Forrester

Why Now? Why An API Security Landscape? For years, different departments within organizations have passed the responsibility of API security from one to another while companies reaped the benefits of the API economy. Unfortunately, with inadequate protection and security, cybercriminals have also been capitalizing on this growth. Existing tools have often fallen short — either not going far enough in their protection or simply not being purpose-built for APIs. While API discovery and policy enforcement have gained traction, it’s time for companies to elevate their approach to API security maturity. Simply put, it’s the right moment for businesses to build an API security landscape that addresses the modern challenges head on. So What Do We Mean By API Security? Forrester defines API security software as: Software that discovers and analyzes API traffic and endpoints and implements security policies and controls to protect APIs from unauthorized access and abuse. The market is evolving rapidly, and new opportunities are emerging. But the question remains: Where should professionals begin? The Shifting Landscape Of API Security In 2024 As enterprises rapidly embrace microservices, the role of API security in safeguarding digital ecosystems becomes critical. APIs, the essential building blocks that enable interconnected systems, have seen unprecedented growth, bringing both opportunities and vulnerabilities. Forrester’s recent Q3 2024 report on the API security software landscape provides essential insights into the vendors, challenges, and emerging trends in this space. The Growing API Landscape: A Double-Edged Sword APIs have transformed how organizations innovate, modernize their infrastructure, and connect with customers and partners. As API usage has skyrocketed, however, so too has the attack surface. Many organizations possess more APIs than they realize and, being purpose-built for sensitive data exchange and critical business logic, they are an ideal target for cybercriminals using sophisticated techniques such as API parameter manipulation, injection attacks, and access token spoofing. According to Forrester’s research, API security software is no longer a “nice to have” but a necessity. The API Security Vendor Landscape: Fragmentation And Consolidation Forrester’s report on the API security software market identifies a diverse set of vendors, each offering different capabilities tailored to specific business needs, but this market remains highly fragmented. The API security market has seen notable consolidation in recent years. This trend toward consolidation aims to integrate API security as a core component within broader application security and web application firewall platforms. At the same time, smaller, specialized vendors continue to innovate by offering dedicated solutions for API discovery, protection, and threat detection, and specialized API security startups are jumping into niche fields. API Security Challenges: Misconceptions And Gaps One of the most significant issues facing security teams today is the widespread misunderstanding of what constitutes effective API security. Many organizations equate API discovery and traffic monitoring tools with comprehensive API security, leading to a false sense of confidence. While these tools are essential, they only address part of the problem. Forrester’s recent report, The API Security Software Landscape, Q3 2024, provides a comprehensive overview of the current state of the market and offers valuable insights for security leaders navigating this complex landscape. And yes, the eight components of API security are leading in this evaluation toward creating a comprehensive API security strategy. By selecting the right API security vendors and adopting forward-thinking security practices, security leaders can ensure that their organizations are well equipped to face the challenges of the API-driven future. source

A spotlight has recently been cast on a problem many considered solved: advertising in proximity to unsafe content. Even while using common, industry-standard brand safety tools, brands have unknowingly demonetized articles, news publications, and content including terms like “protest,” “gay,” and “covid.” For example, a 2023 TIME magazine Person of the Year article featuring Taylor Swift was errantly marked unsafe by brand safety technology for containing the word “feminism.” Meanwhile, the same technology vendors allowed ads to be placed alongside content so disturbing that any further specificities would have to be redacted from this blog post. It isn’t just a question of blocking a bad URL or keyword and apologizing, because ad revenue is oxygen on the internet. Top-down standards for brand safety — even those crafted with the best of intentions — have recently failed, leaving marketers looking for alternative solutions. Take the Global Alliance for Responsible Media (GARM), for instance, which was shuttered in July of this year as soon as it faced meaningful legal scrutiny. Now, the US DOJ is asking DoubleVerify, IAS, and Google for clarification on how US Department of Defense funds for army recruitment came to be spent on hate sites. It’s Time For Brands To Get Brand Smart If the World Federation of Advertisers, accredited brand safety vendors, the US Army, and all the combined technology available to Google are each unable to solve for brand safety, what can a marketer do to maintain their brand’s reputation on the internet while funding