Search
Close this search box.

Blog

Security and the Hybrid WAN

SD-WAN combined with regional cloud-based firewalls offers the best centralized security. Read to learn more.
August 3, 2021

Security and the Hybrid WAN

In the early days of the Internet, enterprise networks followed a well-established blueprint: applications ran in centralized data centers, and users accessed them over private WANs. Connectivity to the Internet-based applications of the time – email, file transfers, and web browsing – was likewise centralized, and the associated public traffic was carried over the same private WANs. This was an appropriate architecture when Internet traffic was modest and sub-second latency was acceptable. And because connectivity to public networks was limited to a few physical locations, it made the network easier to secure by minimizing the potential attack surface.

But as the Internet rose to prominence, the situation changed. Many internally hosted applications were replaced with powerful SaaS alternatives, and the amount of Internet traffic on the WAN increased substantially. Moreover, new bandwidth-hungry applications such as cloud-based storage began to overload legacy WAN links, and real-time applications such as UCaaS performed poorly across congested WANs with the latency overhead of centralized Internet access.

Consequently, enterprises scrambled to deploy hybrid WANs, adding local Internet access at each location. This had the desired effect of offloading Internet-based traffic from the private WAN, and it avoided the latency overhead of routing through centralized data centers. But these gains weren’t achieved without trade-offs: the network grew more complex and difficult to manage, and the potential attack surface increased significantly, making the hybrid WAN more difficult to secure.

SD-WAN: Harmonizing the Hybrid WAN

With the emergence of SD-WAN, the physical distinction between private WAN and public Internet has blurred: the private WAN has become a virtual “overlay” network running atop one or more public networks (the “underlay”), and SD-WAN software now determines how application traffic is routed. Internet-based applications can be broken out locally to use the underlay natively, while private traffic is encrypted and tunneled between locations in the overlay.

Although SD-WAN adds intelligence and flexibility to the hybrid WAN, it is subject to the same security and latency trade-offs. Using local breakout minimizes latency, but it expands the attack surface to include every location, and some of SD-WAN’s most powerful features such as Forward Error Correction and packet level link steering are only available in the overlay.

Cloud Firewalls to the Rescue

Fortunately, there is an alternative wherein the benefits of centralized security can be achieved while keeping latency in check. Managed secure SD-WAN providers who operate their own backbone networks can offer cloud-based firewalls for regionalized secure Internet access. This avoids the need to open up public network access at all locations, and it allows Internet traffic to enjoy the full benefits of riding the SD-WAN overlay. A well-designed cloud-based firewall design will align with the geographical footprint of the enterprise, ensuring all locations can reach the Internet without excessive delay. From a performance and security perspective, SD-WAN combined with regional cloud-based firewalls offers the best of both worlds!

About GTT

GTT connects people across organizations, around the world, and to every application in the cloud. Our clients benefit from an outstanding service experience built on our core values of simplicity, speed, and agility. GTT owns and operates a global Tier 1 internet network and provides a comprehensive suite of cloud networking services. We also offer a complementary portfolio of managed services, including managed SD-WAN from leading technology vendors.

 

 

Related RESOURCES

Enterprise Managed Network Services ISG Report 2024
Guide

GTT Named Leader in ISG Provider Lens™ Enterprise Managed Network Services 2024 Europe Study

GTT is ranked as a Leader for the provisioning of network as a service (NaaS) and for services across WANs, LANs, managed Direct Internet Access (DIA), Voice over IPs (VoIPs) and virtual private networks (VPNs). This top ranking from ISG is based on its evaluation of 33 service providers within the managed network services industry.
Background-3
Guide

GTT Named Leader in ISG Provider Lens™ Enterprise Managed Network Services 2024 U.S. Study

GTT is ranked as a top Leader position for the provisioning of network as a service (NaaS) and for services across WANs, LANs, managed Direct Internet Access (DIA), Voice over IPs (VoIPs) and virtual private networks (VPNs). This top ranking comes from ISG is based on its evaluation of 33 service providers within the managed network services industry.
Understanding managed SD-WAN adoption cover
Webinar

Understanding Managed SD-WAN Adoption

Elevate your network infrastructure and the rapidly evolving world of SD-WAN and SASE technologies. Watch the webinar today.
Partner with Envision cover
Webinar

Partners Win with GTT Envision

What is GTT ENVISION and how can you leverage this exciting approach to Network as a Service? Watch the webinar to learn all about GTT Envision.
White Paper

Trends and Solutions for a More Secure Perimeter

GTT commissioned Hanover Research, a leading provider of research and analytics for organizations worldwide, to gain insight into how businesses are adopting and using SASE and SSE
Team of Professional IT Developers Have a Meeting, Speaker Shows Growth Data with Graphs, Charts, Software UI. Shown on TV. Concept: Software UI Development, Deep Learning, Graphs, Charts.
Guide

GTT Named Managed SD-WAN Leader in ISG 2024 Network Report Evaluating German Service Providers

ISG Provider Lens™ report evaluates 26 enterprise WAN service providers and ranks GTT in a Leader position for Managed SD-WAN enterprise network connectivity.
Hand touching Secure Access Service Edge icon on smartphone virtual screen background, password, network, framework and support technology in office. SASE secure access service edge concept.
Guide

GTT Named Managed SD-WAN Leader & SASE Rising Star in ISG 2024 Network Report Evaluating U.S. Service Providers

ISG Provider Lens™ report evaluates 26 enterprise WAN service providers and ranks GTT in a top Leader position for Managed SD-WAN enterprise network connectivity. GTT is also ranked as a Rising Star Product Challenger for its Secure Access Service Edge (SASE) Capability, GTT Secure Connect.
Fortinet white paper
White Paper

SASE is a Journey – Not a Silver Bullet

In this white paper, learn how leaders are adapting to evolving business continuity demands. To stay ahead of threats, teams must view securing their Network and Security ecosystems as a continuous journey. Secure Access service edge (SASE) framework is the path to stronger cyber security.
IT engineers checking servers in server room
White Paper

Why Technology Partners Matter In Uncertain Times

Technology advancements support 5 key areas of manufacturing. Leveraging managed services providers to support and secure the network infrastructure that enables these advancements helps achieve these positive business outcomes.
Robot welding in car factory
White Paper

Get The Lowdown On The Smart Factory & The Next Wave of Innovation

Manufacturers understand that they must stay up to date with the latest developments in technology to be competitive. At the same time, technology is moving fast. Find out more about Industry 4.0 and the Smart Factory.

OUR GARTNER RATING

Gartner Peer Insights logo
4.2


62 Reviews

88%
as of the last 12 months

Talk to an Expert

Interested in learning more about GTT products & services? Please complete this short form to schedule a call with one of our sales consultants.

Thank you for your information. One of our sales consultants will be in touch with you.

Scroll to Top