02/04/2021

Market Trends: Strategies Communications Service

Providers Can Use to Address Key 5G Security Challenges
Published 9 October 2019 - ID G00414595 - 21 min read

By Analysts Peter Liu, Sylvain Fabre

Initiatives: Technology Market Essentials

The rise of diversified services, cloud architecture and massive Internet of Things
connections in 5G expose new security concerns and challenges. This research
provides CSP product leaders with help to pick the right security strategy for their 5G
deployment and product design.

Overview
Key Findings
■ 5G infrastructure’s heterogeneity and complexity require security to be dealt with at multiple levels and
across domains in an integrated way, which today’s piecemeal approach is insufficient to support.

■ Introduction of real time and ultrareliable low-latency communication (URLLC) vertical services, with
an elevated use of software-defined network (SDN)/network function virtualization (NFV)/cloud in 5G
mean a broader, more dynamic and multifaceted attack surface landscape.

■ The widespread need to access the network via smart devices, cloud services and edge computing
renders the perimeter security model insufficient.

Recommendations
For communications service providers (CSPs) building their 5G security strategy in the marketplace:

■ Implement a defense-in-depth approach to 5G security by enhancing the security orchestration,

automation and intelligence capabilities.

■ Shift the security mindset from “incident response” to “continuous response,” by implementing a
continuous adaptive security architecture.

■ Strengthen the 5G network security and identity and access management (IAM) by adopting a “zero
trust” concept. Additionally, budget and pilot microsegmentation and software-defined perimeter
projects.

Introduction

Gartner, Inc. | 3970214 Page 1 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

After years of anticipation, CSPs are now moving forward with 5G commercialization. As of mid-July
2019, there were 54 operators worldwide that had introduced 5G infrastructure into their networks
(source: Global mobile Suppliers Association [GSA]). In the meantime, expectation of 5G from various
industries is increasing since 5G introduces enhanced bandwidth, ultrareliable low latency
communication (URLLC) and as well as supporting massive Internet of Things (IoT) connectivity.

Cellular-based technologies have always been standards based and treated as “secure by design.” From
a standards point of view, 5G provides enhanced security features compared to the previous generation
— like introducing unified authentication, a more flexible security policy for diverse use cases, secure
service-based architecture and slice isolation, for example.

However, the 5G system goes beyond networks. The challenging traits of 5G networks to support novel
and diverse business requirements for vertical sectors have rendered current network security
approaches and identity and access management (IAM) inadequate (see Figure 1).

Figure 1. Overall 5G Security Challenges

With IoT and Industry 4.0, a plethora of new device types will connect and access the network, which
introduces new dimensions of attack vectors and vulnerabilities. In addition, 5G’s low latency and high
bandwidth capabilities could be used to increase the potential scale of the attack, such as distributed
denial of service (DDoS). Also, 5G leverages a set of new technologies including SDN/NFV/cloud and
multiaccess edge computing (MEC) to provide more abundant and flexible on-demand network services
through slice customization, in order to support diversified service requirements. These new technologies

Gartner, Inc. | 3970214 Page 2 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

and multilayered architecture increase the attack surface, it also challenges the traditional IAM system
as well.

Addressing 5G security concerns will require a “defense-in-depth” proactive design, a new trust model
and also a continuous security approach. This research provides an overview of the key security
challenges in the 5G network from devices, services and a network architecture point of view. It also
presents solutions to these challenges and the future direction for security within the 5G environment.

Market Trend
As 5G moves from concept to reality, three key market forces have converged to drive the security
concern within the 5G era:

1. Massive Internet of Things (IoT) connections

2. Diversified services

3. New cloud-based infrastructure

(See Figure 2.)

Figure 2. Driving Force for 5G Security Concerns

5G Security and Massive Internet of Things Connections

Gartner, Inc. | 3970214 Page 3 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

5G was designed to meet the unique requirements of the connected “everything,” which ranges from
wearables to smart cities. According to Gartner’s forecast, by 2023, the number of connected devices is
expected to reach 25 billion. This represents an enormous business opportunity for CSPs and because
of 5G, we can expect to see a much wider adoption of the IoT, but conversely it also brings more
sophisticated security attacks.

