In a climate of economic and political uncertainty, tech budgets are under pressure. According to Forrester’s Industry- And Customer-Supporting Software Survey, 2025, 23% of organizations cite budget as their number one software challenge. Currency depreciation, ranging from 6 to 12% in EMEA/APAC, adds further strains on US-dollar-denominated renewals. Making things worse, 27% of organizations report that over 50% of non-IT tech spending occurs without IT oversight (source: Forrester’s Security Survey, 2024). This fragmentation undermines cost management and increases risk. In this environment, software asset management (SAM) tools emerge as a critical lever to gain visibility, regain control, and optimize license utilization — tracking usage in real time and driving cost efficiency across the technology landscape. Reclaiming Control In A Complex Tech Stack SAM tools bring discipline to the entire software lifecycle by automating discovery, deployment, and retirement. They centralize software-as-a-service (SaaS) management, giving IT clear visibility into subscriptions, usage patterns, and costs. This enables smarter license utilization and prevents waste. In addition to cost tracking, high-performance IT organizations utilize SAM budget forecasting and identification of underutilized assets. Leading platforms reduce the risk of surprise true-ups by automating license reconciliation and real-time usage monitoring to maintain continuous compliance. SAM also enforces governance by aligning software usage with policy, reducing audit risks and unexpected spend. In The Forrester Wave™: Software Asset Management Solutions, Q1 2025, we highlight the following features as crucial when selecting a SAM tool. Ensure that the tool offers: AI/ML in contract and license management. Vendors should integrate AI/ML to automate contract term extraction, ensure compliance, and provide predictive insights into software usage trends. SaaS management with extended FinOps capabilities. Providers should offer comprehensive SaaS management with real-time visibility into subscriptions, license utilization, and spending optimization. Support for the entire software lifecycle management process. Vendors should enable end-to-end lifecycle management, streamlining software acquisition, requests, approvals, and compliance. Choosing The Right Vendor Is Half The Battle No two IT environments are the same. Each operates with its own blend of tech stacks, philosophies around build vs. buy, asset management practices, and definitions of success. Accordingly, selecting the right SAM vendor that meets the IT team’s needs is crucial. IT teams should start by identifying their most critical criteria, such as avoiding true-ups, managing security vulnerabilities, or optimizing costs. They should then examine these criteria in detail to identify the essential functionalities of a SAM tool that can best meet their needs. Refer to our latest Forrester Wave evaluation of the SAM solutions space to gain insight into each type of functionality, helping you choose the right vendor that aligns with broader organizational goals and objectives. source

Microsoft is basically the biggest name in the business world, whether we’re talking about Microsoft Office apps or Windows running on our computers. One thing they have nailed down is recognizing that their products are well-loved for their simple and familiar interface, but still offering regular updates. Windows 11 Pro was specifically designed for business professionals. You’ll find new tools for productivity and balancing hybrid or remote work with life. With this deal, you can upgrade three devices to Windows 11 Pro — rated 4.5/5 stars by verified purchasers — for just $14.97 at TechRepublic Academy through April 27, 2025. New look, new features The first thing you’ll notice is a redesigned user interface. Rounded app corners, a centered bottom taskbar, snap layouts and widgets all give your computer a refreshed, yet familiar, appearance while offering the latest tools. Then, there are layers of security features like Microsoft Information Protection that protects your personal data from leaks and BitLocker device encryption that encrypts your hard drive with a key. Both of these are excellent for shielding your personal and work information from harm. Designed for the workforce If you’re a remote or hybrid worker, or a business owner or manager with employees around the globe, you’ll appreciate things like: Windows Information Protection allows you to separate work and personal data on the same device. Remote desktop access is included from anywhere. Connect to your Windows 11 Pro computer from another computer, a tablet, or a smartphone. Group Policy Management tools allow enforcement of policies and compliance. Administrators can create settings or access for different devices, users, and groups. Upgrade your operating system to Windows 11 Pro on three devices for only $14.97 (reg. $199), now at TechRepublic Academy, so be sure to take advantage of it before this offer ends on April 27, 2025. Prices and availability are subject to change. source

