Forrester

Red Hat CEO Matt Hicks opened the Summit discussing how AI has “changed the game,” with enterprise IT being transformed from top to bottom. Hicks emphasized that AI isn’t just about automation — it’s about building adaptive systems that learn, evolve, and deliver real value. Red Hat’s vision for the future of enterprise IT emphasizes AI integration, enabling agentic workloads, hybrid cloud, and open-source innovation. Much of the delivery of this message was encased in Red Hat’s prototypical manner, speaking directly to the platform engineer, operator, or developer rather than the executive. This delivery style highlights the core challenge for Red Hat in an increasingly service-oriented computing world. The big question: Will customers continue to embrace more complexity in exchange for openness and flexibility? Red Hat brought some impressive brands on stage to share their stories: Turkish Airways, Emirates, Ford, Aramco (the Red Hat Innovator of the Year), and Visa. Red Hat’s FlightPath (i.e., its modernization journey story) also got a customer shoutout on the main stage. All in all, these were the major statements made at Red Hat Summit 2025: AI is a foundational pillar AI is no longer just an overlay on Red Hat’s product suite — it’s being positioned as a new foundational pillar alongside Red Hat Enterprise Linux (RHEL), OpenShift, and Ansible. Red Hat’s AI platform builds upon this foundation, providing tools for fine-tuning, deploying, and managing AI workloads across hybrid and multicloud environments. The AI Inference Server aims to help scale models to production, while the llm-d open-source project, developed with partners such as IBM Research and NVIDIA, tackles inference efficiency across resource-constrained environments. Red Hat’s recent acquisition of Neural Magic further cements its interest in enabling performance, sparse-model execution at the edge. Like with many of Red Hat’s offerings, these moves aim to not simply chase trends but reshape its open infrastructure to make AI a first-class citizen, albeit in a way that assumes substantial in-house expertise (or a GSI partner). OpenShift Virtualization emerges as a lifeboat for enterprises wary of vendor consolidation Built on KubeVirt, OpenShift Virtualization allows VMs and containers to coexist within the same Kubernetes environment, giving platform teams more flexibility in how they modernize workloads. At Summit, Red Hat doubled down on OpenShift as the future control plane not just for containerized workloads but for virtualized ones, as well. New features in OpenShift 4.18, including enhanced live migration, persistent memory, and custom networking, help bridge the gap between old and new, but Red Hat’s assumption that enterprises will manage this complexity in pursuit of flexibility is a gamble that may not resonate with customers expecting simplicity from modern platforms. RHEL 10: security and innovation Red Hat Enterprise Linux 10 messaging was front and center everywhere throughout the conference. Although there were many messages on RHEL 10 improvements, security was called out most prominently. The message was targeted at the CISO aim to balance innovation and security. Red Hat’s expanded Common Vulnerabilities and Exposures (CVE) coverage for Extended Update Support (EUS) and Extended Life Cycle Support (ELS) reduces friction for compliance-focused teams. The RHEL Security Select Add-On offers a 10-pack of CVE fixes, giving security teams greater control. What isn’t as clear is the price tag for this peace of mind. Red Hat has also been working closely with IBM and IBM Research to build out better support into the IBM infrastructure and cloud, along with a focus on “quantum-safe” capabilities to scan libraries for vulnerable items. Software supply chain security and the Red Hat Developer Hub Secure code and developer productivity go hand in hand by integrating security into the software development lifecycle, enabling faster releases, and reducing unplanned work. Red Hat Developer Hub, built on Backstage, provides AI tools and preconfigured templates that enable developers to integrate AI capabilities into existing applications, enhancing customer outcomes without requiring extensive rewrites. Trusted Artifact Signer ensures trusted AI model deployments, strengthening software supply chain security. Red Hat Trusted Profile Analyzer streamlines software bill of materials (SBOM), Vulnerability Exploitability eXchange, and CVE management and provides development teams security feedback in their pipelines. On the horizon are cryptography-BOMs, essential for tackling post-quantum challenges, and AI-BOMs, an emerging technology that depends on greater transparency from model providers. Missing is the ability to ingest and enrich SBOMs for third-party components, which application developers need to assess security risks before integrating them into their applications. AnsibleFest: full integration into the Summit The message was clear: Automation is not a sidecar — it’s the chassis. Red Hat emphasized event-driven automation, extending Ansible’s capabilities into security operations, network infrastructure, and edge environments. New content collections and tighter integrations with ServiceNow and Terraform help unify workflows across tools and teams. For many organizations, though, the challenge remains in operationalizing these capabilities, especially where institutional silos or cultural resistance still stand in the way of true automation maturity. Red Hat’s focus on platform engineering as a strategic discipline may help, but it also puts pressure on enterprises to evolve faster than what they might be ready for. source

