Forrester

Most US online adults are no strangers to wrangling multiple subscriptions: Per Forrester’s 2024 data, half of US online adults have four or more monthly subscriptions. That’s true also for just over one-third of Baby Boomers and older online adults! Subscription companies have room to improve what they provide their customers and how to help those customers have better experiences with those subscriptions: Despite multiple monthly subscriptions, utilization lags. Only three out of five US online adults say that they take full advantage of their subscriptions. What’s more, fewer than half of US online adults have a clear understanding of all their subscriptions. And — gulp! — nearly one in five have multiple subscriptions that serve the same purpose. Generation Zers are more likely than older generations to have overlapping subscriptions — and to feel overwhelmed by the overall cost of their subscriptions. Consumers are canceling subscriptions — and have mixed experiences. Half of US online adults have canceled a subscription in the last 12 months. And one in 10 are canceling more subscriptions than they are subscribing to. But experiences around cancellation are mixed: A hefty 41% of US online adults agree that subscriptions are too hard to cancel. Consumers want more control over their subscriptions. Two-thirds of US online adults wish they could pause their subscriptions rather than cancel outright. Over half are interested in paying for their subscriptions with pay-as-you-go models, while as many again want the option to choose their own billing dates. Furthermore, over half of younger US online adults are interested in managing subscriptions directly via their banking websites and apps, a trend we expect to grow among all generations. US consumers’ attitudes and behaviors around subscriptions vary across generations, which we dive more deeply into in our latest report, The State Of US Consumers And Their Subscriptions, 2025. If you’re a Forrester client and you’d like to delve into these questions, please get in touch to book a guidance session or inquiry. (cowritten with Eleanor Theriault, senior research associate) source

The current economic and political climate presents significant uncertainty for financial services companies: shifting tariff policies, persistent inflation, geopolitical risks, and rising unemployment. As you navigate the uncertainty, don’t lose sight of the fact that your customers are experiencing it too! Their expectations of you won’t change during challenging times — the reality is that they’ll lean on you even more.   The financial services industry learned from the COVID era that a crisis presents opportunities to deliver value to customers, as well as build trust and deepen your relationships. Forrester’s report, “Financial Services Leaders: How To Thrive Through Volatility,” highlights how financial service leaders can create customer value, optimize resources, strengthen risk management, and lead with courage. Leaders can achieve these aims by:  Distinguishing the cyclical from the secular. Hasty reactions to short-term market movements can be detrimental. Instead, dedicate time to understanding shifts in consumer confidence, interest rates, and stock market indices. Don’t let the noise muddle the signals coming from your customers. Maintaining relentless focus on the customer. Prioritize supporting customers facing financial difficulties by deepening your understanding of their goals and preferences. Leverage granular customer segmentation to develop personas that reveal your customers’ unique needs. These insights will enable you to communicate with them more effectively, offer tailored solutions, and create emotionally resonant experiences that drive long-term trust and loyalty. Hone the processes and systems that will make these efforts possible by leaning on voice-of-the-customer programs or creating and adopting an enterprisewide metrics framework. Cutting costs while maintaining the quality of customer experiences. Leading firms will optimize their existing tech stacks — by, for example, consolidating vendors and eliminating unused licenses — and consider using AI to automate routine tasks. Deprioritize large, risky transformation projects in favor of more time-sensitive initiatives and only make expense cuts when absolutely necessary, ensuring that customer value is preserved.   Lead with courage by communicating transparently to inspire and foster alignment among stakeholders. Galvanize your teams around a unified mission to support your customers through the current volatility while positioning your company for the eventual economic upturn.   Our new report, Financial Services Leaders: How To Thrive Through Volatility, explores this topic and provides practical strategies on how to navigate through this time of volatility. Clients interested in discussing this report and increasing their data sophistication can connect with me via an inquiry or guidance session.  source

The U.S. Department of Defense (DoD) Zero Trust Portfolio Management Office (PfMO) will officially become part of the DoD enterprise and will be led by a newly created Chief Zero Trust Officer. The changes are detailed in a new directive-type memo which describes the new organizational structure, as well as roles and responsibilities. The office will be responsible for coordinating, synchronizing, and accelerating the adoption of Zero Trust across each of the services and major commands within the DoD. Although the ultimate responsibility for Zero Trust initiatives and investment remains with the DoD CIO and other Zero Trust-related governance structures are mostly unchanged, the Chief Zero Trust Officer will provide strategic guidance, direct alignment efforts, and make recommendations for resource and funding priorities. The Upside Of DoD’s Double Down On Zero Trust Given the changes to various elements of the overall US federal cybersecurity strategy — and the resulting uncertainty, including the scrutiny of existing Zero Trust implementation strategies across other departments — it’s good news that DoD is staying the course. The establishment of the office and the creation of a senior executive service-level position to lead it illustrates that, when the stakes are high(est), Zero Trust remains the best model “to impede malicious threat actors in cyberspace.”  