Last week, Forrester hosted our Predictions 2025 Webinar: Technology & Security. We had a great time bantering about some of the most impactful security and technology predictions that our analyst teams called out, including around the ROI for AI initiatives, private cloud and VMware, plans for agentic AI, and enforcing the EU AI Act in 2025. Thanks to the webinar attendees who asked some insightful questions throughout the session! Unfortunately, we ran out of time and couldn’t answer all of your questions, but here are responses to some of the questions we couldn’t get to (questions have been edited for clarity):

  • Which application types will be best suited for on-prem clouds? Private cloud can’t remotely match the firepower, scale, and pace of innovation of the hyperscale public cloud platforms, but this doesn’t mean that private cloud is irrelevant. In fact, private cloud may be the most cost-effective choice for much of enterprise IT, particularly in shops that embrace the enabling style of high-performance IT that focuses on stabilizing and protecting operations that are cost-effective and don’t require vast cloud resources. Then there are workloads where security and sovereignty are paramount and where the autonomy of enterprise IT is critical. Even IT organizations embracing the transforming style of high-performance IT may find that private-cloud-based AI meets their needs, especially if DeepSeek’s claims of AI innovation on garden-variety GPUs become generalized.
  • Do you suggest a formula or criteria to help stakeholders select high-value business use cases for AI? There is no formula, per se. A good way of thinking about it is in the form of a portfolio of use cases and capabilities that are road-mapped with interconnected milestones — some of which deliver quick value and others more so over the longer term (because for some use cases, even high-value ones, it may be better to wait or go slow). Use case selection is complicated for AI and not just driven by monetary value but involves readiness based on four teams: business, data, technology, and governance.
  • Have you observed any recurrent behavior in how and who is writing the AI agenda? Any emerging pattern (e.g., centralization, federation) as the practice evolves in each organization? In Forrester’s State Of Data, Analytics, Measurement, And Insights Survey, 2024, we asked data and analytics decision-makers, “Where does the most senior data and analytics leader report to in your organization?” Thirty-nine percent of respondents say IT and 37% say to the CEO — so the agenda is set by IT leaders or the CEO, as discussed in the webinar. We are seeing a lot of partnership between business and IT and federation.
  • Thinking more about security than AI, I see AI as creating an even higher priority to cover the basics to reduce exposure and risk. Do you agree? We covered this briefly at the end of the webinar, but it deserves a longer response. As we build AI into our systems and applications, a lot of the risks and challenges should look familiar: unprotected API calls into third-party models, unvetted models, and shadow AI. Over the years, we’ve learned lessons about third-party risk management, using open-source and third-party software components safely, and managing and protecting APIs — we need to apply those lessons to AI so that history doesn’t repeat itself yet again.
  • How well are third-party risk management systems factoring risks around AI governance? Many of the platforms that support third-party risk management (TPRM) also enable governance, risk, and compliance (GRC) use cases. These platforms support AI governance by helping organizations get a handle on the range of AI use cases that their companies deploy and the variety of models that support them — inventory assets, systems, and third-party entities, as well as support AI policy creation, distribution, and tracking. Generative AI features of GRC and TPRM platforms have quickly become standard to how risk pros manage the risks of AI in their organizations. Additionally, AI governance platforms are emerging as a new market forecasted to grow at a 30% compound annual growth rate to the end of this decade. There’s more to come on this, with Forrester planning new, groundbreaking evaluative research on AI governance platforms in 2025.

Thanks again to all the attendees who asked such insightful questions! If you missed the webinar, you can still check out the replay here. Forrester clients, be sure to check out all of our 2025 Predictions reports and set up an inquiry or guidance session if you want to dive in further.