SAP Sapphire 2025 marked a strategic turning point. While it featured a flood of updates, from partnerships with Palantir and Perplexity to sweeping changes in pricing and packaging, the real story was SAP’s repositioning of AI as the enterprise operating system. For CIOs, this is a shift in how enterprise applications will be built, deployed, and governed — a shift that Forrester has been discussing for some time. Here is a review of the seven critical signals from Sapphire 2025 and what they mean for your IT strategy and SAP partnership decisions. 1. SAP’s AI Flywheel: From Apps To Agents SAP’s new “flywheel” model — in which apps generate context-rich data, data fuels embedded AI, and AI enhances apps — creates a self-perpetuating cycle of intelligence and efficiency, with SAP promising a potential productivity surge of up to 30%. The centerpiece is Joule, SAP’s AI assistant, now evolving into a pervasive interface layer across SAP and non-SAP systems. Bolstered by integrations with WalkMe for contextual guidance and Perplexity AI for enriched insights, Joule is now empowered to launch autonomous Joule Agents. These agents, tailored for domains such as finance or supply chain, don’t just provide answers; they are designed to turn “signals to action,” fundamentally rewriting how core business processes are executed. This all runs on a new AI Foundation, providing the governance, development tools (Joule Studio), and multimodel support necessary for enterprise-grade AI. What it means for tech leaders: You’re no longer just managing applications — you’re managing an AI workforce. Expect a shift from user-driven workflows to agent-driven execution. Establish policies for agent observability, compliance, and control. 2. SAP Business Data Cloud (BDC): The New Data Backbone SAP’s Business Data Cloud (comprised of Databricks, Datasphere, Business Warehouse and SAP Analytics Cloud) harmonizes structured and unstructured data across SAP and non-SAP systems, preserving business context. Envisioned as a unified data fabric (that will now be available on AWS [live], Google Cloud, and Azure by Q4 2025), BDC leverages the SAP Knowledge Graph to weave together disparate SAP and non-SAP data streams while critically preserving their rich business context. This is the fuel for the entire AI flywheel. What it means for tech leaders: Recognize BDC as the nonnegotiable data foundation; SAP’s entire Business AI vision and its promised value is predicated upon it. Master BDC’s semantic layer and the SAP Knowledge Graph; preserving true business context across federated data is SAP’s core differentiator for relevant and trustworthy AI. Elevate data governance to a strategic imperative; BDC’s multicloud reach and AI reliance demand board-level focus on data quality, lineage, and security. 3. The “Suite As A Service” And Ecosystem: The Answer To Fragmentation SAP is championing a “suite-as-a-service” model. This is not just bundling. It involves five new line-of-business-specific Business Suite packages (e.g., for finance or the supply chain) designed to cater to different buyer profiles. With managed integrations and embedded SAP Build capabilities, the goal is to promote extensibility while enforcing a clean core. SAP’s message (and its major market bet) is unequivocal: Isolated tools, however capable, cannot match the exponential intelligence of an integrated suite when AI is the strategic objective. When it wasn’t focusing on the deep integration across its own suite, SAP was busy announcing partnerships with Perplexity, Palantir, Adobe, NVIDIA, Accenture, and every major hyperscaler, just to name a few partners. Ecosystems drive collaborative advantage in business apps. Partner marketplaces are table stakes; true differentiation comes from a deep, outcome-driven ecosystem strategy. What it means for tech leaders: SAP’s shift toward bundled, subscription-based cloud models and heavy dependence on the Business Technology Platform (BTP) for extensibility increases vendor lock-in. This is partially offset by the extensibility offered by BTP and SAP’s broad ecosystem. Reevaluate your app portfolio: SAP’s integrated AI within the suite-as-a-service model challenges the need for disparate, best-of-breed solutions — raising additional concerns over vendor lock-in. Your SAP strategy now demands leveraging its ecosystem: Identify key partners for gaps/goals and prudently navigate the complex “co-opetition” landscape. 4. Clean Core And Cloud Migration: The Price Of Admission SAP’s most advanced AI capabilities are unequivocally gated behind a clean core and cloud-native architecture. Whether through RISE with SAP now evolving to a “fit-to-suite” methodology to support comprehensive business transformation or GROW with SAP, organizations must modernize legacy environments to unlock this AI value. SAP acknowledges that ECC-to-S/4HANA migration remains a major hurdle, fraught with historical challenges related to cost, timelines, and clean core adherence. To address this, SAP is significantly enhancing its integrated toolchain, Cloud ALM, as well as SAP Signavio (with new AI-driven transformation advisor and root-cause analysis capabilities), and SAP LeanIX (with AI-assisted architecture guidance) infusing AI to provide smarter guidance throughout the transformation. SAP is moving toward mandating that RISE-validated partners use Signavio and LeanIX from day one of major cloud transformation programs. What it means for tech leaders: SAP is increasing its pressure on implementation partners to adopt a clean core strategy, as so far there has been a heavy dominance of brownfield projects. Budget holistically for business, operations, and process transformation, not just technical lift-and-shift projects. Use SAP’s AI roadmap to justify long-postponed modernization efforts. 