The benefits of further formalizing Zero Trust with this new structure include: Shipping the org chart. Conway’s Law is usually invoked as a critique but, in this instance, it could instead be a catalyst to help DoD achieve its ideal outcome: ZERO TRUST everywhere. By creating an organizational unit with a sweeping purview that reports directly to the CIO, DoD has further codified Zero Trust as an integral part of how it will approach the department’s business of information technology and cybersecurity. Ideally, this centralization and oversight should keep the overall strategy cohesive and eliminate siloed implementations, especially between different DoD components. Creating an interface for the rest of the federal government. As DoD soldiers on (pun intended) with Zero Trust, the Office of Management and Budget (OMB) is taking a beat to consider “Zero Trust 2.0” for Federal Civilian Executive Branch (FCEB) agencies. Even though the remit of the Chief Zero Trust Officer is confined to DoD, one important authority granted is interfacing with OMB and FCEB agencies. Given the changes in priorities and staffing at the Cybersecurity and Infrastructure Security Agency (CISA), there is an opportunity for the DoD Zero Trust PfMO to take up the mantle of Zero Trust leadership within the government writ large. This coordination should create a channel for the distribution of Zero Trust guidance and lessons learned that are — literally — battle tested. Although departments outside of DoD and the Intelligence Community (IC) may not have the same rigorous requirements, they are still targeted by adversarial foreign governments and DoD implementations should provide a foundation that can be adapted for other environments in the same way Defense Information Systems Agency (DISA) Secure Technology Implementation Guides (STIG’s) often are. A Portfolio Isn’t Without Pitfalls It might be easy to treat this announcement as unqualified endorsement for Zero Trust in the U.S. government and Zero Trust writ large. After all, if DoD is betting on Zero Trust as its preeminent cybersecurity strategy in a time when great power competition increasingly manifests in the digital sphere, shouldn’t that mean it’s the right bet for all of us? And if the overall strategy is the right bet, doesn’t it make sense to use the same operational and tactical approach? Like so many things in cybersecurity, the answer is “it depends.” How effective this new office turns out to be and whether the private sector should attempt to replicate this specific Zero Trust governance structure are still open questions. For security leaders contemplating a similar approach in their organizations, there are reasons for caution, including: Compliance theater. One potential downside of creating an office whose sole purpose is to scrutinize a wide range of projects for their Zero Trustworthiness™ is that Zero Trust will become performative rather than substantive. Project sponsors and leaders may become overly focused on checkboxes that ostensibly comply with stated Zero Trust goals and objectives but don’t meaningfully implement the principles. That approach may satisfy a gatekeeper so that projects can proceed but, with all due respect to GRC teams everywhere, compliance does not always directly translate to improved security. Turnover turbulence. The existence of a position is not the same as a person in the position. And a person appointed to a position is not the same as a person with a long tenure in a position. Cybersecurity roles are known for high turnover rates, and leadership changes affect consistency and disrupt momentum. The role of Chief Zero Trust Officer is no different than many other senior federal positions: executing on a vision and successfully managing the portfolio will require a certain amount of longevity. An unexpected vacancy can leave the rest of the team scrambling to make sense of an unfamiliar topic or thrashing after a change in direction. Governance alternatives. Despite how it’s often described — a product, a platform, a buzzword that should be ignored and forgotten — Zero Trust is best thought of as an architectural philosophy. Like any philosophy, there may be a founder or a champion. But philosophies can also emerge more organically through the work of like-minded individuals in response to prevailing conditions. Zero Trust is a set of tenets for how to think about how things should be built and a set of broad techniques that can be applied during the construction. But even with a common philosophical starting point, the resulting designs and structures will necessarily be different due to the needs and constraints of particular situations. There are stark differences between the needs of military or military-adjacent organizations and the private sector. The threats are different. The stakes are different. The budget, organizational structures, and incentives are different. Perhaps most importantly, the tolerance for friction in the user experience is different. The

