LICENSED FOR INDIVIDUAL USE ONLY

The Top Security Technology Trends To Watch,

2020
Ten Security And Risk Technologies Will Disrupt Security And Risk Practices

by Andras Cser, Sandy Carielli, Jeff Pollard, Alla Valente, and Josh Zelonis
June 30, 2020

Why Read This Report Key Takeaways

Analysts from Forrester’s security and risk (S&R)
research team drew insight from client inquiries,
research projects, and industry perspectives
to uncover the top 10 security technologies to
watch. Especially during the current COVID-19
pandemic, security and risk pros should use
this report to cut through the hype and assess
technologies that will disrupt security and risk
practices over the next three years.
Avoid Supply Chain Disruptions By Tooling Its
Management
The current pandemic has greatly contributed
to supply chain failures and, consequently,
disruption of critical services. Forrester predicts
that firms will use supply chain risk intelligence
solutions and mapping tools integrated with
GRC solutions to mitigate supply chain risk and
improve overall business resiliency.

COVID-19 Forces Changes To Access Controls

And Adoption Of New Security Tooling
COVID-19 will lead to reduced security budgets,
forcing firms be more efficient in their security
spend. In response, firms will use the MITRE
ATT&CK framework, adopt Zero Trust-based
identity-centric access controls, protect data with
antisurveillance tools, and invest in securing and
protecting cloud platforms and workloads.

Doing Less With More Bolsters Security

Resourcefulness And Automation
Companies facing security budget cuts will
need to become more resourceful: Focusing
on automation, building in-house security
technologies, and increasing customer-facing
security are early areas of investment. Firms
striving to be leaner will need to develop stronger
business justification processes and reduce
internal process complexities for easier security
to keep firms protected.
This PDF is only licensed for individual use when downloaded from forrester.com or reprints.forrester.com. All other distribution prohibited.
FORRESTER.COM
FOR SECURITY & RISK PROFESSIONALS

The Top Security Technology Trends To Watch, 2020

Ten Security And Risk Technologies Will Disrupt Security And Risk Practices

by Andras Cser, Sandy Carielli, Jeff Pollard, Alla Valente, and Josh Zelonis
with Merritt Maxim, Benjamin Corey, and Peggy Dostie
June 30, 2020

Table Of Contents Related Research Documents

2 COVID-19 Brings Not Only Turmoil But Also Five Dangerous Ways Social Media Is Exploited
Security Transformation For Profit

The Future Of The CISO

Top Recommendations For Your Security

Program, 2020

Share reports with colleagues.

Enhance your membership with
Research Share.

Forrester Research, Inc., 60 Acorn Park Drive, Cambridge, MA 02140 USA

+1 617-613-6000 | Fax: +1 617-613-5000 | forrester.com
© 2020 Forrester Research, Inc. Opinions reflect judgment at the time and are subject to change. Forrester®,
Technographics®, Forrester Wave, TechRadar, and Total Economic Impact are trademarks of Forrester Research,
Inc. All other trademarks are the property of their respective companies. Unauthorized copying or distributing
is a violation of copyright law. Citations@forrester.com or +1 866-367-7378
FOR SECURITY & RISK PROFESSIONALS June 30, 2020
The Top Security Technology Trends To Watch, 2020
Ten Security And Risk Technologies Will Disrupt Security And Risk Practices

COVID-19 Brings Not Only Turmoil But Also Security Transformation

The current pandemic will unavoidably transform the landscape of security technologies. The budget
cuts in IT security spend will force S&R pros to do more with less and justify and prioritize all security
activities and investments. At the same time, these cuts will enable S&R pros to transform their security
operations and technology portfolio by trimming fat and improving the operational efficiency of all
security operations. Some areas for increased investment include focusing on better threat modeling
and increased security automation across the entire IT portfolio. Here are the top 10 security and risk
technology trends Forrester expects will shape the security technology landscape.

