Zero Trust: Its Evolution and Use in Secure Remote Access

Zero Trust: Its Evolution and Use in Secure Remote Access

Omdia | Zero Trust: Its Evolution and Use in Secure Remote Access 2

Contents

Summary .............................................................................................................. 3

Zero trust’s time has arrived ............................................................................. 3

The threat economy has mushroomed.................................................................... 3

Preventive security buckled under the pressure ................................................... 5

Three new approaches: Next-generation antivirus, XDR, and zero trust ........... 5

The evolution of the zero-trust concept .......................................................... 6

Manifestations of zero trust in modern security .................................................... 7

The two architectures for ZTA ................................................................................... 9

Tencent’s offering: ZTAC ............................................................................................. 10

WAN acceleration and link optimization ................................................................. 12

Appendix ............................................................................................................... 13

Author ...........................................................................................................................13


SummaryThis white paper begins by introducing the concept of zero trust, giving it historical context and explaining why it has gained extra currency in recent years. It discusses some of the most visible applications of zero trust in current cybersecurity practice then homes in on its application in remote access, that is, zero-trust access (ZTA). The paper ends with a description of how Tencent has implemented ZTA in its T-Sec-Zero-Trust-Access-Control (ZTAC) platform.

Zero trust’s time has arrivedThough it dates back more than a decade, zero trust is an approach to information security that has been gaining a head of steam over the last three years, as measured by the growth in the number of technology vendors espousing the philosophy in their marketing and claiming to incorporate it in their products. This can also be seen from the explosion in the number of webinars, conference sessions, and white papers that are now dedicated to the topic, indicating that interest in zero trust has never been greater.

More recently, of course, there is the impact of the coronavirus pandemic, which has driven millions of knowledge workers around the world to work from home for prolonged periods. This situation has thrown a spotlight on secure remote access and stoked interest in more secure alternatives to the traditional approach of virtual private networks (VPNs). The application of zero-trust principles to this problem is zero-trust access technology.

Let us begin by considering the market reality driving the growth in interest in zero trust, then proceed to the core tenets of this way of designing, implementing, and operating security.

The threat economy has mushroomed Cybersecurity is the only inherently adversarial area within IT. While server, processor, network, and application providers all compete among themselves for business and market share, security vendors are alone in having to compete not only with each other but also, and primarily, with the threat actors that seek to circumvent their products. This competition between cyberattackers and defenders is often justly likened to an arms race, and there are clear signs that over the last two decades the defenders have been losing.

First, the infrastructure they are protecting has become more complex. Thanks to trends such as digital transformation, the migration of application infrastructures to the cloud, and the proliferation of smart devices that are now capable of connecting remotely to corporate resources, the network perimeter has all but dissolved.

In this new scenario, customers face greater risks of sensitive data loss, and traditional cybersecurity architectures, created when infrastructure could be thought of as a “castle and moat” arrangement, are simply not up to the challenge.

The sheer number and variety of threat actors has increased manifold, and where once they were largely individual technology geeks seeking personal kudos among their peers, the situation has changed radically. We are now faced with well-funded criminal gangs across the world, politically motivated “hacktivist” communities such as Anonymous, and the even more well-resourced groups backed by nation states.


Equally, the threat infrastructure that such groups can leverage has mushroomed since the turn of the millennium:• Exploit kits, giving the basic code for an attack, are available for relatively insignificant sums

of money on the dark web.• There is also a ready market online, again on the dark web, for all kinds of data that is

useful for threat actors, from compromised IP addresses to stolen credit card details and other credentials.

• Crimeware-as-a-service infrastructure, such as botnets and proxies that guarantee anonymity, has sprung up as part of the growth of the cloud.

In parallel with the “threat economy” that has mushroomed in the 21st century, there are also legitimate privacy initiatives that further facilitate the activities of threat actors. For instance,• The Tor Project (based on The Onion Router browser) promotes free and open source

software that enables anonymous browsing and communication by directing internet traffic through a worldwide volunteer overlay network consisting of several thousand relays in order to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis.

• Instant messaging apps such as WhatsApp have adopted encryption as standard, with some alternatives to WhatsApp such as Telegram offering “end-to-end” encryption for messages, video calls, VoIP, and file sharing.

While not inherently designed for illicit activities, such technology clearly makes it easier for them to flourish alongside legitimate use by people seeking privacy and freedom of speech.

