The Short answer to this question is: No
Sometimes, though, a longer answer is necessary. Our Bria Cloud and SaaS deployments are primarily a client provisioning service that makes it easier to deploy and manage soft phones within a small business, team, or larger company. It does not replace a Firewall, VPN, or Session Border Controller that controls a SIP phone/client's access to a phone system deployed on a companies internal network.
Many of our customers all ready have a session border controller in place, or they have deployed their SIP phone system in a secure way so that it is reachable from the internet and their users can make and receive calls while outside the office --We hope by using their Bria Stretto smartphone, tablet, and desktop clients :).
If you are looking to deploy your phone system in a safe and secure way internal to your office network but also want to allow Bria clients to access it from anywhere and on any device, we suggest that you should first look at a Session Border Controller(SBC). CounterPath does not manufacture or sell SBCs, but we work with many companies that do so that we can make sure Bria works just fine with as many of them as possible.
To start your search please refer to this wiki page for some general information about SBCs. For information on some SBC vendors you can look here and here. Ingate, Audiocodes, Sangoma, Edge Water and others all make 'smaller' eabc products; some of which are even deploy-able on a Virtual Machine.
Lastly, our friends at FreePBX have a how-to explaining how to enable remote PBX extensions without the need for a VPN or SBC. We should note, as they do, that you really need to make sure your PBX is secure -- very strong passwords should be in place -- before you move forward with this kind of implementation.