The past five years have been a whirlwind of change, with unprecedented disruption, turbulent global financial markets, and geopolitical and social upheaval. This volatility has upended carefully crafted tech strategies, budgets, and priorities, leaving technology leaders feeling unsure and overwhelmed. For many, this is a familiar feeling, as we have been down this same path over these past few years. Many leaders and individual contributors alike are running on empty. As much as we want to regain control, lead people through difficult times, and navigate the ongoing chaos gracefully, it can feel like an insurmountable goal in the current reality. To lead through this change, the best approach is to keep it simple and tangible. Focus on clarifying the unclear, celebrating successes, managing risk, and giving employees the space to innovate and take ownership to drive a better path forward. At the same time, tech leaders won’t have a choice — we will need to do more with even less. This will mean dusting off the cost-cutting playbook from prior years to seek out additional optimization opportunities but without sacrificing your AI ambitions. What are a few cost-cutting measures to focus on? Assess and rationalize your portfolio (duh!). We know this one well — and also know that it is easier said than done. Eliminating redundancy is crucial as sprawling portfolios drain budgets and increase security risks. Focus on consolidating contracts, standardizing across business units, and eliminating redundant capabilities. You’ll need a way to prioritize your cuts; lean on your IT financial management practice if you’ve got one. Remember, these cuts aren’t just about freeing up the cash you need, but more importantly, this effort also creates a tighter, cleaner tech stack that enhances data consistency, security, and AI readiness. Quick wins include reclaiming software-as-a-service licenses, sunsetting underutilized software, and removing operational overhead for end-of-life technology. Eliminate cloud waste and seek out discounts. Often hidden within cloud bills is waste, and for those who haven’t formally addressed this, this waste can typically be 30% of the total bill. Use native cloud cost management tools (practically free) or third-party platforms to identify unused, untagged, and poorly fitted instances, potentially yielding significant savings. For larger enterprises, negotiating discounts with hyperscalers can also provide substantial cost reductions. For some organizations, virtualization sprawl or mainframe prioritization can also fend off new purchases by freeing up existing resources for new use. Examine abstraction layers. While virtualization improved IT cost efficiencies, today’s multiple layers, such as hypervisors, app servers, and containers, can create redundancies and high costs. Simplifying these layers can enhance performance and security as well as reduce license costs. Consider managed public cloud services for container runtimes and explore alternative Kubernetes paths and cost-effective open-source options. We include a longer list of options in our report, Technology Leaders: How To Thrive Through Volatility, while digging into enterprise risk management and change leadership to help you navigate these difficult times — again. We will also be hosting a webinar for clients, Leading Through Volatility: Technology Expert Panel, on April 29 at 11 a.m. ET. Join us live or watch it on demand later. Lastly, a few reminders for managing through volatility: Do not abandon long-term, North Star strategies already in place or in development. This will not only hurt your organization but your long-term ability to lead, as your best talent wants to be part of progressing toward a better end state, and when that vision is put aside in times of strife, you risk losing their presence and sliding backwards from any cultural gains when it comes to embedding continuous improvement and curiosity. Your employees will not be quick to forget this and will be less ready to follow you in sunnier times or into the next battle. Without your best talent playing a key part in taking major cultural strides, it will be near impossible to drive the long-term success and transformation needed for your organization. If you want to discuss the report or ways to respond to circumstances specific to your organization, please reach out to schedule an inquiry. source

In 2025, having a well-designed website isn’t merely optional — it’s essential for small businesses seeking credibility, expanded reach, and sustained growth. With 97% of consumers turning to online searches for local businesses, your digital presence directly influences your business’s success. This guide explores essential best practices, tips, and top tools for creating a small business website that effectively builds trust, enhances brand visibility, and converts visitors into loyal customers. Why do small businesses need a website? Everybody now goes online when they need to look up something. In fact, according to a BrightLocal survey, 97% of consumers search online for local businesses, and 12% even do so daily. Suffice to say, a professional website is no longer just optional for small businesses — it’s a necessity. As of 2023, 73% of small businesses in the US already had a website. If these numbers haven’t convinced you yet, here are more reasons, backed by statistics, to convince you that your business needs a digital home — a website. To increase credibility: Having a website signals legitimacy and establishes trustworthiness. An astounding 81% of shoppers research businesses online before purchasing, with 47% specifically seeking out a business’s website. In addition, 75% of consumers judge a company’s credibility based on its website design alone since most transactions are now done online. To expand reach: Roughly 99,000 searches occur on Google every second — over 8 billion per day — making it critical for businesses to be visible online. A website allows your small business to reach customers far beyond your local community. To control their brand narrative: Owning your website ensures you fully control your brand story, accurately showcasing your values, mission, and unique offerings — 50% of consumers believe that a website is central to a business’s overall brand image. To increase