No. 1: Application Security Tools’ Integration With CI/CD Pipeline Mitigates Process Gaps

COVID-19 forced security, development, and operations teams into a sudden remote work
environment. Once security teams address the immediate priority of enabling all employees to work
from home (WFH) safely, they must also address the secondary effects of an all-remote workforce.
Process gaps once glossed over through in-person interactions will become harder to ignore, and
leadership charisma that resolved blockers and kept disparate teams aligned will be harder to replicate
on the umpteenth email chain or conference call. This turns DevOps and S&R pros’ attention toward
enhancing continuous improvement/continuous delivery (CI/CD) toolchain integration with static
application security testing (SAST), software composition analysis (SCA), container security, and other
application security tools.

›› Why it will disrupt. Organizations with a strong in-person work culture will struggle to replicate
relationships and problem solving when everyone is working from home. Even organizations with
more mature DevOps practices struggle to integrate security tools into the CI/CD toolchain: Only
47% of organizations with mature DevOps practices have properly integrated SAST, and only 58%
of organizations have properly integrated SCA.1 Problems and sign-offs once addressed quickly
and quietly by an impromptu walk to someone’s office will persist and become more apparent.
Organizations that can’t bridge the gaps will see delayed product releases or increases in the
number of security issues in released products.

›› What you should do about it. Acknowledge the automation and communication gaps head-on.
Gather the security, development, operations, and other key stakeholders together over a series of
online meetings to catalog the process and tooling gaps that are causing bottlenecks. Prioritize the
issues and develop fixes and workarounds — some fixes might be able to use existing tools; some
might involve process changes. Work with your application security vendors to understand which
CI/CD integrations might not be fully realized, and take steps to implement or strengthen those
feedback loops. In parallel, work to rebuild leadership charisma through regular video meetings and
other touchpoints.2 To amplify security’s message, leverage your security champions, those trusted
individuals outside the security team that can translate securityspeak into a language that everyone
can understand.3 These efforts will pay off in a more efficient and collaborative team, even after a
return to the office.

© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 2
Citations@forrester.com or +1 866-367-7378
FOR SECURITY & RISK PROFESSIONALS June 30, 2020
The Top Security Technology Trends To Watch, 2020
Ten Security And Risk Technologies Will Disrupt Security And Risk Practices

No. 2: Risk Intelligence And Supply Chain Management Solutions Deliver Greater Visibility

Supply chains are in a crisis of their own making. Globalization made supply chains longer, efficiency
made them leaner, and cheap foreign labor propelled firms to pursue outsourcing and offshoring as a
primary cost-cutting strategy. Not only do these strategies increase the risks of supply chain disruption,
but given the right circumstances, they can also threaten the firm’s business and operating model.

›› Why it will disrupt. Decades of supply chain optimization efforts focused on efficiency; meanwhile,
risk management remained mostly ad hoc as firms took a reactive approach in responding to
supply chain disruptions. COVID-19 caught many supply chains by surprise, but it shouldn’t
have. We have had multiple warnings and ample time to shore up supply chain risk management.
The IV bag shortage of 2017 caused by damage to a major manufacturer during Hurricane Maria
illustrated the risks of a supply chain concentrated in a single region (in this case, Puerto Rico).
The NotPetya ransomware attack in 2017 on shipping giant Maersk revealed how long supply
chains are interdependent, which means a disruption at subtiers (tiers 2, 3, and 4) can quickly travel
upstream and affect you. Security and risk leaders can no longer afford to abdicate supply chain
risk management to procurement or operations teams and will need to invest in technologies risk
visibility, visualization, and mitigation.

›› What you should do about it. This is the perfect time to shore up your risk management. Although
you will likely build redundancy for critical suppliers, relying on third-party ecosystems will continue
to increase. Invest in supply chain risk intelligence tools for visibility into risks threatening your
suppliers such as cybersecurity, compliance, geopolitical, financial, privacy and trade policies,
and supply chain mapping to visualize the relationships between direct and indirect partners (tiers
1 to 4) and the geographic concentration of the extended supply chain. Use AI/ML-enabled risk
management such as GRC or third-party risk platforms to assess risk exposure, predict likelihood
and impact, automate risk remediation, and catalog third-party relationships, leveraging data
from internal systems (legal, payment, and procurement). A global pandemic was the most recent
source of operational disruption, and it will not be the last. Investing in these risk management
technologies will improve overall business resilience for the future.

