* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [News \& Events](https://www2.paloaltonetworks.com/blog/sase/category/news-events/)
* Zero Trust and SASE: Bett...

# Zero Trust and SASE: Better Together for Financial Institutions

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F05%2Fzero-trust-and-sase-for-financial-institutions%2F)  
[](https://twitter.com/share?text=Zero+Trust+and+SASE%3A+Better+Together+for+Financial+Institutions&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F05%2Fzero-trust-and-sase-for-financial-institutions%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F05%2Fzero-trust-and-sase-for-financial-institutions%2F&title=Zero+Trust+and+SASE%3A+Better+Together+for+Financial+Institutions&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2022/05/zero-trust-and-sase-for-financial-institutions/&ts=markdown)  
\[\](mailto:?subject=Zero Trust and SASE: Better Together for Financial Institutions)  
Link copied  
By [Lawrence Chin](https://www.paloaltonetworks.com/blog/author/lawrence-chin/?ts=markdown "Posts by Lawrence Chin")  
May 17, 2022  
5 minutes  
[News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown)  
[News of the Week](https://www.paloaltonetworks.com/blog/category/news-of-the-week/?ts=markdown)  
[Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown)  
[Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Financial Services](https://www.paloaltonetworks.com/blog/tag/financial-services/?ts=markdown)  
[Forrester](https://www.paloaltonetworks.com/blog/tag/forrester/?ts=markdown)  
[managed SASE](https://www.paloaltonetworks.com/blog/tag/managed-sase/?ts=markdown)  
[Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown)  
[ZTNA](https://www.paloaltonetworks.com/blog/tag/ztna/?ts=markdown)  
[ZTNA Partners](https://www.paloaltonetworks.com/blog/tag/ztna-partners/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/2022/07/zero-trust-and-sase-for-financial-institutions/?lang=ja "Switch to Japanese(日本語)")

***This blog is part of "*** [***ZTNA Partners***](https://www.paloaltonetworks.com/blog/tag/ztna-partners/)***," a series where we take a closer look at how our partnerships protect today's hybrid workforces and environments with ZTNA 2.0.***

A [Zero Trust](https://www.paloaltonetworks.com/zero-trust)cybersecurity model, enabled by a modern [Secure Access Services Edge (SASE)](https://www.paloaltonetworks.com/cyberpedia/what-is-sase) architecture, gives financial institutions powerful tools to support new ways of working without compromising their ability to compete and innovate. In this post, we'll explore why legacy security models and toolsets are falling behind, and in many cases, creating more challenges for financial institutions. We'll also explain how a SASE solution, like Palo Alto Networks [Prisma SASE](https://www.paloaltonetworks.com/sase), helps financial institutions achieve their business goals by delivering a tightly integrated and comprehensive secure access service edge solution that converges security, [Zero Trust Network Access (ZTNA)](https://www.paloaltonetworks.com/sase/ztna), networking and digital experience management.

## The Challenges of Legacy Security Solutions

Cyberattacks are a fact of life for banks and other financial institutions. In 2021, the average cost of a data breach in the financial sector was $5.72 million -- second only to healthcare as the highest average cost per industry, according to [IBM's Cost of a Data Breach Report.](https://www.ibm.com/security/data-breach) Sadly, things are likely to get much worse before they get any better:

* Driven by high profitability, vulnerabilities in cloud infrastructure and exploitation of remote work, the frequency of ransomware doubled in 2021, [according to SearchSecurity](https://www.techtarget.com/searchsecurity/feature/Ransomware-trends-statistics-and-facts).
* The Russia-Ukraine conflict continues to put western financial institutions in the crosshairs of highly sophisticated, state-sponsored cyber attackers.
* Auditors and financial regulators are stepping up their own cybersecurity enforcement and oversight efforts with a focus on data privacy, operational resilience and third-party risk.

Financial institutions have embraced the public cloud to drive digital transformation -- enabling innovative new products and services, delivering superior customer experiences, and staying one step ahead of the competition. Hybrid cloud architectures have become the norm for many, with workloads and data moving routinely between cloud-based and on-premise systems. At the same time, another form of hybrid environment has emerged, where employees and third-party partners require secure access to their applications and business data, regardless of whether users are remote, mobile or working from a branch office.

Financial sector CISOs and other cybersecurity leaders are tasked with securing these hybrid environments without sacrificing agility, innovation or end-user productivity. In many cases, they're trying to adapt legacy security systems and architectures to meet these evolving requirements, and they're running into some major challenges:

**Scalability Struggles --** Today's hybrid work and cloud environments demand security solutions that can scale rapidly to keep up with shifting workloads, distributed workforces and rapidly scaling data management requirements. Traditional architectures, built with a hodgepodge of network and security stacks, simply aren't designed to deliver this kind of scalability.