Another significant development for the evolution of cybercrime has been the emergence of cryptocurrencies. These are the electronic form of a digital asset or money that operates as a medium of exchange, and crucially, they operate outside the control of any central authority.

Their decentralized, independent nature makes them a natural focus of interest for cybercriminals. And while the avowed aim of the blockchain technology that underpins them is to be an immutable ledger to guarantee identification, enabling all transactions to be tracked down, there is even a way around such traceability. The existence of so-called “tumbler” services, which mix potentially identifiable cryptocurrency funds with others so as to obscure the trail back to the funds' original source, means anonymity can be maintained while operating on an exchange. As a result, there are estimates that as much as 97% of illicit activity carried out on the dark web is transacted in Bitcoin (the best-known cryptocurrency).

Cryptocurrencies offer various advantages to cybercriminals:• Bitcoin is already the favorite form of exchange in ransomware attacks: that is, the ransom

demand is for payment in Bitcoin. • Cryptocurrency trading platforms are a soft target for criminals to hack into with a view to

stealing funds.• Given the lack of central oversight of the exchanges, cryptocurrencies are also a convenient

mechanism for laundering money from other illicit activities such as the drug trade. • Cryptomining is a major driver for IT system compromise, enabling criminals to use other

people’s servers (and their electricity) to perform their power-consuming, money-making activities.


Preventive security buckled under the pressureAll these developments resulted in decreasing efficacy of the first major approach to cybersecurity, which we can call the preventive approach, even though it relied on a “patient zero” getting infected to begin with.

This was traditional antivirus (AV) software, which worked as follows: a customer of one of the AV vendors would report an infection, at which point the vendor would analyze the malware that caused the problem and develop a so-called “signature” for that virus, then immediately distribute the signature to all its other customers so that they could be protected from infection. Many AV vendors also contribute their detections to subscription-based community efforts such as VirusTotal, so that other vendors can also protect their customers. However, virus signatures remain the intellectual property of the individual vendors.

This model worked well for a handful of vendors, a couple of which (Symantec and McAfee) grew into billion-dollar businesses serving both consumers and business customers. However, by 2010, it was clear that the size and speed of the threat landscape was gaining the upper hand, with the percentage of viruses caught by AV software dwindling year on year. By 2014, AV market leader Symantec was admitting to the Wall Street Journal that AV was “dead,” or at least “doomed to failure,” and that it was already catching less than 50% of viruses.

Three new approaches: Next-generation antivirus, XDR, and zero trustWith traditional preventive security under increasing pressure, therefore, the industry responded broadly in one of three ways:• Next-generation antivirus (NGAV) vendors sought to apply machine learning and threat

intelligence to bolster preventive capabilities.• The XDR spectrum. Other companies abandoned the preventive approach altogether,

adopting instead a reactive one of detecting when a threat was in their customers’ infrastructure and responding. A spectrum of technologies sprang up, first for endpoint detection and response (EDR), then for the network (NDR), and now Omdia sees detection and response technology for the cloud (CDR). Collectively, these offerings are referred to as XDR.

• Zero trust is a third approach and is essentially a prescriptive one, reducing an organization’s attack surface by removing it from the internet in its entirety then making available only specific assets to individual users (typically employees or partners) and systems, and monitoring and logging their behavior while they have that access.

All three of these approaches have prospered, but at different times. NGAV enjoyed some success around the middle of the last decade, but most of its proponents were acquired by larger security vendors to merge the technology into broader product portfolios. XDR, on the other hand, has gone from strength to strength and now underpins not only multiple vendors’ product portfolios but also the managed services offering known as MDR. Zero trust, in contrast, has really come into its own only over the last three years, despite the concept having been around for a decade.


The evolution of the zero-trust conceptZero trust can be traced back to work carried out in the 2000s within a number of organizations, including the Jericho Forum and the US government’s National Security Agency (NSA), and in individual companies such as Google. These initiatives were all motivated by the growing awareness that preventive security platforms sitting at organizational perimeters were failing and that a better approach was needed. Google, for instance, incorporated a number of zero-trust principles into a remote access platform developed for its own workforce, called BeyondCorp.

Various terms were used at the time to describe the new approach, including “Black Cloud,” “de-perimeterization,” and “segment of one,” but it was the work of John Kindervag, then a Forrester analyst and now a field CTO at Palo Alto Networks, that really established the term zero trust from 2010 onward.

