Forrester

In the age of intelligent automation, enterprise business applications (EBAs) are increasingly embedding and integrating sophisticated AI agents to drive efficiency, insights, and innovation. These modern EBAs — designed for composability and flexibility — boast a modular architecture built upon a complex software supply chain. This intricate ecosystem comprises microservices, third-party APIs, cloud services, and a blend of open-source and proprietary components — not to mention the vast array of tools used throughout the development, build, test, delivery, and deployment lifecycle. While the agility and scalability offered by this architecture are undeniable, the inherent complexity introduces a significant and often overlooked attack surface. Do you know what risks are hidden in your EBA software supply chain? Neglecting the security of this intricate web of dependencies can have profound consequences, especially as AI agents become deeply integrated into critical business processes. Attackers recognize the software supply chain as a potentially lucrative target, viewing vendors, SaaS providers, and open-source projects as strategic footholds to compromise numerous downstream customers, including enterprises and government agencies. The 2020 SolarWinds breach serves as a stark reminder of this reality. By compromising the software development process of a widely used monitoring tool, malicious actors gained access to thousands of networks, highlighting the devastating impact of a successful supply chain attack. Widespread confusion and a prolonged struggle for organizations to understand their exposure characterized the aftermath. As AI agents become more deeply embedded within EBAs, the potential impact of a software supply chain compromise escalates dramatically. Imagine malicious code injected into an AI agent responsible for financial forecasting, customer relationship management, or even critical operational decisions. The consequences could range from data breaches and financial losses to compromised business logic and erosion of trust. Prioritizing software supply chain security is no longer a secondary concern; it’s a fundamental imperative for organizations leveraging AI-powered EBAs. Understanding and mitigating the risks within this complex ecosystem is crucial for maintaining the integrity, security, and reliability of your critical business applications and the intelligent agents that power them. Ignoring this vital aspect leaves your organization vulnerable to sophisticated attacks with potentially catastrophic consequences. Fortifying AI-Powered EBAs: Proactive Measures For A Resilient Software Supply Chain In today’s increasing complex digital landscape, it’s important to mitigate escalating security risks, protect critical business operations, and future-proof against emerging threats. More than the typical IT hygiene, the complexity introduced by AI integration amplifies the importance of securing the foundations upon which these advanced applications are built. To minimize downtime, the risk of a security breach, and the time spent addressing vulnerabilities — from purchasing software, government agencies, and enterprises — we recommend eight key actions: Achieve comprehensive supply chain visibility. Initiate this by compiling a detailed inventory of all organizational software assets, leveraging existing IT asset management systems or configuration management databases. If such an inventory is lacking, collaborate across procurement, legal, IT, and enterprise architecture teams to establish one. Engage with software suppliers to understand their secure software development practices. Inquire about their adherence to “secure by design” principles and their own visibility into their upstream software suppliers. This due diligence is crucial for understanding the security posture of the entire chain. Demand SBOM for transparency. Request a software bill of materials (SBOM) from your suppliers in one of the NTIA-approved formats (i.e., CycloneDX, SPDX). SBOMs are an inventory of all the components, libraries, and modules in a software product, including software dependencies. Recognize that SBOMs are designed to be machine-readable, which means they can be analyzed and enriched with operational, legal, and security risk information. This granular visibility is essential for informed risk management in AI-integrated systems. Establish control through risk-based decision-making. Leverage the insights derived from SBOM analysis to make informed, risk-based decisions. Scrutinize discovered vulnerabilities, the health of dependencies, and any associated open-source license obligations. You might be OK running software with known vulnerabilities that have a low chance of being exploited or with an outdated dependency that the vendor confirms will be updated in the next release. But you might not want to take the risk of utilizing software with medium-severity vulnerability in an application that holds employee data. Integrate security into the procurement lifecycle. Embed security considerations directly into the procurement process. It’s significantly more effective to address security requirements before a purchase is finalized. During the RFP process, explicitly ask security-focused questions regarding the vendor’s development practices and request verifiable evidence to support their claims. Assess the product based on the vendor’s response to secure software development practices and an analysis of the SBOM. Leverage contractual agreements to define critical patch timeframes, acceptable downtime thresholds, and even security incident warranties based on the vendor and product risk assessment. Actively monitor and