Forrester

Exciting developments such as DeepSeek’s R1 announcement are extending opportunities to run large language models (LLMs) on edge devices. These advancements could have profound implications for edge computing, particularly in the realms of AIOps (artificial intelligence for IT operations) and observability. By enabling real-time insights and faster automations at the edge, enterprises can enhance their operational posture, drive down costs, and improve operational efficiency and resilience. The Impact On Edge Computing Edge computing has been gaining traction to process data closer to its source, reducing latency and bandwidth usage. Edge computing technologies help firms anticipate customer needs, act on their behalf, and operate businesses efficiently in localized contexts including internet-of-things-enabled scenarios. Running LLMs on laptops and edge devices enhances these benefits by delivering powerful AI capabilities right at the edge. Training these models is a considerable challenge, something synthetic data could play a role in for AIOps, which is an approach that DeepSeek appears to have leveraged. DeepSeek-R1 claims to be as good if not better than other top-tier models, but it also offers unique advantages such as the ability to explain its answers by default. This transparency is crucial for building trust and understanding in AI-driven decisions in AIOps solutions. Processing and analyzing vast amounts of data in real time at the edge enables more responsive and intelligent edge devices. This capability is particularly valuable in scenarios when immediate decision-making is critical but connectivity to a central source or cloud resources is intermittent and unreliable. Alternative considerations are the high costs for networking and risks associated with data traveling from the edge to the cloud and data center. Some AIOps strategic objectives are to improve prediction accuracy, enhance user experiences, and produce far-reaching contextual insights for IT operations; all these stand to benefit from LLMs processing telemetry at the edge. Enhancing AIOps And Observability AIOps and observability are crucial components of modern IT operations, providing the tools needed to monitor, analyze, and optimize complex systems. Observability tools capture real-time data points, including metrics, events, logs, and traces (MELT), which are essential for understanding system behavior and performance. AIOps leverages this data to reduce alert noise, troubleshoot issues, automate remediation, and provide deep, contextual real-time insights. With LLMs running on edge devices, AIOps and observability can achieve new levels of real-time insight and automation. For instance, LLMs can analyze MELT data on the fly, identifying patterns and anomalies that might indicate potential issues, security or operational. The immediate analysis allows for quicker detection and resolution of problems, minimizing downtime and enhancing system reliability especially in environments with unreliable or irregular connectivity. The integration of smaller-footprint LLMs that can run at the edge, such as DeepSeek-R1, with AIOps can also lead to more proactive and predictive maintenance of devices and infrastructure or injection of risk-mitigating actions with no human intervention. A New Paradigm For IT Operations The integration of LLMs with edge computing and AIOps and observability represents a new paradigm for IT operations. It could be a game-changer for edge computing, AIOps, and observability if the advances of DeepSeek and others that are sure to surface run their course. This approach enables enterprises to harness the full potential of AI at the edge, driving faster and more informed decision-making. It also allows for a more agile and resilient IT infrastructure, capable of adapting to changing conditions and demands. As enterprises embrace this new paradigm, they must rethink their data center and cloud strategies. The focus will shift to a hybrid and distributed model, dynamically allocating AI workloads between edge devices, data centers, and cloud environments. This flexibility will optimize resources, reduce costs, and enhance IT capabilities, transforming data center and cloud strategies into a more distributed and agile landscape. At the center will remain observability and AIOps platforms, with the mandate for data-driven automation, autoremediation, and broad contextual insights that span the entire IT estate. Join The Conversation Register for the upcoming webinar on February 12, The Importance Of AI-Driven IT Operations And AIOps In Edge, IoT, And OT Computing. During this webinar, I will be speaking with my colleague Michele Pelino about these very topics that DeepSeek has further catapulted into the news. As always, I invite you to reach out through social media to any of us if you want to provide general feedback. If you prefer more formal or private discussions, email [email protected] to set up a meeting! You can also follow our research at Forrester.com by clicking on any of our names below. Click the names to follow our research at Forrester.com: Carlos Casanova, Michele Pelino, and Michele Goetz. source