content that aligns with their brand’s values? The answer is that each brand, and team of marketers, must begin charting their own path for brand safety. Relying on outside standards bodies or static keyword exclusion lists to guide this process isn’t just inadvisable but can be illegal, such as when lending institutions and real estate brokers block ads from serving to protected classes. It’s time for brands to get brand smart, an approach characterized by three hallmarks: Flexible, bottom-up standards. Brand standards should exist as a living document, updated with learnings accumulated through social listening and first-party audience retargeting — not as an immutable stone tablet of negative keywords, chiseled in a lost era. Quality-driven inclusion. Identify what publishers and supply sources perform well in open auctions, consistently meet your brand’s standards, and buy directly. The more “blind programmatic” advertising you purchase, the more beholden you are to the cat-and-mouse game between poor-quality publishers and the vendors that chase them. Context-aware creative. Advertisers that make it to the world of high-quality, brand-safe content still have a responsibility to craft resonant, contextually aware ads — that aren’t jarring, tone-deaf, or adult-themed — especially in content environments that may have audiences heavily saturated with families and kids.   My latest research, Brand Safety Is Broken; It’s Time To Get Brand Smart, provides recommendations for how to navigate brand safety and shift to this new approach that helps brands connect authentically with dynamic audiences. Forrester clients who would like to audit their current brand safety tools, technology, or processes should schedule a guidance session or inquiry with me. source

Last week, I attended Basware’s annual customer event in Lisbon. The event focused on sharing the company’s latest product and strategy updates with customers and gathering feedback on products and user experiences. A recurring theme was Basware’s customer-centric innovation. Here are some noteworthy updates: Advanced data analytics and insights. Invoice and accounts payable (AP) data are essential for cash management and financial planning, yet many companies struggle to extract meaningful insights. Existing tools offer only basic summaries, requiring manual analysis and lacking AP-specific detail. To solve this, Basware has launched Insights, a solution built for AP process mining that delivers targeted benchmarking insights for AP teams, enabling smarter decisions and deeper analysis. Forrester believes that more AP invoice automation vendors will join the race to offer advanced data analytics and insights capabilities. In our recently published evaluation, The Forrester Wave™: Accounts Payable Invoice Automation, Q3 2024, we also highlighted that advanced insights will be a key differentiator in the AP automation space. Return-on-investment analysis. In today’s economic uncertainty, CFOs need clear ROI and business outcomes. With tighter budgets, companies demand proof of value for AP automation investments. To meet this need, Basware’s customer 360 project helps clients accurately measure business impact and calculate the ROI of automation. This approach aligns well with Forrester’s Total Economic Impact™ methodology, which offers a comprehensive ROI analysis and technology investment business-case framework that includes future technology, business flexibility, and associated risks. Invoice fraud management. Invoice fraud is a growing challenge as businesses shift from paper invoices to e-invoicing. Fraudsters exploit digital channels, particularly business email, to launch attacks by counterfeiting electronic invoices and using fake email addresses to deceive buyers into making payments to illegitimate suppliers. To combat this, Basware has introduced advanced AI/ML-based fraud management models that leverage extensive customer invoice data to flag suspicious suppliers and invoices. Forrester predicts that invoice fraud will continue to rise, with vendors competing on the accuracy and performance of their AI/ML risk models and algorithms. To learn more about AP invoice automation, Forrester clients can read Forrester’s relevant reports and webinars (see the below links) or request a guidance session or inquiry. The Accounts Payable Invoice Automation Landscape, Q4 2023 The Forrester Wave™: Accounts Payable Invoice Automation, Q3 2024 Lessons From The Forrester Wave™: Accounts Payable Invoice Automation, Q3 2024 source

Last week, I attended the fourth annual ChurnZero conference, ZERO-IN (formerly Big RYG), in Washington, DC, and the energy and inspiration are still resonating. For those unfamiliar, ChurnZero is a customer success (CS) platform, technology designed to allow CS teams to understand customer behavior, predict their needs, and proactively offer solutions that deliver customer value and lead to retention, growth, and advocacy. The conference brings together CS industry leaders and executives to network, share, and evolve CS strategies and best practices. With a mix of keynotes, workshops, and breakout sessions, it’s a valuable resource for anyone involved, directly or indirectly, in customer success. AI, Scaling Through Digital, And Customer Success ROI Are In The Crosshairs This was my second time attending, and I remain impressed at the intentionality of the agenda as well as the list of speakers. There were founders, executives, and notable CS leaders