utilize SBOM post-purchase. Don’t let the SBOM sit on the shelf. SBOMs are useful post-purchase as they can be continuously monitored for newly disclosed vulnerabilities. Knowing which software components are affected by a critical vulnerability allows for targeted preparation and efficient deployment of vendor-supplied patches. In the case where the vendor isn’t able to expedite a fix, the detailed information within the SBOM enables the implementation of compensating controls to reduce the risk posed by the identified vulnerability within your AI-driven applications. Prioritize software with privileged access. The SolarWinds breach — the infiltration of the US Treasury department via BeyondTrust’s privileged access management software — and the Windows outage — following an update to CrowdStrike’s Falcon Identity Threat Detection software — all share a common factor: software operating with privileged access. This elevated access level makes them more appealing to malicious actors and allows incidents to disseminate quicker through an organization. Get ahead of third-party AI integration risks. As vendors integrate AI into their products to improve customer experience, automate tasks, and facilitate autonomous decision-making, the software supply chain becomes more extensive. It’s important to incorporate third-party risk management questions concerning the use of generative AI when purchasing and renewing products, but don’t delay initiating discussions with current vendors. You must understand how the application currently uses or

I’m excited to announce the release of The Forrester Wave™: Data Management For Analytics Platforms, Q2 2025. This edition evaluated the 11 most significant data management and analytics (DMA) platform vendors, providing a comprehensive view of a market undergoing rapid transformation. Over the past decade, we’ve consistently published the DMA Wave, tracking the evolution of the space and offering guidance to enterprises navigating their data strategy, but this year’s evaluation reflects a notable shift. Historically, most DMA solutions were optimized for structured data and near-real-time processing and often tied to a single cloud with limited data sources. Today, the demands on DMA platforms are much broader and more complex. What’s Going On With The DMA Platforms Market? With the rise of multicloud and hybrid-cloud data strategies, diverse data types, and increasing expectations for improved scale and automation, we tailored our criteria to reflect these emerging requirements. This year’s Wave captures how vendors are adapting with new and advanced capabilities fueled by advanced automation, integrated data intelligence, and AI-driven data management. Generative AI is emerging as a transformative force, enhancing both automation and intelligence within DMA. As a result, selecting the right DMA platform provider to support immediate and long-term data strategies has become increasingly complex. There are two important takeaways from the research: Generative AI is automating DMA functions. The modern DMA platform is automating complex tasks such as data ingestion, cleansing, transformation, integration, governance, and security. Natural language allows users to interact with data, generate insights, and manage platforms without deep technical expertise. This significantly reduces the need for specialized engineers and streamlines operations. GenAI also enhances DMA with advanced features such as anomaly detection and support for vector-based search. Leading vendors leverage agentic AI and natural language capabilities to deliver more intelligent and integrated data management. Built-in data intelligence is elevating DMA to a new level. Built-in data intelligence is streamlining data semantic-related tasks, dramatically improving efficiency and unlocking deeper insights. These capabilities can automatically detect patterns, relationships, and trends within datasets that normally take significant time and effort to uncover. Leading vendors deliver comprehensive, automated intelligence that enables rich data contextualization, accelerating a wide range of use cases. This empowers organizations to act proactively — whether predicting customer behavior, optimizing operations, or mitigating risks such as fraud. New Wave Criteria Reflect Evolving DMA Requirements With generative AI and data intelligence becoming foundational to modern DMA platforms, vendors increasingly embed these capabilities — although vendor offerings range from basic to highly advanced, integrated solutions. The key differentiator is not simply the presence of genAI but how deeply and effectively it is integrated. We evaluated genAI as a standalone criteria and as an embedded capability across core functions such as data ingestion, transformation, governance, security, and integration to capture this evolution. We also emphasized natural language for data access and end-to-end platform management through conversational interaction. This holistic approach ensures that our evaluation reflects the rising demand for intelligent, intuitive, and highly automated data management solutions. If your organization still relies on traditional data management tools for analytical workloads, now is the time to shift to a modern DMA platform. Modern platforms powered by genAI, advanced automation, and intelligence enable the real-time delivery of consistent and trusted data. This transformation accelerates high-impact use cases, fuels innovation and growth, and rapidly democratizes data access across teams. Upgrading your DMA platform isn’t just a technology upgrade; it’s a strategic move toward becoming a data-driven, AI-enabled organization. Don’t wait — embrace genAI-powered DMA platforms to stay ahead of the curve. For more insights, book time with me via an inquiry or guidance session. source