5. Services Oversight: Elevating Accountability With SAP Services Partners In response to persistent concerns over migration costs, overruns, and uneven quality, SAP is adopting a more hands-on approach to service delivery. It will provide direct oversight on all ECC-to-S/4HANA migration projects and selectively take on delivery responsibilities itself, claiming faster timelines and reduced costs compared to traditional partners. But SAP’s ability to deliver business transformation at scale is still untested, especially for greenfield projects, which typically involve complex process redesign and higher organizational change overhead. Brownfield migrations, which SAP seeks to expedite, are more feasible technically but often compromise on the clean core — an essential prerequisite for SAP’s AI roadmap. What it means for tech leaders: Prioritize service partners with proven clean-core success — aim for over 60% standardization as a continuous journey. Leverage SAP’s seeded tools (e.g., Signavio, LeanIX) early; in 2024,

The Legacy of IT Service Management Is Holding You Back For more than twenty years, IT Service Management (ITSM) has served as the operational backbone for managing incidents, problems, and changes. Yet in 2025, the complexity of enterprise IT environments has outpaced the frameworks and processes once deemed cutting-edge. Despite improvements in incident response, asset management, and CMDB maintenance, the reality is sobering — disruption remains costly, data remains unreliable, and siloed processes continue to slow progress. A broader rethink is underway. Traditional ITSM, with its rigid structures and outdated assumptions, is giving way to a more adaptive model. The future lies in holistic, business-centric service management—not bound to “IT” but embedded across the enterprise. The goal isn’t more process—it’s smarter service. End-to-end visibility, real-time responsiveness, and tighter alignment with business outcomes are now the imperatives. We have outlined the many reasons this transition is needed in our recent report: The ITIL™ Dilemma: Balancing Investment With Value In IT Service Management. From Theory to Action: 10 Ways to Improve Service Management Right Now To break free from this legacy-rooted cycle, organizations must shift their mindset. The call to action is clear: stop chasing maturity through more governance and process and start building agility through service-centric thinking. It’s about managing services end-to-end, from customer experience to operational execution, in a way that is both human-centered, automated, and data-driven per these key actions: Pivot to service management, not just ITSM. A crucial first step is abandoning the narrow focus on IT and embracing service management as a cross-functional discipline. This shift ensures that service delivery is not confined to technical teams but owned collaboratively across the business. It reframes support as a strategic function, one that delivers measurable value aligned with organizational goals, not just operational uptime. Invest in new ways to automate. Too many organizations continue to postpone automation initiatives due to cost or capability gaps. But as system complexity grows, manual service management processes can no longer scale. Intelligent automation, coupled with observability platforms, provides a proactive edge, enabling systems to detect anomalies and initiate corrective action before they impact users. Now is the time to integrate automation into the operational roadmap, not treat it as a future consideration. Focus on improving the employee experience. IT success hinges not just on resolution speed but on how employees experience support. Frictionless, hyper-personalized service is no longer a differentiator—it’s a baseline expectation. Data-driven support models can anticipate issues, reduce ticket volumes, and empower users with seamless self-service options. The service experience must evolve into something intuitive, intelligent, and largely invisible to the end user. Unleash the potential of generative AI. Generative AI (GenAI) has matured past the experimentation stage. When deployed in production, it can compress workflows, streamline documentation, and enhance decision-making. Organizations report measurable gains, such as shaving minutes off routine transactions, resulting in significant cost savings and performance enhancements. GenAI isn’t just a novelty; it’s a force multiplier that’s ready for real-world deployment. Begin experimenting with agentic AI. Agentic AI represents the next leap forward, moving from assistive models to autonomous decision-making systems. These agents can interpret data, respond to exceptions, and execute tasks independently. Implementing them in non-production environments, ideally with trusted technology partners, enables teams to assess the value and risk associated with them while preparing for a broader rollout. This is where AI begins to act, not just inform. Share, communicate, and collaborate. High-performing operations demand high-trust environments. Knowledge hoarding, siloed thinking, and communication breakdowns remain common challenges. Collaboration platforms must enable cross-functional dialogue and transparency. More importantly, employees must feel secure contributing what they know, understanding that shared knowledge fuels more intelligent systems and better outcomes across the board. Get your knowledge management practices in order. AI and automation require structured, accessible, and