Forrester

Vendor messaging of “the composable DXP” is not resonating, especially when the portfolio of capabilities varies widely across vendors. It turns out that securing credibility as a provider of a digital experience platform (DXP) requires more than appending the word “composable” to the name. In 2023, vendors lost time before retracing their steps to more conventional (and procurement-friendly) labels such as CMS (content management system). In 2024, they rebuilt their lead-gen campaigns to develop and nurture new pipelines. Why Overselling CMS Didn’t Work Perhaps it’s because tech buyers who bake know that the flour alone isn’t the cake. The cake is the cake — it could be as simple as that. A flour vendor selling the idea of “the composable cake” isn’t necessarily wrong. They can sell the idea that they can be one great ingredient, but doing so obfuscates the fact that they alone don’t sell the ingredients that the baker needs to buy; that’s the baker’s frustration. Architecturally astute enterprises (that play the role of the architects of their own DXP) were already buying CMSes as part their composed platforms. They didn’t need new messaging. The next wave of buyers want more “in the box” with less DIY — personalization capabilities are a prime example in the CMS space, but don’t tip the scales into DXP territory. What Would “A Composable DXP” Vendor Offering Look Like? A composable DXP solution from a vendor must have all of the following attributes: A CMS solution for orchestrating digital experience delivery Two or three of the following: an e-commerce solution, a marketing automation solution, and/or a CRM or customer data platform solution The ability to implement the modules over time Turnkey integrations between the modules Cloud architecture A framework for integrating with products from other vendors This is a tall order. For a vendor, it requires substantial R&D to build it, must have a partner ecosystem to sustain it, and takes years for an enterprise to implement all of these solutions. We argue that many enterprises already have composed DXPs. Replatforming to another composable DXP would require a highly compelling business case — another tall order. The Distinction Between CMS And DXP A CMS is part of a DXP — it is the orchestrator of digital experiences. A DXP is much more than a CMS — it’s customer data, content, marketing, and/or commerce in one integrated (yet loosely coupled) portfolio from one vendor. CMS and DXP terminology and capabilities: CMS capabilities: content generation, repository, experience delivery, editorial workflows, orchestration (experimentation and personalization) DXP capabilities: Data (to understand customers), content (that constitutes the experience), marketing (to fit the content to the context), and commerce (to deliver value) — these experiences support customer engagement across the entire customer lifecycle and integrate with applications that similarly support the customer experience (e.g., sales clouds, service clouds, etc.). Traditional DXP: monolithic, tightly coupled, pre-cloud data, content, marketing, commerce Composable DXP: Modular, cloud-native data, content, marketing, and commerce — relative to traditional DXPs, they are more flexible, scalable, and upgrade painlessly. The role of the DXP architect: You can buy your DXP from a vendor. Your DXP vendor plays the role of lead architect, integrating its capabilities and providing guidance on how to extend the architecture to accommodate its technology partners and others outside that ecosystem. You are likely to need capabilities that neither your vendor nor its partner ecosystem offers. You can compose your DXP. You play the role of lead architect, integrating all your vendors’ capabilities and creating your own guidance on how your developers extend your architecture. Content And Experience Operations Deliver The Strategy (By Using The Platform) Optimal ways of working look different in each organization. Creating brand experiences across every touchpoint (digital, hybrid, or in person) requires people across organizational boundaries to collaborate and harmonize ideas before they go to customers. Once customers engage, the feedback generated by those engagements must inform the next iteration of the experience. The speed of the technology enables teams to iterate faster (to minimize derailing mistakes, amplify successful characteristics, and to identify new, unmet audience needs). And this is before generative AI designs the next iteration of the experience for customers automatically. If you need help understanding how to select your vendor-provided DXP or architect your own DXP, let’s talk. Schedule an inquiry or guidance session with myself or Chuck Gahun to talk about how you can use our latest Forrester Wave™ evaluation to drive the selection of your CMS, digital asset management, product information management, commerce, or DXP provider. We can ensure that it aligns with your strategic commitment to the pursuit of continuously improving business results through technology. Forrester clients can also read our report, Case Study: Wiley Unifies Its Digital Subscription Portfolio By Architecting Its Own Digital Experience Platform. source