sharing practical — and actionable — advice along with their personal experiences, aimed at setting CS professionals up for long-term success. Here are three key topics I zeroed in on: Inspire with AI. Multiple sessions covered how CS, CX, and revenue leaders should move beyond AI use cases that lack value and instead use AI to drive strategy, scaling the impact across their existing customer base. A few other sessions discussed how to determine the right balance between AI efficiency and how to maintain a human touch in customer interactions. This is all timely and super-relevant. Over the next few years, CS professionals must be willing to examine how customer engagement will evolve, and how with more advanced AI capabilities they’ll need to adjust their strategy to be able to respond to customer needs appropriately. Innovate through digital. These sessions were standing room only, and that’s no surprise given how CS leaders have been tasked to “do more with less” and the fact that customers both want and expect digital engagement. Sessions focused on important topics such as assessing your digital CS maturity to understand where there are gaps, benchmarking your digital CS program against industry standards, and learning steps to improve. Another session highlighted how to harness both digital and human approaches to ensure harmony between the two, providing customer success managers with more time for more strategic and less repetitive work to deliver better results. If you’re a CS leader and need to reduce your cost to serve and increase internal efficiency gains, this should be a priority on your agenda. Influence the C-suite. Speakers emphasized that CS leaders must influence leadership and investors with a compelling story by leveraging customer insights to highlight the CS team’s achievements and future needs, as well as to demonstrate how CS protects existing revenue. We also heard from multiple executives that investors want to hear more about the customer. As Bill Wagner, former president and CEO of LogMeIn and current board member of ChurnZero, explained, “Boards love hearing customer insights, and they’re not hearing them enough.” These sessions were insightful, but it does beg the question of why CS still needs to prove its legitimacy and earn a seat at the executive table. Assess The State Of Your Customer Success Strategy 2025 will be a pivotal year for CS, and what better time than planning season to revisit your CS strategy and ensure that it is sound? CS leaders should ask and answer key questions about team purpose, strategic alignment, and measuring progress against these. They should also review their technology/data readiness, advance customer journey/lifecycle management practices, and improve budget/capacity planning. Forrester can help. Clients can access our Customer Success Strategy Assessment (subscription required) and score themselves against six key strategic areas. In addition, this assessment can help you outline a plan to improve your CS capabilities and deliver a strategy that will save you time, money, frustration, or perhaps a bit of all three — so take it today and endeavor to make your CS strategy more impactful. source

As the digital landscape continues to evolve, the convergence of edge computing, the internet of things (IoT), and operational technology (OT) is creating both unprecedented opportunities and significant challenges for IT operations. The integration of these technologies is transforming how businesses operate, offering new ways to enhance performance, security, and efficiency across a fragmented array of devices and use case scenarios. AIOps (AI for IT operations) is emerging as a crucial tool for managing and optimizing these interconnected environments. By providing contextualization within the larger IT estate, AIOps ensures seamless performance, enhanced security, and operational efficiency. This blog explores the pivotal role of AIOps in this dynamic landscape. This blog is part of a four-part series of blogs. The series delves into the intersection of AIOps with: The future of AI-driven IT operations (Carlos Casanova). DevOps and agile (Devin Dickerson and Andrew Cornwall). Autonomous networks and business-optimized networks (Andre Kindness and Octavio Garcia Granados). Edge, IoT, and OT computing (Michele Pelino). Real-Time Data Processing One of the most significant advantages of AIOps is its ability to enhance edge computing through real-time data processing. By enabling data analysis and decision-making at the source, AIOps reduces latency and improves responsiveness, which are both key value benefits of edge computing. This capability is particularly important in environments where immediate insights are required, such as in industrial automation, mission-critical building operations, or smart-city use cases. With AIOps, organizations can process data closer to where it is generated, leading to faster and more accurate decision-making. Four Edge Environments Edge computing is not a “one size fits all” solution; it encompasses four environments, each with its own set of technologies, devices, and use case scenarios. AIOps helps identify and optimize these four edge environments, ensuring that each one operates efficiently. Whether it’s a remote industrial site, a smart building, a mobile edge, or a micro data center, AIOps provides the insights needed to manage and optimize these diverse environments. Additionally, AIOps plays a crucial role in integrating IoT at