IBM has had a very busy and prolific acquisition season. It acquired two Oracle consulting firms within the last five months. Applications Software Technology LLC (AST) On January 16, IBM announced its intent to acquire AST, a global Oracle consultancy. This strengthens its state, local, and education (SLED) presence, as AST specializes in delivering Oracle Cloud application implementation and digital transformation services, with a focus on the public sector, including local governments and K–12 education. Financial details of the transaction haven’t been provided, but it’s set to close in the first quarter of 2025. AST is a full-service enterprise systems integrator that has served clients in the public and commercial sectors for over 26 years. It focuses on implementations and transformation programs for Oracle Cloud applications: enterprise resource planning (ERP), human capital management, enterprise performance management (EPM), customer experience (CX), supply chain management (SCM), sales and service cloud, configure/price/quote (CPQ), and marketing. It also covers JD Edwards, NetSuite, and Salesforce solutions. Core implementation services are paired with cloud platform and technology support and managed services. Accelalpha In November 2024, IBM closed its acquisition of Accelalpha, a global Oracle services provider with deep expertise helping clients digitize core business operations and accelerate adoption of Oracle Cloud applications. This acquisition expands IBM’s Oracle consulting expertise in supply chain and logistics, finance, EPM, and customer transformation. Accelalpha was founded in 2009 and is a leading global provider of Oracle Cloud applications consulting across advisory, implementation, and managed services. It serves clients across North America, EMEA, APAC, and Latin America, with a focus on distribution, industrial, and financial services sectors. Accelalpha’s core expertise across Oracle Cloud applications includes Oracle SCM and Logistics, Oracle Cloud ERP, Oracle Cloud EPM, Oracle Cloud CX, and Oracle CPQ. Accelalpha has one of the largest Oracle logistics practices globally. Notable past acquisitions include Frontera Consulting, Key Performance Ideas, LogistiChange, and Prolog Partners. Both of these acquisitions will help IBM: Broaden and expand Oracle Cloud consulting expertise, particularly in high-demand areas such as supply chain management, logistics, and financial services. Address a growing demand for Oracle Cloud solutions. Increase geographic reach and industry depth. Accelalpha’s global team and strong presence in industries like distribution and finance will help IBM expand its reach in key markets and sectors. Plus, AST’s presence in Canada, India, North America, and the UK complements IBM’s global delivery. Increase breadth and depth in the public sector. AST has a strong track record in the public sector, especially in local governments and educational institutions. This puts IBM’s capabilities in an industry with unique challenges that’s still stuck in legacy on-premises systems. Moving forward, IBM can better position itself when competing with several other leading Oracle service providers, but it should be noted that, since neither of these acquisition transactions were officially closed prior to the end of October 2024, Forrester was unable to consider and add capabilities and quantitative/qualitative data from either Accelalpha or AST during its recent evaluation of IBM for the Forrester Wave™ on Oracle services. For more insights, clients can book time with me (via an inquiry or guidance session). source

Accessibility helps your company increase revenue, resilience, and customer trust while lowering costs. It does this by helping you win more customers and deepen relationships with ones you already have. Recent actions by the US federal government haven’t changed this. Our research shows that: There are at least 17 major ways that accessibility helps companies improve their bottom line. To name just a few: It lessens the incidence of — and cost to solve — complaints from customers with disabilities. It avoids the need for legal support to address demand letters and lawsuits. It helps attract and retain employees who value accessibility. It helps service and technology providers win contracts with businesses and government entities globally that require accessibility. Accessibility is a billion-customer opportunity. If your experiences are not accessible, you’re turning away a population of 1.3 billion globally that spends $1.9 trillion annually. Add in that segment’s friends and family members who prefer to do business with brands that don’t shut out their loved ones, and you have an additional 3.3 billion people who prefer brands that prioritize accessibility. Accessibility also means better experiences for all customers (known as the curb-cut effect), as it leads to better usability and helps anyone who is experiencing a temporary or situational disability. You Can Still Get In Legal Trouble If Your Experiences Aren’t Accessible There are many laws protecting the rights of people with disabilities in the US and abroad, despite the US federal government’s movement away from it. Note that: You can still be sued under Title III of the Americans With Disabilities Act (ADA). In 2024 alone, there were over 4,000 digital accessibility lawsuits, according to an annual study from UsableNet. These lawsuits show no signs of slowing down, as court rulings increasingly interpret Title III of the ADA’s “place of public accommodation” terminology to mean digital experiences as well as physical locations. Accessibility shows up in other