visibility in search results: Over 90% of web traffic originates through Google searches, highlighting the importance of a website optimized for search engines. Without a search-friendly website, your business misses out on substantial organic traffic and growth opportunities. To build trust through social proof: Since 55% of consumers specifically search for online reviews when researching businesses online, prominently displaying testimonials and reviews on your site significantly increases consumer confidence, encouraging new customers to trust and buy from your business. To generate and convert leads: Your website can be a powerful marketing and sales funnel. A well-designed website captures visitor information and generates quality leads. With strategic calls-to-action and integrated tools, you can convert these leads faster. Unfortunately, while the majority of small businesses have a website, many still lack an effective online presence. Without a well-designed and updated website, businesses risk appearing outdated, unreliable, or even invisible to potential customers actively searching online. On the other hand, having a well-designed site does far more than just improve your online credibility — it also broadens your reach, attracts new leads, strengthens your brand’s reputation, and ultimately boosts revenue or sales. How to design a small business website Creating a small business website in 2025 requires more than just picking a nice layout and launching a few pages online. To truly stand out and effectively connect with customers, your website needs thoughtful planning, a clear purpose, and attention to modern design principles like mobile optimization, user-friendliness, and compliance with the latest online regulations. This step-by-step guide walks you through the specifics of how to design your small business website, from setting your objectives and mapping out your site’s content to selecting the right tools and ensuring your website is ready to deliver an exceptional customer experience from day one. Step 1: Determine the purpose of your website Building a website for a small business starts with clearly identifying its purpose. Doing so helps you make decisions from budgeting and hosting to design choices. Consider how your customers will interact with your site — whether to gain information, make purchases, or contact you directly. For example, if you want your site to be a credible source of information for your business, then a simple landing page using a free website builder might work already. However, if your website’s primary purpose is to book more clients or sell products, you need to consider additional security and features. These will also likely entail additional costs. TIP: Part of determining your website’s purpose is to understand your audience or potential customers so you can design a customer-centric (user-friendly and intuitive) website. To do this, make sure to: Determine your ideal customer profile, including demographics, preferences, and behaviors. Map out a clear customer journey, from initial discovery through to conversion. Identify the content types your audience engages with most effectively. Step 2: Plan your website structure and pages The next step after determining your website’s purpose is to map out your website structure and identify non-negotiable website pages or key information to include. Here are my recommended site pages every small business website should have, regardless of industry and site purpose: Home: Think of your site’s homepage as the front door for visitors (with your site as your online home on the Internet). It will be the first impression of your brand, so make it engaging, clear, and easy to navigate. About: Use this page to share your company’s background, mission, and what sets you apart. A well-written “About us” section is frequently referenced by journalists, local business organizations, and content creators, making it a valuable resource for external exposure. Contact us: Clearly display your company’s location, phone numbers, professional email addresses, and social media accounts here so contacting your business is straightforward and convenient. Products or services: This is where you showcase what your company offers — whether you’re selling online or providing information. Provide detailed descriptions or images to help visitors easily understand your offerings. Legal notices: Websites now require more than just basic disclaimers or copyright notices. Increasing regulations mean you might need dedicated pages for privacy policies, data protection details, or cookie notices to comply with local and international laws. Examples of these are GDPR, ADA, and CCPA. Beyond these foundational pages, I recommend you also consider adding these helpful sections: FAQs: A Frequently Asked Questions page can save time for both

Google DeepMind has introduced a new approach to securing frontier generative AI and released a paper on April 2. DeepMind focused on two of its four key risk areas: “misuse, misalignment, mistakes, and structural risks.” DeepMind is looking beyond current frontier AI to artificial general intelligence (AGI), human-level smarts, which could revolutionize healthcare and other industries or trigger technological chaos. There is some skepticism over whether AGI of that magnitude will ever exist. Asserting that human-like AGI is imminent and must be prepared for is a hype strategy as old as OpenAI, which started out with a similar mission statement in 2015. Although panic over hyperintelligent AI may not be warranted, research like DeepMind’s contributes to a broader, multipronged cybersecurity strategy for generative AI. Preventing bad actors from misusing