In technology circles, few metaphors have endured as well as Geoffrey Moore’s “Crossing the Chasm“. His framework describes the perilous gap between early adopters and the ultimate majority. This gap, in fact originally espoused by Everett Rogers, occurs where promising innovations stall due to complexity, unclear value, or the inability to scale beyond pilot projects. Diffusion of innovation stops being a sprint to a new world and enters what feels like a grinding uncertain marathon — an analogy that resonates strongly as we consider the evolution from generative AI (genAI) to agentic AI. While genAI’s adoption curve has been steep and accelerated, propelled by its immediacy and accessibility, the move to agentic AI — autonomous, goal-oriented systems that can reason, plan, and act — is far less straightforward. The Complexity Gap From GenAI To AI Agents GenAI thrives on discrete prompts and outputs: a well-crafted question leads to a coherent answer, image, or draft. Its failure modes — including hallucinations, bias, and data quality issues — are visible and relatively easy to mitigate with humans in the loop or other oversight mechanisms under the banner of responsible AI. But agentic AI and AI agents introduce new layers of complexity. These systems aren’t just generating content; they’re orchestrating multi-step tasks, making autonomous decisions, and interacting with real-world systems. As my Forrester colleague, Leslie Joseph, highlights in his seminal report, “Why AI Agents Fail (And How To Fix Them),” a simple genAI application doesn’t present the risk of inter-agent collusion, but agentic AI does. Indeed, agentic AI carries this and a whole host of additional failure modes, including: Task orchestration risks: Poor sequencing or logic breakdowns can derail an entire process. Goal misalignment: Agents may optimize for the wrong objectives, creating unintended consequences. Error compounding: Minor flaws in early steps magnify as agents execute downstream tasks. Integration fragility: Reliance on APIs, retrieval-augmented generation, or legacy systems increases operational risk. Testing and governance challenges: Validating and auditing an agent’s decision pathways is exponentially harder than reviewing a single genAI output. Why The AI Adoption Timeline Will Stretch Over The Next Decade Proponents of agentic AI argue that we’re on the cusp of mainstream deployment; however, we believe this transition to a new mode of interaction between humans and technology will take far longer. Unlike genAI, which can often be trialed in isolation, agentic AI requires robust guardrails, trust frameworks, and deep integration with enterprise workflows. It moves from “generate and review” to “plan, act, and potentially fail autonomously,” a leap that many risk-averse organizations will hesitate to take. We anticipate several years of messy experimentation and careful refinement before agentic AI fully crosses its adoption chasm. Enterprises will need to invest heavily in new architectures, testing, security, and governance practices that are barely understood today. The ‘hollow enterprise or hollow state’ risk during outsourcing based on AI solutions is just one real and present example. This void between the promise and reality isn’t just about technology maturity; it’s about organizational readiness, cultural change, and the ability to manage new forms of technological and operational risk. Change means new or as yet not understood risks, risk means fear, and fear means resistance. Now you have a kind of adoption friction that didn’t exist when Open AI released ChatGPT, with the firm continuing to allow their core offering to scale almost exponentially. The hard truth is the path from genAI to agentic AI isn’t a straight line. It’s a difficult leap across a canyon of complexity. And while the destination holds immense potential, getting there will require patience, discipline, and a much deeper appreciation of the risks and failure modes than currently acknowledged by the overconfident techno-optimistic narratives coming out of Silicon Valley. But this doesn’t mean we should all sit back and stare powerlessly into the chasm as if slow march to this new future is a fait accompli. We’re human, not AI, and as technology leaders we have agency and autonomy. We know that by adopting the principles of high-performance IT that organizations can maximize the available outcomes of early-stage agentic AI and prepare for those opportunities on the horizon for truly autonomous AI solutions. Want to know how? Join me at Technology & Innovation Summit APAC 2025 for my keynote, “Machines, Gods and Kaos: High Performance IT… Because Prayer Isn’t A Strategy“, on August 19th in Sydney at the Sheraton Hyde Park or online on our Digital Events Platform. Register here. source

The results are in from the APAC region’s submissions for Forrester’s Enterprise Architecture Awards, and they’re awesome. APAC-based organizations are setting a new bar for enterprise architecture excellence. The question now is: Can the EMEA region and the Americas rise to meet the challenge? The APAC Advantage: Six Patterns Of Excellence As Forrester analysts and Open Group architects analyzed submissions from leading organizations across financial services, insurance, telecommunications, healthcare, manufacturing, and retail, they noticed six distinct patterns that separate the exceptional from the merely good. One: Quantified Business Outcomes Are Table Stakes Gone are the days of vague architecture benefits. The analysis of the APAC-based organizations’ winning submissions reveals a consistent pattern of concrete, measurable results: Cost reductions of 15% to 25% reported across multiple organizations through process optimization, system rationalization, and technology adoption Operational efficiency gains of 40% to 90% in specific processes through automation and standardization Time-to-market improvements of 30% to 50% through streamlined architecture patterns, innovations, and delivery Annual savings ranging from millions to billions in local currency through legacy decommissioning Multiple submissions demonstrated architectural initiatives backed by hard numbers and clear attribution to business value. Two: Cloud Transformation With Measured Impact APAC organizations aren’t just moving to the cloud — they’re measuring every aspect of the journey: Reports from multiple organizations of 5% to 20% reductions in cloud costs through optimization Near-perfect uptime (99.9%+) achieved through cloud-native architectures Significant unit cost reductions through elastic scaling and resource optimization Infrastructure-as-code implementations eliminating overprovisioning These aren’t pilot projects — submissions showed production systems at scale delivering daily value. Three: AI And Intelligent Automation In