federal laws, such as the Individuals with Disabilities Education Act (IDEA) and the Air Carrier Access Act (ACAA). Many international jurisdictions remain committed to accessibility. Compliance deadlines for the EU’s European Accessibility Act — which requires companies that operate in the EU to create accessible experiences — arrive in June 2025. This will lead more companies to commit to accessibility. There are strict laws in other regions, too, such as the Accessibility for Ontarians with Disabilities Act (AODA) in Canada. If you’re a Forrester client and would like to ask me questions or work through your own business case for accessibility, you can set up a conversation with me. You can also follow or connect with me on LinkedIn if you’d like. A big thank you to my colleagues Christina McAllister and Judy Weader for their input on this post. source

Driving engagement is top of mind for most digital banking leaders. Forrester’s research reveals the immense value — for both customers and banks — of useful, convenient digital banking experiences. The right mobile banking offerings, for example, can unlock new value for a customer and differentiate a bank’s brand. And our broader customer experience research — such as our Customer Experience Index (CX Index™) — shows that improvements in experience design strengthens a bank’s business outcomes in three main ways: Retention — the likelihood of a customer staying with the brand. Enrichment — the likelihood of a customer buying additional products and services from the brand (and, in banking, to turn to the brand with their next dollar or decision). Advocacy — the likelihood of a customer recommending the brand. As they invest in and prioritize digital experiences, bank leaders should consider the willingness of customers to share more data with the bank. This willingness forms an important part of a broader “value flywheel.” The flywheel is especially powerful in banking, since trust (along with related factors such as advice and guidance) is the foundation of sustained, profitable growth (see figure below). In December, we asked consumers in the US and UK about the types of companies with which they are comfortable sharing data — and the factors that increase their willingness to share personal and financial data. We found that: People tend to trust banks to keep their data safe. When asked which “types of companies” respondents “trust to keep [their] personal information and data secure,” banks earned the top spot: Nearly three-quarters (72%) of UK adults and nearly two-thirds (64%) of US adults said they trusted banks (see chart below). Only credit card companies and health providers garnered similar responses in both countries. Most customers are willing to share more data in exchange for value — especially for better money management. Across both the US and the UK, 59% of respondents said they’d be willing to share more of their personal and financial data with a financial services company if they gained some sort of benefit from it. The desirability of specific benefits varied, but in both markets, a plurality of respondents said they’d share more data if the bank “[helped] me save more money.” Other value props included “to let me keep better track of my money” and “to give me long-term financial advice.” It’s clear that banking customers are prepared to share more data, provided the bank offers them something in exchange. The idea of building a “flywheel” has been in vogue for years, so execs might be wary of yet another one. But in this case, the two variables directly fuel one another: Increased and expanded data sharing by bank customers enables banks to offer new and greater value to those customers, which in turn drives deeper engagement and willingness to share even more data. Of course, there’s a big “if” in here: This data-for-value flywheel only works if the bank’s digital, data, and business teams can harness the data with which customers entrust them. To that end, executives should make the most of Forrester’s Data, AI & Analytics service. Executives and leaders at banks should strive to enrich their customers’ digital experiences, not just so that they get higher engagement, user satisfaction, cross-sell rates, and brand advocacy but so that they build and strengthen a data-for-value exchange that helps them create ever-better offerings and gain a durable competitive advantage. Figure 1: Illustrating The Data-For-Value Exchange Flywheel   Figure 2: People Tend To Trust Banks With Personal And Financial Data source

As reported by several media outlets and confirmed by SAP CEO Christian Klein during its Q4 2024 earnings call, SAP will offer an additional three years of support for some on-premises ERP (enterprise resource planning) customers beyond the existing extended maintenance support of 2030. This news came as a surprise for many ERP customers globally who have been struggling to plan and complete their ECC to S/4HANA migrations under the RISE with SAP offering before the end of 2027, which is the current mainstream maintenance end date. Many of these customers potentially would not have completed the move even by the end of 2030, the extended maintenance end date. While there has been steady adoption of S/4HANA Cloud Private Edition under RISE with SAP, there were no strong indicators that this adoption was accelerating at a higher rate. Two core reasons contributing to this: There’s significant costs and time associated with the sheer amount of massive transformation and systems migration undertaking. Some customers, struggling with budget issues while running a business under the current tough macroeconomic conditions and geopolitical instability, had reservations about the extended time that it would take them to realize the ROI on the migration investment. The other aspect hampering a higher rate of adoption of S/4HANA is the complex technical and third-party applications landscape that is closely tied with the customers’ ERP systems — each with their own end-of-support deadlines, migration costs, licensing complexity, and technical interdependency with different version of the ERP systems’ underlying tech stack. This makes the case for easy and fast S/4HANA migration severely constrained for customers, even when they engage highly mature systems integrators to assist with multiyear migration programs. SAP has recognized these challenges by what appears to be a selective extension of support — with conditions. Details of the new support announcement are as follows: In the first half of 2025, SAP will announce a cloud subscription transition option designed for ERP customers with large and very complex IT landscapes who need more time to transform on their RISE with SAP journey and move to S/4HANA. This option, the SAP ERP private-edition transition option, will consist of an SAP ERP cloud subscription, complemented with services designed to facilitate the transition to RISE with SAP and maintain customers’ business continuity. The option will be offered for the period from 2031 until the end of 2033. The SAP CEO confirmed that this is not a prolongation of the mainstream maintenance for beyond the 2020-communicated deadlines of the end of 2027 and is also not a prolongation of the extended maintenance end-of-2030 deadline. SAP is to release more information to the market in the first half of 2025, with additional details on the offering. While some media outlets have reported that any customers who sign a RISE with SAP contract are the ones who receive the above offer, Forrester has been unable to confirm these statements, as the official details are still forthcoming. As for now, based on Klein’s answers to investor questions during the earnings call, it is certainly not a blanket offer to all customers who sign up and commit to a RISE with SAP contract but is rather very dependent on certain large-scale customers with highly complex application landscapes and third-party application technical stack footprint dependency that prevents them from effectively moving to S/4HANA faster. SAP appears to be offering the customers an easier pathway to transition these third-party applications to the SAP solutions/product stack. Forrester is looking forward to analyzing this aspect further with the official release of more information from SAP in the coming months. For more insights on SAP, S/4HANA cloud transformations, on-premises ERP support, RISE, GROW, or this specific announcement, clients can book time with me (via an inquiry or guidance session). source

As a keen amateur chef, I have been known to occasionally seek inspiration from tv cooking competitions. Those bite-sized episodes of culinary drama sometimes provide just enough to satisfy my hunger for light evening entertainment. Of course, all these shows follow a proven recipe: enthusiastic contestants, challenging ingredients, and a panel of picky jurors deciding everyone’s fate — all set against the backdrop of the ever-present ticking clock … At the end of each episode, there is always a winner — a Chopped Champion, a Top Chef, a Star Baker. The victor is the one who, through the various phases of the competition, wins over the expectant jurors by their transformation of raw ingredients, while simultaneously wrangling technology, dealing with the heat of the kitchen, and letting the viewers know just enough about their unique and scintillating backstory. Are they chefs, or are they marketers? For every winner, there are of course multiple losers — the eliminated ones. These unfortunate contestants tend to falter for a few simple reasons. While talented and accomplished competitors, they often fail to adapt their usual cooking approaches to the specific demands of the competition arena. They make an error either in what they serve, how they prepare it, or how they present it. And no one likes medium-rare chicken, even on a bed of seasonal yuzu-drizzled kale chips … Recurring Revenue Marketing Demands A Different Recipe Seasoned B2B marketers often face similar challenges when stepping into the competitive recurring revenue arena. Equipped with their trusted tools, know-how, and scars from years of competition, they often “play it too safe.” They apply tried and tested (legacy) approaches to their new environment, only to be greeted with an underwhelmed reaction from a new jury of buyers. But it’s not that they’ve suddenly become bad marketers. Recurring revenue marketing in B2B is still marketing, with the raw ingredients of brand, demand, engagement, and enablement. It’s just that these ingredients need to be prepared and seasoned in different ways to reflect the nature and demands of the recurring revenue environment. Optimizing Five Stakeholder Relationships Will Help Your Recurring Revenue Rise In our recent research report, Recurring Revenue Marketing Demands Customer Obsession And A Seamless Operating Model, Dawn Ferrara and I explain how the secret to recurring revenue marketing success is to reimagine marketing’s work through the lens of its interactions with five key stakeholder groups: buyers, product, sellers, operations, and employees. We examine what makes these relationships different in a recurring revenue model and introduce a new framework, the Forrester Recurring Revenue Marketing Propeller. This framework illustrates how marketers should adjust their approach to stakeholder relationships and what steps they should take to ensure that they win the trust and long-term patronage of recurring revenue customers.   