Next week is Black Friday, a day many consumers wait and save for. But saving is not the only option to make the most of the heavy discounts. Black Friday is part of a big holiday shopping season, which is increasingly funded by “buy now, pay later” (BNPL). According to Forrester data, last year, some 33% of US and 41% of UK online adults who have used BNPL as a payment option used it more during the holiday shopping season. This holiday shopping season, US shoppers are expected to channel an astonishing $18.5 billion through BNPL, almost 8% of total spend. This surge in BNPL usage isn’t just a testament to its growing popularity; it’s a clear indicator of the broader appeal of embedded finance, a trend that seamlessly integrates financial services into nonfinancial customer experiences, journeys, or platforms. Embedded finance is not just an evolution; it’s a revolution in how we interact with financial services. It’s about bringing banking, investment, or insurance to your fingertips, regardless of what digital platform you’re on. Consumer Demand, Tech Advancements, Regulatory Support, And Tougher Competition Drive Embedded Finance Forward At the heart of the embedded finance revolution is a mix of consumer demand for convenience, technological advancements, regulatory support, and the competitive landscape of businesses competing for customer loyalty. Consumers no longer view convenience as a luxury; it’s a necessity. The expectation for seamless digital experiences extends to financial interactions, whether applying for loans through car dealerships or opting for embedded insurance options during online purchases. Technological innovations in APIs, cloud computing, and artificial intelligence have made it easier to embed financial services into nonfinancial digital platforms. Meanwhile, regulatory frameworks supporting open banking have broken down traditional barriers and created an environment ripe for innovation and collaboration. And in the competitive quest for customer loyalty, businesses are discovering that embedding financial services into their platforms enhances user experience and engagement, opening new revenue streams and deepening customer relationships. Embedded finance is all around and here to stay, but how can you make the most of this opportunity? Your Map Through The Embedded Finance Terrain Embarking on the embedded finance journey is like navigating a dense, uncharted jungle. It requires a keen understanding of the landscape, selecting the right companions for the journey, and mastering the intricacies of the ecosystem. In our new report on embedded finance, we broke it down into a three-step process you can follow. First, you must map the terrain by identifying which financial products or services align with your customers’ needs and your business goals. Hint: Think beyond traditional financial products such as a loan and more about wider capabilities such as cash management or identity verification. The next step is choosing your companions wisely; collaboration is the compass that will guide you through the embedded finance wilderness. Identify the most relevant customer touchpoints across a variety of journeys/scenarios and channels/interfaces. Partner with entities that share your vision and can complement your capabilities. Finally, mastering the ecosystem is about more than just survival; it’s about thriving by creating value-added services that enhance the customer experience in a natural and engaging way. Prioritize opportunities based on value and ease of adoption/integration. Make sure to read the full report if you are a Forrester client, and schedule a guidance session or inquiry if you want to explore the topic further. source

Most organizations that claim to be committed to digital accessibility lack one of the most critical elements of an accessibility program: direct feedback from people with disabilities. We predict that in 2025, half of accessibility efforts will have negligible customer experience (CX) impact because they lack best practices like this. That’s too bad, as lackluster approaches to digital accessibility also prevent organizations from reaping the many benefits of accessibility and expose them to legal and compliance risks. In the US, recent Americans with Disabilities Act (ADA) Title II updates require digital accessibility for state and local governments and those that work with them. For organizations operating in the EU, the European Accessibility Act (EAA) compliance deadlines are now just six months away, so it’s important to take steps now. Accessibility Team, Meet Your Voice-Of-The-Customer Team The EAA requires organizations to offer a way for consumers to report accessibility issues and to establish processes for reviewing and addressing that feedback. If you’re leading accessibility work, it’s time to get acquainted with your organization’s voice-of-the-customer (VoC) team and take advantage of tools and best practices that they’re already applying to gather and analyze customer feedback. For example: Make it easy to provide feedback. Include a clearly labeled, prominent path to share accessibility feedback on your website; users shouldn’t have to hunt for it. If that link takes the user to a feedback form, test it to ensure that it’s accessible. If your VoC team is running feedback surveys on your websites and apps, work with them to flag accessibility feedback that comes through those channels so that you can act on it quickly. Take advantage of customer feedback management (CFM) technologies. It’s possible that your company already has a CFM platform with features that can help you apply text mining and other analytics techniques to derive insights from feedback. These tools might also help you streamline the process of closing the loop with customers that provide feedback. Chat with your VoC team about what tools are available and how you might use them. Mine customer feedback for accessibility insights. You’re likely already receiving feedback from customers about accessibility. Work with