You already know why it’s important to build and maintain good relationships with customers. Forrester data shows that existing customers, through renewal and expansion, account for 61% of B2B revenue — higher for established companies and lower for companies still in new-account growth mode. That’s a big enough slice of the pie to warrant mindshare and resources to ensure that customers attain value from your offering and, as a result, stay, grow, and advocate for your company. You already know why. We’ve introduced expanded and upgraded versions of our customer engagement aligned approach and the foundational Forrester Customer Engagement Range Of Responsibilities Model to show you how. Secure The Spotlight On Customer Value The aligned approach (Forrester client access required) shows how three key functions — customer marketing, customer success, and customer advocacy — should partner in distinct yet complementary roles to optimize the postsale relationship between B2B companies and their customers. It puts customer value at the center, with each function contributing through its own lens. As with stage lighting, while a single light does a specific job, the effect grows stronger with multiple lights and coordinated angles. Companies that invest in all three areas and enable collaboration regardless of reporting lines see distinct advantages in retention, growth, and advocacy. Customer engagement functions: An aligned approach that intensifies value. The Forrester Customer Engagement Range Of Responsibilities Model (client access required) guides alignment of the customer-facing functions responsible for maximizing value for customers and the company. Our extensive update reflects an evolution in competencies and responsibilities and elevates customer advocacy to sit beside customer marketing and customer success as a distinct postsale function. The model is a tool to ensure that these teams complement, rather than conflict, with each other and work seamlessly with account management, services, education, support, and customer experience. Fix Your Gaze On Five Engagement Outcomes The Customer Engagement Range Of Responsibilities Model is designed to align all functions in the postsale ecosystem around five key outcomes that reflect a focus on customer value: Value network engagement shapes the customer experience. A value network is a group of people and organizations that a customer works with to pursue the goal that drove their initial purchase. These networks play a significant role in the customers’ expectations and their use of the offering, which drives the decision to renew or repurchase and buy more. Product adoption ensures that users maximize the offering. Product adoption is the process by which customers begin to use an offering and integrate it into their daily workflow. It’s the path toward customer value attainment: Companies don’t see value in a solution that they aren’t using. Customer outcomes validate business benefits. Customer outcomes are the long-term and ongoing business benefits that customers want from deploying a product or service, including increased revenue, cost savings, and efficiency. Customers who clearly understand the value they have attained are predisposed to stay, grow, and advocate. Advocacy and references enhance reputation, demand, and growth. Customer advocacy takes a cohesive approach to finding and activating customer storytellers and references, elevating beyond one-off requests. Successful companies create a beneficial experience for advocates who share stories that in turn enhance reputation, encourage renewal or repurchase, and support growth. Account expansion increases revenue. Account expansion includes cross-sell and upsell strategies and programs that increase revenue from existing customers. Cross-selling involves selling additional products or services to a buying center not previously engaged, while upselling involves engaging an existing buying center with additional offerings. Reach out to your account manager for access to the new model and supporting guidance, or contact us to learn more about how we approach postsale customer engagement. source

Meta’s not the only Big Tech company in the hot seat this week. US District Judge Leonie Brinkema found Google liable for illegally monopolizing two online advertising technology markets: publisher ad servers and ad exchanges. This comes less than a year after another federal judge ruled that the company had a monopoly in online search. Google disagrees with the court’s decision and plans to appeal the ruling, asserting that publishers choose Google over other options because its tech tools are “simple, affordable, and effective.” As we’ve said before, the impact of these cases won’t be fully realized until the remedies stage, which may take years to play out. Any order to break up Google will spend time in the court of appeals and potentially go to the Supreme Court. When we surveyed consumers about Google’s illegal monopolies, only 18% said they “believe that Google will have to break up.” The Google Era Gives Way To A Google Overhaul Judge Brinkema’s ruling, paired with Judge Amit Mehta’s finding that Google maintains an illegal search monopoly, raises the likelihood of Google’s overhaul. The Department of Justice specifically requested divestment of Google Ad Manager, which includes its publisher ad exchange and ad server. At least, Google will be compelled to not destroy evidence of its monopolization going forward. According to Judge Brinkema, “Google’s systemic disregard of the evidentiary rules