the edge, enabling intelligent insights driven by seamless connectivity and data captured from these connected devices. IoT Device Management Managing vast networks of IoT devices can be a daunting task, but AIOps simplifies this process by providing efficient monitoring and management capabilities. AIOps ensures that IoT devices perform optimally, minimizing downtime and reducing maintenance costs. By leveraging AI-driven insights, organizations can proactively address potential issues before they escalate, ensuring that IoT networks remain reliable and efficient. Operational Technology Integration The integration of IT and OT has long been a challenge for many organizations. AIOps bridges this gap by providing unified visibility and control over industrial systems and processes. IoT solutions are often leveraged with AIOps to optimize operations, achieve KPIs for key processes, and ensure that both IT and OT environments work seamlessly together. With AIOps, organizations can achieve greater operational efficiency, reduce costs, and improve overall performance across these IT and OT scenarios. Predictive Maintenance AIOps can greatly improve preventive maintenance efforts through its predictive analytics capabilities. By analyzing data from OT environments, AIOps can help predict equipment failures and maintenance needs, reducing unplanned downtime and extending the life of assets. This proactive approach to maintenance not only improves operational efficiency but also helps organizations save on repair and replacement costs. Enhanced Security Security is a top concern in any digital environment, and the convergence of edge, IoT, and OT introduces new vulnerabilities. AIOps can be used to strengthen existing security measures by contextualizing real-time telemetry for detecting and mitigating threats. By embedding Zero Trust principles into the network, AIOps helps to enforce only authorized users and devices that can access critical resources. This proactive security approach protects against cyberthreats and ensures compliance with industry standards. Scalability And Flexibility As the demands of edge, IoT, and OT deployments grow, so too must the capabilities of IT operations. AIOps provides the scalability and flexibility needed to adapt to these changing demands. By leveraging AI-driven insights, organizations can scale their operations efficiently, ensuring that their IT infrastructure can support new technologies and business needs. This adaptability is crucial for staying competitive in a rapidly evolving digital landscape. Embrace AIOps For Edge Computing, IoT, And OT The convergence of edge computing, IoT, and OT presents both opportunities and challenges for IT operations. AIOps is a powerful practice that helps organizations navigate this complex landscape by providing real-time insights, enhancing security, and ensuring operational efficiency. By embracing AIOps, businesses can optimize their IT operations, drive innovation, and achieve their strategic goals in the digital age. Starting in January of 2025, for Forrester clients, we’ll offer a series of webinars that align with this series of blogs. Be sure to mark these dates in your calendar for the upcoming webinars. Follow the analysts below for notification when the registration links are available.   Be sure to check out the other blogs in this series: source

As the holiday season approaches, retail leaders must work closely with their security teams to prevent breaches and downtime that can disrupt operations, frustrate customers, and lead to lost sales. Application flaws remain one of the top attack vectors: In 2023, 58% of security decision-makers noted that application-related exploits were the external attack vector that led to breaches, up from 52% in 2022. Retailers’ pandemic-induced digital transformation continues, and security leaders are shoring up the technologies to protect applications built with open source and running in the cloud. In our report, The State Of Application Security, 2024, we noted three application security technologies that security decision-makers at retailers are particularly eager to adopt: Software composition analysis (SCA). Software composition analysis tools scan an application to build an inventory of open-source and third-party components, helping security teams and developers find and remediate vulnerabilities, license risks, conflicts, and noncompliant usage. With software supply chain attacks responsible for several top breaches last year, SCA has become a critical tool for both generating and analyzing software bills of materials. One in four security decision-makers at retailers indicated that they planned to adopt SCA in the next 12 months. Container security. Container images continue to be ripe for targeting, with many images running in production having critical or high-severity security flaws. Some container security products — often part of SCA tools — look at container images in the pipeline and identify vulnerabilities to be remediated in the image itself. Other container security tools monitor containers in production, protecting against issues such as configuration drift and access violations. Almost one-quarter of security decision-makers at retailers said they will adopt container security in the next 12 months. Serverless security. Organizations leveraging serverless architectures must contend with a combination of traditional and newer attack vectors. Serverless security tools inventory serverless functions, find vulnerabilities, and protect functions at runtime. Among security decision-makers at retailers, 24% shared plans to adopt serverless security in the next 12 months. Note that securing serverless functions also requires investing in traditional code security tools like static application security testing and SCA. Use these data points and other trends from The State Of Application Security, 2024 to compare your company to your peers and justify application security plans to your leadership team, for both the holiday season and year-round. If you are a Forrester client and would like to discuss further, we invite you to set up a guidance session or inquiry with us. source

