Omdia | Zero Trust: Its Evolution and Use in Secure Remote Access 2
Contents
Summary .............................................................................................................. 3
Zero trust’s time has arrived ............................................................................. 3
The threat economy has mushroomed.................................................................... 3
Preventive security buckled under the pressure ................................................... 5
Three new approaches: Next-generation antivirus, XDR, and zero trust ........... 5
The evolution of the zero-trust concept .......................................................... 6
Manifestations of zero trust in modern security .................................................... 7
The two architectures for ZTA ................................................................................... 9
Tencent’s offering: ZTAC ............................................................................................. 10
WAN acceleration and link optimization ................................................................. 12
Appendix ............................................................................................................... 13
Author ...........................................................................................................................13
Omdia | Zero Trust: Its Evolution and Use in Secure Remote Access 3
SummaryThis white paper begins by introducing the concept of zero trust, giving it historical context and explaining why it has gained extra currency in recent years. It discusses some of the most visible applications of zero trust in current cybersecurity practice then homes in on its application in remote access, that is, zero-trust access (ZTA). The paper ends with a description of how Tencent has implemented ZTA in its T-Sec-Zero-Trust-Access-Control (ZTAC) platform.
Zero trust’s time has arrivedThough it dates back more than a decade, zero trust is an approach to information security that has been gaining a head of steam over the last three years, as measured by the growth in the number of technology vendors espousing the philosophy in their marketing and claiming to incorporate it in their products. This can also be seen from the explosion in the number of webinars, conference sessions, and white papers that are now dedicated to the topic, indicating that interest in zero trust has never been greater.
More recently, of course, there is the impact of the coronavirus pandemic, which has driven millions of knowledge workers around the world to work from home for prolonged periods. This situation has thrown a spotlight on secure remote access and stoked interest in more secure alternatives to the traditional approach of virtual private networks (VPNs). The application of zero-trust principles to this problem is zero-trust access technology.
Let us begin by considering the market reality driving the growth in interest in zero trust, then proceed to the core tenets of this way of designing, implementing, and operating security.
The threat economy has mushroomed Cybersecurity is the only inherently adversarial area within IT. While server, processor, network, and application providers all compete among themselves for business and market share, security vendors are alone in having to compete not only with each other but also, and primarily, with the threat actors that seek to circumvent their products. This competition between cyberattackers and defenders is often justly likened to an arms race, and there are clear signs that over the last two decades the defenders have been losing.
First, the infrastructure they are protecting has become more complex. Thanks to trends such as digital transformation, the migration of application infrastructures to the cloud, and the proliferation of smart devices that are now capable of connecting remotely to corporate resources, the network perimeter has all but dissolved.
In this new scenario, customers face greater risks of sensitive data loss, and traditional cybersecurity architectures, created when infrastructure could be thought of as a “castle and moat” arrangement, are simply not up to the challenge.
The sheer number and variety of threat actors has increased manifold, and where once they were largely individual technology geeks seeking personal kudos among their peers, the situation has changed radically. We are now faced with well-funded criminal gangs across the world, politically motivated “hacktivist” communities such as Anonymous, and the even more well-resourced groups backed by nation states.
Omdia | Zero Trust: Its Evolution and Use in Secure Remote Access 4
Equally, the threat infrastructure that such groups can leverage has mushroomed since the turn of the millennium:• Exploit kits, giving the basic code for an attack, are available for relatively insignificant sums
of money on the dark web.• There is also a ready market online, again on the dark web, for all kinds of data that is
useful for threat actors, from compromised IP addresses to stolen credit card details and other credentials.
• Crimeware-as-a-service infrastructure, such as botnets and proxies that guarantee anonymity, has sprung up as part of the growth of the cloud.
In parallel with the “threat economy” that has mushroomed in the 21st century, there are also legitimate privacy initiatives that further facilitate the activities of threat actors. For instance,• The Tor Project (based on The Onion Router browser) promotes free and open source
software that enables anonymous browsing and communication by directing internet traffic through a worldwide volunteer overlay network consisting of several thousand relays in order to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis.