Figure 3. 5G Security and Massive IoT Connections

The significant issue that 5G precipitates in massive IoT is the increased bandwidth (more poorly
designed devices on the network) and ultra-low latency (that can now communicate with each other). An
attack can simply spiral out of control. Massive IoT securities can be divided into three main aspects in
5G, each with different implications to security:

1. Scale

2. Diversity

3. Criticality

With IoT and Industry 4.0 in mind, a plethora of new device types (see Figure 4) with less homogeneity
will be connected to the network together with a multitude of applications. Some devices are resource-

Gartner, Inc. | 3970214 Page 4 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

constrained that may not have been designed with effective security features. Some devices are
powerful and smart with the potential to be manipulated into triggering a more harmful attack. Existing
authentication mechanisms may be unsuitable, which is also due to heterogeneity among mobile
wireless devices and scalability issues. CSPs need to consider real-time device health attestation
combined with user authentication.

Figure 4. Potential IoT Threats

In addition, because devices, applications and architectures are developed and deployed by different
vendors, the absence of standards and a common architecture will increase security concerns. We can
envision an exponential increase of design flaws, from hardcoded credentials (where some devices have
a “master password” that anybody can exploit), to unpatched vulnerabilities (that allows skilled
attackers to control devices regardless of how it has been configured). Instead, simply relying on a
variety of point of solutions for security, with each designed to solve a specific type of problem proves
insufficient. A more holistic and integrated approach is necessary.

Furthermore, 5G enables more mission-critical use cases — such as connected car, smart factories and
even healthcare devices/applications. The potential scale of impact for these new mission-critical
scenarios will be much greater, with the potential to offer much higher speeds and bandwidth, reduced
latency, increased connection density and greater accuracy in location sensing (see Table 1 and “Exploit
the Innovation Opportunities Enabled by Future 5G Wireless”).

Gartner, Inc. | 3970214 Page 5 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

Table 1: Example of 5G Performance Gains Over 4G

Source: Gartner (October 2019)

Hence, various security elements are necessary for 5G massive IoT, especially when considering the
criticality and intricacies of specific business applications (for example, installing/upgrading network
devices, supervisory control and data acquisition [SCADA] systems, policies and so forth). One of the
classic DDoS attacks example is illustrated in Figure 5.

Gartner, Inc. | 3970214 Page 6 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

Figure 5. Classic DDoS Attack Example

5G Security and Cloud-Based Architectures

The 5G network will heavily leverage new cloud/virtualized technologies such as software-defined
networking (SDN), network function virtualization (NFV) as well as multiaccess edge computing (MEC)
to meet growing user and service demands. The open, flexible and programmable nature of these new
technologies opens a new avenue of security threats.

Table 2 provides a summary of key security challenges to confront in 5G technologies.

Gartner, Inc. | 3970214 Page 7 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

Table 2: Potential Threats for Cloud-Based Infrastructure

Viewing partial table. Click here to view full table

Source: Gartner (October 2019)

SDN
“Softwarized” networks heavily rely on a logically centralized control. This centralized control
architecture also introduces new vulnerabilities. For example, if malicious applications are granted
access from a compromised controller, havoc can contaminate the network. In addition, SDN controller
updates or modifies the flow rules in data forwarding elements. This control information can be easily
identified, making it a visible entity in the network and marking it as a favorite choice for DDoS attacks.

NFV
Operational interference and misuse of shared resources are considered as key infrastructure-level
threats. Due to the common accessibility of physical infrastructure resources, an attacker can interfere
with operations of the infrastructure by inserting malware or manipulating network traffic. In addition,

Gartner, Inc. | 3970214 Page 8 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

NFV itself is vulnerable to virtualization-related threats, such as side-channel attacks, flooding attacks,
hypervisor hijacking and malware injection.

Cloud and MEC

Cloud computing systems comprise various resources, which are shared among users. It is possible for
a user to spread malicious traffic and tear down the performance of the whole system, consume more
resources, or stealthily access resources of other users.