trustworthy knowledge to function effectively. Most organizations struggle with disjointed and outdated content repositories. Rather than retroactively cleaning legacy data, the focus should shift to building future-ready knowledge. This means embedding capture into daily workflows, ensuring contextual accuracy, and treating knowledge as a dynamic asset, not a static archive. Invest in the success of your people. Technology cannot advance without human capability keeping pace. From training in prompt engineering to developing AI governance expertise, continuous learning must become part of the culture. Upskilling service desk personnel and educating end users alike ensures that automation initiatives are supported by a workforce equipped to manage, interpret, and improve them. IT teams should become centers of enablement, not just execution. Align to common goals. Too often, IT operates in isolation, measuring success through operational KPIs tied to service management processes rather than strategic contribution. Instead, organizations should map initiatives to value streams, tracking how automation and AI improve productivity, reduce ticket volume, and support customer success. Journey-based metrics provide clarity and flexibility, allowing for iterative improvement and tighter alignment with business outcomes. Avoid the extremes. Success rarely lies in radical swings. Centralization versus decentralization, agile versus waterfall, project to product, these binary decisions often lead to inefficiencies. The smarter approach is balance. Apply new technologies incrementally, test assumptions, and iterate based on feedback. This pragmatic strategy reduces risk, builds organizational confidence, and ensures sustainable transformation over time. To learn more about these 10 approaches, watch our recent webinar: The ITIL™ Dilemma: Balancing Investment With Value In IT Service Management. What Comes Next: Build Intelligently, Execute Relentlessly This isn’t just a technological evolution—it’s a strategic reinvention. IT operations must stop chasing maturity through service management processes alone and begin delivering value through intelligence, adaptability, and alignment. The key lies in building smarter systems, empowering people, and leveraging technology not to replace the human element, but to give our best talent a new superpower. Now is the time to abandon the legacy mindset. Start where you are. Think in systems. Act with clarity. These ten actions offer a clear path to modernizing operations in a world that no longer tolerates slow, siloed, or reactive IT. The organizations that succeed will be the ones that stop managing complexity

I’m a Windows user — not just professionally but personally. I’ve enjoyed playing around with Linux, but in business environments, productivity apps have always been lacking for the Linux platform, so I have never been able to fully switch to it beyond VMs and a laptop or two for my own edification. I have never owned a Mac, but I had fun breaking Apple IIcs back in middle-school computer labs. DOS and its successor of Windows has been my OS of choice for over four decades, for the same reason they’ve been for billions of users and hundreds of thousands of businesses: application availability, hardware flexibility, general ease of use (though each new major Windows release makes you relearn processes), and, to some extent, availability of security controls. I am not surprised to hear howls of derision when mentioning “security” and “Windows” together. A fair bit of this is likely coming from people who run as a local admin on Windows desktops; have turned off functions such as User Account Control, Defender, Windows Firewall, or Credential Guard; and ignore updates until they get tired of being notified of them even months after they were released. In business environments, many of the same people who question the security of Windows will still allow users to be full local admins and install any applications they desire, relying on additional endpoint security tools (such as endpoint protection platforms, endpoint detection and response, or extended detection and response) to handle the security problems that will inevitably appear. If you’re turning off built-in protections in the OS, are following poor security practices, and are expecting additional security tools to protect you, you are putting your organization at risk. Many of the security problems that affect Windows endpoints are the result of poor security practices, especially around the usage of local admin rights. If you don’t operate as “root” on a Linux (or Linux-derived) system, why are you doing it on Windows? Yes, if you look back on the history of Windows OSes, this was just the way they were built. Anyone could edit the boot and config files of the early Windows-on-DOS platforms, and even though the split between admin/user accounts eventually appeared, tasks like application installation required administrative permissions, so having local admin rights became the norm for many enterprises, regardless of the security consequences. We’ll save the discussion of how insecure it is to allow employees to install any application they want for another time. In November 2024, Microsoft announced a new function for Windows 11 called Administrator Protection, which brings a sudolike approach to the Windows desktop. While it has some similarities to User Account Control, administrator protection goes further by having the user regularly run in a non-admin state, and when it needs elevated privileges to perform a task, it alerts the user to authenticate again. It also creates separate admin and non-admin