Production The integration of AI and automation emerged as a clear differentiator in high-scoring submissions: Implementing AI-powered tools for training, activity management, and decision support — as multiple organizations reported Adoption rates of 40% to 50% for intelligent tools across user bases GenAI being used for documentation, productivity improvement, and delivery acceleration Real-time analytics platforms reducing decision-making time from weeks or months to days or hours Four: Deep Business-IT Alignment The artificial wall between business and IT has crumbled in APAC’s leading organizations. Winning submissions consistently demonstrated: EA metrics directly tied to revenue growth and customer metrics Architecture artifacts used in business cases and investment decisions Regular board-level architecture reviews and governance Capability maps and roadmaps guiding portfolio decisions Several submissions showed architecture teams embedded in strategic planning committees and C-suite decision-making processes. Five: Mature Governance And Reuse Practices APAC’s top performers have moved beyond ad hoc processes: Millions saved through systematic artifact reuse, as reported by multiple organizations Standardized templates and patterns reducing design time and rework Architecture repositories actively used across business and IT teams Governance embedded in procurement and project approval processes Multiple submissions highlighted how architecture standards are enforced through automated reviews and gates. Six: Transformation At Scale Perhaps most impressive is the scale of transformation. Submissions showed: Enterprisewide implementations across dozens or even hundreds of group companies Thousands of business processes optimized Millions of users served by architecturally sound platforms Multiyear transformation programs with sustained benefits What Makes A Winning Submission? As the judges evaluated these submissions, clear patterns emerged in what separated scores of 5 from scores of 4: Specificity wins. Winners provided exact metrics, timeframes, and attribution. They didn’t just say that they “improved efficiency” — they quantified by how much, over what period, and how it was measured. Show the journey. The best submissions included transformation narratives — where they started, what they changed, and how they measured success at each stage. Connect everything. Every architectural decision tied back to a business outcome. Every technology choice linked to strategic objectives. Every metric connected to value delivery. Demonstrate scale. Perfect scores went to organizations showing enterprisewide impact, not isolated departmental wins. The Challenge To EMEA And The Americas APAC-based companies have thrown down the gauntlet, demonstrating that enterprise architecture can be a powerful force for business transformation at scale. They’re showing that with the right approach, enterprise architecture can directly drive cost reduction, revenue growth, and competitive advantage — all with quantifiable results. The data speaks for itself: When architecture is elevated to a strategic discipline with executive support, embedded governance, and rigorous measurement, the results are transformational. So for companies in EMEA and North America: Are you ready to compete at this level? Your Time To Shine The Enterprise Architecture Awards for EMEA and North America are still accepting submissions. After seeing what APAC has accomplished, here’s how to ensure that your submission stands out: Lead with numbers. Quantify every benefit. Include baselines, targets, and actuals. Show enterprise impact. Demonstrate how architecture drives organizationwide transformation. Connect to business value. Link every technical decision to business outcomes. Provide evidence. Include dashboards, metrics, and governance artifacts. Tell your transformation story. Show the journey, not just the destination. Don’t Wait — Submit Now The deadline is approaching fast. Your enterprise architecture team has likely achieved remarkable things over the past 18 months. This is your opportunity to showcase that work on a global stage, learn from peers, and gain recognition for your efforts. See also: The APAC region has set a high bar with quantified outcomes, scaled transformations, and deep business alignment. Now it’s time to show the world what EMEA and North America can do. Will your organization be among the winners? EMEA submissions NA submissions Submit your entry today and join the global leaders in enterprise architecture excellence. Note: This analysis is based on aggregate patterns across multiple anonymized submissions. Specific metrics have been presented as ranges to protect individual organization identity while demonstrating the caliber of achievement. source

CIOs questioning whether hyperscale cloud providers can deliver on their AI promises should follow the money. The numbers tell the story: Microsoft is spending $80 billion in data centers specifically for AI workloads in 2025. Amazon Web Services (AWS) has announced Project Ranier, a giant AI cluster based on proprietary GPUs, for Anthropic that has received $4 billion in AWS investment. Google Cloud’s multiple data center buildouts include a $2 billion facility in Indiana for AI workloads. Alibaba Cloud has announced new data center architecture specifically for AI workloads. Here’s the kicker: Every public cloud customer is already funding this AI transformation. You are already paying either directly for managed AI services or indirectly through standard cloud bills. Those commodity services cost less to deliver now, thanks to billions saved by extending server lifespans — savings that hyperscalers are plowing straight into AI infrastructure. The New Economics of Cloud Certainly, cloud providers aren’t pulling the plug on commodity cloud capacity — the globe-spanning data centers with network, compute, and storage based primarily on x86 and ARM technologies. Cloud hyperscalers boast staggering capacity: that’s their defining feature. Yet most of their