One of the most strategic, and costly, business applications is enterprise resource planning (ERP) software. ERP is critical to an organization, underpinning functions such as finance and business operations. Organizations should strive for a modern ERP solution, but modernizing ERP is often a costly and time-consuming process. Firms also face the decision of whether to move off of on-premises ERP to software-as-a-service (SaaS) solutions. Deciding to, and deciding how to, modernize your ERP solution thus requires careful consideration. That is why Forrester wrote the report Quantifying The Business Value Of SaaS ERP to help technology leaders understand the potential longer-term financial and business impact of replacing on-premises ERP with modern SaaS ERP. While SaaS ERP is dominating the conversation of modern ERP, on-premises ERP still remains an option. Many ERP vendors are pushing customers to move to SaaS through price hikes and compliance threats. Don’t let these factors rush your decision to switch to SaaS. Instead, create a business case that looks at the advantages and disadvantages of SaaS ERP. We created a simplified version of Forrester’s Total Economic Impact™ (TEI) model for SaaS ERP (downloadable tool included in the report) to help consider factors such as benefits, costs, risks, and flexibility. Take A Pragmatic Approach With any modernization effort, there is naturally some risk and considerable costs involved. For SaaS ERP, the primary cost to consider is the ongoing subscription fee, which is often more expensive than the license-plus-maintenance fees over time. Other common concerns are loss of application control and vendor lock-in. While these apprehensions are valid, we find that in most situations, the overall business value of SaaS ERP outweighs these cons. SaaS ERP offers innovation, agility, and user empowerment. Updates are more frequent and incremental, all users are on the same version, and SaaS vendors can often provide better security and performance than firms can in-house. By considering SaaS ERP from all angles and taking a long-term view of the potential business value, technology leaders can create a comprehensive business case for SaaS ERP specific to their organization. Let’s Connect The report Quantifying The Business Value of SaaS ERP is a great place to start in crafting a business case for SaaS ERP. If you want to discuss this in further detail and review your results, schedule a guidance session with a Forrester analyst. For comprehensive help with crafting a business case, explore Forrester’s consulting options. source

“Muddy language is not confined to policies alone. Each of you has seen replies to simple questions in which the meaning was lost through hopelessly obscure wording.”— General Omar Bradley, the second administrator of the US Department of Veterans Affairs, 1947 One of the core principles of high-performance IT (HPIT) is alignment. But what we are aligning to differs greatly between the public and private sectors. For example, in the private sector, organizations often view investments through the lens of profit and revenue. In the public sector, however, it’s about achieving impactful outcomes and delivering value to society. It’s also important to recognize the cultural and linguistic differences between the private and public sectors. For example, terms such as revenue and profit in the private sector translate to outcome and impact in the public sector. Aligning language in this way helps ensure that everyone is on the same page, which can significantly improve communication, reduce misunderstandings, and lead to more effective initiatives. Introducing High-Performance IT For The Public Sector And Government This is why we have recently revisited our earlier HPIT research, which was originally heavily private-sector-focused, and reframed key parts of the framework to ensure that it speaks directly to the needs of mission leaders, civil servants, and the wider public-sector ecosystem. Our first report, Applying The Styles Of High-Performance IT: Public Sector And Government, explores different IT investment styles as part of an IT strategy and highlights the tangible benefits that these approaches can produce for mission leaders and civil servants. Along with my colleagues Devin Dickerson and Carlos Rivera, in this report, we delve into: The different styles of IT investment and how they align with broader organizational goals for technology-enabled delivery in the public sector. The strategic benefits that each investment approach can bring, from cost optimization to enhanced service delivery, to ensure that mission leaders make informed decisions about technology investments. How public-sector IT organizations should respond by strengthening different internal capabilities depending