generative AI Misuse and misalignment are the two risk factors that would arise on purpose: misuse involves a malicious human threat actor, while misalignment describes scenarios where the AI follows instructions in ways that make it an adversary. “Mistakes” (unintentional errors) and “structural risks” (problems arising, perhaps from conflicting incentives, with no single actor) complete the four-part framework. To address misuse, DeepMind proposes the following strategies: Locking down the model weights of advanced AI systems Conducting threat modeling research to identify vulnerable areas Creating a cybersecurity evaluation framework tailored to advanced AI Exploring other, unspecified mitigations DeepMind acknowledges that misuse occurs with today’s generative AI — from deepfakes to phishing scams. They also cite the spread of misinformation, manipulation of popular perceptions, and “unintended societal consequences” as present-day concerns that could scale up significantly if AGI becomes a reality. SEE: OpenAI raised $40 billion at a $300 billion valuation this week, but some of the money is contingent on the organization going for-profit.    Preventing generative AI from taking unwanted actions on its own Misalignment could occur when an AI conceals its true intent from users or bypasses security measures as part of a task. DeepMind suggests that “amplified oversight” — testing an AI’s output against its intended objective — might mitigate such risks. Still, implementing this is challenging. What types of example situations should an AI be trained on? DeepMind is still exploring that question. One proposal involves deploying a “monitor,” another AI system trained to detect actions that don’t align with DeepMind’s goals. Given the complexity of generative AI, such a monitor would need precise training to distinguish acceptable actions and escalate questionable behavior for human review. source

By Ryan Davis ( April 2, 2025, 11:45 PM EDT) — The Federal Circuit will hear arguments this month in patent cases involving Moderna’s COVID-19 vaccine and a blockbuster Johnson & Johnson schizophrenia drug, and the court will itself be the subject of a case at another appeals court as Judge Pauline Newman seeks to end her suspension…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Last week, I spoke at The-C2 conference in London. The-C2 conference is an invite-only threat intelligence conference run by the team at SE LABS. The core themes of the event were timely and provoked interesting discussion: artificial intelligence, supply chain security, and cyber hygiene. All three of these dominated the conversations surprisingly equally and were — unsurprisingly — very interlinked. Below are a few thoughts on each coming out of the conference. Generative AI Innovation In Security Tools Starts Now We’ve had over two years of generative AI (genAI) developments in security tools, from copilots to AI analyst claims to a resurgence of the autonomous security operations center. “The Blob” strikes again! Yet we’ve seen that many of the features introduced aren’t providing the value that analysts really need. The most common use cases have been content creation (such as human-readable case descriptions or query language conversion) or knowledge articulation (such as chatbots). Human-readable case descriptions are novel, but few security professionals want to read paragraphs on paragraphs of text instead of getting a fast and direct answer. Query language translation from human language is interesting but is only really effective for simple queries. Plus, it may give you less efficient output. Chatbots can be fun to interact with but take the analyst out of their workflow and require even more context switching to use, negatively affecting analyst experience. There are a few cases where genAI features have been very useful, such as automating report writing, translating and localizing between human languages (i.e., Japanese to English, etc.), and script analysis. But the true innovation is on the horizon with AI agents. Some vendors have already released agents that automate alert triage for phishing use cases and some others, including endpoint. Others have built generative AI features to simplify security information and event management (SIEM) migration via translation between SIEM query languages and parsers at scale. The combination of simplifying mundane tasks and doing it all at scale in an explainable way is driving better outcomes for analysts. These innovations are where security professionals should be looking for feature enhancements. Supply Chain Resilience Is A Messy Hair Ball That’s Just Getting Messier Supply chain resilience comes from two sides: securing the software supply chain and building resilience with the nth-party vendors you use via third-party risk management. The software supply chain becomes more complex as generative AI applications grow, particularly when it comes to understanding how data is being used and how to protect it. In some ways, it’s the same old principles. In others … it’s a bit different. One of the highlights of the conference was the conversation around software bills of materials (SBOMs). SBOMs should be a critical requirement for software providers to produce, as they enable teams to know exactly what software is being used and why. And yet the industry has lagged. In my Forrester Wave™ evaluations, I always include a question regarding SBOMs to push security vendors to lead the charge in providing better visibility for customers into their software supply chain. None Of This Matters If You Don’t Do Basic Security Hygiene Enterprise cybersecurity is all about managing trade-offs and resources. All the flashy new technology in the world may help solve the problem but only incrementally. In contrast, if you have a list of critical common vulnerabilties and exposures that you haven’t patched, prioritizing and addressing the ones at the top can have a major, positive impact. Forrester’s research on proactive security strategies shows how to continuously enhance visibility, prioritization, and remediation while customizing prioritization to your business case. We expect these three topics to be major themes in 2025. Check out our report, Top Recommendations For Your Security Program, 2025, to read more about how to defend against the most important changes happening this year. If you have more questions about AI, supply chain resilience, or security hygiene, book an inquiry or guidance session with me or one of my colleagues. source