core services remain commodity offerings that generate razor-thin margins or outright losses. These services exist not as profit centers, but as essential hooks to lure enterprises away from their on-premises data centers. Generative AI (genAI) changed the game. Cloud providers finally found their premium play: genAI services command higher margins than commodity infrastructure. While hyperscalers have long deployed custom chips — Google’s TPUs, AWS’s Trainium and Inferentia, earlier NVIDIA GPUs — genAI triggered a spending frenzy. Established hyperscalers, cloud divisions of tech giants, and venture-backed upstarts are all racing to deploy unprecedented capital for this AI gold rush. The result: the AI-native cloud. In the previous generation of cloud services, AI was only one isolated cloud service category. AI-native clouds are making AI by design as an architecture principle. They build AI capabilities into all major cloud service categories, spanning infrastructure, development, and applications. This requires new, more complex physical plants — even bigger than the already-huge commodity cloud data centers — to minimize network latency. Then there are new climate controls to cool dense racks of GPUs sizzling with genAI workloads. The power required for these efforts has led to a revival of nuclear power in the US. For example, Amazon is not only building a data center next to a nuclear power plant but is also investing to develop more of them. A centerpiece of the $500 billion Stargate AI project with OpenAI, Oracle, and Softbank is a 5-gigawatt data center in Abilene, Texas. This follows the Oracle Cloud Infrastructure partnership with NVIDIA to create what it claims is the largest AI supercomputer in the world. xAI is powering up to compete, having obtained licenses in a controversial process for 15 natural gas generators for its Colossus data center in Tennessee. The Innovation Evolution Of Representative Technology Domains Powering AI In The Cloud New Competitors Change the Game While hyperscalers must continue to run their less profitable commodity clouds, new competitors — AI cloud platforms, aka neoclouds — are avoiding the commodity cloud business entirely and focusing solely on AI. For example, Netherlands-based Nebius, formerly the holding company for Russia’s Yandex, has both investment dollars and GPUs from NVIDIA to support AI workloads. CoreWeave, a GPU-only cloud, continues to rack up investment and data center spending and is valued at $23 billion. Vultr, formerly a specialist commodity cloud provider, received $333 million in capital from AMD and a VC to build out AI data centers based on AMD chips, putting its value at $3.5 billion. NVIDIA is building its AI cloud that it says will be bigger than AWS. Your Path Forward The AI-native cloud is thus much broader than the hyperscaler offerings. It can be built by customers directly on cloud provider infrastructure with the open-source AI ecosystem; AI-centric neo-PaaS from providers such as Heroku, Mirantis, or Red Hat; managed AI services from the major cloud provider; AI/data cloud platforms like Databricks and Snowflake; or the neoclouds. The maturation of the Kubernetes-based cloud-native open-source ecosystem is foundational to the AI-native cloud; consider for example, OpenAI’s ChatGPT deployment on Microsoft’s Azure Kubernetes Service. The AI-native cloud upstarts — backed by big investments and partnerships — are accelerating the development of the open-source AI cloud ecosystem. Our reports on these trends, The Key Challenges Of Open-Source Software In AI and Navigate The Open-Source AI Ecosystem In The Cloud, combined with Embrace The AI-Native Cloud Now and How To Get Started With AI-Native Cloud, highlight how enterprises and government organizations can take advantage of a growing number of options to find their own path to the AI-native cloud. We look forward to the opportunity to discuss our findings. Forrester clients can access the full reports and schedule a guidance session or inquiry for further engagement. source

The era of piecemeal, siloed government technology procurement is ending. A strategic sea change is underway, replacing fragmented, agency-by-agency deals with massive, enterprise-level contracts designed for transformational impact. Two recent headline-grabbing agreements: one involving the US Department of Defense and another with the UK government serve as bellwethers of a new global blueprint for how governments will buy, secure, and deploy critical technology for the decade ahead. Exhibit A: The Pentagon’s Portfolio Approach to Enterprise AI Earlier this week, the DoD’s Chief Digital and Artificial Intelligence Office (CDAO) awarded four separate contracts, each valued at up to $200 million, to Anthropic, Google, OpenAI, and xAI. Like JWCC, this competitive portfolio approach allows the DoD to leverage the unique strengths of different platforms and avoid vendor lock-in from the outset. The strategy continues the Pentagon’s evolution from discrete vendor relationships toward a dynamic marketplace for innovation, aligning with GSA’s broader “OneGov” strategy while adding sophisticated enterprisewide portfolio management to the DoD’s purchasing power. Under the terms of the agreement, the DoD can now access the distinct capabilities of each provider. Google, for its part, contributes: Sovereign AI infrastructure. By providing Cloud TPUs and secure, air-gapped environments via Google Distributed Cloud (GDC) at Impact Level 6 (IL6), the DoD is acquiring the foundational infrastructure to train its own large-scale models, reducing reliance on off-the-shelf solutions for its most sensitive missions. From analytics to autonomy. The focus on “agentic AI” signals a move beyond simple data analysis. The goal is to embed decision-support agents using platforms like Agentspace directly into core mission workflows like logistics and intelligence, a far more sophisticated and integrated use of the technology. Exhibit B: The UK’s National Technology Overhaul Across the Atlantic, the UK government’s landmark