profiles, making it harder for attackers to cross the boundary from user to admin. This function is being introduced into Windows 11 deployments in an upcoming security release, giving organizations access to an important Windows security enhancement. With Windows 10 scheduled for end of support on October 14, 2025, enterprises should already be planning to replace this desktop OS with Windows 11, where Microsoft has been adding more security functionality. If you are looking for more details on how to plan and manage a Windows 11 migration, my latest report provides guidance as well as what to do if you need to maintain Windows 10 instances for certain use cases. There are multiple approaches to securing the desktop endpoint, and security leaders should start with utilizing the tools that are available within their standardized OS. Forrester clients should schedule an inquiry or guidance session with me to discuss what options are available to them and understand how to manage their Windows 11 migration successfully. source

I’m pleased to announce the winners of Forrester’s 2025 Customer-Obsessed Enterprise Award for EMEA (Europe, Middle East, and Africa). In the past, we’ve named a single winner, but our judging panel decided to honor two outstanding organizations this year. The winners have very different approaches to customer experience (CX) excellence — Brenntag focuses on business-to-business use cases, and e& focuses primarily on business-to-consumer use cases. Congratulations To Brenntag And e& For Their Customer Obsession Achievements! Forrester’s annual Customer Obsession Awards recognize organizations that place their customers at the center of their business strategy to accelerate growth, customer loyalty, and employee engagement. The Customer-Obsessed Enterprise Award honors exceptional achievements in leadership, strategy, and operations — areas where Brenntag and e& stand out among tough competition from diverse industry sectors across the region. Brenntag Stands Out Among EMEA B2B Companies Brenntag is the global market leader in chemical and ingredients distribution, with a comprehensive portfolio of products and services for both the industrial sector and the consumer sector (specialty ingredients for food and nutrition, cosmetics, personal care, pharmaceuticals, and more). Brenntag serves a range of B2B organizations from small- and medium-sized enterprises to large multinational corporations. Brenntag impressed our judges with its holistic CX approach that cultivates a culture of proactive engagement — combining employee empowerment, collaboration with partners and suppliers, external insights, and voice-of-the-customer (VoC) feedback. A core initiative is its CX Ambassador Program, which has trained over 500 employees as internal champions of CX excellence. Ambassadors don’t just advocate; they actively coach teams, embed best practices, and ensure CX prioritization in all decision-making. In addition, Brenntag has created a WOW App to enable real-time peer appreciation for colleagues who exemplify CX values. Brenntag’s CX War Room is a dedicated cross-functional task force designed to rapidly identify and resolve systemic customer pain points. Every month, senior executives dedicate time to listen to customer feedback, understand what it’s telling them, and take action. This ensures that internal priorities stay fully aligned with what matters most to Brenntag customers. To stay ahead of potential issues, Brenntag has further implemented the first stages of an early warning system that flags issues based on Net Promoter Score℠ (NPS) changes. From its UK launch in 2017, Brenntag’s CX program has evolved into a global strategy spanning 72 countries. In 2024, its global NPS has surpassed 50, and the company reports the following metrics: 93% of its customers report being fully satisfied. 90% say Brenntag is easy to do business with. Issue resolution times have been reduced by 40%. e& Stands Out Among EMEA B2C Companies Earlier this year, Brand Finance named e& the world’s fastest-growing brand. With roots in telecommunications, e& has evolved into a global technology group, serving both consumers and businesses across the connectivity and digital innovation landscape. Its leadership has been dedicated to fostering customer centricity through a comprehensive three-year culture transformation program, now in its final phase. Senior leaders including the CEO participate in a monthly Customer Hour to systematically address customer issues and escalations. The executive team also engages in what they call beyond-the-desk activities to better understand customer needs by experiencing frontline roles (such as in the contact center) firsthand. e& aligns corporate and functional strategies with customer journeys based on strategic pillars for trust, reliability, and a flexible, digital-first approach that doesn’t force customers to adopt digital channels. It establishes and measures journey-specific goals, and CX strategy partners drive cross-functional collaboration based on VoC insights and experience design principles. For example, CX team members transformed the customer’s “first 100 days” journey, streamlining customer communications across marketing, sales, billing, logistics for delivery, engineering for installation, and the contact center for new customer queries. e& excited this year’s judging panel with the tremendous results it has achieved with its CX Change Factory — an initiative responsible for cataloging issues, performing root-cause analysis, and ensuring accountability. On top of a 20% year-on-year increase in its overall NPS, e& has created a predictive model that links NPS to financial outcomes such as customer lifetime value. This model, with an accuracy of 88%, not only forecasts NPS but also demonstrates its influence on increased average revenue per user, cost reductions, and extended customer tenure. Join us at Forrester’s CX Summit EMEA this June 2–4 in London to meet with Brenntag and e& executives, who will share their stories firsthand. source