regarding spoliation of evidence and its misuse of the attorney-client privilege may well be sanctionable.” In addition, Google’s publisher adtech could be restructured by separating its ad server from its ad exchange, opening the loop between two products that have been tied to competition’s detriment. Publishers Can Expect (Eventual) Changes To The Sell-Side Adtech Ecosystem This ruling heightens (the already substantial) counterparty risk between Google and publishers, which is exacerbated by generative AI. Google’s AI Overviews, which facilitate zero-click searches, retain traffic that would, pre-ChatGPT, land on publishers’ sites. During guidance sessions, publishers tell us that they’re losing tons of traffic to AI Overviews. Publishers missing traffic must now deal with uncertainty about the future of Google’s sell-side adtech. Advertisers, however, are relatively unaffected by this decision. The DOJ failed to prove that Google has a monopoly on tech advertisers’ usage to buy display ads. In ruling for Google on the buy side, where Google fortifies tech acquired from DoubleClick and Admeld, Judge Brinkema found that advertisers choose among various ad platforms based on perceived return on ad spend. Advertisers continue to be dissatisfied by Google’s buy-side adtech’s lack of transparency and control, but Google doesn’t monopolize that market. Forrester clients: Let’s chat more about this via a Forrester guidance session. source

An update to ChatGPT made it easy to simulate Hayao Miyazaki’s style of animation, which has flooded social media with memes. Beyond the hype, this trend raises serious questions about copyright infringement. This article in The New York Times sums up some of the questions raised by the phenomenon. See below for an example of such an image shared on French President Emmanuel Macron’s Instagram account (source and screenshot from Le Monde).   It’s hard to miss another trend on social media, the “Starter Pack.” You can easily create your own figurine in seconds, such as this one below of French soccer star Kylian Mbappé created by Canal+ on its Instagram account. They look cool and fun, going viral very quickly.   But according to various scientists and researchers such as Dr. Sasha Luccioni, generating images via generative AI (genAI) tools consumes a lot of energy and water (several liters to cool servers for just one image). This is pale in comparison to videos. Moving forward, expect consumers to produce short-form but also long-form videos. Expect User-Generated Content on steroids. In fact, looking at the overall impact of AI (not just consumer usage), the International Energy Agency recently released a thorough analysis projecting that electricity demand from data centers worldwide is set to more than double by 2030 to around 945 terawatt-hours, slightly more than the entire electricity consumption of Japan today. AI will be the most significant driver of this increase, with electricity demand from AI-optimized data centers projected to more than quadruple by 2030. These are just two recent examples of how genAI is entering our daily lives, but there are many more. Marc Zao-Sanders recently published a very interesting piece in the Harvard Business Review on how people are really using genAI in 2025 — and it’s fascinating to see how genAI is increasingly being used for personal and professional support (for example, for therapy/companionship, organizing one’s life, or finding purpose).   At Forrester, we analyze the implications of such changes on consumer behaviors and attitudes, and what it means for brands. My colleague Audrey Chee-Read recently published a report showing that consumer optimism toward GenAI grows. We’ve just got the results from Forrester’s March 2025 Consumer Pulse Survey, where we asked 461 UK online adults — who’ve used or heard of genAI — how concerned they are about the impact of genAI. Top three concerns: Spread of misinformation/disinformation: 75% Data privacy violations: 69% Impact on human intellect: 68% Bottom two concerns: Bias and discrimination: 55% Environmental sustainability: 39% (the only one below 50%) This data was collected right before the buzz on the “Starter Pack” and “Studio Ghibli” memes. It’ll be interesting to see how it evolves in the coming months, but it’s clear that despite the growing optimism, consumers are still highly concerned. My colleague Audrey Chee-Read and myself are working on new research on this exciting topic. If you’re a Forrester client, stay tuned for additional research on how consumers use and perceive AI. Go to my Forrester bio and click “Follow” to be notified. You can also follow me on LinkedIn here. Also, as a client, you can schedule time with me for an inquiry or guidance session, or talk to your account team about workshops and strategy days on anticipating how AI will change how we interact with technology and brands. source