deal with Google Cloud tells a similar story of consolidation. Instead of renewing thousands of aging, siloed IT contracts, the UK is creating a unified procurement framework to drive a national technology overhaul. The agreement addresses three critical objectives: Aggressively retire legacy risk. The agreement directly targets brittle, decades-old systems, such as those powering police forces and NHS trusts, leveraging emerging tech and Google DeepMind expertise to accelerate the transition. Mandate a national skills upgrade. The contract is tied to a massive training program to equip public servants with AI and digital skills, directly addressing the talent gap that often stalls modernization efforts. Enforce data sovereignty. Critically, the government has confirmed the deal that prohibits Google from training its AI models on government data, addressing a key security and trust concern in public-sector AI adoption. What This Means For Government Tech Leaders These agreements signal fundamental shifts in strategy and execution for government technology leaders: Master enterprise-scale negotiation. The game has moved from managing dozens of small contracts to shaping single, massive enterprise agreements. Leaders must leverage collective buying power to negotiate terms that include integrated migration support, security compliance, and workforce training. Shift from system modernization to mission transformation. “Project-by-project” thinking leads to obsolescence. The new paradigm demands roadmaps built around entire mission portfolios. The question is no longer, “How do we migrate this database?” but rather, “What platform will allow us to transform how we deliver intelligence analysis or citizen services?” Architect for vendor agility. While consolidation unlocks power, it concentrates risk. Critics, like the Ada Lovelace Institute, rightly warn that today’s value deal could “risk lock-in tomorrow.” The Pentagon’s multi-vendor AI award challenges this directly. Sound strategy demands architecting for interoperability and creating competitive provider portfolios to maintain negotiating leverage. Integrate culture and skills development. Procuring the technology is one thing; preparing the organization is another. The UK model of embedding skills development directly into procurement vehicles is a sound strategic move. Technology leaders must champion parallel cultural and training initiatives required for platform success. What’s Next Governments now purchase technology like the world’s largest enterprises. For leaders who adapt to this reality, the opportunity extends beyond modernization to building durable strategic advantages for their agencies and nations. The question remains whether your organization will be prepared to operate at this scale and sophistication. For more insights on government technology strategy and procurement best practices, Forrester clients can schedule a guidance session to discuss how these trends apply to your specific initiatives. source

Educational institutions are becoming increasingly connected and embracing modern technology. As this happens, the need for robust cybersecurity grows even greater. But here’s the catch: Academic freedom — the right to teach, learn, and research freely without censorship; the lifeblood of innovation and academic inquiry — must not be the collateral damage of security policies. Yet this freedom can sometimes clash with the realities of cyber risk. Picture a security and risk professional proposing tighter controls after discovering students using school-issued or personal devices to access gambling or illicit sites on the school’s network — only to face resistance from a dean concerned about overreach, arguing that students may need to research such topics for related coursework. While protecting academic freedom is admirable, it must be done in a way that also safeguards the network and student community from cyberthreats and misuse. The challenge? How do we protect our digital campuses without building walls so high that curiosity can’t climb over them? Think Of Educational Institutions As Hogwarts Imagine that these schools and universities are part of the magical world of witchcraft and wizardry. In these institutions, academic freedom is the magic. It empowers students to explore historical knowledge, question authority, and even invent something new (like a spell). Yes, it’s unpredictable, but it’s a powerful and essential tool to fuel discovery and possibilities. Cybersecurity is the protection or, in this case, the protective enchantments. It’s the controls and visibility that keep your institution from being overrun by dark forces. So without the magic, these institutions are just boring buildings where innovation goes to die. Without protection, that very same “magic” could introduce chaos and bring harm — summoning ransomware trolls, phishing curses, or the dreaded “404 Dementor.” Academic institutions thrive on openness. And much like Hogwarts, they aren’t fortresses of rules; they’re a place where students can experiment, fail, and grow. That’s not to say that Hogwarts didn’t establish boundaries — the Forbidden Forest was off limits (mostly), and certain spells were restricted for obvious and justifiable reasons. Students and faculty need access to diverse resources, the freedom to explore controversial topics, and the ability to collaborate across borders. This openness, however, is also what makes them prime targets for cyberattacks. As such, our modern academic schools and universities must create a similar balance: Letting students explore, but in sandboxed environments where they can’t accidentally (or intentionally) break a network. Encouraging open inquiry through role-based and other conditional access controls, with better authentication to protect sensitive data. Fostering innovation while teaching proper cyberhygiene as a core skill — you know, like Defense Against the Dark Arts. Introduce Security As Guardrails That Don’t Feel Like Censorship The goal isn’t to choose between security and freedom; it’s to