No. 3: Using MITRE’s ATT&CK Framework Leads To More Verifiable Security Architectures

Security leaders have long had to rely on supposition and best practices to understand the
technologies they need to defend their organizations. The ATT&CK framework provides a reference
model for measuring the effectiveness of an organization’s threat mitigation strategy and the potential
impact of deploying other security technologies.4 The continued adoption of this framework will allow
S&R pros to build better detection strategies and, ultimately, stronger security infrastructure.

›› Why it will disrupt. Market recessions inevitably lower security budgets but not security
expectations. The current COVID-19 crisis is forcing a transformational paradigm shift with large
numbers of employees working from home instead of the office. At the same time, preliminary
findings indicate that the pandemic is accelerating downward pressure on security budgets, which

© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 3
Citations@forrester.com or +1 866-367-7378
FOR SECURITY & RISK PROFESSIONALS June 30, 2020
The Top Security Technology Trends To Watch, 2020
Ten Security And Risk Technologies Will Disrupt Security And Risk Practices

may take years to recover. As a result, security leaders must act quickly to optimize their existing
infrastructure from a security tooling and a budgetary perspective. This is where MITRE ATT&CK
can play a major role.

›› What you should do about it. There are three critical steps you must take to stay ahead of
the curve. First, identify common techniques that would produce high-fidelity alerts against
adversaries targeting organizations such as yours. Second, test and ensure you can both detect
and respond to these techniques when observed in your environment. Third, leverage your red
teaming exercises, at whatever frequency you perform them, to validate the previous two steps
as effective at mitigating the simulated threat. The capabilities formerly associated with breach
and attack simulation (BAS) are evolving as they integrate with security information and event
management (SIEM) and other technologies to measure the response within the environment to
specific behaviors. These new technologies enable organizations to validate that controls have
been properly deployed and help verify that the organization has coverage of the critical techniques
identified in the ATT&CK framework.

No. 4: Antisurveillance And Privacy Enhancements Emerge To Protect Competitiveness

Security leaders need to adapt to surveillance capitalism, which will require them to deploy
technologies that protect their employees from being surveilled by tech companies, marketers, and, in
some cases, governments. Not doing so will result in competitive risks for the firm, as the amount of
data collected about users such as movement, job functions in IAM systems, authentication patterns,
and cloud app activity could reveal corporate secrets the firm wanted to protect.

›› Why it will disrupt. Antisurveillance software that blocks tracking features (cookies, scripts, and
pop-ups) from websites is often an optional security measure whose deployment IT teams often
leave to individual employees. If employees want to run those tools, they can, but if things break,
the user is responsible for resolving them. Security leaders will soon mandate, invest, and support
tools like these — and more — across the enterprise, creating a new market for antisurveillance
tools. The emergence of this industry segment will create new ways for firms to increase the
operational security of their firms.

›› What you should do about it. Start with setting a strategy for how the security team will help
protect the data that technology firms and data aggregators gather as users traverse the internet
for professional and personal reasons. Then build a business case, which includes explaining to
senior stakeholders how this data can be purchased, collected, and weaponized by competitors
to harm the firm. Finally, identify technologies that help anonymize users, conceal activity, and
block tracking so that data leaks about the organization get minimized. In addition, expand training
initiatives for end users that help them understand how to use these tools, why they are deployed,
and how they help improve security for the employee and the firm.

© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 4
Citations@forrester.com or +1 866-367-7378
FOR SECURITY & RISK PROFESSIONALS June 30, 2020
The Top Security Technology Trends To Watch, 2020
Ten Security And Risk Technologies Will Disrupt Security And Risk Practices

No. 5: Staffing And Budget Cuts Increase Demand For Security Automation

Years of economic growth were great for everyone, including the security team. It’s now a decade-plus
since most security teams had to deal with contracting budgets and necessary tradeoffs. At the same
time, the overall complexity of the IT organization has become the top issue for surveyed global security
decision makers, as data siloes and security products and services that lack integration are direct
causes of friction for security teams.5 With security leaders now forced to reduce budgets (including
headcount and technology spending), doing more with less is the credo for the foreseeable future. Lean
times will get leaner, and those slow to automate will pay the highest price as cuts take shape.

›› Why it will disrupt. Security leaders will face cuts to staffing and programs while needing to
meet the organization’s expanding security and compliance requirements. In the short term,
slower response times will not be a problem, but longer term, security teams that were already
overwhelmed must alleviate the effects of headcount reductions. Manual steps in place for years
that often were not worth the effort to automate will haunt security teams, becoming unsustainable.
Firms will rush toward automation to cope with reduced headcount and to overcome the risk of
slower and less thorough response capabilities that could result in damaging breaches. Automating
repetitive security processes, integrating fully into the IT and development infrastructure, and
breaking down barriers between data silos will help security teams: 1) better preserve their security
posture; 2) mitigate the damage of longer response times; and 3) free up employees from tactical
activity to focus on longer-term strategic initiatives.

›› What you should do about it. Before rushing to automate, make sure that the underlying
processes meet your firm’s security standards — otherwise, you risk automating disaster.
Recognize, too, that automating security tooling for DevOps, where automation is already in place,
is different from automating security and IT processes that were fully manual and that rely on more
external artifacts. When rationalizing security investments, pay close attention to APIs, data feeds,
and out-of-the-box integrations. The easiest first step is to automate gathering the contextual
data that helps practitioners determine if an alert is an incident. If your existing technologies can
be integrated, make steps in that direction. In the short term, you may not be able to switch out
a bloated product that lacks real integration features because it’s too costly to unwind right now.
Note which products require more customization and manual attention, and plan to reevaluate your
investment in the next two years so that the new philosophy of “automation first” continues with
every decision you make.

No. 6: Online Engagement, Retention, And Verification Hinge On High-Performing CIAM

The current trend of transactions shifting from in-person to online, faceless channels is unstoppable,
especially in light of changes imposed by the COVID-19 pandemic. This places further stress not only
on the security organization but also on marketing, line of business, and call center operations whose
digital systems support customers’ online interactions.

© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 5
Citations@forrester.com or +1 866-367-7378
FOR SECURITY & RISK PROFESSIONALS June 30, 2020
The Top Security Technology Trends To Watch, 2020
Ten Security And Risk Technologies Will Disrupt Security And Risk Practices

›› Why it will disrupt. During times when social distancing is the norm, small firms (less than 200 to
300 full-time employees), and, more markedly, larger companies, will all have to be able to serve
increased online customer registration, authentication, and authorized transaction volumes. As
evidenced by excessive recent online wait times at many B2C websites including airlines, travel,
and hospitality, most companies’ customer-facing IAM (CIAM) infrastructures are crumbling under
the increased workload.6 In addition to increased transaction volumes, companies must also pay
attention to increased account takeovers and fraudulent monetary and nonmonetary transactions
from hackers.

›› What you should do about it. The first step is to rethink and streamline identity verification
and online registration processes. S&R pros need to allow for any current physical document
verification processes to be performed online, using a user mobile application. Timing and
performance are also important: Registration and business enrollment should happen within at
most 5 minutes of the customer initiating the process. You should also revisit your applications’
authentication frameworks and centralize them in order to reduce security and CIAM costs.
Keeping website image sizes and payloads to a minimum will also greatly help in achieving and
keeping the successful login processes from taking less than 3 seconds.

No. 7: WFH Makes Passwordless Authentication And A Zero Trust Architecture Mandatory

The crunchy outer shell is gone, and employees working from home spread pieces of the soft-chewy
center around the globe — frequently from bring-your-own devices (BYOD) they share with their
household members. This change will force firms to rethink and change how they manage remote
worker access to corporate systems.

