The Total Economic Impact™ Of Palo Alto Networks Prisma SASE

Cost Savings And Business Benefits Enabled By Palo Alto Networks

A Forrester Total Economic ImpactTM Study Commissioned By Palo Alto Networks, December 2023

Highly distributed organizations — those with many sites or a large percentage of remote workers — often look for secure access service edge (SASE) architecture mainly because of its ability to authenticate and authorize users who connect to and through their platform. However, SASE is a transformative technology, centralizing multiple networking and security capabilities into a unified solution with a single interface and data lake. Selecting the right solution provider can be a high-risk, high-reward decision.

Prisma SASE converges network security, SD-WAN, and autonomous digital experience management (ADEM) in the cloud. This provides security for all applications used by an organization, regardless of the location of the user.

Palo Alto Networks commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Prisma SASE.1  The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Prisma SASE on their organizations.

Registration Required To Continue


To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed four representatives with experience using Prisma SASE. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization that is a distributed enterprise with 50,000 employees, of whom 33% are remote or hybrid, and $7 billion in annual revenue.

Prior to using Prisma SASE, organizations typically worked with inconsistent and incomplete security, poor user experience due to how traffic was backhauled to data centers, and poor scalability as organizations increasingly adopted hybrid work and cloud. Additionally, managing access service at their organizations meant having to install different point solutions to secure their environments. The organizations lacked modern security technology as security and IT teams tried to keep up with evolving business needs. Digital transformation initiatives pushed more data, applications, and processes to the cloud while other core business functions remained on-premises. Yet this piecemeal approach left interviewees’ organizations with many different vendors in their security stacks, making it challenging for security operations (SecOps) teams to integrate technologies, benefit from analytics, apply consistent policies, and deliver a consistent experience to end users.


Return on investment (ROI)



Net present value (NPV)

After the investment in Prisma SASE, the interviewees shared that they were able to consolidate much of their time spent on certain management activities as well as their vendor spend, creating operational efficiencies. They were able to boost end-user productivity, specifically their remote workers and employees who were not present at their physical office sites. They also noted that Prisma SASE in collaboration with other Palo Alto Networks solutions installed in their environment significantly reduced the likelihood of a data breach event.

Key Findings

Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:

  • Gained 75% efficiency in SASE management and policy changes as well as in responding to security incidents, and 80% time savings related to scaling and setting up new sites. Whereas previously, the composite organization would deploy multiple teams related to the management of its SASE solution, by using Prisma SASE, it realizes time savings and efficiencies across multiple activities for both its SecOps and network operations (NetOps) teams. Over three years, this efficiency gain is worth $2.2 million to the composite organization.

For , this benefit could be worth over three years.

  • Improved end-user productivity with better system availability and less intrusion to their network, totaling $12.2 million in business value over three years. The composite organization also realizes end-user productivity, especially those who are working remotely or outside their physical office site, gains by having less disruption caused by their security activities, and just overall better system availability of their environment. This is a product of better integration and compatibility of the different Palo Alto Networks solutions, as well as overall performance. Over three years, this improvement to end user productivity is worth close to $12.2 million to the composite organization.

For , this benefit could be worth over three years.

  • Decreased likelihood of a data breach by 50% after three years. By replacing multiple disconnected security solutions with a single integrated solution, Prisma SASE better fills previous security gaps that exist at the composite organization. As a result, it decreases the likelihood of a significant data breach. Over three years, this reduced risk from a data breach is worth close to $3 million to the composite organization.

For , this benefit could be worth over three years.

  • Avoided and rationalized security and networking infrastructure, saving $846,000 over three years. Using Prisma SASE also allows the composite organization to consolidate its security tech stack vendor spending. Over three years, this cost savings from vendor consolidation totals $846,000 to the composite organization.

For , this benefit could be worth over three years.

Efficiency gains in managing SASE and making policy changes


“The productivity that users can achieve, even remotely; not having to worry about integration with other systems; and the level of security we achieve — none of that is possible without Prisma SASE.”

Principal architect, healthcare

Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:

  • Improved visibility in the security environment. Prisma SASE allows the composite organization to better monitor traffic and actually know what is happening on its network.
  • Better employee experience. Employees at the composite organization, either part of the security organization or general end users, also appreciate the ease and comfort of using Prisma SASE, as well as the confidence that they are well protected from potential attacks and threats. In addition to the productivity boost quantified above, this can also potentially impact their attachment to the organization and the brand of the company from the perspective of both internal and external stakeholders.