Vendor relationships have been changing over the years, with more vendor organizations becoming consultative in nature. For decades companies have been adding a service arm to expand their share of wallet, a KPI that doesn’t necessarily benefit customers. The ultimate test of a vendor’s value is the business value realized as the result of the partnership.  “Vendor relationships are more important than ever before,” says AJ Thompson, chief commercial officer at IT consultancy any Northdoor. With technology solutions now so complex and constantly changing, he says you can’t underestimate how important solid relationships between organizations and vendors have become. “This is true in several ways. Tech is getting more complicated by the day, so vendors who really know their stuff are worth their weight in gold. They share knowledge and provide the support you just can’t get elsewhere.”  One of the big benefits of a strong vendor relationship is that enterprises get early access to new technologies and features, which helps chief information officers stay current. It’s also important to have trustworthy vendors that maintain decent security and compliance amid increasingly complex regulatory landscapes.  “When you’ve found good relationships, you end up with solutions that actually fit your needs and more wiggle room during implementation,” says Thompson. “Plus, when things go wrong — and they always do — problems get sorted much faster when you’re on good terms.”  Related:How to Prioritize Multiple Innovation Projects Trust is the necessary foundation, which is built through open communication, solid performance, relevant experience, and proper security credentials and practices.  “[P]eople buy from people they trust, no matter how digital everything becomes,” says Thompson. “That human connection remains crucial, especially in tech where you’re often making huge investments in mission-critical systems.”   For example, when Northdoor was implementing a complex solution for a client with an extremely tight deadline and hit a snag, its primary vendor’s account manager brought in the senior engineering team within hours to resolve the issue.  “[That account manager] knew our business well enough to understand the stakes and trusted us when we emphasized the urgency,” says Thompson. “That kind of responsiveness simply doesn’t happen with transactional vendor relationships. In fact, the client later mentioned that watching how our vendor partner responded during that crisis gave them more confidence in our overall solution than any sales presentation could have.”  Related:Should IT Add Automation and Robotics Engineers? AJ Thompson, Northdoor That’s why Thompson invests significant time in regular face-to-face meetings with Northdoor’s key vendors discussing products and roadmaps and the people behind them.  “Vendors who don’t hide their limitations and are upfront about their capabilities tend to earn trust quickly. Meeting SLAs consistently matters enormously,” says Thompson.   “Those who [understand] the specific challenges of your industry are gold dust, particularly in IT and cybersecurity where proper security practices and the right certifications make all the difference to confidence levels.”   Ashish Malhotra, president at management advisory firm Ampalyst Advisors, says selecting a vendor and executing a professional services agreement is relatively straightforward, but getting it wrong is prohibitively expensive.   “In today’s dynamic technology landscape, vendor selection is more critical than ever,” says Malhotra. “As companies increasingly favor a ‘buy’ over ‘build’ approach, choosing the right vendors becomes paramount.”  Vendors can provide significant value in several ways, such as providing access to global talent and ecosystems, having the flexibility to scale resources up or down as needed, and shifting human capital from fixed to variable costs.   Related:Task Delegation Mistakes IT Leaders Need to Avoid Vendors can also help their customers address in-house skills gaps and reduce managerial overhead costs. Importantly, customers can benefit from the industry expertise gained from multiple client engagements and innovative problem-solving approaches while ensuring adherence to proven methodologies and upskilling internal staff in emerging technologies. However, most important of all is trust.  “Trust is fundamental in partnerships, but in customer-vendor relationships, it must be paired with verification. Third-party governance is a critical function that should remain independent of the outsourcing arrangement,” says Malhotra. “Yet, many organizations make the mistake of allowing vendors to self-govern through dashboards, report cards, and operational meetings leading to weakened oversight.”  