your VoC team to cut survey data by segments, such as customers aged 65 and older. Create a set of keywords that might indicate an accessibility issue, such as “trouble seeing” or “hard to understand.” Ensure that everyone understands that by finding and addressing these issues, you’re helping all customers — an idea often referred to as the curb-cut effect. Act quickly on feedback and use it as an opportunity. Approach accessibility complaints as an opportunity to improve experiences for all customers rather than a damage control exercise. One investment firm invited customers who filed accessibility complaints to join a client advisory panel, compensating them for participating in research to inform future product design. Proactively gather feedback. In addition to providing a way for customers to share feedback when they want to (reactive feedback), establish a regular cadence of experience research to learn from and improve experiences for customers with disabilities. Remember that emotion — how customers feel about their experiences — is the biggest driver of loyalty. Ask questions to understand not just if the experience works but whether customers feel valued, appreciated, and respected when interacting with your brand. Let’s Connect If you’re a client and would like to ask us questions or discuss how to implement these practices in your organization, set up a conversation. You can also connect with us — Gina Bhawalkar and Colleen Fazio — on LinkedIn if you’d like. source

Forrester’s Security & Risk Enterprise Leadership Award recognizes organizations that have transformed their security, privacy, and risk management functions into capabilities that build a trusted and resilient business and fuel the organization’s long-term success. Congratulations to Schneider Electric, this year’s winner, and our finalist, Piedmont. Schneider Electric Earns And Sustains Trust By Creating Safe, Secure, And Resilient Digital Ecosystems Schneider Electric is a global leader in energy management and automation, with a presence in over 100 countries. As our winner, Schneider Electric stands out for its comprehensive and structured approach to trust, privacy, and talent management in its security and risk program. Its Trust Charter, aligned with the company’s code of conduct, shapes employee behavior and attitudes. Dedicated employee events such as Trust Week further enhance the organization’s “trust IQ.” Privacy is treated as a distinct value beyond compliance, with strong “privacy by design” and awareness initiatives. Schneider Electric’s Cybersecurity Talent Development initiative promotes upskilling and reskilling, addressing both current and future needs. The company aims to enhance resilience by continuing to raise the bar on cyber defense and strengthening its capabilities to respond to incidents. In detail, our judges were particularly impressed with Schneider Electric for its: Trust Charter and Trust Center. The Trust Charter integrates ethics, safety, sustainability, quality, cybersecurity, and governance, demonstrating a holistic approach to security and risk management. The Trust Center is designed to address a growing number of cybersecurity, product security, and data protection-related requests from customers and stakeholders. It serves as a one-stop shop for all global incoming queries, ensuring that responses are validated, standardized, and qualitative. Strong enterprise commitment to product security and privacy. Schneider Electric’s focus on product security came through loud and clear, with cybersecurity and product security equally presented to the board in a dedicated meeting. Examples include its emphasis on embedding security into R&D and the overall development lifecycle, a dedicated Trust Center team to address common security and privacy concerns and customer requests within a specific timeframe, and regular CISO-to-CISO conversations with customers to foster trust and maintain transparency. Detailed focus on cybersecurity talent management. Schneider ensures that it looks outside of security for emerging talent within other functions. This creates clear role descriptions and enables career and training paths to move into different roles within security. The organization not only has a strong focus on upskilling and reskilling employees but also offers specific training and a cyber badge distinction for all employees interfacing with customers. Embedded approach to Zero Trust principles and cyber resilience. Schneider Electric embraces the principles of Zero Trust in its IT core and, of course, in product security. As attacks on manufacturing and critical infrastructure increase, breaches are inevitable. What sets companies apart is their readiness and response to these incidents. Schneider Electric places a strong emphasis on continuous improvement and conducting global cyber crisis simulations multiple times a year, which further enhances its resilience strategy. Robust third-party risk management. Finally, our judges noted that Schneider Electric’s third-party risk management program extends assessments to fourth+ parties and requires attestations and critical executive-level discussions with suppliers. Piedmont Prioritizes The Protection Of Patient Data What impressed us with Piedmont’s submission was its clear commitment to making a positive difference in every life the company touches by implementing robust security and risk management strategies. Piedmont has established a comprehensive information security team that focuses on several areas. These include developing clear policies, implementing rigorous controls such as multifactor