design systems where both coexist. Here’s how: Know that it’s Zero Trust, not zero access. Implementing Zero Trust architecture doesn’t mean eliminating access; it means verifying it intelligently. Conditional and risk-based access, multifactor authentication, and behavioral analytics can all keep systems secure without stifling exploration. Teach cyber literacy as a core skill. Just as we teach students to think critically, we should teach them to navigate digital spaces safely. Cyberhygiene, phishing awareness, and data ethics should be part of every curriculum and applicable to their academic and personal life. Protect school-issued and BYO devices. Identify every device connected to the network and enforce conditional access and segmentation so that personal devices can’t access sensitive systems. Additionally, monitor device behavior to detect compromise or misuse. For instance, a student’s Xbox in the dorm should never access the school’s financial records, but that student should be able to do research for a paper via the browser on that Xbox. Institute collaborative governance. IT departments shouldn’t operate in silos. Faculty, students, and administrators should have a seat at the table when cybersecurity policies are created. This ensures that protections are practical and not punitive while offering more transparency to reduce friction and build trust. When users understand why certain restrictions exist — and how they’re being protected — they’ll be more open to support and comply with security measures. Deploy sandboxing for innovation. Want to let students experiment with new software, test code, or explore the Forbidden Forest (aka dark web)? Great! But use isolated or virtual lab environments where they can explore freely without risking the core network or themselves. Realize that the future is hybrid and harmonized. As education continues to blend physical and digital spaces, the institutions that will thrive are those that treat cybersecurity and academic freedom as partners, not opponents. It’s not about locking down knowledge — it’s about unlocking it safely. So what did Hogwarts teach us? That true learning flourishes when freedom and protection work together. In today’s world of distributed connections and digital interdependence, academic institutions must view cybersecurity not as an inhibitor but as an enabler of innovation and inquiry. The right controls act as guardrails, preserving the “magic” of student exploration while defending against modern threats. By fostering cyber literacy, collaborative governance, and secure environments for experimentation, we ensure that curiosity continues to thrive, safely and boldly. Join Me In The Room Of Requirement If you’re ready to explore how your institution can embrace cybersecurity as a force for enablement — not restriction — let’s connect. Whether you’re interested in implementing Zero Trust architecture or designing secure yet open digital environments, I’m happy to help. Forrester clients can reach out to schedule an inquiry or guidance session and discover how we can turn your digital campus into a place where both curiosity and security thrive. I’ll also be discussing Zero Trust governance at Forrester’s Security & Risk Summit, taking place in Austin, Texas, on November 5–7. source

On July 24, a widespread Service Interruption in Starlink satellite services affected thousands of consumer and business subscribers across the globe. As usual, the outage-report volumes are just the tip of the iceberg. What lies beneath the Starlink outage is few magnitudes bigger, having subscribers that experienced issues but didn’t or couldn’t report them. The outage lasted for approximately 2.5 hours.   This is the longest outage Starlink has suffered thus far in its operations as a commercial service provider. Officially, the root cause was a “failure of key internal software services that operate the core network” as posted in X platform by Starlink’s VP of engineering. The harsh reality is that we might not know the exact root cause, albeit FCC’s requirement to receive a Final Communications Outage Report within 30 days.   That’s not great news for anyone. It is important to remember that networks will always have outages and performance degradations; it’s a matter of physics, human intervention, and technology complexity. What made this newsworthy was that it’s the lead high-speed satellite carrier that enterprises and consumers depend on.  What are the key lessons for IT leaders from this unfortunate event?  IT leaders must revisit their non-redundant connectivity strategy. Especially for companies that rely on non-redundant primary satellite connectivity, it may be time to reconsider that approach and whether other technologies might complement your needs. In cases where satellite is the only option, consider bringing a backup satellite connectivity from a different carrier. This strategy requires business, networking, and applications teams to collaborate and assess the applications’ resilience and tolerance to network outages and lower speed/higher latency backup connectivity.   Organizations must hold satellite providers to the highest standards. There’s more to learn here. Terrestrial carriers are held to the highest standards — often with SLAs of five nines of availability for a year; that means being unavailable for no more than 5 minutes and 15 seconds a year. Being down for 2.5 hours … that’s unacceptable. Starlink discloses its uptime or network availability SLA for priority services (business) as three nines — being unavailable for 8 hours and 46 minutes a year. It’s time for IT leaders to demand higher uptimes. Starlink touted that it’s ready to provide network resiliency.   All networking orgs must accelerate observability and AI investments.  As noted above, networks will always have outages and performance degradations. Uptime and fast remediation are essential for customer experience. This makes network automation, network performance management (including visibility, observability, and AIOps), application performance management, fast analytics for root-cause analysts, and systemwide improvements via AI all essential. Automation and AI won’t predict every outage, but it can help adjust, find a workaround, and apply remedies.   Want more information or guidance? Forrester clients can engage with us via an inquiry by emailing [email protected].   source