**Security Gaps --** Malicious actors are keenly aware of the hybrid and mobile workforce and are targeting home-office and remote-work environments. Users accessing resources from remote locations are often granted different access to protected data compared to users at corporate offices, resulting in security gaps that attackers can leverage to infiltrate the financial institution.

\*\*Productivity Woes --\*\*Legacy security policy enforcement typically requires an institution to backhaul its network traffic to a data center regardless of where an endpoint is located or where the traffic is ultimately destined. That means more latency, especially for public, cloud-based applications and data, as well as more employee frustration and often more attempts to circumvent security controls that crack open the door to breaches.

## Zero Trust and SASE: Better Together

The Zero Trust model continues to prove its value in securing critical applications and data in hybrid cloud environments, particularly for financial organizations where a hybrid workforce is [gaining acceptance](https://www.forbes.com/sites/forbestechcouncil/2021/12/02/wall-street-and-the-future-of-remote-work/?sh=32d400625965). A SASE solution complements and supports an effective Zero Trust security posture in four key areas:

**Ensuring Uptime:** Seamlessly leverage MPLS, internet and 4G/5G network connectivity to maximize system availability and uptime for customers and employees at retail bank branches and remote sites. Branches remain a key component of the omni-channel engagement model, where customers go for complex transactions, problem resolution and financial consultation.

**Controlling Costs:** Replace expensive, legacy WAN technologies with broadband internet services, which are available at significantly lower price points even at higher bandwidth levels. Security tool consolidation and efficiency gains for IT security staff were also major contributors to cost reduction when adopting Prisma SASE, according to [Forrester](https://tools.totaleconomicimpact.com/go/paloalto/sase/index.html).

\*\*Closing Security Gaps:\*\*Maintain consistent security controls and policies for employees, contractors and vendors, no matter where or when they access applications and data. Given the expanded remote workforce and third-party partnerships for financial institutions, financial regulators expect to see appropriate controls in place to manage these risks.

**Delivering Better End-User Experiences:** Ensure secure and direct internet access to cloud-based resources. This is a critical capability for reducing latency and giving customers and employees a consistent, reliable and hassle-free end-user experience. Ultimately, this contributes to better client engagements, which consumers now expect from their financial institutions too.

## SASE: Security that Pays

Adopting a secure access service edge (SASE) that converges security, Zero Trust Network Access (ZTNA) and networking enables a high-performing hybrid workforce. One of the most remarkable aspects of this approach to cybersecurity is that it also benefits a financial institution's bottom line. According to Forrester's SASE ROI Calculator, an institution that adopts Prisma SASE may see a return on investment of up to 241%. By ensuring more productive and consistent end-user experiences, Prisma SASE gives financial institutions an important tool for maximizing employee productivity and customer loyalty while also supporting a modern Zero Trust security posture.

[Sign up for our upcoming webinar](https://www.databreachtoday.com/webinars.php?webinarID=3959&preview=inactive_webinar)to hear experts from Palo Alto Networks and IBM explain how financial institutions can securely compete, innovate and deliver great end-user experiences. Join the discussion to learn how Zero Trust and Prisma SASE work in tandem to protect financial institutions from today's increasingly-costly cybersecurity threats.

*** ** * ** ***

## Related Blogs

### [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Seamless Service Provider Network Attach with Prisma SASE](https://www2.paloaltonetworks.com/blog/sase/seamless-service-provider-network-attach-with-prisma-sase/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks and Verizon Champion a New Cybersecurity Approach](https://www2.paloaltonetworks.com/blog/2022/11/a-new-cybersecurity-approach/)

### [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Are SASE and Zero Trust the Key for Manufacturers Grappling with IoT?](https://www2.paloaltonetworks.com/blog/2022/08/are-sase-and-zero-trust-the-key-for-manufacturers-grappling-with-iot-cyber-risks/)

### [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma SD-WAN Supports AWS Cloud WAN Service Insertion](https://www2.paloaltonetworks.com/blog/sase/prisma-sd-wan-supports-aws-cloud-wan-service-insertion/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### NTT Partners with Palo Alto Networks to Deliver Managed Prisma SASE](https://www2.paloaltonetworks.com/blog/2023/02/ntt-partners-to-deliver-managed-prisma-sase/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Orange Cyberdefense and Palo Alto Networks Lead with Zero Trust](https://www2.paloaltonetworks.com/blog/2022/10/orange-cyber-defense-with-zero-trust/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language