An executive-level technology governance framework helps ensure effective vendor oversight. According to Malhotra, it should consist of five key components, including business relationship management, enterprise technology investment, transformation governance, value capture and having the right culture and change management in place.  Beneath the technology governance framework is active vendor governance, which institutionalizes oversight across ten critical areas including performance management, financial management, relationship management, risk management, and issues and escalations. Other considerations include work order management, resource management, contract and compliance, having a balanced scorecard across vendors and principled spend and innovation.  “Vendors that excel in these areas build greater trust,” says Malhotra. “Trust is not an abstract concept — it is measurable through quantifiable performance indicators.”  Igor Epshteyn, president and CEO at digital product engineering company Coherent Solutions, believes as AI, cybersecurity, and compliance requirements are growing more complex, cooperating with a trusted vendor means having a partner who can provide up-to-date solutions.   “For businesses cooperating with IT vendors, it is crucial to choose digital engineering partners who have a proven track record and recommendations and, importantly, can guarantee strong cybersecurity measures,” says Epshteyn.  The Biggest Mistakes Vendors Make  One of the biggest mistake vendors make is failing to drive tangible value for customers. Instead, the relationship is more transactional in nature, with the goal of upselling and cross selling products or solutions regardless of how the implementation will likely playout in the long term.  “Over-promising and under-delivering, poor communication, being stuck in their ways or vanishing after the sale absolutely kill trust and damage relationships beyond repair,” says Northdoor’s Thompson. “Vendors who refuse to adapt to changing needs are a write-off, and those who focus too much on closing deals rather than providing ongoing support won’t keep clients for long.”  Ampalyst’s Mahotra says one of the biggest mistakes vendors make is bundling their services into rigid, all-inclusive packages that customers cannot easily modify.

About seven years ago, I was on an initiative to explore low-code. When I saw Salesforce’s low-code product in demos, my impression was that the product was only suitable for buyers with a strong Salesforce CRM focus — a feeder to drive more revenue into Salesforce’s flagship product. When Salesforce acquired MuleSoft, many worried that it would turn MuleSoft into a similar appendage of Salesforce CRM. While that might have been good for Salesforce shareholders, it would not have been good for MuleSoft customers. Surprisingly, this never transpired. Although they pursued synergies between parent and child companies such as API Community Manager, MuleSoft’s direction has remained appealing to buyers lacking a Salesforce-centric focus. My experience at Salesforce’s TDX 2025 conference makes me believe that there may finally be a pivot to more deeply merge MuleSoft into the broader Salesforce ecosystem, and this time, it may be a good thing. AppGen Encourages Application Vendors To Rethink Their Strategies Before explaining why this may be good, we should first focus on where software is going. The ability of today’s generative AI tools to generate code snippets will evolve into the ability to generate entire applications (a concept Forrester refers to as application generation, or AppGen). The arrival of AppGen is causing larger tech vendors such as Salesforce to increasingly incorporate capabilities like natural language prompting, visual low-code models, domain-specific languages, and integrated lower-level code generation for custom components and extensions. AppGen threatens smaller app-centric vendors that cannot provide these capabilities. One buys applications today because they offer best practices and domain knowledge. Although vendors strive to make their applications flexible, you are still limited to the application’s way of doing things. What if you could generate a bespoke application with a large language model that contains those same best practices and domain knowledge? This will cause application vendors to rethink their strategies. MuleSoft And Salesforce’s Platform Pivot Today, Salesforce has some of the components of a future AppGen development platform: Apex is for pro code and Flow for low-code; Salesforce Data Cloud brings together the organization’s data with zero copy; Agentforce provides emerging AI agent capabilities; Einstein provides generative AI for compressing the software development lifecycle; and MuleSoft is there to link everything together inside and outside of the Salesforce platform. I’m not going to comment on the quality of all these since, as an analyst, I only cover MuleSoft. (My fellow analysts evaluate other components, such as in The Forrester Wave™: Data Lakehouses, Q2 2024, and The Forrester Wave™: Low-Code Development Platforms For Professional Developers, Q2 2023.) Regardless of their current strengths or weaknesses, however, Salesforce has many pieces needed to build a future platform for generating applications. There were several announcements leading up to and during TDX 2025. For MuleSoft, the main thing was integrating it with other Salesforce platform products. A new connector brings Agentforce’s agents into MuleSoft integrations. Topic Center and API Catalog let Agentforce agents use MuleSoft APIs as tools. MuleSoft for Flow lets citizen developers in Flow more easily consume MuleSoft APIs. What I did not notice was a heavy push toward Salesforce’s applications. Of course, that remains the company’s bread and butter, and TDX ’25 is more oriented toward developers than Dreamforce. Nonetheless, my impression is that Salesforce seeks to move beyond its core and create a next-generation platform for building custom applications of any sort. MuleSoft is finally pivoting toward more Salesforce centricity but not in the way many originally feared. Instead of being a feeder to Salesforce CRM applications, it’s becoming a support pillar of a broader software development platform while still remaining a viable product for organizations that have not bought into that broader platform. When AppGen arises as a disruptor to application vendors, Salesforce will be prepared to respond to that disruption. source