Cyberpunk fiction? Or modern marvel? In The State Of Drones, 2025, we explore how aerial drones are assisting modern organizations by reducing labor demands and boosting efficiency. Despite ongoing operational challenges, many enterprises still rely on outdated practices that waste time, money, and manpower. Drones offer a powerful solution, streamlining workflows and helping businesses reclaim valuable resources over the long term. The Rising Risks In Field Operations Across industries, field operations face mounting risks that legacy systems can no longer manage. Manual, labor-intensive tasks increase the likelihood of injury on construction sites, in energy fields, and during infrastructure inspections. Traditional risk assessments often overlook real-time hazards in dynamic, high-risk environments. Outdated or incomplete geographical data leads to navigational inefficiencies, especially in remote or expansive locations. Aging infrastructure compounds these challenges, disrupting supply chains and skewing demand planning. As these issues intensify on the ground, the need for precise, responsive, and scalable field solutions becomes clear. Why Drones Matter Now As physical automation advances, drones are becoming a powerful tool for overcoming operational challenges — and we’re already seeing groundbreaking use cases emerge. But why focus on aerial drones? Because they offer more than efficiency and open up entirely new ways of working. Drones give enterprises the freedom to rethink outdated processes, challenge long-held assumptions, and unlock innovative approaches that drive real transformation. Drones are unlocking remarkable possibilities across industries — from logistics and agriculture to media and infrastructure — demonstrating bold, innovative use cases. But as adoption accelerates, it’s essential for enterprises to engage with key stakeholders and prioritize strong governance frameworks. Responsible, reliable deployment is critical to realizing drones’ full potential. As the technology evolves rapidly, its ability to transform operations and expand into new environments grows with it. Forrester clients can read the full report, The State Of Drones, 2025, and schedule an inquiry with me to learn more about how industries can tap into this new potential. source

Public-sector IT leaders are no strangers to complexity. From legacy systems and siloed data to rising citizen expectations and evolving missions, the challenges are real — and growing. But so are the opportunities. In our latest research, The Top Emerging Technologies For Public Sector And Government, 2025, we identify 11 technologies that will shape the next decade of government transformation. These aren’t just buzzwords — they’re strategic tools that can help you modernize infrastructure, improve service delivery, and build trust in a digital-first world. But not all technologies are created equal, or equally urgent. Focus On What Delivers Value When It Matters Critical to the public sector is the ability to deliver on time, on budget, and on mission. Having the tools on hand to support your service delivery capabilities is critical, but knowing when and where to invest is essential in securing both quick wins and long-term strategic gains. Regulatory constraints, complex systems, conflicting interests, and shifting mission priorities mean that, despite enthusiasm and an appetite for new technologies, the public sector is often more constrained than its private-sector counterparts. As such, the technologies that will reap the most benefits are different than for other industries. We’ve categorized these technologies across three benefit horizons to help you prioritize the following: For immediate ROI, invest in ready-to-deploy technologies. With the ability to integrate with existing systems, leverage existing capabilities, and use current datasets, technologies in this category can be implemented immediately to significant effect. Generative AI for language has already been deployed in many agencies internationally, addressing language barriers, providing efficiency gains, and assisting in service delivery for various target groups of key government programs. To build capabilities, focus on the next 2–5 years. Technologies are rapidly evolving and can provide extensive benefits over the next few years — when implemented correctly. With the right capabilities and frameworks in place, agencies can look to advance their roadmaps and focus on mission success. Quantum security may still be several years away from mainstream use, but leaders must be prepared to adopt facets of it, such as post-quantum public key algorithms, to improve the security of information exchange and secure increased cryptographic agility in the future. Cautiously approach these high-risk, high-reward technologies for the future. Forward-looking agencies will begin to assess whether these advanced technologies have a place in their roadmaps and whether they will be worth the investment. Delivering tangible value in five or more years, technologies such as Zero Trust edge, which has the possibility to reduce costs and enhance protection, can’t be neglected. They are coming — whether you’re prepared or not. Prepare For The Future: Plan Now Technology continues to develop faster than