A tagline that is often used for the zero-trust mindset is “never trust, always verify,” which distinguishes it nicely from the approach to security that went before it, namely “trust, but verify.” Its core tenets are described in Figure 1.

No public attack surfacesAn organization’s assets (servers, network,

and applications, whether on-premises or in the cloud) are completely hidden from the

outside world.

Least privilegeAccess rights are granted only to the

application(s) a user requires to perform a specific task, and for a single session.

Further sessions require a new authentication and authorization process.

Continuous authentication of every connection, based on user and device identity, rather than “authenticate at the beginning, then simply trust.”

Full logging of actions and events that take place on the corporate infrastructure, with a view to gaining visibility into threats and providing data for subsequent forensic analysis.

Figure 1: The key tenets of zero trust

Source: Omdia © 2021 Omdia


Manifestations of zero trust in modern securityA decade later, we can identify a number of areas where a zero-trust approach has been incorporated into cybersecurity technology.

Privileged access management adopts least privilege

Privileged access management (PAM) is a branch of identity and access management (IAM) that has come to the fore over the last decade as it became clear that attackers were targeting users with the broadest access rights within an organization (sysadmins, C-level executives, etc.), making more stringent controls on their credentials a requirement.

Password vaults were the first attempt at guaranteeing the security of such users’ credentials. However, their efficacy has waned as application infrastructures have cloudified and grown more dynamic. As a result, it is now common to speak of the need for PAM systems to enable “least privilege.” This is where privileged users such as systems administrators, who previously enjoyed enterprisewide access to systems once they were logged in, are authorized only for the application on which they are working at any one time. When they switch to another application, they must log in all over again.

There is almost always a trade-off between ease of use / user experience and security, and clearly the doctrine of least privilege errs on the side of security in the first instance. There are now PAM systems that seek to mitigate the mind-numbingly boring process of a sysadmin having to log in again for every new application they work on, though inevitably, in doing so, they sacrifice some degree of the least-privilege ethos. They let companies create small subsets of applications that are regularly accessed together in a session with single sign-on (SSO). What is not possible with least privilege, however, is blanket access to an entire organizational infrastructure.

IAM recertification

PAM policy management

App access privilege

management

Target applicationsTarget infrastructure resources

Privileged session

management

Privileged users/admins

Password vault

Session reviewers

Security incident and event management (SIEM)

Workflow approvers

Account discovery

IAM provisioning

Directory (LDAP/AD)

Ticketing system

i

Figure 2: Privileged access management



Cloud permissions management applies zero trust to data stores

An emerging class of technology that applies zero-trust principles is cloud permissions management (CPM). CPM aims to address the problem of “permission sprawl,” whereby users such as developers, administrators, service accounts, and application permissions accumulate excessive access rights to companies’ applications and workloads in the cloud, often by indirect means, for example, simply by belonging to a particular workgroup.

It does this by surveying the access entitlements across a company’s cloud data stores, recommending where they should be curtailed, and taking remedial action through escalations or in an automated fashion, if the customer so desires.

Zero-trust access: The application of zero trust to remote access

A broader application of zero trust, that is, one that goes beyond privileged users, is on the rise, namely zero-trust access technology, which addresses the remote-access requirements of all corporate users (employees, contractors, and partners). It grants remote users access to only the specific applications or resources they need to perform their job. The rest of the corporate network is invisible or “blacked out.”

Clearly the whole question of secure remote access has gained a sudden urgency with the advent of the pandemic and the transition to working from home. VPNs are the main way organizations have delivered remote access to their corporate end users (another approach is server-based computing, often paired with thin-client technology, but the functionality there tends to be more reduced), so ZTA is clearly a competing approach. Indeed, some ZTA vendors openly position it as a more secure alternative.

The advantage that ZTA offers over VPNs is the greater security it provides. VPNs grant access to an entire corporate infrastructure, enabling threat actors, once allowed in, to plant code that can perform surveillance (via so-called east–west traffic) and seek out valuable assets for subsequent

exfiltration to a command-and-control server. ZTA grants access to the specific assets users require to do their job and monitors the session once they are allowed in.

Micro-segmentation

Zero trust is now regularly applied in the protection of workloads, both in data centers and, more particularly, in cloud environments. In this context, it can be seen at work in the micro-segmentation technology offered by a range of companies, in what is part of the cloud workload protection platform (CWPP) market.

