* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Security Platform](https://www2.paloaltonetworks.com/blog/category/security-platform/)
* What's the Difference Bet...

# What's the Difference Between Security and Remote Access, Anyway?

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F10%2Fwhats-the-difference-between-security-and-remote-access-anyway%2F)  
[](https://twitter.com/share?text=What%E2%80%99s+the+Difference+Between+Security+and+Remote+Access%2C+Anyway%3F&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F10%2Fwhats-the-difference-between-security-and-remote-access-anyway%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F10%2Fwhats-the-difference-between-security-and-remote-access-anyway%2F&title=What%E2%80%99s+the+Difference+Between+Security+and+Remote+Access%2C+Anyway%3F&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2016/10/whats-the-difference-between-security-and-remote-access-anyway/&ts=markdown)  
\[\](mailto:?subject=What’s the Difference Between Security and Remote Access, Anyway?)  
Link copied  
By [Brian Tokuyoshi](https://www.paloaltonetworks.com/blog/author/brian/?ts=markdown "Posts by Brian Tokuyoshi")  
Oct 05, 2016  
5 minutes  
[Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)  
[globalprotect](https://www.paloaltonetworks.com/blog/tag/globalprotect/?ts=markdown)  
[VPN](https://www.paloaltonetworks.com/blog/tag/vpn/?ts=markdown)

When I talk with customers about our [GlobalProtect](https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/globalprotect) network security client for endpoints, there is often a moment in the discussion when we spend time discussing what VPN really means. Of course, everyone understands the literal meaning of VPN in terms of a textbook definition: virtual private network. The differences start to emerge due to the fact that many people think about what VPN technology does based on the functionality found in traditional VPN products designed to provide remote access. Those traditional VPN use cases were geared for an entirely different era, when applications were primarily hosted in the internal data center and users needed temporary remote access to those applications. The user would disconnect from the VPN when remote access was not needed, thus placing the user at significantly greater risk of attack. Organizations tolerated the increase in risk in order to get more performance due to the limitations in the VPN architecture.

These conditions are no longer realistic, now that applications are shifting to the cloud and attacks targeting end users are becoming far more common. When mobile users are disconnected and accessing the Internet and SaaS applications, the organization loses visibility in network traffic, while makes the attacker's work easier. Delivering an exploit to a vulnerable application, delivering malware from a filesharing application, tricking the user to visit a hostile domain, or conducting a phishing attack are just a few examples of things that are significantly easier for an attacker to do when there is no network security to protect the mobile workforce. Addressing the current state of affairs requires thinking about the difference between an architecture based on remote access and one focused on security. In a remote-access scenario, the goal is to bring the traffic back to an internally hosted application in the data center, no matter where the user is. Thus, the architecture stresses connectivity with security and performance being secondary criteria. The user is off the corporate network and needs remote access to the resources hosted in what may be some distant location, behind a corporate firewall. However, the traffic that's not bound for the corporate data center (such as access to SaaS applications and the internet) would have to travel a considerable distance in the wrong direction if it passed through the tunnel. Many organizations forsake security in favor of performance by using a split tunnel that routes SaaS and internet traffic through the standard network interface. Thus, a dangerous set of conditions emerges in which the user has uninspected access to SaaS applications and exposure to internet threats.

[](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/Difference_1.png)  
[![difference\_1](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/Difference_1-500x235.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/Difference_1.png)

*Figure 1 Traditional Remote Access With a Split Tunnel*

In contrast, the architecture for GlobalProtect differs from the traditional VPN because it is designed to extend the protection of the platform to users at all times. It uses VPN (as a technology for building a virtual private network), but our approach, compared with traditional remote access architectures, is markedly different.

Think about separating the concept of remote access and security. With remote access, the traffic is secure only if it passes through the tunnel, but distance to the internal data center creates performance issues, thus creating pressure to use the split tunnel.

On the other hand, an architecture based on security must bring traffic to a point of inspection, namely a next-generation firewall. But the firewall does not necessarily need to be the one located at some distant data center, as is the case with remote access.

GlobalProtect supports this model by automatically connecting to the best available Palo Alto Networks next-generation firewalls that provide the best performance for the user. These firewalls are typically much closer to the user geographically, in the region where the user is located, thereby providing an internet gateway that delivers the protection of the platform for all traffic, whether to the internal data center, SaaS or the internet. These gateways are set up on next-generation firewalls and can be deployed in hardware or in the public or private cloud.

[](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/Difference_2.png)  
[![difference\_2](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/Difference_2-500x233.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/Difference_2.png)

In addition, GlobalProtect supports the capability to auto-scale firewalls in AWS as seen in the lightboard video below.

This unique architecture automatically self-adjusts the number of firewalls that are available in a given region based on workload criteria.

With security in place and without performance degradation, GlobalProtect ensures that the organization maintains visibility and protection in network traffic for all users. It is also important to note that GlobalProtect still covers the remote-access use case as well, because the regional internet gateway can maintain a site-to-site tunnel back to the Internal data center. Organizations that deploy GlobalProtect can move beyond the limitations of the traditional VPN gateway and start securing themselves in a far more comprehensive manner.

If you're thinking about how GlobalProtect fits with your organization, take a look at the following resources:

* [GlobalProtect Reference Architecture](https://www.paloaltonetworks.com/documentation/71/globalprotect/globalprotect-admin-guide/globalprotect-reference-architecture)
* [GlobalProtect Deployment Guide](https://www.paloaltonetworks.com/resources/whitepapers/globalprotect-deployment-guide)

*** ** * ** ***

## Related Blogs

### [Customer Spotlight](https://www.paloaltonetworks.com/blog/category/customer-spotlight/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### Customer Spotlight: Domain Group Keeps the Presses Rolling With Palo Alto Networks](https://www2.paloaltonetworks.com/blog/2017/09/customer-spotlight-domain-group-keeps-presses-rolling-palo-alto-networks/)

### [Customer Spotlight](https://www.paloaltonetworks.com/blog/category/customer-spotlight/?ts=markdown), [Real Estate](https://www.paloaltonetworks.com/blog/category/real-estate/?ts=markdown), [Retail](https://www.paloaltonetworks.com/blog/category/retail/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### Customer Spotlight: Delta Holding Prevents Ransomware by Upgrading Security Posture](https://www2.paloaltonetworks.com/blog/2016/10/customer-spotlight-delta-holding-prevents-ransomware-upgrading-security-posture/)

### [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### Security Operations Under Fire Inside Black Hat's NOC](https://www2.paloaltonetworks.com/blog/2025/09/security-operations-inside-black-hats-noc/)

### [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/platform/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### Simplifying Network Investigation with the New Prisma Cloud Intelligent Network Visualization](https://www2.paloaltonetworks.com/blog/cloud-security/new-network-analysis-graph/)

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### One Vendor or Many Vendors to Secure Your Hybrid Workforce?](https://www2.paloaltonetworks.com/blog/sase/one-vendor-or-many-vendors-to-secure-your-hybrid-workforce/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Prevent Critical Exposures for Employees on Unsecure Remote Networks Using ASM for Remote Workers Coverage](https://www2.paloaltonetworks.com/blog/security-operations/attack-surface-management-for-remote-workers/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language