• Instant messaging apps such as WhatsApp have adopted encryption as standard, with some alternatives to WhatsApp such as Telegram offering “end-to-end” encryption for messages, video calls, VoIP, and file sharing.
While not inherently designed for illicit activities, such technology clearly makes it easier for them to flourish alongside legitimate use by people seeking privacy and freedom of speech.
Another significant development for the evolution of cybercrime has been the emergence of cryptocurrencies. These are the electronic form of a digital asset or money that operates as a medium of exchange, and crucially, they operate outside the control of any central authority.
Their decentralized, independent nature makes them a natural focus of interest for cybercriminals. And while the avowed aim of the blockchain technology that underpins them is to be an immutable ledger to guarantee identification, enabling all transactions to be tracked down, there is even a way around such traceability. The existence of so-called “tumbler” services, which mix potentially identifiable cryptocurrency funds with others so as to obscure the trail back to the funds' original source, means anonymity can be maintained while operating on an exchange. As a result, there are estimates that as much as 97% of illicit activity carried out on the dark web is transacted in Bitcoin (the best-known cryptocurrency).
Cryptocurrencies offer various advantages to cybercriminals:• Bitcoin is already the favorite form of exchange in ransomware attacks: that is, the ransom
demand is for payment in Bitcoin. • Cryptocurrency trading platforms are a soft target for criminals to hack into with a view to
stealing funds.• Given the lack of central oversight of the exchanges, cryptocurrencies are also a convenient
mechanism for laundering money from other illicit activities such as the drug trade. • Cryptomining is a major driver for IT system compromise, enabling criminals to use other
people’s servers (and their electricity) to perform their power-consuming, money-making activities.
Omdia | Zero Trust: Its Evolution and Use in Secure Remote Access 5
Preventive security buckled under the pressureAll these developments resulted in decreasing efficacy of the first major approach to cybersecurity, which we can call the preventive approach, even though it relied on a “patient zero” getting infected to begin with.
This was traditional antivirus (AV) software, which worked as follows: a customer of one of the AV vendors would report an infection, at which point the vendor would analyze the malware that caused the problem and develop a so-called “signature” for that virus, then immediately distribute the signature to all its other customers so that they could be protected from infection. Many AV vendors also contribute their detections to subscription-based community efforts such as VirusTotal, so that other vendors can also protect their customers. However, virus signatures remain the intellectual property of the individual vendors.
This model worked well for a handful of vendors, a couple of which (Symantec and McAfee) grew into billion-dollar businesses serving both consumers and business customers. However, by 2010, it was clear that the size and speed of the threat landscape was gaining the upper hand, with the percentage of viruses caught by AV software dwindling year on year. By 2014, AV market leader Symantec was admitting to the Wall Street Journal that AV was “dead,” or at least “doomed to failure,” and that it was already catching less than 50% of viruses.
Three new approaches: Next-generation antivirus, XDR, and zero trustWith traditional preventive security under increasing pressure, therefore, the industry responded broadly in one of three ways:• Next-generation antivirus (NGAV) vendors sought to apply machine learning and threat
intelligence to bolster preventive capabilities.• The XDR spectrum. Other companies abandoned the preventive approach altogether,
adopting instead a reactive one of detecting when a threat was in their customers’ infrastructure and responding. A spectrum of technologies sprang up, first for endpoint detection and response (EDR), then for the network (NDR), and now Omdia sees detection and response technology for the cloud (CDR). Collectively, these offerings are referred to as XDR.
• Zero trust is a third approach and is essentially a prescriptive one, reducing an organization’s attack surface by removing it from the internet in its entirety then making available only specific assets to individual users (typically employees or partners) and systems, and monitoring and logging their behavior while they have that access.