One of the most common issues we see from companies that have adopted the B2B Revenue Waterfall as part of a revenue process transformation (RPT) is sales failing to pick up and progress stage-zero (qualified) opportunities. Even the most well-intentioned and thorough RPT teams can’t force sales to address the valuable signal- and buying-group-based opportunities passed to them. Marketing may get frustrated and question the effectiveness of the transformation effort because they aren’t seeing positive results from their work. Big changes like an RPT require patience, determination, and a commitment to the long game — in this case, revenue growth. To address this challenge, marketing leaders must ensure that team members stay the course by developing incremental metrics that tie to things under their control so that they understand the endgame. But marketing will also need to work with sales leadership to get them to understand the value of the stage-zero opportunity and how to leverage it to drive positive revenue impact. This means sales leaders must get involved and adhere to a level of governance over these early-stage opportunities where it is likely that very little or even no governance existed before. Stage-zero opportunities are critical because they represent momentum in the B2B Revenue Waterfall. It is the activation of the handoff from marketing to sales. Marketing will identify opportunities with signals, enrich the account data, and add buying group members to the account and opportunity, then a revenue development representative will book a meeting for the next sales expert in the process. Sales receives these meetings-booked opportunities and further develops the opportunity to determine its viability before ultimately closing the deal. Sales knows its role in the traditional sales process, but its role in a transformed revenue process may be murkier. If your organization has stuck stage-zero opportunities, one or more of these is the likely breakpoint: Agreement. In a revenue process transformation, marketing and sales agreement is more critical than the alignment that marketing and sales typically attempt at the campaign or program level. RPT requires marketing and sales leadership to agree that there is a need to transform and agree on the implementation strategy and on definitions at each step in the process. Leaders need to roll this down to their direct reports and hold their teams accountable. Looking at situations where the sales team may be falling back to their old ways and not leveraging the power of the transformation is a key focal point. Revenue process transformation is implemented in a bottom-up manner but will never be successful if there is not a top-down agreement on how the transformation will drive revenue growth. Understanding. Every team member involved in the transformation must understand why it is pivotal to the future of the business. They must understand what is forcing change, the business approach to addressing it, and their role in it. Even when team members know what is expected of them, they may work in parallel with or even outside the new framework without understanding the negative downstream impact. This type of behavior is a sign that more enablement is needed. These employees need to understand both the positive and negative impacts of not actively engaging in the transformation. Enablement. Governance via the use of strong sales-level agreements, opportunity stage management, sales process, and measurement using the B2B Revenue Waterfall will be very important in this transformation. Enablement is the tool to reduce friction in the governance process. A formal onboarding program is required as a part of transformation planning. If taught in piecemeal fashion, team members will quickly suffer from change fatigue and bad behaviors will develop because each piecemeal change can result in workarounds that are difficult to break once created. The enablement plan must include an overview of the entire workflow process, an understanding of why it’s important to the business, lessons on each individual step they will be responsible for, details on how they will be measured, and an opportunity for regular interactions with their leaders to ensure that they are successful. The sales team’s acceptance of, and willingness to address, the new buying-group-centric stage-zero opportunities passed to them from marketing will ultimately define the success of a revenue process transformation. No function wants to be the team that limits growth. source

After the stock market and hopes of consumer electronics companies such as Apple were buoyed by news of a tariff reprieve on consumer electronics on Friday, they were rapidly dashed by reports that no such exception was in the offing. Instead, these categories were moved to a different “bucket.” Businesses thrive on stability because they plan around rules of engagement — plans that entail commitments of significant time, resources, and capital expenditure. Ergo, markets perform better when businesses are confident that the rules are really the rules. When Friday’s policies are thrown out with Sunday’s brunch leftovers, companies will resort to one primary strategy: Do as little as possible and thereby do no harm. This is exactly what we recommend in our report, Consumer Marketing, CX, And Digital Leaders: How To Thrive Through Volatility (US): Times of extreme volatility often spawn organizationwide crises of “Everything must change, all at once” — a narrative that is both false and dangerous. Instead, keep a cool head, resist knee-jerk reactions, and fine-tune strategies precisely and creatively to adapt to only the meaningful and substantial changes in the market and business environment. What does Apple do on Monday now that Friday’s rules don’t apply? Here’s what I predict: Lobby the US administration hard and keep hopes alive for an exemption, for itself or the category. It’s been a successful route in the past and is really the best option in this tariff regime. Stay put and reduce risk, avoiding significant changes and accumulating inventory, as the company has been doing, to serve as an insurance policy (and if Apple doesn’t need to use it, that’s even better). Continue business-as-usual supply chain diversification, mostly independent of the current tariff volatility. The company has been moving production to countries such as India and Vietnam well before this administration; it can incorporate options to expedite this if the tariffs remain. Have Plan B