* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [Secure the Cloud](https://www.paloaltonetworks.com.au/blog/category/secure-the-cloud/)
* Cloud-Connected Branch Se...

# Cloud-Connected Branch Security with SASE

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2019%2F12%2Fcloud-branch-security-sase%2F)  
[](https://twitter.com/share?text=Cloud-Connected+Branch+Security+with+SASE&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2019%2F12%2Fcloud-branch-security-sase%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2019%2F12%2Fcloud-branch-security-sase%2F&title=Cloud-Connected+Branch+Security+with+SASE&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2019/12/cloud-branch-security-sase/&ts=markdown)  
\[\](mailto:?subject=Cloud-Connected Branch Security with SASE)  
Link copied  
By [Brian Tokuyoshi](https://www.paloaltonetworks.com/blog/author/brian/?ts=markdown "Posts by Brian Tokuyoshi")  
Dec 13, 2019  
4 minutes  
[Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)  
[Branch Security](https://www.paloaltonetworks.com/blog/tag/branch-security/?ts=markdown)  
[Prisma Access](https://www.paloaltonetworks.com/blog/tag/prisma-access/?ts=markdown)  
[SASE](https://www.paloaltonetworks.com/blog/tag/sase/?ts=markdown)  
[Secure access service edge (SASE)](https://www.paloaltonetworks.com/blog/tag/secure-access-service-edge/?ts=markdown)

By Brian Tokuyoshi, senior product marketing manager

*Applications moving to the cloud and increased user mobility are changing the way networking and network security services must be delivered. Palo Alto Networks founder and CTO Nir Zuk believes that the future of network security is in the cloud, and has been driving this change for the past few years with Prisma Access, the industry's most comprehensive SASE. In this ongoing series, Palo Alto Networks thought leaders explore the core tenets of an integrated, effective SASE solution, and more broadly, its implementation and implications.*

As cloud usage increases across the globe, at large and small organizations alike, it is important to ensure your cloud strategy encompasses performance, connectivity and -- too often overlooked -- security for your branch offices and retail locations.

[Secure access service edge](https://www.paloaltonetworks.com/cyberpedia/what-is-sase) (SASE, pronounced sassy) is a comprehensive solution that helps organizations embrace cloud and mobility by providing network and network security services from a cloud-based, unified platform.

**Traditional Branch Connectivity and Security: A Thing of the Past**

Traditionally, organizations had three options to choose from to [secure their branch offices](https://www.paloaltonetworks.com/cyberpedia/what-is-branch-office-network-security) and connect them to the internet.

1. Use branch routers at each location to backhaul traffic over an MPLS connection to HQ for inspection and policy enforcement. This strategy is costly and inefficient.
2. Utilize a VPN over a standard internet connection to connect branch offices to HQ, using a hub-and-spoke architecture as an alternative to MPLS.
3. Utilize direct-to-internet at the branch, with a network security stack at each branch location, providing equivalent security as a centralized perimeter firewall would.

These solutions made sense when organizations were using applications solely in internal data centers, and when applications were not so bandwidth intensive. For many years, these options were considered best practices for designing wide area networks, until the cloud started to drive new requirements.

**With the Onset of Cloud Comes Network Evolution**

Enter the cloud. [Software-as-a-service](https://www.paloaltonetworks.com/cyberpedia/what-is-saas) (SaaS) applications and public cloud platforms from providers like AWS, Azure and GCP provide the flexibility to meet the needs of a growing organization while reducing costs. SaaS applications have risen in popularity due to their improvements in productivity and collaboration for dispersed enterprises, while public cloud providers help to eliminate resource constraints and infrastructure costs by moving data centers to the cloud and taking over the management and services.

In light of the move to the cloud, it makes less sense to use traditional branch networking to bring traffic back to headquarters. In addition, bandwidth and performance issues arise as more cloud applications are used at the branch. Applications such as video conferencing/streaming and cloud storage applications take up a large amount of bandwidth. As a result, organizations are looking for ways to integrate a direct-to-internet connection at the branch, without introducing new security risks.

**How to Protect Branch Offices in the Cloud Era**

[Branch offices](https://www.paloaltonetworks.com/sase/branch-sd-wan) not only need access to applications hosted in data centers at headquarters, they also need access to the internet, SaaS apps and public cloud services. For effective branch security, organizations need to develop their network architecture in a way that optimizes access to all resources, regardless of location. A SASE security approach provides branch offices security and visibility into all traffic, while also enabling seamless access to assets in the cloud and on-premises. By transitioning your network and network security services to a SASE solution, organizations can benefit from enhanced user experience with fast and reliable internet connection and accurate localization, while also optimizing a company's ability to grow quickly and easily add offices.

Organizations must also consider the security of the applications being accessed by inspecting apps across not just web protocols, but also ports. With a [SASE cloud-based security strategy](http://start.paloaltonetworks.com/10-tenets-SASE), organizations have full visibility into and inspection of traffic across ports and protocols, so policies can be applied to all the traffic in the cloud. In addition, organizations can eliminate MPLS by utilizing the cloud, which also results in significant cost savings.

Palo Alto Networks is revolutionizing the way companies transform their cloud security infrastructure. [Prisma Access](https://www.paloaltonetworks.com/blog/2019/11/cloud-next-generation-network-security) is the industry's most comprehensive SASE solution. It delivers the networking and security that organizations need in an architecture designed for all traffic, all applications and all users. Rather than creating single-purpose technology overlays that are normally associated with point products, Prisma Access uses a common cloud-based infrastructure to deliver security services, including advanced threat prevention, web filtering, sandboxing, DNS security, credential theft prevention, data loss prevention (DLP) and next-generation firewalling.

Learn more about SASE from two of the industry's leading experts -- Gartner's Neil MacDonald and Palo Alto Networks own Jason Georgi -- in our video, "[Network Security's Future Is in the Cloud](https://www.paloaltonetworks.com/resources/videos/gartner-network-securitys-future-is-in-the-cloud)."

*** ** * ** ***

## Related Blogs

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Working from Home During COVID-19: Secure Access for Remote Workers](https://www.paloaltonetworks.com.au/blog/2020/04/network-secure-access/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Data Security for the Future: DLP and Secure Access Service Edge](https://www.paloaltonetworks.com.au/blog/2020/01/cloud-dlp/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Zero Trust Network Access: Build Your SASE on a Solid Foundation](https://www.paloaltonetworks.com.au/blog/2020/01/cloud-zero-trust-network-access/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Better Together: Security + SD-WAN by Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/2019/11/cloud-sase-secure-sd-wan/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Palo Alto Networks Delivers the Industry's Most Comprehensive Secure Access Service Edge](https://www.paloaltonetworks.com.au/blog/2019/11/cloud-comprehensive-secure-access-service-edge/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### The Next Generation of Network Security Is Cloud-Delivered](https://www.paloaltonetworks.com.au/blog/2019/11/cloud-next-generation-network-security/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language