All three of these approaches have prospered, but at different times. NGAV enjoyed some success around the middle of the last decade, but most of its proponents were acquired by larger security vendors to merge the technology into broader product portfolios. XDR, on the other hand, has gone from strength to strength and now underpins not only multiple vendors’ product portfolios but also the managed services offering known as MDR. Zero trust, in contrast, has really come into its own only over the last three years, despite the concept having been around for a decade.
Omdia | Zero Trust: Its Evolution and Use in Secure Remote Access 6
The evolution of the zero-trust conceptZero trust can be traced back to work carried out in the 2000s within a number of organizations, including the Jericho Forum and the US government’s National Security Agency (NSA), and in individual companies such as Google. These initiatives were all motivated by the growing awareness that preventive security platforms sitting at organizational perimeters were failing and that a better approach was needed. Google, for instance, incorporated a number of zero-trust principles into a remote access platform developed for its own workforce, called BeyondCorp.
Various terms were used at the time to describe the new approach, including “Black Cloud,” “de-perimeterization,” and “segment of one,” but it was the work of John Kindervag, then a Forrester analyst and now a field CTO at Palo Alto Networks, that really established the term zero trust from 2010 onward.
A tagline that is often used for the zero-trust mindset is “never trust, always verify,” which distinguishes it nicely from the approach to security that went before it, namely “trust, but verify.” Its core tenets are described in Figure 1.
No public attack surfacesAn organization’s assets (servers, network,
and applications, whether on-premises or in the cloud) are completely hidden from the
outside world.
Least privilegeAccess rights are granted only to the
application(s) a user requires to perform a specific task, and for a single session.
Further sessions require a new authentication and authorization process.
Continuous authentication of every connection, based on user and device identity, rather than “authenticate at the beginning, then simply trust.”
Full logging of actions and events that take place on the corporate infrastructure, with a view to gaining visibility into threats and providing data for subsequent forensic analysis.
Figure 1: The key tenets of zero trust
Source: Omdia © 2021 Omdia
Omdia | Zero Trust: Its Evolution and Use in Secure Remote Access 7
Manifestations of zero trust in modern securityA decade later, we can identify a number of areas where a zero-trust approach has been incorporated into cybersecurity technology.
Privileged access management adopts least privilege
Privileged access management (PAM) is a branch of identity and access management (IAM) that has come to the fore over the last decade as it became clear that attackers were targeting users with the broadest access rights within an organization (sysadmins, C-level executives, etc.), making more stringent controls on their credentials a requirement.
Password vaults were the first attempt at guaranteeing the security of such users’ credentials. However, their efficacy has waned as application infrastructures have cloudified and grown more dynamic. As a result, it is now common to speak of the need for PAM systems to enable “least privilege.” This is where privileged users such as systems administrators, who previously enjoyed enterprisewide access to systems once they were logged in, are authorized only for the application on which they are working at any one time. When they switch to another application, they must log in all over again.
There is almost always a trade-off between ease of use / user experience and security, and clearly the doctrine of least privilege errs on the side of security in the first instance. There are now PAM systems that seek to mitigate the mind-numbingly boring process of a sysadmin having to log in again for every new application they work on, though inevitably, in doing so, they sacrifice some degree of the least-privilege ethos. They let companies create small subsets of applications that are regularly accessed together in a session with single sign-on (SSO). What is not possible with least privilege, however, is blanket access to an entire organizational infrastructure.
IAM recertification
PAM policy management
App access privilege
management
Target applicationsTarget infrastructure resources
Privileged session
management
Privileged users/admins
Password vault
Session reviewers
Security incident and event management (SIEM)
Workflow approvers
Account discovery
IAM provisioning
Directory (LDAP/AD)
Ticketing system
i
Figure 2: Privileged access management
Source: Omdia © 2021 Omdia
Omdia | Zero Trust: Its Evolution and Use in Secure Remote Access 8
Cloud permissions management applies zero trust to data stores
An emerging class of technology that applies zero-trust principles is cloud permissions management (CPM). CPM aims to address the problem of “permission sprawl,” whereby users such as developers, administrators, service accounts, and application permissions accumulate excessive access rights to companies’ applications and workloads in the cloud, often by indirect means, for example, simply by belonging to a particular workgroup.
