The SASE framework offers a good solution. SASE stands for Secure Access Service Edge and is basically nothing new. That is, it is not a new product, but a new approach. The individual components that make up SASE are already widely available. If you break it down, SASE is really nothing more than a combination of SD-WAN and network security. That may sound a bit simplistic, but that is what it is. The trick, however, is to link these things together optimally and offer it as a service. That is what GTT wants to achieve with Secure Connect. According to De Haan, GTT is ideally positioned to deliver this to customers.

Why GTT Secure Connect?

GTT has several characteristics that make De Haan’s claim above much more than an empty slogan. First of all, GTT is a Tier 1 network provider. That means the company can deliver the Secure Connect service over a private backbone. This is a key requirement for “true” SASE. With this, GTT ensures optimal performance and does not use the public Internet. That makes it a very secure connection. Mind you, the last part, from the closest Point-of-Presence (PoP) to the end user is usually through the public internet, so you can’t run the entire connection through the private backbone. The SASE solution does ensure that end users have secure connectivity.

Mentioning the PoPs brings us to yet another major advantage of GTT when it comes to SASE. The company has more than 600 of them worldwide, which is a very significant number. Within a PoP, GTT provides all the things necessary for anyone to securely connect to the corporate environment. These include Zero Trust Network Access (ZTNA), Firewall-as-a-Service (FWaaS), Cloud Access Security Broker (CASB) and Secure Web Gateway (SWG).

In principle, more PoPs is always better for SASE, provided they are well distributed around the world. After all, this also means that they are closer to customers. And closer is always good when it comes to things like latency, but also possibly redundancy so as to create a consistently good user experience. For example, if you use a SaaS application like Salesforce, it is important that it runs as close to a PoP of the SASE provider as possible, wherever the employees may be. You can achieve this more easily with more PoPs than with fewer.

Independent service provider

The two somewhat more technical features above are only part of why GTT is well-positioned for SASE. Perhaps even more important from GTT’s perspective is how it approaches the market in general. “GTT is one of the few global independent service providers,” according to De Haan. “We work with thousands of vendors to deliver our services.” Secure Connect can essentially orchestrate security policies seamlessly across all the different services. This means that customers do not necessarily have to purchase from a particular vendor for their SD-WAN. For GTT, this means that it can also be seamlessly incorporated into many existing environments. For the authorized access portion of SASE (ZTNA), GTT does use a single solution in Secure Connect, namely Prisma Access from Palo Alto Networks.

The advantage of Secure Connect’s ability to connect to many different vendors and services is, as also briefly mentioned above, that it can incorporate and orchestrate them almost seamlessly. In other words, organizations don’t have to start with a greenfield environment. This means that existing investments do not have to be written off in order to start with Secure Connect.

To us, incorporating into existing environments sounds like GTT has to do quite a bit of customization for customers to get it to fit. That would mean that Secure Connect is not really a standard solution. De Haan disagrees with this. “We have about 400 preferred partners that we connect to our platform with lightning speed,” he indicates. In fact, GTT has simply built preferred SD-WAN partners into the platform, so there’s no need to customize anything there. That has been the goal in the development of Secure Connect from the beginning. GTT clearly has no intention of building customised offerings for each customer. As De Haan puts it, with Secure Connect GTT offers different flavors of a worldwide standard solution.

GTT’s Managed and professional services

GTT cleverly tackles the positioning of Secure Connect and SASE in general as far as we are concerned. It deploys the company’s distinguishing features to raise its profile. Whereas other vendors want to set up everything, or at least a lot of end-to-end systems themselves, GTT looks for integration. This is partly necessary, as the company is fundamentally different from many other SASE providers. Yet it is also a smart move, because it gives GTT the opportunity to focus on what it has traditionally been very good at.

We already mentioned that GTT has always been independent. In a world of lock-ins, some desirable, some undesirable, that is definitely nice. In addition, GTT can also choose this approach because of its expertise in providing additional services. Those extra services will also have to be delivered, because you’re always dealing with specific customer wishes and requirements. If you approach SASE as GTT does, that may be even more the case than with other vendors. After all, the idea is that Secure Connect can get along with a wide range of other services.

When it comes to the services that GTT can provide, the first one is managed services. De Haan estimates that about 80 percent of all GTT customers use these services. Think of all the ‘standard’ managed services: design of an environment, its implementation and maintenance. On top of that, however, come the professional services. According to De Haan these are even more distinctive for the offer of GTT in the market.

Mark de Haan, SVP Central Europe at GTT

Professional services include things like project management, service management and technical management. With project management you can ensure that you implement something that works well. Service management involves GTT making sure that contracts are honored, through reporting, analysis and conversations about how everything is going. The people at GTT who are responsible for technical management look after the actual build and run phase of the SASE cloud platform. These people know very well which application landscape a customer has, says De Haan. And also how this changes and how they can improve the solution if necessary.

GTT as cloud enabler

All in all, GTT has, at least on paper, makes a convincing entry into the SASE market with Secure Connect and everything that goes with it. With the expertise it has in SD-WAN, its positioning as an independent player and its managed and professional services, it seems to have everything it needs to make Secure Connect a success. In any case, it has a clear and straightforward story around SASE. That’s a big plus in a market where everyone seems to be shouting that they’re doing SASE, even though they probably aren’t offering it completely. That kind of ambiguity is absolutely undesirable in today’s complex world of enterprise infrastructure and security. The complete worry-free approach that GTT pursues, on the other hand, is desirable. Now it’s up to GTT to deliver on its promises.