In terms of the cloud, the micro-segmentation approach creates secure zones with infrastructure- and platform-as-a-service (IaaS and PaaS) environments that allow companies to isolate workloads from one another and secure them individually.

The issue here is less about human access than about system-to-system, workload-to-workload traffic, because a successful breach will often entail east–west traffic (i.e., communications between the instances in a cloud environment) as attackers seek to harvest additional data or to infect further workloads. Therefore, the ability to isolate each workload and inspect all traffic to and from it enables companies to impose and enforce workload-specific security policies.

Such functionality usually entails installing a small software agent on the hosts on which the workloads are running. The agent communicates back to a central brain, which may reside on a customer’s premises or in the cloud, to receive instructions on what to block, what to allow, and so on. The agent often performs these enforcement functions by integrating with the native firewalling capabilities of the host operating systems, namely the Windows Filtering Platform and, in the case of Linux, the iptables feature.

Of course, there are scenarios in which an agent cannot be deployed, such as high-frequency trading, where any additional functionality is barred because it would add latency. For those eventualities, the micro-segmentation vendors enable their products to integrate with load balancers and firewalls via application programming interfaces (APIs) to harness those devices for enforcement.

End user ZTA App #1, App #2, App #3 etc...

Figure 3: Zero-trust access is an alternative to VPNs for secure remote access



The two architectures for ZTAFocusing now particularly on ZTA, it should be noted that there are two distinct architectures proposed by ZTA vendors.

Software-defined perimeter

The first is software-defined perimeter (SDP), the technical specification for which was written by the Cloud Security Alliance (CSA). SDP systems rely on the following functional software components:• SDP client software sitting on the end user’s device• An SDP controller, in the cloud or on the customer’s premises to set and enforce access

policies; controllers sit in the control path between the end users and the applications they wish to access but not in the data path

• SDP gateways, typically deployed one per network segment (or two for high availability) and serving as a firewall between users and the back-end applications they wish to access; gateways sit in the data path between end user device and application but not in the control path

• SDP systems that monitor all access activity and use a log server for reporting use

The gateways can be on-premises or in a public or private cloud, depending on where the application to which they will grant access resides.

The SDP controller receives a request for access from an end user, verifies their identity against a source such as Active Directory or LDAP, and checks the security posture of the endpoint device from which they are logging in. If the request is accepted, the controller notifies the gateway sitting in the data plane that it should set up encrypted tunnels to both the end user’s device and the application. It then goes into pass-through mode, so that there should be no latency added to the communication.

All other assets, whether on a company’s premises or in its cloud environment, remain blacked out (hence the Black Cloud name used in the early stages of developing the concept) and are therefore unattainable, which negates attempts at privilege escalation or lateral movement around the corporate infrastructure.

SDP client App #1

App #2

SDP controller

SDP gateway

SDP gateway

Control planeData plane

Figure 4: The SDP architecture for zero-trust access



Identity-aware proxy

The second type of architecture is called identity-aware proxy (IAP). With IAP, the proxy sits in both the control and the data planes, where it brokers the access requests then sets up the encrypted tunnels between end user and application.

By inserting an extra “bump in the wire” into the data plane, this approach has the potential to add latency. For this reason, most of the vendors and providers offering IAP operate their own network, which enables them to mitigate latency and other performance considerations with techniques such as optimal path selection. By contrast, SDP is usually offered as software for a company to deploy and operate: there is no obligation for it to be a service.

Tencent’s offering: ZTACTencent has incorporated the principles of zero trust in what it refers to as a “zero-trust security management system” with the name Tencent iOA. Tencent calls its design vision for iOA “4A,” referring to the four As in Figure 6 below.

IAP client

App #1

App #2

Identity-awareproxy

Control planeData plane

Figure 5: The IAP architecture for zero-trust access


Tencent ZTNA ——（iOA） Vision

• Intranet: On the basis of existing security infrastructure, iOA provides a more convenient access and helps expand workplace.

• Extranet: iOA provides safe and easy access, based on 4T principles, for users whether at home, hotel or airport.

TencentiOA

04 AnyWork

01

AnyWhere

02

AnyApplication• Business servers are hidden.• Business are accessible from both intranet

and extranet with unified control and audit

03 AnyDevice• Any device, after standardization and

security detection, will be granted access to intranet as work device, recording the relation between person and device.

• Support agentless client, access services and resources based on identity.