It does this by surveying the access entitlements across a company’s cloud data stores, recommending where they should be curtailed, and taking remedial action through escalations or in an automated fashion, if the customer so desires.
Zero-trust access: The application of zero trust to remote access
A broader application of zero trust, that is, one that goes beyond privileged users, is on the rise, namely zero-trust access technology, which addresses the remote-access requirements of all corporate users (employees, contractors, and partners). It grants remote users access to only the specific applications or resources they need to perform their job. The rest of the corporate network is invisible or “blacked out.”
Clearly the whole question of secure remote access has gained a sudden urgency with the advent of the pandemic and the transition to working from home. VPNs are the main way organizations have delivered remote access to their corporate end users (another approach is server-based computing, often paired with thin-client technology, but the functionality there tends to be more reduced), so ZTA is clearly a competing approach. Indeed, some ZTA vendors openly position it as a more secure alternative.
The advantage that ZTA offers over VPNs is the greater security it provides. VPNs grant access to an entire corporate infrastructure, enabling threat actors, once allowed in, to plant code that can perform surveillance (via so-called east–west traffic) and seek out valuable assets for subsequent
exfiltration to a command-and-control server. ZTA grants access to the specific assets users require to do their job and monitors the session once they are allowed in.
Micro-segmentation
Zero trust is now regularly applied in the protection of workloads, both in data centers and, more particularly, in cloud environments. In this context, it can be seen at work in the micro-segmentation technology offered by a range of companies, in what is part of the cloud workload protection platform (CWPP) market.
In terms of the cloud, the micro-segmentation approach creates secure zones with infrastructure- and platform-as-a-service (IaaS and PaaS) environments that allow companies to isolate workloads from one another and secure them individually.
The issue here is less about human access than about system-to-system, workload-to-workload traffic, because a successful breach will often entail east–west traffic (i.e., communications between the instances in a cloud environment) as attackers seek to harvest additional data or to infect further workloads. Therefore, the ability to isolate each workload and inspect all traffic to and from it enables companies to impose and enforce workload-specific security policies.
Such functionality usually entails installing a small software agent on the hosts on which the workloads are running. The agent communicates back to a central brain, which may reside on a customer’s premises or in the cloud, to receive instructions on what to block, what to allow, and so on. The agent often performs these enforcement functions by integrating with the native firewalling capabilities of the host operating systems, namely the Windows Filtering Platform and, in the case of Linux, the iptables feature.
Of course, there are scenarios in which an agent cannot be deployed, such as high-frequency trading, where any additional functionality is barred because it would add latency. For those eventualities, the micro-segmentation vendors enable their products to integrate with load balancers and firewalls via application programming interfaces (APIs) to harness those devices for enforcement.
End user ZTA App #1, App #2, App #3 etc...
Figure 3: Zero-trust access is an alternative to VPNs for secure remote access
Source: Omdia © 2021 Omdia
Omdia | Zero Trust: Its Evolution and Use in Secure Remote Access 9
The two architectures for ZTAFocusing now particularly on ZTA, it should be noted that there are two distinct architectures proposed by ZTA vendors.
Software-defined perimeter
The first is software-defined perimeter (SDP), the technical specification for which was written by the Cloud Security Alliance (CSA). SDP systems rely on the following functional software components:• SDP client software sitting on the end user’s device• An SDP controller, in the cloud or on the customer’s premises to set and enforce access
policies; controllers sit in the control path between the end users and the applications they wish to access but not in the data path
• SDP gateways, typically deployed one per network segment (or two for high availability) and serving as a firewall between users and the back-end applications they wish to access; gateways sit in the data path between end user device and application but not in the control path
• SDP systems that monitor all access activity and use a log server for reporting use
The gateways can be on-premises or in a public or private cloud, depending on where the application to which they will grant access resides.