pricing that looks at different price elasticities by product line. Come up with the right price points and offers (such as trade-in) that do not jeopardize upgrade cycles into more expensive phones and the adoption of the lucrative Apple ecosystem. Manage the China relationship, because the country matters not just as a supply source but as a market that is already under threat and can be a source of significant revenue pain. The trade war has added strain to the relationship, but Apple has to work hard to avoid blowback. To better manage your brand and business through this period of uncertainty and shifting consumer behaviors, please read our report, Consumer Marketing, CX, And Digital Leaders: How To Thrive Through Volatility (US). If you are a Forrester client, stay tuned for additional research on how CMOs can better manage uncertainty and volatility. Go to my Forrester bio and click “Follow” to be notified. Also, as a client, you can schedule time with me for an inquiry or guidance session or talk to your account team about workshops and strategy days on planning through uncertainty. source

  What in the world is going on with messaging? Over the past few months, I have had numerous conversations where it seems that the responsibility for creating messaging has been upended. Messaging development has sprawled across too many areas within B2B teams, which has led to multiple, disparate — or even competing — versions of messages that get communicated to buyers and customers. Confusion is almost guaranteed, leading to frustration for both the provider and their buyers and customers. Product and portfolio marketing should own buyer-focused messaging. It has always been a core responsibility, as high-performing product and portfolio marketers are experts on understanding markets and buyers. They are uniquely qualified to develop effective messaging that resonates with buyers, helping buyers connect their needs to product offerings throughout the entire decision-making process. But results from Forrester’s Portfolio Marketing Survey, 2024, indicate that portfolio marketers are neglecting this crucial messaging responsibility. The survey gathered insights from product and portfolio marketing decision-makers based on their responses to questions about core responsibilities and key activities. Our research uncovered these alarming data points: Message creation ranked lowest as an important skill. Portfolio marketers have a broad remit, so it’s no surprise that they work on a variety of things and require a vast skill set. But when the survey asked respondents what skills are most important for being successful in their role, they ranked message creation dead last across all options, with only 11% selecting it as an important skill. More than 25% of portfolio marketers outsource messaging development. There’s nothing more important than understanding buyers and developing value propositions and messaging that connect a buyer’s needs to the capabilities of an offering. Yet one out of every four respondents indicated that they outsourced the development of messaging and value proposition to third parties. There are many things that are smart to outsource — messaging is not one of them! Messaging is not deemed as important in helping achieve business goals. Among eight key activity areas ranging from identifying new market opportunities to orchestrating product launches, messaging was at the very bottom of the list. Only 5% of respondents said that crafting messaging for buyers or offerings is the most important activity in helping the organization achieve its business goals. Portfolio marketers are spending time on non-core activities. It can be difficult to prioritize what to work on for a function that shoulders such a variety of responsibilities, but the survey results showed that portfolio marketers are spending just as much time on non-core activities, such as brand awareness and demand generation, as on messaging. Thirty-six percent of respondents indicated that they own or lead demand generation and 36% own or lead brand awareness efforts; this is compared to just 34% owning or leading messaging development. Portfolio marketing leaders need to take notice and respond quickly — make sure that your teams invest time for messaging development. Forrester clients can leverage The Messaging Nautilus®: Buyer’s Journey, a model made of four steps that helps portfolio marketers build concise, specific, and relevant messaging that motivates buyers throughout the purchase process. And if you would like to have a more detailed conversation with me, you can request a guidance session or inquiry — let’s chat! source

Forrester analyzed the earnings calls of the 10 largest cybersecurity vendors by market cap and identified key trends for technology executives (Forrester clients can read the report here). Earnings calls provide valuable insight into your vendors’ strategic performance — you need strong partners that are not only financially resilient but have a clear strategy for how their portfolio will deal with upcoming tech, economic, and threat challenges. The trends revealed on these calls show some of your vendors’ sales tactics and negotiation strategies, which you can then use to your advantage in the procurement process. Forrester identified the following key trends in the latest round of earnings calls: Managed services gain momentum for vendors, but benefits are dubious. Vendors are increasingly leaning on managed services to boost revenue, positioning them as a way for you to save time and reduce resource strain. For example, CrowdStrike, Trend Micro and Rapid7’s managed service businesses all experienced double-digit growth. At first glance, adopting