We hope clients enjoy reading the full report. If we’ve left you hungry for more, please don’t hesitate to contact us to schedule a deeper discussion. source

SAP reported better-than-expected Q4 2024 financial results and raised its full-year operating profit forecast as demand for artificial intelligence systems continues. On top of beating expectations, SAP said that it now expects 2025 operating profit to be between €10.3 billion and €10.6 billion, above previous estimates of approximately €10 billion. Its current cloud backlog of €18.08 billion is up 32%. Cloud revenue is up 27% to €4.71 billion, and Cloud ERP suite revenue is up 35% to €3.95 billion. Additionally, on December 16, SAP announced the general availability of the SAP Green Ledger solution, the most comprehensive carbon accounting system globally that integrates directly with customers’ financial data. While the results are great, we are yet to see an accelerated rate of adoption of customers moving from ECC to S/4HANA Cloud Private Edition. SAP also used the earnings call to announce several leadership changes. 2024 saw three key executive departures, namely Chief Marketing and Solutions Officer Julia White, Chief Revenue Officer Scott Russell, and Chief Technology Officer Juergen Mueller. White is now the chief marketing officer and vice president at AWS, while Russell has joined NICE as its chief executive officer. In light of this, the market has been expecting some changes. Sebastian Steinhaeuser will become SAP’s chief operating officer on February 1 and is the only new member of SAP’s executive board. Steinhaeuser joined the company in 2020 as the chief of staff to CEO Christian Klein and became chief strategy officer in 2021. He previously worked at Boston Consulting Group. Philipp Herzig is now the global CTO in addition to his existing role as chief AI officer. Jan Gilg and Emmanuel (Manos) Raptopoulos, both veteran SAP employees for close to 20 years, are to jointly lead SAP’s customer success organization as co-chief revenue officers. Raptopoulos, who is currently the regional president of SAP EMEA (Europe, the Middle East, and Africa), is to manage the SAP EMEA, MEE (Middle and Eastern Europe), and APAC (Asia Pacific) regions. Gilg, who is currently president and chief product officer for Cloud ERP, is to oversee SAP Americas and the global SAP Business Suite. After White’s departure, Ada Agrait joined as chief marketing officer on an interim basis. Agrait is to continue in that role. SAP is expanding its executive board to include the Strategy & Operations division and is appointing an expanded executive board consisting of eight additional managers. During the earnings call, it was emphasized that the goal of the extended board is to create a diverse comprehensive team to scale the reach of the executive board, discuss a broad range of portfolio topics, and act as a strategic advisory body that will assist in driving the company’s AI-first, suite-first strategy. Gilg, Raptopoulos, and Herzig will all report to Klein and will serve on the extended board along with Agrait. All changes are effective February 1, 2025. The members of the extended board: Ada Agrait (chief marketing officer), Michael Ameling (general manager, Business Technology Platform), Sebastian Behrendt (head of global finance), Jan Gilg (chief revenue officer, Americas, and SAP Business Suite), Philipp Herzig (chief technology officer), Thomas Pfiester (head of global customer engagement), Emmanuel Raptopoulos (chief revenue officer, APAC/EMEA/MEE), Monika Schaller (chief communications officer), and a to-be-announced general manager for Business Suite. Interestingly, after last year’s departures and new leadership changes heading into 2025 and onwards, there is not much representation from the Americas. There is greater German representation on SAP’s executive board and now also the extended board. Customers in the Americas will look to Jan Gilg to build strong relationships. This might actually be quite beneficial, as Gilg brings a very strong product background and experience to the role that should uniquely help him engage more deeply with Americas customers, who always tend to welcome engineering, product, and architecture experience with open arms. Additionally, there are some product innovations to look forward to. We will soon get more details on Joule agents’ orchestration of end-to-end business processes with agents across finance, spend, supply chain, HR, and customer experience. There might be some commercial flexibility with both RISE and GROW to land and adopt the latest innovations without additional negotiations. Lastly, SAP’s focus on AI remains front and center, with AI embedded in 50% of deals, reflecting its commitment to leveraging agnostic AI solutions and different models used based on customer needs. For more insights on SAP, S/4HANA cloud transformations, on-premises enterprise resource planning support, RISE, GROW, or this specific announcement, clients can book time with me (via an inquiry or guidance session). source