authentication and encryption, and ensuring that security and privacy are shared responsibilities across departments. Regular risk assessments, continuous training, and strong leadership support are key components of the program, which aims to protect patient data, stay ahead of emerging threats, and foster a culture of accountability and trust. Strengths of Piedmont’s security and risk program include: Comprehensive controls. In an industry known for underfunding essential security technology, Piedmont has implemented multifactor authentication, encryption, secure remote access, patching, and antimalware protection across the enterprise. Shared responsibility. Security and privacy are viewed as shared responsibilities across various departments, ensuring that risk is addressed and that controls are implemented throughout processes. Continuous improvement. Regular risk assessments, proactive threat identification, and continuous training and awareness education help maintain a high level of security and adaptability to emerging threats. You can learn more about Schneider Electric’s approach to building business resiliency through enterprise security and risk leadership at Forrester’s Security & Risk Summit, taking place in Baltimore and digitally on December 9–11, 2024. Presenters from Schneider Electric will be there to share more about its approach in a keynote session. We look forward to your stories on how your security and risk teams are building trust and driving business performance. Get ready to submit your entry in next year’s Security & Risk Enterprise Leadership Award in 2025! source

The Coca-Cola Company released three new AI-generated holiday ads inspired by the beverage giant’s classic 1995 “The Holidays Are Coming” commercial. Produced entirely with AI video models such as Runway and Luma Dream Machine, this represents a step forward in photorealism for AI-generated video. Predictably, the commercials have sparked some controversy among creators, who criticize the “AI sheen” and lack of realism with the AI-generated people and objects. Creator criticism is understandable given fear of job loss and frustration for impact on their craft. Yet these commercials and a growing list of others — including Dove, Under Armour, and Toys“R”Us — move the marketing industry closer to the point where AI content and advertising production becomes normalized. This means complex choices beset brands and executives looking for the best ways to leverage AI. Indemnity For Video Is The Last Major Hurdle The collective opinion among agencies and marketing services providers is that video tools such as Sora, Runway, and Luma Dream Machine aren’t quite ready for prime time, citing the need for incremental improvements in quality and the critical need for indemnity. The announcement of Adobe’s Firefly Video Model promises to extend commercial indemnification to video, as the company trains its models using Adobe Stock and other permissible material. Once indemnification is available for video models, marketers should anticipate others to follow suit, clearing the path for more production use cases. Balance Automated Marketing Moments With Intuitive Ones AI creates a new polarity: machine-produced marketing assets and campaigns as opposed to human-generated ones. Mark Sinnock, chief strategy officer for Havas, articulated this as a synthetic versus authentic tension. But like the marketing tensions that came before — brand or performance, acquisition or retention, television or digital — this new one is not a mutually exclusive decision. There’s a place for automated, machine-made marketing in social feeds, websites, apps, and games, just as there’s also a place for intuitive, human-produced marketing experiences at retail, events, and in products. In fact, the Coca-Cola AI “The Holidays Are Coming” ads are part of a broader holiday campaign by The Coca-Cola Company that includes its 2023 “The World Needs More Santas” television commercial, a multicity truck tour, an AI digital experience, and an on-package promotion. Coca-Cola’s AI commercials aren’t the brand’s only expression of the holidays, nor are they the end of creativity as we know it but rather part of a combination of machine automation and human intuition that Forrester calls intelligent creativity. Hold Fast To The Responsibility To Disclose AI’s Role Most interestingly, the Coca-Cola AI commercials have sparked both controversy among creators and delight among consumers unaware of AI’s contribution to production. The context of knowing AI’s role activates bias among those who stand to lose or feel threatened by AI. But consumers shown the commercials without AI context in System1’s creative testing tool rated the ads a 5.9 out of 6, illustrating the commercials’ sheer strength. This suggests that removing the AI-awareness context could improve the efficacy of AI-created commercials, allowing brands to realize the efficiency of their AI and automation investments. Resist this temptation. Most brands don’t enjoy over a century of holiday equity built into the Coca-Cola brand that enables consumers to oversee or overlook AI’s uncanny valley. And once advertising technology starts down the path of omission, it becomes more susceptible to abuse and misuse, contributing to the already eroding trust of the 21st-century digital media environment. Realize Cost Efficiency Through Experience Efficacy Among the most exciting prospect for brands and marketing executives is the potential to realize the “do more with less” remit: more content, more iterations, and more relevance for less time, less cost, and less effort. By all accounts, some agencies leveraging brand AI systems are removing 25% or more of the costs for building campaigns. But fast, cheap content creation is worthless if not manifested as effective, engaging content outputs. Alas, this is a process requiring models to learn the brand and audiences and creators to learn the models and systems. Training, experience, and experimentation are all necessary to build an AI-powered marketing operating system to produce experiences that consumers want while yielding the cost reductions that brands need. I’ve recently added generative AI for visual content (images, video, and motion graphics) as part of my coverage. If you are a Forrester client interested in discussing AI marketing, schedule an inquiry with me. source