on the style of their IT investments. What’s Coming Up Next Understanding these IT investment styles is crucial for maximizing the value of technology within the public sector. In the coming weeks, we will add a new HPIT Readiness Assessment tailored for organizations in the public sector and government. A series of case studies from government agencies and other mission-based enterprises that have successfully applied our approach will complete this update. So whether you’re a civil servant, policymaker, or simply someone curious about improving public-sector IT strategy, this report will give you a valuable understanding of what HPIT looks like in the service of the public. As always, Devin, Carlos, and I would value hearing your thoughts on these efforts and any feedback from those with client access to the report after you’ve had a chance to explore it. Finally, if you’re looking for continuous guidance and support, the team at Forrester is ready to serve: You can raise a guidance request or log an inquiry here. source

Development has reached new speeds thanks to the twin accelerators of DevOps and agile methodologies. Now the integration of artificial intelligence (AI) has the potential to boost IT operations (ITOps) even more. AIOps, or AI for IT operations, is not just a buzzword; it is an innovation that provides real-time insights, contextualization, and proactive capabilities essential for the success of DevOps and agile practices. This blog examines how AIOps can significantly enhance the efficiency, speed, and reliability of software development and deployment processes, enabling organizations to deliver high-quality products more swiftly and effectively. This blog is part of a four-part series of blogs. The series delves into the intersection of AIOps with: The future of AI-driven IT operations (Carlos Casanova). DevOps and agile (Devin Dickerson and Andrew Cornwall). Autonomous networks and business-optimized networks (Andre Kindness and Octavio Garcia Granados). Edge, IoT, and OT computing (Michele Pelino). Accelerated Development Cycles With its potential to accelerate development, AIOps promises reduced cycle time long sought by agile developers. AIOps can also help streamline DevOps pipelines by automating repetitive tasks that previously needed manual intervention, freeing up valuable time for developers to focus on the more complex and creative aspects of their work — and reducing developer toil. AIOps can detect and help remediate security and compliance issues in the code, reducing cognitive overload. Continuous Integration And Delivery AIOps can help improve continuous integration and celivery (CI/CD) processes. By using AI, testers can generate tests and keep them consistent as the product changes. By reordering builds and tests, AIOps can save valuable developer time — providing feedback to developers sooner rather than later when there are problems. As a result, the CI/CD pipeline becomes more robust, reducing false positives and enhancing the overall development experience. Enhanced Collaboration Successful DevOps requires collaboration between development and operations. AIOps fosters this collaboration by helping to refine requirements, set up plans, and gather project information for all the stakeholders of a product. AI-driven insights can help break down silos and promote a culture focused on solving business problems. With a unified view of the entire IT landscape, teams can work together more effectively, sharing information that leads to better decision-making and faster problem resolution. Proactive Incident Management AIOps enables organizations to predict and resolve incidents before they impact production, ensuring high availability and reliability of applications. By analyzing vast amounts of data in real time, AIOps can identify patterns and anomalies that may indicate potential issues. Developers get new insights into the health of their software in production, and automated root-cause analysis of failures pinpoints the problems faster. This lets teams address problems before they escalate. The result? Reduced downtime and happier users. Data-Driven Decision-Making AIOps is a powerful tool for data-driven decision-making. The analytics produced by AIOps provide actionable recommendations that can significantly improve strategic planning and operational efficiency. When leveraged by development teams, these insights become a feedback loop from production into the software development lifecycle, shrinking the awareness gap between development and operations. At the organizational level, these insights inform decisions that align closer to business goals and strategic objectives. Scalability And Flexibility As organizations grow and evolve, their IT operations must be able to scale and adapt to changing requirements. AIOps is a key enabler for the scalability and flexibility needed to support agile and DevOps practices. These insights are a powerful tool for identifying areas where the size or complexity of workloads or projects drives the need for more efficient and effective operational solutions and practices. A byproduct of this awareness and adaptability is product teams that are more responsive to challenges and opportunities in today’s dynamic market environments. DevOps Leaders Can’t Afford To Ignore AIOps The integration of AIOps into DevOps and agile methodologies is poised to affect the way organizations approach the software development lifecycle, from design through day-two operations. Although technical and cultural challenges abound, developers, operators, and leaders can’t afford to ignore AIOps. Read Improve Developer Experience With Generative AI to see how AI will change the experience of those involved in the software development lifecycle. Starting in January of 2025, for Forrester clients, we’ll offer a series of webinars that align with this series of blogs. Be sure to mark these dates in your calendar for the upcoming webinars. Follow the analysts below for notification when the registration links are available.   Be sure to check out the other blogs in this series: source