First and foremost, we abhor violence. Like so many others, we were dismayed by the murder of UnitedHealthcare CEO Brian Thompson. But our dismay wasn’t the only response. This event revealed widespread negative views of health insurers: Stories of coverage denials, care delays, and medical bankruptcy spread across social media. Understandably, health insurers have asked us how to respond. These questions have ranged from concerns about potential impacts on KPIs to how to rebuild trust with customers. We’ve also seen some insurers deflect, looking to blame the system or other parties (such as hospitals), doing little to acknowledge their role in the problems that consumers face. Health insurers: We have a lot of work to do, and the call to action started well before December. Eight Essential Strategies For Health Insurers To Repair And Enhance CX In 2024, trust in health insurers hit a three-year low, with just 56% of consumers reporting that they trust their health insurer to do what is in their best interest. The industry’s Customer Experience Index (CX Index™) score also hit a five-year low, underscoring significant shortcomings. The most basic reasons why an insurer exists, such as “processes transactions quickly,” landed among the top drivers of CX. Performance on this driver and others has been decreasing since 2022. In December, transaction issues such as denials and delays in care galvanized public dissatisfaction. To climb out of this hole, here are eight things health insurers must do: Start your listening tour now. Don’t just imagine what customers might be going through. Immerse yourself in the customer’s world and experiences by conducting the right kinds of research. Analyze your existing data first. Show that you’re listening by acknowledging these issues and demonstrating empathy to rebuild trust. Communicate your plan. Be transparent about what you learn and what you are going to change. Transparency is a key lever of trust. If it’s a customer-facing change, tell them how you plan to do it and set expectations for how long it will take to deliver. Follow the same approach if the change is more targeted to the experience of providers, employers, brokers, or other key ecosystem partners. Stop paying lip service and start taking action. People know empty promises when they hear them. Focus on incremental improvements that you can deliver quickly. Demonstrate that you will continue to listen and collect feedback to stay on the right track. Ensure adequate investment for improvements to the experience — yes, health insurance leaders, the ROI is there. The right improvements can deliver value to members, providers, and insurers. Cocreate with your customers. Engage and collaborate with your customers at each phase of creating experiences — not only to test the solutions you’ve already created but also to identify needs and problems and ideate solutions. What is their job to be done? Are you helping them with what they need or chasing what you think they want? Place a special focus on collaborating with groups that are often left behind, such as customers with disabilities. Customer obsession means putting the customer at the center of your leadership, strategy, and operations. Get aligned to customer needs and build experiences that work for them, and then the business outcomes will follow. Get the basics right to rebuild trust. Rebuilding trust, especially for health insurers, hinges on competence, reliability, and accountability. Understand your customers, clarify complex processes, and prioritize their value perception over yours. Value creation is based on an exchange — what customers get versus what they give up — and it’s influenced by their value network. For instance, unexpected bills, like a $25 copay, can negatively impact their experience with you due to misunderstandings about cost-sharing. Revisit broken processes. Today, 77% of healthcare practitioners report that health insurers create additional hurdles to patients getting the care they need, with just 20% agreeing that the policies and procedures established by health insurers align well with the needs of their patients. Explore gold-carding and waiving prior authorization for specific procedures. Focus on improving CX — not scores. Yes, you will see the impact on scores like Net Promoter Score℠ (NPS) and customer satisfaction. But the impact is not the result of December’s events alone. Customers loudly expressed their frustration and anger. These emotions are not new. Feedback is a gift (even when someone shouts it at you). Tear it open and use it to meaningfully to move the needle on CX. Prepare for the next crisis. Health insurers lacking a crisis communication plan risk long-term reputational and financial damage to their company. Develop a response plan now, including how you will communicate with customers and the public across all relevant channels. Health insurers can take action in response to this tragic, watershed moment. New research on the state of trust for health insurers and the power of plain language is on its way for Forrester clients. Schedule a guidance session now to discuss how your business can respond today and in the future. Not a client? Learn more about how you can have Forrester on your side and by your side. Join us at CX Summit North America from June 23–26 in Nashville to delve into these topics. Reserve your spot to join the conversation. source