The SDP controller receives a request for access from an end user, verifies their identity against a source such as Active Directory or LDAP, and checks the security posture of the endpoint device from which they are logging in. If the request is accepted, the controller notifies the gateway sitting in the data plane that it should set up encrypted tunnels to both the end user’s device and the application. It then goes into pass-through mode, so that there should be no latency added to the communication.
All other assets, whether on a company’s premises or in its cloud environment, remain blacked out (hence the Black Cloud name used in the early stages of developing the concept) and are therefore unattainable, which negates attempts at privilege escalation or lateral movement around the corporate infrastructure.
SDP client App #1
App #2
SDP controller
SDP gateway
SDP gateway
Control planeData plane
Figure 4: The SDP architecture for zero-trust access
Source: Omdia © 2021 Omdia
Omdia | Zero Trust: Its Evolution and Use in Secure Remote Access 10
Identity-aware proxy
The second type of architecture is called identity-aware proxy (IAP). With IAP, the proxy sits in both the control and the data planes, where it brokers the access requests then sets up the encrypted tunnels between end user and application.
By inserting an extra “bump in the wire” into the data plane, this approach has the potential to add latency. For this reason, most of the vendors and providers offering IAP operate their own network, which enables them to mitigate latency and other performance considerations with techniques such as optimal path selection. By contrast, SDP is usually offered as software for a company to deploy and operate: there is no obligation for it to be a service.
Tencent’s offering: ZTACTencent has incorporated the principles of zero trust in what it refers to as a “zero-trust security management system” with the name Tencent iOA. Tencent calls its design vision for iOA “4A,” referring to the four As in Figure 6 below.
IAP client
App #1
App #2
Identity-awareproxy
Control planeData plane
Figure 5: The IAP architecture for zero-trust access
Source: Omdia © 2021 Omdia
Tencent ZTNA ——(iOA) Vision
• Intranet: On the basis of existing security infrastructure, iOA provides a more convenient access and helps expand workplace.
• Extranet: iOA provides safe and easy access, based on 4T principles, for users whether at home, hotel or airport.
TencentiOA
04 AnyWork
01
AnyWhere
02
AnyApplication• Business servers are hidden.• Business are accessible from both intranet
and extranet with unified control and audit
03 AnyDevice• Any device, after standardization and
security detection, will be granted access to intranet as work device, recording the relation between person and device.
• Support agentless client, access services and resources based on identity.
Wherever the employee is (AnyWhere), using what application (AnyApplication) on
what device (AnyDevice), he can safely access enterprise resources to do any job (AnyWork)
01
• iOA ensures the security of any accessing application by adopting application whitelist: only compliant applications can access intranet.
Figure 6: Tencent’s design principles for its iOA zero-trust architecture
Source: Tencent
Wherever the employee is (AnyWhere), using what application (AnyApplication) on what device (AnyDevice), he can safely access enterprise resources to do any job (AnyWork)
• Intranet: On the basis of existing security
infrastructure, iOA provides a more convenient
access and helps expand workplace.
• Extranet: iOA provides safe and easy access,
based on 4T principles, for users whether at
home, hotel or airport.
• Any device, after standardization and security
detection, will be granted access to intranet as
work device, recording the relation between
person and device.
• Support agentless client, access services and
resources based on identity.
• iOA ensures the security of any accessing application
by adopting application whitelist: only compliant
applications can access intranet.
• Business servers are hidden.
• Business are accessible from both intranet and
extranet with unified control and audit
Omdia | Zero Trust: Its Evolution and Use in Secure Remote Access 11
The four As are• Anywhere. It works regardless of the user’s location
(internal or external to the corporate customer’s infrastructure), even if they are in another country.