At the Tanzu Division of Broadcom, we focus on how our customers can get the most out of cloud native environments while protecting against the slew of new vulnerabilities and attacks targeting their critical business apps. As important as prevention is, reducing the time it takes to recover from a breach or other issues is just as critical, if not more. This is particularly important for our customers functioning in highly regulated industries who have to keep up with continually changing security, privacy, and compliance requirements. We’ve found that the best way to secure large and diverse application estates is to integrate security-enhancing capabilities and processes throughout the entire application dev and delivery cycle. This means approaching security as an integral and continuous part of the cycle. In working with our many global customers, we recommend the following best practices for a continuous approach to security: Weave security in all your processes Adding security earlier in the app dev and delivery cycle is widely recognized as a best practice. However, sometimes it is not enough. Over the years, we have seen that attack vectors are targeting multiple phases of the software delivery cycle, and in some cases, shifting security left has come to mean shifting security decisions on to developers. This undue burden can become disruptive and slow down the app delivery process. With cyberattacks hitting various aspects of the software supply chain, it is imperative to make security an integrated aspect of the software delivery lifecycle. With this in mind, we designed Tanzu Platform to make security easy, while also reducing friction between dev and platform teams. We do this by allowing for separation of concerns and enabling golden paths curated by the platform engineering team. Tanzu Platform also supports patterns and technologies made popular by Spring Framework, leveraging the Buildpacks model, and the incredible Bitnami software catalog on which Tanzu Application Catalog is based. Turn on your automation superpower Infusing policy-based automation into your application platform is one of the best ways to enforce and scale security policies. Platform engineers need to partner with security and compliance teams to create policies based on changing industry guidelines, vulnerability threat level, audit requirements–just to name a few. Doing this reduces friction in the app dev and delivery process, increases security and compliance leaders’ peace of mind, and empowers platform engineers to deliver a secure and frictionless path to production that ultimately yields value-generating innovation.    Adopt a “continuous upgrade” culture Security is not a one-time thing. Infrastructure needs to be secure by design and continuously updated. Introduced several years ago, the 3Rs – Rotate, Repave, and Repair continue to be our north star when it comes to ensuring Tanzu Platform is among the most secure cloud native application platforms. More specifically, the 3Rs mandate that you:  Rotate system credentials every few minutes or hours. Repave every server and application in the datacenter every few hours to a known, good state. Repair vulnerable operating systems and application stacks consistently within hours of patch availability. Ensuring all software is up to date with the most recent patches, security fixes, and regulatory compliance means continuously checking the health of your system and running the most secure versions. This can be overwhelming without the right mindset and processes. So, in addition to keeping up with patches, upgrades, and bug fixes, we recommend that our customers embrace a continuous upgrade and compliance mindset. Read about what we mean by continuous upgrade culture here. Every day, companies are competing for customers and seeking ways to capitalize on market trends and capture new revenue opportunities. At Tanzu, we advocate that technology leaders should treat security as an accelerator rather than an outcome or a one-time “check the box” requirement. For more about Tanzu’s approach to application security, visit the Tanzu and Security page. About Purnima Padmanabhan Broadcom Purnima Padmanabhan is Vice President and General Manager of Broadcom’s Tanzu Division. Prior to joining Broadcom, she was Senior Vice President and General Manager of VMware’s Modern Applications & Management Business and was responsible for application modernization, cloud native application development and multi-cloud management. She previously led the company’s Cloud Management Business. Ms. Padmanabhan has extensive experience building and launching innovative products in cloud infrastructure, security and enterprise mobility. Prior to joining VMware, she was CEO of Cavirin, a cloud security company, where she drove a turnaround. She was previously COO of MokaFive, a desktop virtualization company, and was responsible for global product operations. Ms. Padmanabhan holds an MBA from Stanford University and an M.S. in Computer Engineering from University of Southern California. source