Governments, fueled by populism, are now taking regulatory aim at the tech industry, which the public considers a source of disinformation and discord. But curbing the might of the tech giants is a challenge that will require governments to use new regulatory tactics. These efforts will appeal to constituents and civil servants in the short term, but public-sector leaders’ focus on regulatory action risks blinding them to growing operational vulnerabilities in customer experience and technology-enabled programs. These challenges follow two years in which the public sector struggled with post-pandemic social and economic realities and the rise of new technologies. Two years ago, Forrester predicted that public-sector hesitancy to adapt would hinder crisis preparedness. For 2024, we expected that government leaders who heeded our warnings would be well placed to tackle two emerging issues: at home, the economic and social implications of generative AI (genAI), and abroad, the desire from emerging superpowers to end the US-led liberal democratic world order. As it turns out, we were right: GenAI-created disinformation failed to have any material impact on major elections, and increased protectionism in the name of digital sovereignty caused the emergence of three regional tech markets. As we approach 2025, concerns about political and economic uncertainty, extremism, AI safety, and negative effects of social media on democracy continue to challenge the resilience of societies the world over. Weighing all these factors, we predict that 2025 will be a year in which: Two or more middle-power nations will sign a NATO-like digital defense treaty. This treaty will establish cross-border mechanisms to challenge the power of tech giants, which exert more influence over citizens, markets, and elections. Big countries such as India, Brazil, and the US have the scale to ban or force operational changes at companies like TikTok and X, but smaller nations struggle with solo efforts to regulate these firms. Separate attempts by Australia and Canada to force platforms to pay for media content triggered retaliatory news bans by Meta and Google. These new middle-power alliances will emulate agreements that enable coordinated action and reduce compliance costs, like the UK-Singapore Digital Economy Agreement and joint-enforcement partnership between European and Australian internet regulators. At least one major country will add negative AI effects to health and safety regulations. This will pave the way for workers’ compensation claims against organizations that fail to protect them against the detrimental effects that AI in the workplace has on their physical, mental, and social well-being. More than half of online adults in the US, the UK, and Canada say that it’s important for governments to protect them from the risk of harmful AI content, and 41% of online adults in Australia and 36% to 47% of those in Europe say they don’t trust big tech to manage AI risk. As the societal implications of AI use continue to dominate regulatory discourse, these numbers will rise and spur regulatory action in at least one country — despite industry lobbying against it. Public- and private-sector leaders shouldn’t wait for regulation to mitigate the negative effects of workplace AI — or to build a workforce that reaps its benefits. Start by boosting employees’ AI quotient to ensure that the entire organization has the understanding, skills, and ethics to use AI properly. Government CX will dip for the fourth year in a row. Political instability, shifting priorities, and budget constraints will stymie departments’ attempts to reverse years of declining or stagnant customer experience (CX) quality — despite ongoing rhetoric around customer obsession, cross-departmental CX investments, and the proliferation of government chief customer officers. Forrester’s Customer Experience Index (CX Index™) data shows that CX quality in government has declined since the COVID-19 pandemic, just as it has in the private sector. For example, US federal CX declined by a statistically significant 1.3 points on our 100-point scale from 2021 to 2024; in Australia, government CX declined a whopping 3.5 points in 2024 alone. Forward-thinking government CX leaders can overcome this inertia by overhauling core CX capabilities and increasing whole-of-government alignment around key customer journeys. Read our full ​Predictions 2025: Public Sector And Government report to get more detail about each of these predictions and read additional predictions. Set up a Forrester inquiry or guidance session to discuss these predictions or plan out your 2025 strategy. If you aren’t yet a client, you can download our complimentary Predictions guides, which cover more of our top predictions for 2025. Get additional complimentary resources, including webinars, on the Predictions 2025 hub. source