• Any Device. Both corporate and noncorporate devices are supported, which means any device will be granted access to intranet as a work device after standardization and security scanning carried out by iOA, which offers both agent-based and agentless mode of operation. Tencent also provides antivirus and vulnerability patching, based on more than 20 years of data accumulation, leveraging multiple AV engines, and enabling known viruses to be eradicated while unknown ones are actively blocked (see Figure 7).
• Any Application. Application whitelisting ensures the security of all the applications accessed, regardless of whether they reside on a company’s premises or in a private or public cloud.
• Any Work. This is how the vendor refers to the fact that all business assets are hidden (or “kept dark”) from users, regardless of whether the users are on the corporate intranet or outside it, and only the apps that are required for a given task are made accessible (or “lit”) for a particular session.
It is the Tencent iOA that underpins the vendor’s zero-trust access offering, known as ZTAC, which is offered in two deployment modes: its core functionality can reside on a customer’s premises (the vendor refers to this as its “standalone” mode), in which case it is managed completely by the customer, or can be delivered as software-as-a-service (SaaS mode) with the vendor managing it.
As mentioned above, Tencent offers both agent-based and agentless versions of ZTAC, with the agent-based version shipping with both EDR and endpoint data leak prevention (DLP) capabilities built in. Architecturally, the platform is available in both SDP and IAP flavors:• The agentless version uses a web proxy deployed on
Tencent’s own network infrastructure, with the traffic running on the vendor’s backbone network and Tencent providing ZTAC in SaaS mode.
• The agent-based version uses an SDP-like architecture, though with a different protocol that was developed by and is proprietary to Tencent. In that scenario, it is the corporate customer that manages the platform and operates it on the network infrastructure of its choice.
File combination feature
Local heuristic engine
File hash
Local heuristic engine
Local heuristic engine
Virus database• Sample library:70+ billion• Whitelist:10+ billion• Blacklist:4+ billion
Update frequency• Up to hourly update• Professional operation team
Figure 7: Tencent’s antivirus capabilities
Source: Omdia © 2021 Omdia
Omdia | Zero Trust: Its Evolution and Use in Secure Remote Access 12
WAN acceleration and link optimizationTencent iOA
It is worth mentioning here the underlying network infrastructure that Tencent offers its WAN customers. Its intelligent Office Access (iOA) WAN service is delivered via some 1,300 points of presence (PoPs) around the world, providing both distributed denial-of-service (DDoS) protection and network acceleration, leveraging techniques such as intelligent routing, protocol optimization, multiplexing, and anti-jitter circuits for the latter.
Link optimization for better VPN performance
While it highlights the benefits of ZTA for remote connectivity, Tencent is aware that many of its customers are already heavily invested in traditional VPN technology. For those customers it offers link optimization technology within the IOA service, which establishes a dedicated secure communication channel on demand for a VPN client, thus obviating the need for traditional tunneling technology. This has a significant positive impact in terms of the available bandwidth and also mitigates delay, jitter, and packet loss.