I am excited to announce The Forrester Wave™: Point-of-Service Solutions, Q4 2024. When we last evaluated this market in 2018, new cloud point-of-service (POS) solutions offered the safety and excitement of reliability, plus features to engage customers. The goals for POS haven’t changed much in those six years. Then and now, retail firms expect POS to drive omnichannel sales, deliver brand consistency across the empowered consumer’s path to purchase, and boost store associate productivity. What has changed is the internet’s impact on offline retail sales and the demand for seamless omnichannel services. Even in the grocery sector, consumers use digital touchpoints in-store and appreciate convenient checkout and fulfillment options. As a result, more retail firms are assessing their POS technologies and replacing slow or limiting POS solutions that can’t keep up with evolving expectations. Customer references for this Wave mentioned modern architecture, ease of use, and interoperability as key requirements for their new POS. But strategy and partner relationships often sealed the deal. References shared comments such as “We knew we could inform some of the way [the vendor] built [the POS],” “The vendor shared a compelling vision and has delivered on that vision,” and “They keep adding features to meet our needs.” Today’s POS buyers aren’t just looking for a bunch of features to check off their list. They’re also looking for a strategic partner that knows their business and is committed to helping them grow and rapidly adapt to whatever lies ahead. So what do you need to know when selecting a new POS? Vendors differ in how they: Support traditional and emerging checkout experiences in the store. Although most POS vendors provide a responsive UI, they do not equally support fixed, mobile, self, and automated checkout. Some offer comprehensive self-checkout systems with specialized interfaces, kiosk integrations, management tools, etc. Others excel in mobile experiences, utilizing native capabilities such as push notifications for pickup orders. Few have extensive deployments across all touchpoints. Leverage integrations to provide value beyond in-store checkout. A connected and informed POS that easily integrates with adjacent solutions is table stakes. Retail firms expect their POS to not only “see” what’s happening across the business, but it must also expose that data to users in a way that’s maximally useful. This means sleek interfaces and tools that are purpose-built for value-added functions such as clienteling, store fulfillment, and inventory management. Empower nontechnical practitioners to customize the POS experience. Vendors differ in how they equip users with no-code/low-code tools. Some vendors offer sophisticated visual editors that enable nontechnical practitioners to easily adjust the front end, such as modifying the checkout flow, configuring promotional offers, or updating digital receipts. These tools enable quick changes without requiring technical expertise. You can read our full Wave evaluation here and our market overview research on the 2024 POS landscape here. We’ll also host a webinar in early 2025 for Forrester clients about learnings from this evaluation — stay tuned for details. Brands and retailers: Please schedule a guidance session with me to see how to use this research to identify the best-fit solutions for your needs. I’ll walk you through my findings and help you tailor the research to your needs to identify the vendors that should make your shortlist. POS vendors and commerce-related solution providers: Please schedule an inquiry or advisory session with me to discuss what my findings mean for the industry and your offering. source

At the risk of dating myself, I’m a proud member of Gen X. So, perhaps I can be forgiven for channeling Jerry Maguire and George Constanza when I think about the key takeaways from the latest Forrester Wave™ evaluation of customer feedback management (CFM) solutions. My conversations with the customer references for the nine vendors included in this Forrester Wave reinforced my evaluation and what I have been hearing from our clients: The “how” is often more important than the “what” when buying CFM solutions. In a market where vendors’ technical offerings are incredibly similar, CFM buyers need to consider the wise words of some 1990s icons: “Help me help you.” CFM vendors offer a range of services, but buyers often focus on the tech and don’t budget for adequate services. The need for services does not necessarily decrease with organizational maturity. For example, some reference customers for this research use strategic vendor services for advanced predictive and what-if analyses as well as for simpler survey design and deployments — freeing up their team for higher-value work. Buyers should assess their own maturity, resources, and speed requirements