any one agency can keep up with, and as leaders, you should prepare and implement as best you can. Such preparation demands bold investment, disciplined planning, and a commitment to adaptability. Leaders should: Assess current tech maturity. Not every agency is ready for every innovation — review your current tech stack to identify areas of low maturity or concern. Focus on what aligns with your mission and capabilities, then develop a roadmap. Pilot strategically. Use proofs of concept to test emerging technologies in low-risk environments. Identify measurable outcomes to assess the success of these pilots and create a plan for wider implementation. Build cross-functional coalitions. Emerging tech success depends on collaboration between IT, policy, and operations. Ensure that you’ve established relationships with key stakeholders across the agency and can clearly communicate the risks and benefits of the technology. Invest in talent and governance. New tools require new skills — and new rules. Governance and adherence to policy is critical for public-sector agencies, as trust and reliability are key factors in maintaining stakeholder relations. Ensure that you have comprehensive governance policies to implement these technologies securely, and invest in staff who are capable of long-term governance strategy. Investigate our wider top emerging technology research, or schedule a guidance session with our experts to discuss how you can plan for and implement these emerging technologies. (This blog post was written in collaboration with Chiara Bragato, senior research associate, as part of Forrester’s research and continuous guidance for public-sector and government leaders.) source

Forrester is delighted to begin accepting nominations for the Data & AI Impact Award. This prestigious award recognizes enterprise data and AI initiatives that drive effective decision-making for business outcomes. As AI emerges from experimentation to production-ready enterprise systems that transform organizations, the role of data and technology to deliver on the AI promise has never been more important. Data and AI leaders are leading the charge to deliver data and AI products at scale. They are enabling stakeholders (technical and non-technical) across the enterprise through data literacy and democratization of data and platforms, all of this while also building trust — in data, in AI, in technical capabilities, and in data/AI-based decisions, still keeping in mind privacy, security, and compliance. We want to reward the call to action that data and AI leaders are responding to at this critical juncture of transformational change. What The Award Recognizes Forrester is looking to celebrate enterprises (1,000 employees or more) that demonstrate excellence in one and preferably more of the following data and AI priority areas: Strategic alignment: a clear, business-aligned data and AI strategy built to drive measurable outcomes. Modern architecture: scalable platforms and applications that deliver next-gen capabilities. Governance and trust: compliant, well-governed data and AI products that stakeholders can rely on to make trusted enterprise decisions. Decision intelligence: data science and analytics practices that lead to more effective and faster decisions. AI innovation: cutting-edge AI innovations and their timely application to align with strategic goals. Culture and enablement: a strong data culture supported by training and literacy programs. The Value Of Submitting A Nomination The winning team will receive: Recognition: Share your story about creating measurable business outcomes on the mainstage at Technology & Innovation Summit North America (November 2–5, 2025, in Austin, Texas). Visibility: Amplify your team’s visibility by participating in and leveraging Forrester’s global network through reports, videos, and social media. Influence: Elevate the brand of your data and AI program by showcasing its strategic impact to industry peers, partners, and decision-makers. How To Apply For The Data & AI Impact Award The nomination process is straightforward. Here’s what you need to do: Download the nomination packet. Answer six key questions about your strategy, scale, adoption, trust, lessons learned, and roadmap. Feel free to share optional supporting documents — such as metrics, architectural diagrams, or case studies — that help bring your story to life. Submit your materials to [email protected] by July 16, 2025. Don’t miss your chance to stand out and bask in the spotlight! Nominate your team today and show the world what achieving real results from data and AI looks like. Good luck! source

A significant international presence at RSAC 2025 signaled the continued importance of the US as a global export platform for cybersecurity. Countries including Belgium, Canada, Germany, Ireland, Italy, the Netherlands, Saudi Arabia, Singapore, South Korea, Spain, and the UK showcased national pavilions and cybersecurity companies on the show floor, as well as organizing trade missions and hosting a dedicated ecosystem event. Israel and the United Arab Emirates played a leading role in an international “cyber drill,” with the UAE also co-leading the Counter Ransomware Initiative, a testament to the growing spirit of global cyber collaboration. In addition to Forrester’s take from earlier in the month, a webinar of RSAC key themes, and a look at the conference’s Innovation Sandbox, in this blog, Madelein van der Hout and I provide our perspective as international visitors to the event and delve into what mattered most to the international CISOs we spoke with: US and Israel firms dominate the Innovation Sandbox and the expo