Modern AI technologies — such as generative AI (genAI), large language models, and agentic AI — have been heralded as the future of customer service. And deservedly so: a conversation with a genAI bot can be built out in a small fraction of the time, and genAI bots now speak in a more comfortable and human manner and have the access and intelligence to blow away experiences we’ve had in the past. But despite the hype, many organizations are discovering that AI alone isn’t delivering the transformative results they expected. Why? The real issues are systemic, persistent, and undersolved for. Specifically, it’s the outdated systems, fragmented processes, poor knowledge, and organizational inertia that prevent AI from reaching its full potential. Our research, “Customer Service Must Evolve To Unlock AI’s Full Potential,” analyzes these challenges — and suggests what enterprises should do about them. We Are In A Moment Of Stepwise Change Adoption of advanced AI capabilities is happening in the contact center. But what we’re getting today are simple and safe tools that improve how we do the same things we have always done — not actually changing service: Call summarization. Agents no longer need to write their post-call notes from scratch. Instead, AI can compose the notes and the agent can edit and submit them — saving a significant amount of time. Improved analytics and quality management. Knowing sentiment, and the content of every call, is opening up exciting new doors for insight into contact center performance. Agent assist tools. From smart suggested answers to next-best-action tools and more, there are ways that AI now helps agents during interactions. These are all examples of capabilities that make contact centers more efficient, but they aren’t providing the promised tectonic shift that brands are hoping for. That change will come when self-service capabilities — powered by modern AI — becomes a reality. The Rubber Doesn’t Meet The Road — The AI Promise Vs. Reality Today, we unfortunately know more about AI deployments that fall short than outperformed. Air Canada’s chatbot made headlines in 2023 for giving a customer incorrect refund information — and the airline was held liable. British Airways’ AI chatbot mistakenly canceled bookings and issued incorrect travel advice, leading to customer frustration and reputational damage. Plus, we don’t currently speak much about customer service use cases for AI beyond chatbots. But the key takeaway here is that these aren’t just chatbot failures — they highlight a critical and often ignored fact: AI is only as effective as the systems, data, knowledge, and processes that support it. Fragmented Tech Stacks Limit AI Effectiveness Today: The contact center tech stack is an eclectic mix of old, new, emerging, and tailored tools — all of which are being upgraded to be new and improved. And it’s becoming hard for buyers to know what’s new and how improved it actually is. Many customer service operations still run on siloed platforms that don’t communicate well with each other. Furthermore, many contact center platforms and tools also have overlapping features and functionalities, making it hard to reconcile for the best experience outcomes. AI tools often struggle to integrate with this complex ecosystem, leading to inconsistent data, broken workflows, and poor customer experiences. Platforms And Features Sell, But Experiences Suffer Today: Many organizations believe they have access to best-in-class technology and features; however, many of them also admit that they aren’t using these to their full potential. Contact center platforms build features at an incredible pace but find it hard to do two things in particular: 1. enable the adoption of these features; and 2. enable access to meaningful data and insights that can improve customer experiences. Consequently, many organizations feel like they’re over-invested in platforms and features but fail to establish either the need or the ROI from features they’ve bought. Workforce Readiness And Change Management Today: AI adoption isn’t just a tech upgrade — it’s a cultural shift. Many organizations underestimate the need to reskill their workforce and manage change effectively. AI adoption in customer service isn’t just about deploying new tools — it’s a cultural transformation that demands new ways of thinking and working. Many organizations underestimate the complexity of reskilling frontline agents, who often lack clarity on how to collaborate with AI tools, which in turn lead to underutilized technology and frustrated teams. To truly benefit from AI, companies must foster a mindset of continuous learning, collaboration, and adaptability across their service operations. Plus, they must understand how AI will transform the customer service workforce. Our research, Customer Service Must Evolve To Unlock AI’s Full Potential, discusses these challenges and outlines best practices for ensuring the AI-enabled future for customer service. AI Is A Tool, Not A Magic Wand AI is a powerful tool that amplifies what’s already working — and exposes what isn’t. To unlock its true potential, customer service leaders should focus on modernizing infrastructure, capturing human expertise, reskilling the workforce, cleaning up data, and continuously benchmarking AI readiness within their organizations. Our research — Customer Service Must Evolve To Unlock AI’s Full Potential — discusses these challenges and outlines best practices to ensure the AI-enabled future for customer service. Visit the Forrester bio page and click “Follow” to receive notifications about our upcoming research. Forrester clients can also schedule an inquiry or guidance session to delve deeper into this topic. source