On the side of MEC, the main security concerns are in the context of the cloud-enabled IoT environment,
as well as the open APIs. For example, if sensitive security assets are compromised at virtualized
functions on the edge, an attacker could maliciously reuse them to gain connectivity or carry out
spoofing, eavesdropping, or data manipulation attacks. These attack methods are not necessarily new.
However, since the MEC is still emerging, the potential and gravity of security issues are yet to be entirely
understood. Therefore, when selecting vendors and before rolling out commercial large-scale edge cloud
deployment, CSPs should ensure security solutions are flexible enough to meet a broad range of threat
vectors at the time of initial deployment.

Open Source
Increasing use of open-source software introduces a whole new set of security challenges. This is
especially true in terms of keeping a consistent and coherent approach to security-by-design, and the
prevention of deliberate security flaws.

5G Security and Diversity of Applications

5G leverages more sophisticated network technologies like network slicing and control and user plane
separation (CUPS) to support the diversified service requirements. These are increasingly seen as
fundamental to 5G but introduce new security challenges, like separation between different network
slices with different security mechanisms.

Network Slice
A network slice is defined as an independent end-to-end logical network that runs on a shared physical
infrastructure, tailored to dedicated services based on their requirements. These logical network slices
allow CSPs to provide networks on an as-a-service basis to meet the wide range of 5G use cases.

Operationalizing network slicing itself will prove very complex due to the multidomain and multitenant
context. It will become more sophisticated by adding security requirements for each slice. In addition,
network slicing is still a new and emerging concept; it has not yet had wide commercial deployments,
which means there are a lot of potential security uncertainties in the future.

Several potential security implications related to network slicing are listed in the following sections.

Gartner, Inc. | 3970214 Page 9 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

Resources Sharing
Although a fundamental premise of network slicing is that the network is carved into discrete, self-
contained units; in many cases, each slice must still leverage network-wide resources. When multiple
network slices are instantiated over a common hardware platform, slicing must isolate resources and
data on shared infrastructure. Isolation of slices from one another is an issue and the main security
concern involves bad actors gaining broader network access via a “lower” security slice.

Cross-Domain Security
The opportunity for a malicious attack to gain access to an array of other network resources through a
common entry point is limited in a traditional monolithic network architecture. However, network slicing
in 5G will offer it as an on-demand basis which leverages SDN-based orchestration to set up, be torn
down or altered. Therefore, a successful attack on a multidomain network orchestrator could provide an
entry point. which can lead to multiple network domains and/or slices.

Authenticated and Authorization

As more network slices are created to support a variety of user equipment, the potential number of attack
vectors will increase accordingly. A user endpoint (UE) can simultaneously access multiple services
delivered by different network slices through a variety of network access — for example, Third
Generation Partnership Project (3GPP), trusted non-3GPP and untrusted non-3GPP access. The UE must
be authenticated and authorized for accessing the specific slice. Otherwise:

■ A user's private information used in the network slice selection procedure may be intercepted or
eavesdropped.

■ Unauthorized users may connect as an insider to network slices they don’t have authorization for and
consume resources.

If there is no proper security mechanism for the authorization of network selection, this will expose the
network to different types of attacks (for example, impersonation and DDoS).

Technology Trends
5G security should go beyond network and standardization to consider its heterogeneity, diversity and
complexity as well. 5G security is a new and complex topic, it involves:

■ Standardization

■ Radio and signaling

■ Authentication and identification management

■ Confidentiality and integrity

■ End-to-end encryption

Gartner, Inc. | 3970214 Page 10 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

■ DDoS mitigation

■ Traffic segmentation

■ Endpoint protection

It is difficult to cover everything in one document. In this research, we will focus on the three pillars for an
effective 5G security strategy. (See Figure 6.)

Figure 6. Three-Pillar Approach to Effective 5G Security Strategy

Implement a Defense-in-Depth Approach

To implement a defense-in-depth approach for 5G security, enhance the security orchestration,
automation and intelligent capabilities.