floor. The US startup ecosystem remains exceptionally strong, with nine out of 10 RSAC 2025 Innovation Sandbox finalists founded in the United States (in spite of founders sometimes originating from outside the US). Knostic maintains close ties to Israel’s Unit 8200 cyber startup ecosystem and operates an additional office there; CalypsoAI is co-headquartered in Dublin; and MIND was founded and headquartered in the United Kingdom. Despite nice warm words of their own governments’ support and political goodwill, international vendors continue to turn to the US because it provides the depth of capital, VC ecosystem, and risk-taking culture that is vital to their growth and success. International vendors foresee cybersecurity trade benefits. Fourteen percent of expo stands were sponsored by international trade pavilions, with RSAC continuing to be seen as a prime stage for international vendors to present their solutions to a global audience. For example, the governments of the Netherlands and Canada held trade missions, where 35 organizations, including 10 Ontario-based companies, showcased Dutch and Canadian cybersecurity innovation, supported trade promotion, and innovation. Clearly, the US still represents significant export potential for international vendors in spite of recent volatility. This is largely because the US has not (yet) imposed tariffs for software, and there is sentiment from international cybersecurity vendors and CISOs that these vendors can potentially model the benefits of continued trade. International regulations yield global impact. Our discussions revealed that operational resilience regulations, such as DORA, that provide a direct link to enable businesses to operate mean that many global organizations adopt elements of these regulations even if they are not required to comply. This signals that, when well crafted and underpinned by concepts with clear business benefits, cybersecurity regulations can still be a force for good beyond those to whom it is directly applicable. Critical infrastructure, geopolitics, and cyber warfare take center stage and deeply matter to the international audience. Beyond the neon lights and noisy booths, which are unlike any international security event, RSAC 2025 had some serious undercurrents — ones that resonated deeply with the international security leaders we spoke with. The global cybersecurity landscape is shifting fast, and critical infrastructure is squarely in the crosshairs. More than 100 sessions were dedicated to protecting critical infrastructure, underscoring its rising importance amid escalating geopolitical tensions and increasing threats. At the broader conference, there were 21 sessions covering cyber warfare as a topic. Dmitri Alperovitch’s keynote highlighted that the intersection of cybersecurity and geopolitics is shaping the most serious threats we face today and the need for urgent, coordinated action to strengthen cyber defences. Forrester clients who wish to dive deeper into our perspectives on RSAC can book a guidance session with either of us. Readers should also check out Forrester’s security and risk team’s wider take on the overall conference here and the 2025 Innovation Sandbox contest here. source

Selecting a public cloud platform is no longer just about technical fit — it’s about strategic alignment. Our new report, Buyer’s Guide: Public Cloud Platforms, 2025, offers a clear, practical framework to support the decision-making process. Whether you’re optimizing for AI, navigating digital sovereignty complexities, or building a resilient ecosystem, the guide can help you make informed, future-ready choices. A Framework For Smarter Cloud Choices To help organizations navigate the complexities around cloud choices, Forrester has published the Buyer’s Guide: Public Cloud Platforms, 2025. The guide provides a structured approach to evaluating cloud providers based on the capabilities that matter most in today’s world. The guide draws on recent Forrester Wave™ evaluations and landscape analysis but goes further by highlighting the strategic differentiators that should guide final decisions. AI capabilities. Modern cloud platforms now compete on AI support, from foundation models to governance. Even if you’re not building AI today, choosing a platform with strong AI features ensures future readiness and operational efficiency through AIOps. Digital sovereignty enablers. With rising regulations and geopolitical shifts, digital sovereignty is a top priority. Organizations are turning to multicloud strategies and sovereign cloud offerings to meet local compliance while maintaining performance. Partner ecosystems. A strong partner ecosystem enhances a cloud platform’s value by enabling tailored, industry-specific solutions. These partnerships accelerate deployment, simplify integration, and are crucial in fast-evolving areas like AI. Navigating Complexity With Confidence The cloud market is more dynamic than ever. Providers are investing heavily in innovation, but their focus areas vary widely. Hyperscalers bring scale and global reach, while regional players often excel in compliance and industry-specific capabilities. As a result, many organizations are moving toward hybrid and multicloud strategies that combine the strengths of multiple providers. This approach offers flexibility but also introduces complexity. It requires careful planning around workload placement, data governance, and cost management. Take The Next Step To explore insights in more detail, consult the full report or reach out to learn how we can support your cloud strategy. Clients, if you have questions, schedule an inquiry at [email protected]. source