Wherever the employee is (AnyWhere), using what application (AnyApplication) on

what device (AnyDevice), he can safely access enterprise resources to do any job (AnyWork)

01

• iOA ensures the security of any accessing application by adopting application whitelist: only compliant applications can access intranet.

Figure 6: Tencent’s design principles for its iOA zero-trust architecture

Source: Tencent

Wherever the employee is (AnyWhere), using what application (AnyApplication) on what device (AnyDevice), he can safely access enterprise resources to do any job (AnyWork)

• Intranet: On the basis of existing security

infrastructure, iOA provides a more convenient

access and helps expand workplace.

• Extranet: iOA provides safe and easy access,

based on 4T principles, for users whether at

home, hotel or airport.

• Any device, after standardization and security

detection, will be granted access to intranet as

work device, recording the relation between

person and device.

• Support agentless client, access services and

resources based on identity.

• iOA ensures the security of any accessing application

by adopting application whitelist: only compliant

applications can access intranet.

• Business servers are hidden.

• Business are accessible from both intranet and

extranet with unified control and audit


The four As are• Anywhere. It works regardless of the user’s location

(internal or external to the corporate customer’s infrastructure), even if they are in another country.

• Any Device. Both corporate and noncorporate devices are supported, which means any device will be granted access to intranet as a work device after standardization and security scanning carried out by iOA, which offers both agent-based and agentless mode of operation. Tencent also provides antivirus and vulnerability patching, based on more than 20 years of data accumulation, leveraging multiple AV engines, and enabling known viruses to be eradicated while unknown ones are actively blocked (see Figure 7).

• Any Application. Application whitelisting ensures the security of all the applications accessed, regardless of whether they reside on a company’s premises or in a private or public cloud.

• Any Work. This is how the vendor refers to the fact that all business assets are hidden (or “kept dark”) from users, regardless of whether the users are on the corporate intranet or outside it, and only the apps that are required for a given task are made accessible (or “lit”) for a particular session.

It is the Tencent iOA that underpins the vendor’s zero-trust access offering, known as ZTAC, which is offered in two deployment modes: its core functionality can reside on a customer’s premises (the vendor refers to this as its “standalone” mode), in which case it is managed completely by the customer, or can be delivered as software-as-a-service (SaaS mode) with the vendor managing it.

As mentioned above, Tencent offers both agent-based and agentless versions of ZTAC, with the agent-based version shipping with both EDR and endpoint data leak prevention (DLP) capabilities built in. Architecturally, the platform is available in both SDP and IAP flavors:• The agentless version uses a web proxy deployed on

Tencent’s own network infrastructure, with the traffic running on the vendor’s backbone network and Tencent providing ZTAC in SaaS mode.

• The agent-based version uses an SDP-like architecture, though with a different protocol that was developed by and is proprietary to Tencent. In that scenario, it is the corporate customer that manages the platform and operates it on the network infrastructure of its choice.

File combination feature

Local heuristic engine

File hash



Virus database• Sample library：70+ billion• Whitelist：10+ billion• Blacklist：4+ billion

Update frequency• Up to hourly update• Professional operation team

Figure 7: Tencent’s antivirus capabilities



WAN acceleration and link optimizationTencent iOA

It is worth mentioning here the underlying network infrastructure that Tencent offers its WAN customers. Its intelligent Office Access (iOA) WAN service is delivered via some 1,300 points of presence (PoPs) around the world, providing both distributed denial-of-service (DDoS) protection and network acceleration, leveraging techniques such as intelligent routing, protocol optimization, multiplexing, and anti-jitter circuits for the latter.

Link optimization for better VPN performance

While it highlights the benefits of ZTA for remote connectivity, Tencent is aware that many of its customers are already heavily invested in traditional VPN technology. For those customers it offers link optimization technology within the IOA service, which establishes a dedicated secure communication channel on demand for a VPN client, thus obviating the need for traditional tunneling technology. This has a significant positive impact in terms of the available bandwidth and also mitigates delay, jitter, and packet loss.