Ingress Node
Domestic: 1100+ acceleration nodes;
120Tbps reserve
Overseas: 2700+ accel. nodes;
20Tbps reserve
Ingress Node
Domestic: 1100+ acceleration nodes
Overseas:
2700+ accel. nodes
DNS
iOA User's server resources
Tencent iOA
Figure 8: Tencent’s intelligent Office Access (iOA) WAN service
Source: Tencent
https://www.oa.com
iOAiOA Gateway
iOA Gateway
Raw data Raw dataCiphertext
auth auth
www.oa.com
Figure 9: Link security and optimization
Source: Tencent
Omdia | Zero Trust: Its Evolution and Use in Secure Remote Access 13
Appendix
Author
Rik TurnerRik Turner, Principal Analyst, Cybersecurity [email protected]
omdia.com24
COPYRIGHT NOTICE AND DISCLAIMEROmdia is a registered trademark of Informa PLC and/or its affiliates. All other company and product names may be trademarks of their respective owners. Informa PLC registered in England & Wales with number 8860726, registered office and head office 5 Howick Place, London, SW1P 1WG, UK. Copyright © 2021 Omdia. All rights reserved. The Omdia research, data and information referenced herein (the “Omdia Materials”) are the copyrighted property of Informa Tech and its subsidiaries or affiliates (together “Informa Tech”) and represent data, research, opinions or viewpoints published by Informa Tech, and are not representations of fact. The Omdia Materials reflect informationand opinions from the original publication date and not from the date of this document. The information and opinions expressed in the Omdia Materials are subject to changewithout notice and Informa Tech does not have any duty or responsibility to update the Omdia Materials or this publication as a result. Omdia Materials are delivered on an “as-is” and “as-available” basis. No representation or warranty, express or implied, is made as to the fairness, accuracy, completeness or correctness of the information, opinions and conclusions contained in Omdia Materials. To the maximum extent permitted by law, Informa Tech and its affiliates, officers, directors, employees and agents, disclaim any liability (including, without limitation, any liability arising from fault or negligence) as to the accuracy or completeness or use of the Omdia Materials. Informa Tech will not, under any circumstance whatsoever, be liable for any trading, investment, commercial or other decisions based on or made in reliance of the Omdia Materials.
About Omdia
Omdia is a global technology research powerhouse, established following the merger of the research division of Informa Tech (Ovum, Heavy Reading, and Tractica) and the acquired IHS Markit technology research portfolio*.
We combine the expertise of more than 400 analysts across the entire technology spectrum, covering 150 markets. We publish over 3,000 research reports annually, reaching more than 14,000 subscribers, and cover thousands of technology, media, and telecommunications companies.
Our exhaustive intelligence and deep technology expertise enable us to uncover actionable insights that help our customers connect the dots in today’s constantly evolving technology environment and empower them to improve their businesses – today and tomorrow.
* The majority of IHS Markit technology research products and solutions were acquired by Informa in August 2019 and are now part of Omdia.
Contact Omdia
E [email protected] E [email protected] W omdia.com
� OmdiaHQ � Omdia
The Omdia team of 400+ analysts and consultants are located across the globe
AmericasArgentinaBrazilCanadaUnited States
Asia-PacificAustraliaChinaIndiaJapanMalaysiaSingaporeSouth KoreaTaiwan
Europe, Middle East, AfricaDenmarkFranceGermanyItalyKenyaNetherlandsSouth AfricaSpain
SwedenUnited Arab EmiratesUnited Kingdom
COPYRIGHT NOTICE AND DISCLAIMER
The Omdia research, data and information referenced herein (the “Omdia Materials”) are the copyrighted property of Informa Tech and its subsidiaries or affiliates (together “Informa Tech”) or its third party data providers and represent data, research, opinions, or viewpoints published by Informa Tech, and are not representations of fact. The Omdia Materials reflect information and opinions from the original publication date and not from the date of this document. The information and opinions expressed in the Omdia Materials are subject to change without notice and Informa Tech does not have any duty or responsibility to update the Omdia Materials or this publication as a result. Omdia Materials are delivered on an “as-is” and “as-available” basis. No representation or warranty, express or implied, is made as to the fairness, accuracy, completeness, or correctness of the information, opinions, and conclusions contained in Omdia Materials. To the maximum extent permitted by law, Informa Tech and its affiliates, officers, directors, employees, agents, and third party data providers disclaim any liability (including, without limitation, any liability arising from fault or negligence) as to the accuracy or completeness or use of the Omdia Materials. Informa Tech will not, under any circumstance whatsoever, be liable for any trading, investment, commercial, or other decisions based on or made in reliance of the Omdia Materials.
Contact Tencent
W https://intl.cloud.tencent.com/E [email protected] W www.linkedin.com/company/tencent-cloud/