CSPs today depend on several points of solutions for security, with each designed to solve a specific
type of problem. In this piecemeal approach, multiple solutions are siloed and unintegrated, which
hinders the time between attack detection and mitigation. In addition, the largely unintegrated layers of
protection prove difficult to manage.

5G’s multifaceted exploits mean managing 5G security is a balancing act between managing a wide
universe of devices and applications, requiring innovation and agility among the ever evolving landscape
of threats. Moreover, users’ security requirements can often change depending on the circumstances.
CSPs need a more comprehensive understanding of vulnerabilities and more wide-ranging protection
against a variety of threats.

Gartner, Inc. | 3970214 Page 11 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

Therefore, we recommend a defense-in-depth approach, which has the ability to connect all those
disparate silos and accelerate mitigation, built on analytics as the glue to integrate different
technologies — sharing the right intelligence with the right people at the right time. The end objective is a
security architecture — that with enhanced security orchestration — automates security, driven by
intelligence and analytics.

The key to this defense-in-depth approach includes:

■ Monitoring the event from various security controls. Gain a holistic and centralized view of security
across the devices, IT, transport, radio and core network domain.

■ Orchestrating different security products to construct the context. Transforming previously siloed
information into a context-aware defense (including application awareness, identity awareness and
content awareness) with visibility and situational awareness. Reducing the time from detection to
protection.

■ Helping prioritize multiple concurrent items and incidents. Providing a consolidated and prioritized
view of overall threats, aiding security professionals in prioritizing risks and automating security
operations activities in the context of the attack surface and the business. Reducing labor and
mitigation costs, along with any confusion.

■ Increasing levels of security automation. The dynamicity in 5G networks — in terms of user mobility,
application use and data rate requirements, as well as variations in network conditions — require
autonomous operations that improve performance of the 5G services provided to all users of 5G.

The complexity and scale of the 5G ecosystem, combined with a lack of skills and training in software-
centric security, make artificial intelligence (AI) a critical feature of 5G security. Machine learning (ML)
and AI, enable CSP security teams to provide real-time response to threats across networks on a global
scale. For example, with the help of ML/AI, CSPs can identify unknown malware intruding their networks
and analyze it based on hundreds of malicious behaviors to deliver automated protections.

Therefore, embedding AI into the security operations is gaining in momentum nowadays and CSPs must
invest in ML and AI capabilities for their 5G security. In the meantime, CSPs also need to be aware that
poorly defined AI systems and algorithms themselves could actually increase the potential attack
surface and expose further security vulnerabilities.

Shift the Security Mindset From Incident Response to Continuous Response

Implementing a continuous and adaptive security architecture, transforming the security mindset from
“incident response” to “continuous response” will help solidify a 5G security approach. Prevention and
detection are key pillars of a traditional CSP’s approach to security. However, 5G business is built upon
an intelligent mesh of devices, software, processes and people, which exposes an even more complex
and dynamic world for security. This leads to new security challenges that include the following:

Gartner, Inc. | 3970214 Page 12 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

■ 5G business that creates an urgent need for speed and agility, including information security and risk
management.

■ The threat environment in 5G continues to adapt and evolve with new types of threats and attacks
against new kinds of IT and business architectures.

■ Relying only on prevent-and-detect perimeter defenses and rule-based security, such as antivirus and
firewalls. This becomes less effective as organizations increasingly use cloud-based systems and
open application programming interfaces (APIs) to create modern business ecosystems.

To securely enable 5G business, security and risk management leaders need to embrace a strategic
approach where security is adaptive, everywhere, constantly. The key capabilities for security and risk
management professionals over the next decade will be to continuously discover, assess and adapt to
continual changing risk and trust levels. We need security infrastructure and security decisions to
become persistent and adaptive — enabling real-time decisions that balance risk, trust and opportunity
at the speed of 5G business (refer to “Seven Imperatives to Adopt a CARTA Strategic Approach”).

Gartner calls this strategic approach “continuous adaptive risk and trust assessment,” (CARTA), see
Figure 7 (also see “Use a CARTA Strategic Approach to Embrace Digital Business Opportunities in an Era
of Advanced Threats”).