Ingress Node

Domestic: 1100+ acceleration nodes;

120Tbps reserve

Overseas: 2700+ accel. nodes;

20Tbps reserve

Ingress Node

Domestic: 1100+ acceleration nodes

Overseas:

2700+ accel. nodes

DNS

iOA User's server resources

Tencent iOA

Figure 8: Tencent’s intelligent Office Access (iOA) WAN service

Source: Tencent

https://www.oa.com

iOAiOA Gateway

iOA Gateway

Raw data Raw dataCiphertext

auth auth

www.oa.com

Figure 9: Link security and optimization

Source: Tencent


Appendix

Author

Rik TurnerRik Turner, Principal Analyst, Cybersecurity [email protected]

omdia.com24

COPYRIGHT NOTICE AND DISCLAIMEROmdia is a registered trademark of Informa PLC and/or its affiliates. All other company and product names may be trademarks of their respective owners. Informa PLC registered in England & Wales with number 8860726, registered office and head office 5 Howick Place, London, SW1P 1WG, UK. Copyright © 2021 Omdia. All rights reserved. The Omdia research, data and information referenced herein (the “Omdia Materials”) are the copyrighted property of Informa Tech and its subsidiaries or affiliates (together “Informa Tech”) and represent data, research, opinions or viewpoints published by Informa Tech, and are not representations of fact. The Omdia Materials reflect informationand opinions from the original publication date and not from the date of this document. The information and opinions expressed in the Omdia Materials are subject to changewithout notice and Informa Tech does not have any duty or responsibility to update the Omdia Materials or this publication as a result. Omdia Materials are delivered on an “as-is” and “as-available” basis. No representation or warranty, express or implied, is made as to the fairness, accuracy, completeness or correctness of the information, opinions and conclusions contained in Omdia Materials. To the maximum extent permitted by law, Informa Tech and its affiliates, officers, directors, employees and agents, disclaim any liability (including, without limitation, any liability arising from fault or negligence) as to the accuracy or completeness or use of the Omdia Materials. Informa Tech will not, under any circumstance whatsoever, be liable for any trading, investment, commercial or other decisions based on or made in reliance of the Omdia Materials.

About Omdia

Omdia is a global technology research powerhouse, established following the merger of the research division of Informa Tech (Ovum, Heavy Reading, and Tractica) and the acquired IHS Markit technology research portfolio*.

We combine the expertise of more than 400 analysts across the entire technology spectrum, covering 150 markets. We publish over 3,000 research reports annually, reaching more than 14,000 subscribers, and cover thousands of technology, media, and telecommunications companies.

Our exhaustive intelligence and deep technology expertise enable us to uncover actionable insights that help our customers connect the dots in today’s constantly evolving technology environment and empower them to improve their businesses – today and tomorrow.

* The majority of IHS Markit technology research products and solutions were acquired by Informa in August 2019 and are now part of Omdia.

Contact Omdia

E [email protected] E [email protected] W omdia.com

� OmdiaHQ � Omdia

The Omdia team of 400+ analysts and consultants are located across the globe

AmericasArgentinaBrazilCanadaUnited States

Asia-PacificAustraliaChinaIndiaJapanMalaysiaSingaporeSouth KoreaTaiwan

Europe, Middle East, AfricaDenmarkFranceGermanyItalyKenyaNetherlandsSouth AfricaSpain

SwedenUnited Arab EmiratesUnited Kingdom

COPYRIGHT NOTICE AND DISCLAIMER

The Omdia research, data and information referenced herein (the “Omdia Materials”) are the copyrighted property of Informa Tech and its subsidiaries or affiliates (together “Informa Tech”) or its third party data providers and represent data, research, opinions, or viewpoints published by Informa Tech, and are not representations of fact. The Omdia Materials reflect information and opinions from the original publication date and not from the date of this document. The information and opinions expressed in the Omdia Materials are subject to change without notice and Informa Tech does not have any duty or responsibility to update the Omdia Materials or this publication as a result. Omdia Materials are delivered on an “as-is” and “as-available” basis. No representation or warranty, express or implied, is made as to the fairness, accuracy, completeness, or correctness of the information, opinions, and conclusions contained in Omdia Materials. To the maximum extent permitted by law, Informa Tech and its affiliates, officers, directors, employees, agents, and third party data providers disclaim any liability (including, without limitation, any liability arising from fault or negligence) as to the accuracy or completeness or use of the Omdia Materials. Informa Tech will not, under any circumstance whatsoever, be liable for any trading, investment, commercial, or other decisions based on or made in reliance of the Omdia Materials.

Contact Tencent

W https://intl.cloud.tencent.com/E [email protected] W www.linkedin.com/company/tencent-cloud/

Documents

Zero Trust: Its Evolution and Use in Secure Remote Access