It’s a fast and furious week in the world of generative AI (genAI) and AI security. Between DeepSeek topping app store downloads, Wiz discovering a pretty basic developer error by the team behind DeepSeek, Google’s report on adversarial misuse of generative artificial intelligence, and Microsoft’s recent release of Lessons from red teaming 100 generative AI products — if securing AI wasn’t on your radar before (and judging by my client inquiries and guidance sessions, that’s definitely not the case), it should be now. All of this news is timely, with my report covering Machine Learning And Artificial Intelligence Security: Tools, Technologies, And Detection Surfaces having just published. The research from Google and Microsoft is worth the read, and it’s also timely. For example, one of Microsoft’s top three takeaways is that generative AI amplifies existing security risks and introduces some new ones. We discuss this in our report, The CISO’s Guide To Securing Emerging Technology, as well as in our newly released ML/AI security report. Microsoft’s second takeaway is that the detection and attack surface of genAI goes well beyond prompts, which also reinforces the conclusions of our research. Focus On The Top Three GenAI Security Use Cases In our research, we simplify the top three use cases that security leaders need to worry about and make recommendations for prioritizing when you need to worry about them. Security leaders securing generative AI should: Secure users who are interacting with generative AI. This includes employee — and customer — use of AI tools. This one feels like it’s been around awhile, because it has, and unfortunately, only imperfect solutions exist right now. Here, we focus primarily on “prompt security,” with scenarios such as prompt injection, jailbreaking, and, simplest of all, data leakage. This is a bidirectional detection surface for security leaders. You need to understand inputs (from the users) and outputs (to the users). Security controls need to examine and apply policies in both directions. Secure applications that represent the gateway to generative AI. Pretty much every interaction that customers, employees, and users have with AI comes via an application that sits on top of an underlying ML or AI model of some variety. These can be as simple as a web or mobile interface to submit questions to a large language model (LLM) or an interface that presents decisions about the likelihood of fraud based on a transaction. You must protect these applications like others, but because they interact with LLMs directly, additional steps are necessary. Poor application security processes and governance makes this far more difficult, as we have more apps — and more code — as a result of generative AI. Secure models that underpin generative AI. In the generative AI world, the models get all the attention, and rightfully so. They are the “engine” of generative AI. Protecting them matters. But most attacks against models — for now — are academic in nature. An adversary could attack your model with an inference attack to harvest data. Or they could just phish a developer and steal all the things. One of these approaches is time-tested and works well. It’s good to start experimenting with model security technologies soon so that you’ll be ready once attacks on models go from being novel to mainstream. Don’t Forget About The Data We didn’t forget about data, because protecting data exists everywhere and goes well beyond the items above. That’s where research on data security platforms and data governance comes in (and where I step aside, because that’s not my area of expertise). Think of data as underpinning all of the above with some common — and brand-new — approaches. This sets up the overarching challenge, which allows us to get into the specifics of how to secure these elements. Things might look out of order at first, but I’ll explain why this is the necessary approach. The steps, in order, are: Start with securing prompts that are user-facing. Any prompt that touches internal or external users needs guardrails as soon as possible. Many security leaders we’ve spoken with mentioned finding that customer- and employee-facing generative AI already existed well before they were aware of it. And of course, BYOAI (bring your own AI) is alive and well, as the DeepSeek announcements have showcased. Then move on to discovery across the rest of your technology estate. Look up any framework, and “discovery” or “plan” is always the first step. But those frameworks exist in a perfect world. Cybersecurity folks … well, we live in the real world. This is why discovery is second here. If customer- and employee-accessible prompts exist, they are your number one priority. Once you’ve addressed those, you can start the discovery process on all the other implementations of generative and legacy AI, machine learning, and applications interacting with them across your enterprise. That’s why this is the second step. It may not feel “right,” but it’s the pragmatic choice. Move on to model security after that … for now. At least in the immediate future, model security can take a bit of a back seat for industries outside of technology, financial services, healthcare, and government. It’s not a problem that you should ignore, or you’ll pay a price down the line, but it’s one where you have some breathing room. The full report includes more insights, identifies potential vendors in each category, and gives additional context on steps you can take within each area. In the meantime, if you have any questions about securing AI and ML, request an inquiry or guidance session with me or one of my colleagues. source