when considering the role of services. “It’s not you, its me.” Nearly half of the customer references I spoke with cited internal reasons for not using some of the features offered by their CFM solution. For example, most reference customers underuse the analytics tools offered by their CFM. For some organizations, internal policies limit their ability to bring data into the CFM to perform these analyses. Other organizations prefer to pull data out of the CFM because they do analysis in other tools. Either way, CX leaders need to understand their organization’s policies and processes when selecting a CFM to ensure contextual fit. And because no blog in 2024 is complete with requisite mention of generative AI (genAI), CFM buyers are still looking for vendors to “Show me the money!” GenAI-enabled features, like natural language interfaces to query data, are top of mind for buyers. Many vendors are rushing to respond, but expectations still exceed reality. As we’ve written recently, CX teams should keep expectations in check and focus on employee-facing use cases for genAI first. Forrester clients: Check out the latest new report for more insights, and book a session with me if you’d like to go deeper. source

Zero Trust has become the standard information security model to adopt globally. It’s no longer a question of should; it’s a question of how and where to begin. For some time, the topic of Zero Trust was met with disparaging and opposing views proclaiming it to be another buzzword for vendors to market products. Well, it’s not, although, sadly, there was nothing to stop that from happening. Now that we’re past the point of security vendors attempting to market Zero Trust as a product, we recognize that it’s now the de facto security approach, and its benefits are hard to ignore. Sure, we still see some of the same old issues plague it, such as: “Is Zero Trust a technology?” “Zero Trust is really just an identity conversation.” “Zero Trust only focuses on cloud and remote access.” “Zero Trust is an oxymoron that distracts the workforce.” When you push past all that distracting noise, you’ll come to realize that the US federal government and other organizations are mandating Zero Trust implementation and publishing Zero Trust guidance to enable secure digital transformation and infrastructure modernization efforts. Avoiding A Punch-Line Rim Shot Now that organizations are warming up to Zero Trust, they must begin assessing their enterprise to find out just how much or how little they really know about it. From there, it’s about developing your implementation strategy. Organizations, however, remain stuck when developing implementation plans with clear objectives and a well-defined roadmap. Having a strategy in place that has Zero Trust baked into it is great, but you must figure out what the next steps are, then execute. This is because one of the common mistakes made is that some organizations think that “I need to implement Zero Trust” is a clear enough objective. That’s not tangible enough. What is needed are clear, outcome-based use cases that capture the action needed, the rationale behind it, and a method for achieving that action. Otherwise, your teams will view your strategy as a joke (cue rim shot). Finding Rhythm In Your Half-Time Shuffle The song “Rosanna” is known for its timeless half-time shuffle beat. To play this song correctly requires practice and an understanding of what the elements are to strike the right rhythm. The same way you break down the song, you must break down your use cases to balance the methods with the rationale. In the report, The Secrets Of Successful Zero Trust Deployments, we highlight the importance of creating use cases that balance these core areas: Employee experience. Start with use cases that are user-facing. Demonstrate value that is visible to the workforce, such as consolidated identity management, reduced authentication overhead, the enablement of remote work, and adoption of bring-your-own-device policies. Technology architecture and delivery. This team is core to aligning business priorities to technology strategy. Focus on securing and simplifying applications, devices, identities, and infrastructure delivery with auditable accounts, third-party access management, and data protection. Analyst experience. Develop use cases that improve security analysts’ ability to detect and respond to threats. Take actions to increase visibility and gain better insight into what the attack surface is for your organization. Develop use cases that emphasize who benefits from Zero Trust, that allow security and risk professionals to break free from a tech-centric mindset, and that provide a clearer understanding of knowing where to start, identifying areas for collaboration and improving processes along the way. Looking For An Encore? There is so much more to it than just what I have highlighted here. Fortunately, there are plenty of resources available to you, including best practices, templates, and strategic reports for advancing your Zero Trust journey. You can also join me at this year’s Security & Risk Summit, where I will be hosting two sessions on Zero Trust: Zero Trust workshop. This workshop will focus on helping attendees get their Zero Trust implementation to the next level. In this session, we’ll emphasize the importance of assessment but also help make sense of the results to define use cases, align them to objectives, and identify dependencies that can help prioritize activities in an iterative roadmap. Zero Trust panel. Special guests from the private and public sectors will join me for a conversation focused on what major challenges have been faced when adopting and implementing a Zero Trust architecture. They will share experiences and advice for overcoming those challenges to reduce the chances of delays or disruption throughout the journey. So join us! Forrester’s Security & Risk Summit will take place on December 9–11. You will have the option to join us virtually or attend in person in Baltimore, Maryland, by registering here. There will be many keynotes, breakout sessions, workshops, analyst one-on-ones, and more. If you’re unable to join, Forrester clients can also schedule an inquiry or guidance session with me for all things Zero Trust. source