Costs. Three-year, risk-adjusted PV costs for the composite organization include:

  • Installation and deployment costs totaling $436,000 over three years. Time and labor are required to deploy and install the Palo Alto Networks solution throughout the composite organization. Deployment of Prisma SASE relative to other Palo Alto Networks solutions (i.e., NGFW and CDSS) is assumed to need 20% of the implementing staffs’ time.

For , this cost could be over three years.

  • Training costs and ongoing management time investment totaling $63,000 over three years. Palo Alto Networks requires less training than legacy solutions, and interviewees reported that the provided trainings were more effective and efficient, allowing employees to get up to speed faster and expand their skill sets. Once trained, the team spends some time maintaining and managing the system on an ongoing basis.

For , this cost could be over three years.

  • Palo Alto Networks’ Prisma SASE annual licensing costs totaling $8.3 million over three years. The cost for Prisma SASE includes payment for Prisma Access, Prisma SD-WAN hardware appliance, and the subscription, all of which are impacted by the number of branches where it is installed.

For , this cost could be over three years.

The representative interviews and financial analysis found that a composite organization experiences benefits of $18.34M over three years versus costs of $8.85M, adding up to a net present value (NPV) of $9.49M and an ROI of 107%.

could experience benefits of over three years versus costs of , adding up to an NPV of and an ROI of 0%.

Forrester Perspective: Merging Security And Networking Teams

While networking and security have a long and complicated history, having a segregated approach is not an acceptable way to operate as it often sabotages the gains from digital initiatives.

Now a businesswide networking fabric interweaves business assets, customers, partners, and digital assets to connect all parts of the business ecosystem, which can only occur if security is embedded within the DNA of the network.

Source: “Introducing The Zero Trust Edge Architecture For Security And Network Services,” Forrester Research, Inc., August 2, 2021.

Key Statistics

  • icon icon


  • icon icon

    Benefits PV

  • icon icon


  • icon icon


Benefits (Three-Year)

Security and IT operations efficiency End user productivity gain Data breach risk reduction Security infrastructure cost reduction and avoidance

TEI Framework And Methodology

From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment Prisma SASE.

The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Prisma SASE can have on an organization.

Forrester Consulting conducted an online survey of 351 cybersecurity leaders at global enterprises in the US, the UK, Canada, Germany, and Australia. Survey participants included managers, directors, VPs, and C-level executives who are responsible for cybersecurity decision-making, operations, and reporting. Questions provided to the participants sought to evaluate leaders’ cybersecurity strategies and any breaches that have occurred within their organizations. Respondents opted into the survey via a third-party research panel, which fielded the survey on behalf of Forrester in November 2020.

  1. Due Diligence

    Interviewed Palo Alto Networks stakeholders and Forrester analysts to gather data relative to Prisma SASE.

  2. Interviews

    Interviewed four representatives at organizations using Prisma SASE to obtain data with respect to costs, benefits, and risks.

  3. Composite Organization

    Designed a composite organization based on characteristics of the interviewees’ organizations.

  4. Financial Model Framework

    Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.

  5. Case Study

    Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.

Disclosures and Disclaimers

Readers should be aware of the following:

This study is commissioned by Palo Alto Networks and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.

Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Prisma SASE. For the interactive functionality using Configure Data/Custom Data, the intent is for the questions to solicit inputs specific to a prospect's business. Forrester believes that this analysis is representative of what companies may achieve with Prisma SASE based on the inputs provided and any assumptions made. Forrester does not endorse Palo Alto Networks or its offerings. Although great care has been taken to ensure the accuracy and completeness of this model, Palo Alto Networks and Forrester Research are unable to accept any legal responsibility for any actions taken on the basis of the information contained herein. The interactive tool is provided ‘AS IS,’ and Forrester and Palo Alto Networks make no warranties of any kind.

Palo Alto Networks reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.

Palo Alto Networks provided the customer names for the interviews but did not participate in the interviews.

Consulting Team:

Adi Sarosa

Isabel Carey

Cookie Preferences

Accept Cookies

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions (data inputs, website navigation), so you don’t have to re-enter data when you come back to the site or browse from one page to another.

Behavioral information collected by our web analytics vendor is used to analyze data pertaining to visitor trends, plan website enhancements, and measure overall website effectiveness. We may also use cookies or web beacons to help us offer you products, programs, or services that may be of interest to you and to deliver relevant advertising. We may use third-party advertising companies to help tailor website content to users or to serve ads on our behalf. These companies may also employ cookies and web beacons to measure advertising effectiveness.

Please accept cookies and the collection of behavioral information to receive full functionality and enhance your experience. If you decline cookies, some features of the website may not function normally.

Please see our Privacy Policy for more information.