Gartner, Inc. | 3970214 Page 13 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

Figure 7. CARTA Strategic Approach

In the context of 5G, adopting a CARTA-strategic approach means providing a foundation for security
and risk management leaders to:

■ Use more context, more visibility and more intelligence for continuous, adaptive risk-based decision
making, rather than the static, binary “allow or block” security decisions of the past.

■ Make continuous, adaptive and intelligent risk-optimized security control decisions for 5G services.
Proactively define acceptable levels of risk and trust when creating new business capabilities or
network slicing, and map this into adaptive security decisions when the business capability is made
operational.

■ Monitor in real time and continuously analyze endpoint behavior to identify bad actors’ access,
providing real-time threat indicators to potential insider threats.

■ Prioritize and filter — adaptive security allows IT teams to apply advanced analytics and machine
learning processes that can detect security breaches that would not be obvious by simply monitoring

Gartner, Inc. | 3970214 Page 14 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

the system alone.

■ Reduce the attack surface — adaptive security can shrink the size of the attack surface and limit the
amount of damage a threat can cause.

Build a New Trust Model and Identify Management Through Leveraging “Zero Trust”
Approach
A conventional security model operates on the “castle-and-moat” concept, which means it is hard to
obtain access from outside the network but everything inside the network is trusted by default. The
challenge of this approach is in its design to protect the perimeter, since once an attacker gains access
to the network, they have free rein over everything.

In 5G, the widespread need to access the network via smart devices, cloud services and edge computing
renders the perimeter security model insufficient. Key challenges include:

■ More outside users and unmanaged devices accessing the system.

■ Internal users will consume more applications and SaaS services delivered from outside.

■ More traffic from the edge will access services.

■ Trying to restrict access to applications and services for mobile users based on Internet Protocol (IP)
addresses is futile.

■ With cloud-native architectures using virtual machines (VMs), containers and serverless functions (see
“Security Considerations and Best Practices for Securing Serverless PaaS”), IP addresses are
transient, often with address translation used. (Typically, this is often the case in modern hybrid data
centers and public cloud infrastructure as a service [IaaS].)

Given the increased attack sophistication and insider threats of 5G, a new trust model approach is
required. An effective measure will be the use of “Zero Trust” networks, which work on the principle of
1
“never trust, always verify and enforce least privilege.”

Under the zero-trust concept, it should be established with a contextual assessment of the trust of user
and device, along with an assessment of the risk of the data, application or transaction being accessed.
For workloads and applications, trust should be based on a contextual assessment of the workload —
including the identity, the application/service running, the data being handled and any associated
tags/labels. These shifts and the need to reduce risk by reducing surface area from attack have driven
the significant interest in two zero trust networking projects (refer to “Zero Trust Is an Initial Step on the
Roadmap to CARTA”).

Microsegmentation

Gartner, Inc. | 3970214 Page 15 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

Microsegmentation is the practice of dividing security perimeters into small zones to maintain separate
access for separate parts of the network. For example, a network with multiple slicing living in a single
data center that utilizes microsegmentation may contain dozens of separate, secure zones. A person or
program with access to one of those zones will not be able to access any of the other zones without
separate authorization.

Advanced network microsegmentation solutions include dynamic segmentation and intelligent, intent-
based segmentation.

1. The first can dynamically and intelligently segment the network based on a variety of policies.
Segments can be zoned based on a physical location (such as a building or floor), to dynamically
shifting applications or workflows, or they can even be restricted to a single device.

2. The second is able to understand business intent and then dynamically apply security protocols
(including segmentation and inspection) at machine speeds. It also allows the detection of and
response to threats occurring anywhere across the distributed environment, dynamically adapting the
policies governing a network segment.

In Gartner’s adaptive attack protection architecture used in CARTA research (see Figure 8), the red box in
the upper right corner indicates zero-trust networking in the form of microsegmentation projects.

Figure 8. Adaptive Attack Protection Architecture

Software-Defined Perimeter (SDP)

Gartner, Inc. | 3970214 Page 16 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

In a world where anywhere, anytime access to applications and services from any device exists, CSPs
need to reconsider access strategy. The vision of software-defined perimeter is to design a network
where there is no “inside” or “outside” from the user’s perspective. In this model, the user doesn’t have to
work out the method of access based on the context of where they are, what time of day it is or what
type of device they are using. The network determines this for them.