Many of you will have noticed that I have moved back into an analyst role over the last few weeks. I had an immensely rewarding time working in the European research management team with a talented group of analysts on our European tech research coverage, whom I’m incredibly thankful to for their hard work and dedication over the past few years. As I move back into the analyst role, I’ve had a lot of questions on what I’ll be focusing on as I return to the role. My new coverage can be broadly summarized as covering enterprise and cyber risk management and maturity assessment. In my prior role, managing the risks of introducing AI into the organization and managing against operational, cyber, and broader resilience, geopolitical, and regulatory risk have been common areas of concern for technology leaders. Over the last few years, risk has permeated all of the epoch-making investments in everything AI-related, from the infrastructure powering it to the large language models and data underpinning it all. Organizational environmental sustainability has been challenged by the substantial power and physical infrastructure needed to scale up AI. Here are the key technology areas and services markets that I’ll be working with my colleagues Alla Valente and Cody Scott on to support the broader enterprise and cyber risk management research agenda: Governance, risk, and compliance (GRC) platforms. As stated in Cody Scott’s research, the GRC market has seen something of a renaissance over the last one to two years, as the volume of global regulation and compliance mandates make it impossible to rely on cottage-industry Excel spreadsheets and the ever familiar email. The power of AI in this space and the potential to automate aspects of compliance and assurance workload has some potentially transformational implications for risk organizations, and I look forward to exploring how GRC software platform providers will support this broader transformation as I join Cody in looking at this market. Cyber risk ratings. This is the one area of my prior analyst coverage that I take back over. In 2021, I wrote with Alla Valente that the cyber risk ratings market wasn’t ready for prime time. Since then, it has advanced considerably and thankfully has shifted its thinking away from the pure act of collecting data to calculate a rating to now understanding how that data and insight can help security practitioners manage and reduce risk. I look forward to picking this market back up and running the next Forrester Wave™ evaluation in this space beginning in the winter of 2025 and onward. Risk managed services. One broad trend that has accelerated in the security and broader risk services world is both client demand and vendor interest in offering risk managed services. Clients have interest in getting support in managing not only their GRC platforms but other aspects of their enterprise risk management programs as they run into the familiar challenges of not having the internal skills, resources, or scale required to run complex enterprise risk management programs. I’ve even heard anecdotally of a few organizations talking about setting up risk operations centers to bring the same discipline, scale, and industrialization approach traditionally found in security or network operations centers. I will start researching trends in risk managed services in the market, matching what enterprise clients need with what the market can provide. Vendors can brief me via the regular Forrester briefings process, and Forrester clients are welcome to schedule an inquiry or guidance session with me to discuss further. source

In 2025, we expect consumer usage of loyalty programs to grow amid declines in overall brand loyalty. Though loyalty programs offer the rewards that price-conscious consumers crave, companies struggle to inspire emotional loyalty across various tactics aimed at improving retention. Marketers need a loyalty strategy that appropriately balances transactional incentives with an understanding of what drives and impacts brand loyalty. We have a new analyst on the B2C marketing team, John Pedini, to help clients assess and optimize their customer loyalty initiatives. John brings over 28 years of experience working directly with the world’s leading brands to develop, implement, and support best-in-class loyalty, CRM, and customer engagement programs and is passionate about turning insights into strategies that can transform a brand from good to exceptional. John’s coverage will focus on helping marketers design effective loyalty strategies, execute winning loyalty tactics, and measure customer loyalty. He’s ready to help clients with guidance sessions, advisory, and workshops on program design, reward strategy, loyalty platforms, and brand-specific solutions to elevate the customer experience. Request a guidance session to connect with John to review your loyalty program and discuss how to build customer relationships that fuel business growth. source