managed security services can streamline your security operations, but this is not a guarantee. Ensure that you define your desired outcomes before signing up to these seemingly attractive deals, and ask vendors to clarify the measurable benefits — such as faster incident response or more accurate threat detection — to see if these services will integrate with your existing systems and teams. Market volatility could mean better negotiating power for tech execs. Even when vendors posted strong recent earnings, stock prices often dipped due to uncertainty in their future outlook or due to weaker guidance than analysts anticipated. Additionally, headcounts dropped in 2024 only for companies to reverse back to attracting talent again in 2025. In their quest for growth in these volatile conditions, vendors are offering more aggressive pricing or bundle deals to secure your commitment. Press vendors on real ROI, rather than being tantalized by attractive discounts in contract proposals or renewals, and emphasize mutual flexibility and partnership through contract clauses. If the future is truly uncertain, you’ll want the option to pivot if budgets, technologies, or threats change more quickly than expected with your cyber partners. Platform and AI hype demand closer scrutiny. Every vendor has now built or acquired an integrated platform and invested in an AI-driven strategy. The record acquisition from Google taking over Wiz, for example, showcases Google’s strategy to buy and integrate rather than build. These dynamics provide competitive pressure on vendors, and for you, they make it harder to determine hype from reality. This not only leads to a full platform play being a key consideration for buyers but also puts pressure on competitors such as Fortinet, Palo Alto Networks, and others. Because every vendor claims an integrated platform and AI-driven strategy, it’s getting harder and harder to determine which emperors actually have no clothes. For vendors promising end-to-end coverage via a single platform, verify how seamlessly these tools truly integrate or whether AI is genuinely improving capabilities by requesting evidence of success from your peers in environments similar to yours. You want to avoid accidentally becoming the marquee client. Additionally, assess your concentration risk of working with one vendor and diversify if you need to do so. Forrester technology executive or security and risk clients who have questions about these earnings calls can reach out to to me via inquiry or guidance session. source

Forrester recently published our latest evaluation of business intelligence (BI) platform offerings: The Forrester Wave™: Business Intelligence Platforms, Q2 2025. There are two important takeaways from the research that are contrary to the media narrative on business intelligence: BI is alive and well. For the past 20 years, Forrester has consistently encountered predictions from other analysts and vendors claiming that “BI is dead.” These predictions have repeatedly been proven incorrect. BI continues to be a crucial enabler in the data-to-decisions process, which is essential for data-driven enterprises. GenAI is not the end of BI. Generative AI (genAI) is not replacing business intelligence; instead, it’s leveling the playing field as all BI vendors integrate generative and agentic AI capabilities based on the same large language models (LLMs). Every BI vendor is now making a claim that their platform is genAI- and agentic AI-based. But how BI vendors are leveraging the power of genAI is what makes the difference. This means that data, analytics, and AI leaders must be very clear on how each BI vendor is delivering genAI-based functionality embedded in the BI platform. Here’s a small sample of genAI evaluation criteria that our research uses: GenAI functionality. What specific BI platform functionality is based on genAI (natural language query [NLQ], natural language generation [NLG], enriching semantic layer, etc.)? Does the platform offer any non-core BI, genAI-based functionality such as mining unstructured data, documenting data sets/populating a data catalog, or others? GenAI architecture. What specific foundation LLM APIs and/or BI vendor proprietary language models are provided out of the box? Can different LLMs be used for different genAI tasks (i.e., one for NLG, another for NLQ)? Can customers bring their own LLM license/keys? GenAI domain specialization. Does the platform come with industry-/business domain-specific language models? Does the platform provide utilities for clients to fine-tune their own version of foundation LLMs and/or create custom expert language models? GenAI for enterprise data. How does the platform’s genAI functionality get access to enterprise data, metadata, and other contexts? Is this capability based on retrieval-augmented generation (RAG) and/or other prompt engineering techniques? Is the capability based on fine-tuning LLMs and/or building expert/custom language models? GenAI guardrails. What are the guardrails the platform uses to ensure that users only have access to LLM results they are allowed to see? Are the input guardrails solely based on prompt engineering and RAG or other techniques, as well? What are the guardrails the platform uses to ensure that LLM output complies with enterprise requirements such as content blocking/toxicity detection, content moderation, data/info validation, comparing design/runtime outputs, etc.? For the detailed results, including all eight genAI criteria, 19 other criteria around vendors’ current offerings, and six vendor strategy criteria, please read The Forrester Wave™: Business Intelligence Platforms, Q2 2025, and/or set up a call with me. source