On January 29, Google announced the wide launch of its Meridian open-source marketing mix modeling (MMM) solution, available through GitHub. Cue a flurry of LinkedIn takes speculating about the future of the marketing measurement and optimization (MMO) solutions market. By providing an open-source Bayesian option, Google brings the industry-standard methodology to the masses (Meta’s Robyn uses a different regression process). But will Google’s free solution replace what many brands invest thousands of dollars in? No. Though there are many good things about this release, and it potentially broadens the market for MMM, it’s not a “one size fits all” solution. Since its initial Meridian announcement in 2024, Google has clarified the availability of additional capabilities, including budget optimization, scenario planning, the ability to customize parameters according to prior results, and the inclusion of non-media and control variables. Perhaps most importantly, Meridian is distinct in its native inclusion of Google search query volume data and reach/frequency data for YouTube. Along with the code release, Google also launched a partner program with major agency and MMO partners throughout the world to help brands with implementation. Meridian Is Best For Companies With Strong Data Science And Storytelling Chops To DIY MMM, you need strong in-house data engineering, data science, and visualization resources. Digital agencies adept at campaign measurement but lacking an MMM solution will benefit from using Meridian to create solutions on behalf of clients. But for brands, the calculus is a little more complicated. Consider going it alone with an open-source solution such as Meridian if: You spend a lot of your marketing budget with Google. The ability to incorporate Google Query Volume and YouTube reach/frequency data increases in value as you spend more on these channels. If you are a digital brand that spends a majority or plurality on these channels, Meridian has significant value. Your in-house data team cooks. You have a team of data scientists who can clean, transform, load, and migrate sales, marketing, economic, and media data quickly and consistently. Accurate measurement requires extensive data expertise and resources. On top of that, a culture of trust between marketing and other departments (e.g., finance, sales, or operations) is necessary; you will need skilled data storytellers to translate results into compelling messaging. You have a history of maintaining geo-level marketing, sales, and competitor data. MMM is a wonderful tool for finding the causal relationships between variables, but its impact is dulled without enough data. MMM becomes more accurate and more useful with more granular data, particularly at the geo level. In addition to knowing what you were spending on media in Phoenix during the second week of August 2023, do you also have data related to non-media programs (such as discounts, bulk promotions, new packaging) running in that market concurrently? What about promotions that your competitors were running in the same market? You have experience with incrementality testing and ROI calculation. MMM results sometimes contradict what is found when measuring campaign-level ROI and return on ad spend. In general, this is because campaign-level measurement can’t account for what the result would have been if no campaign had been run. It’s for this reason that Forrester recommends a layered measurement framework, with campaign-level measurement and incrementality testing feeding into MMM. Meridian enables marketers to customize parameters to reflect results of incrementality tests and campaign ROI measures, but this is only useful if your brand has experience with these tests. Brands Without A Measurement-Driven Marketing Culture Will Struggle To Leverage Meridian In addition to the criteria above, a major challenge faced by many marketing departments is earning trust from other parts of the organization that their efforts are driving real business results. While Meridian’s code is open source and the underlying calculations are all laid out, the materials are not executive-friendly. Though this release answers some of the questions we raised when Meridian was announced in 2024, the education aspect remains unaddressed. If you are looking for someone to communicate the benefits, strengths, and, yes, weaknesses of MMM, Google’s materials will not help you. In addition to customized modeling and consulting, many MMO providers provide guidance for communicating findings and gaining cross-org trust. Later this year, I’ll be publishing reports on data requirements for marketing measurement, best practices for MMM, and building strong measurement teams. If you want to discuss your MMM or other marketing measurement initiatives, schedule a guidance session here. source