In Gartner’s adaptive access protection architecture used in CARTA research (see Figure 9), the red box in
the upper right corner indicates the initial security posture of default deny. Users have no implicit access
until an assessment of the user’s credentials, device and context are completed.

Figure 9. Adaptive Attack Protection Architecture

Vendors to Watch
As the 5G security market is emerging, it crosses hitherto separate markets and involves the
transformation of how capabilities are delivered, so it is not possible to compile a comprehensive list.
We recommend that attention be paid to these vendors in particular, due to their current involvement in
the CSP 4G and 5G domains — Allot, Cisco, Ericsson, F5 Networks, Fortinet, Huawei, Intel, Juniper
Networks, Nokia, Palo Alto Networks, VIAVI Solutions, Verizon (acquired PrecisionAccess from Vidder),
among others.

For vendors in security orchestration, automation and response solution please refer to “Market Guide
for Security Orchestration, Automation and Response Solutions.”

For vendors in zero-trust networks please refer to “Market Guide for Zero Trust Network Access.”

Gartner, Inc. | 3970214 Page 17 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

Acronym Key and Glossary Terms

3GPP Third Generation Partnership Project

4G fourth generation

5G fifth generation

AI artificial intelligence

API application programming interface

(For more information, see  Wikipedia’s entry.)

CARTA continuous adaptive risk and trust assessment

CCTV closed-circuit TV

CP control plane

CSP communications service provider

CUPS control and user plane separation

DDoS distributed denial of service

DoS denial of service

Gbps gigabits per second

GSA Global mobile Suppliers Association

HVAC heating, ventilation and air conditioning

IAM identity and access management

IoT Internet of Things

IP Internet Protocol
2
squared kilometers

MEC multiaccess edge computing

MITM man-in-the-middle

ML machine learning

ms milliseconds

NFV network function virtualization

RAN radio access network

SCADA supervisory control and data acquisition

Gartner, Inc. | 3970214 Page 18 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

SDN software-defined network

SDP software-defined perimeter

TCP Transmission Control Protocol

UE user endpoint

UP user plane

URLLC ultrareliable low-latency communication

VM virtual machine

Evidence
1
J. Kindervag,  “A Wake-Up Call for Zero Trust: Interview With Tony Scott, Former Federal CIO,”
 SecurityRoundtable.org, 11 April 2019.

Recommended by the Authors

Hype Cycle for the Future of CSP Wireless Networks Infrastructure, 2019

Market Guide for Security Orchestration, Automation and Response Solutions

Market Guide for Zero Trust Network Access
Reduce Privacy Risks When Using 5G Products and Services
Market Insight: Accelerate 5G Adoption Through In-Depth Indoor Coverage
Market Guide for CSP Edge Computing Solutions

Include 5G and Next-Generation Wireless in Roadmaps to Elevate In-Store Retail Customer Experience
Survey Analysis: Product Leaders Must Have a Robust 5G Plan to Meet Expectations of End Users
What 5G Requirements Do Manufacturing Industries Have?
Ask These Four Questions About Enterprise 5G

Starting Now, Supply Chain Leaders Should Assess the Potential for 5G Mobile Communications
Networks
Tech CEOs Must Prepare Their Digital Strategy for 5G

Gartner, Inc. | 3970214 Page 19 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.
02/04/2021

© 2021 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its
affiliates. This publication may not be reproduced or distributed in any form without Gartner's prior written permission.
It consists of the opinions of Gartner's research organization, which should not be construed as statements of fact.
While the information contained in this publication has been obtained from sources believed to be reliable, Gartner
disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research
may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not
be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner
prides itself on its reputation for independence and objectivity. Its research is produced independently by its research
organization without input or influence from any third party. For further information, see "Guiding Principles on
Independence and Objectivity."

Gartner, Inc. | 3970214 Page 20 of 20

This research note is restricted to the personal use of vaibhav.suresh@brillio.com.