›› Why it will disrupt. In this new WFH model, S&R pros can’t use physical controls such as requiring
access from a specific location (such as an office) for someone coming across the internet from
their own ISP. Management of BYOD devices is another issue, as service desk teams scramble to
configure VPN access that may not even be able to support the large numbers of remote workers
the infrastructure now demands. The emperor really has no clothes, and security professionals
need to figure out a new way of operating.

›› What you should do about it. Passwordless authentication ensures the person authenticating is
the person you think they are and doesn’t leverage persistent credentials that are harder to manage
and identify when stolen.7 When you don’t have visibility into a client environment but must provide
access to assets from that environment, identity becomes the most important control you can
leverage. Remember, something you have is a stronger authentication mechanism than something
you know when everyone is working from home and practicing social distancing, as something you
have is far less likely to be stolen. For these reasons, S&R pros should begin planning to deploy
passwordless authentication for remote workers to enable remote worker productivity without
increasing risks.

© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 6
Citations@forrester.com or +1 866-367-7378
FOR SECURITY & RISK PROFESSIONALS June 30, 2020
The Top Security Technology Trends To Watch, 2020
Ten Security And Risk Technologies Will Disrupt Security And Risk Practices

No. 8: COVID-19 Forces Technology Tradeoffs, Context In Enterprise Risk Management

Every strategic decision creates opportunity risk, that is, the tradeoff of sacrificing alternate paths
when committing to an initiative. For even the most conservative decision makers, COVID-19 is forcing
risk on them, as businesses consider how to return employees safely to the workplace. To facilitate
the return to business, firms will deploy new technologies for health and safety. Understand that new
technologies deployed for health and safety, new ways of working, or to meet federal, state, or country
public safety requirements come with risks.8 Carefully evaluate the impact of those risks to identify
potential consequences and balance new policies with best practices.

›› Why it will disrupt. Compounded by the global economic downturn triggered by the COVID-19
pandemic, cost-cutting measures will be necessary for financial survival; however, firms and
CISOs particularly need to reevaluate which projects get budget and resources and which don’t.
The expression tells us that no good deed goes unpunished, so don’t take for granted that new
safety measures will be universally well received. Business leaders should realize employees and
customers have them under a microscope; the actions and decisions they take today will define
their brands for decades.

›› What you should do about it. Prioritize the health and safety of employees; however, any
mandatory means to collect healthcare status (tracking physical distance or contact tracing) will
come at a price of increased privacy and security costs around data collection and employee
resistance. Update your work-from-home policy, consider extending the work-from-home period,
and factor in employee concerns and fears when planning the return to work.9 Balancing revenue
with reputation when cutting costs will be critical. You must assess the state of the enterprise — is
your company fighting for survival, adapting, or growing?10 Based on the state of the company, this
will require different actions. If you’re fighting to survive, you will need to make cuts in hardware
spending, hiring and new project freezes, and staff furloughs. If you’re adapting, eliminate
redundant controls and expand cloud and remote access.

No. 9: Elastic Workloads Mandate Scalable Cloud Governance And Posture

In the face of mounting operating cost pressures, it’s safe to assume that cloud adoption will accelerate.
Companies with outdated and predominantly on-premises security infrastructure will have a hard time
keeping pace with regulatory requirements and moving their workloads and data to hybrid clouds.

›› Why it will disrupt. Forrester’s customers report that adequately managing cloud governance
(understanding and controlling the full gamut of identity-resource access relationships in cloud
platforms) and cloud security posture (ensuring that the firm understands and manages its cloud
compute, storage, and network configurations and prevents any unintended drifts) presents huge
challenges. Cross-cloud security configuration visibility and control is today impossible to maintain
using either legacy on-premises tools such as CMDB or the built-in tools of a single cloud vendor
such as GCP, AWS, or Azure.

© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 7
Citations@forrester.com or +1 866-367-7378
FOR SECURITY & RISK PROFESSIONALS June 30, 2020
The Top Security Technology Trends To Watch, 2020
Ten Security And Risk Technologies Will Disrupt Security And Risk Practices

›› What you should do about it. Proactive cloud governance goes a long way in preventing
misconfiguration issues. You should ensure that: 1) you have integrated instance creation,
modification, and decommissioning with your scripted CI/CD pipelines; 2) no cloud workload (e.g.,
native EC2, instances, hypervisors, guest operating systems, containers) escapes the scrutiny
and compliance checks of cloud security posture management (CSPM) solutions; 3) all data is
encrypted in the cloud; and 4) the firm owns and manages all cloud data encryption keys (including
those in SaaS apps).

No. 10: Economic Constraints Will Spur DIY Security Innovation

We often depend on commercial vendors to innovate and create security’s next big thing. But easy
access to venture capital funding will no longer be the norm as countries are slow to recover, thus
altering or delaying commercial availability of the next big thing. Headcount and spending cuts don’t
make security problems disappear. Talented internal teams will start building tools to help them solve
their own problems in lieu of external options.

›› Why it will disrupt. No vendor knows the problems security and risk pros face better than the
actual pros running security and risk teams. Even the best vendors struggle to capture the unique
insights into the day-to-day operations that your teams naturally possess. These teams will start
building tools tailored to specific use cases to solve their internal problems. In the short term, that
might benefit their current company, but after discovering that their company was only one of
many that had the same issue, expect a revolution in the next two to three years. Forrester expects
that firms that built these DIY tools, serving only to solve a specific problem at one company, will
discover that there is a vast amount of commercial viability for technologies built by end users to
solve end user problems.

›› What you should do about it. During lean times, it’s hard to justify letting the team experiment and
build things that might not work out. However, problems won’t go away by ignoring them, so this is
less about experimentation and more about unleashing your team’s creativity and technical skill to
internally solve problems with custom solutions. Create a culture of permission to build. Don’t be
afraid to leverage open source toolsets and frameworks; allow teams to script, code, and develop if
they can; and articulate the problems they plan to solve. But when making tooling decisions, always
consider the three-to-five-year total cost of ownership (including labor costs) of an open source
solution. Understand your jobs to be done, use cases, and effort required. Your problems aren’t
unique, which means your team might be creating the next new security capability that others need.
This opens the door to security for profit, as your firm could monetize or spin off the capability.11 It
could also launch a postsecurity career, as discussed in our “Future Of The CISO” report.

© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 8
Citations@forrester.com or +1 866-367-7378
FOR SECURITY & RISK PROFESSIONALS June 30, 2020
The Top Security Technology Trends To Watch, 2020
Ten Security And Risk Technologies Will Disrupt Security And Risk Practices

Engage With An Analyst

Gain greater confidence in your decisions by working with Forrester thought leaders to apply
our research to your specific business and technology initiatives.

Analyst Inquiry Analyst Advisory Webinar

To help you put research Translate research into Join our online sessions
into practice, connect action by working with on the latest research
with an analyst to discuss an analyst on a specific affecting your business.
your questions in a engagement in the form Each call includes analyst
30-minute phone session of custom strategy Q&A and slides and is
— or opt for a response sessions, workshops, available on-demand.
via email. or speeches.
Learn more.
Learn more. Learn more.

Forrester’s research apps for iOS and Android.

Stay ahead of your competition no matter where you are.

Endnotes
Source: “2020 DevSecOps Community Survey,” Sonatype (https://www.sonatype.com/2020survey).
1

Source: “Three Future Of Work Strategies Can Help Your Company Adapt During The COVID-19 Outbreak,” Forrester
2

(https://www.forrester.com/fn/61g8HceSiT7eI0klkclULx).

See the Forrester report “Build A Security Champions Network.”

3

See the Forrester report “The Forrester MITRE ATT&CK Evaluation Guide.”
4

Base: 1,840 global security decision makers (working at companies of 1,000-plus employees). Source: Forrester
5

Analytics Global Business Technographics® Security Survey, 2019.

Source: Heather Kelly, “Press 1 for frustration: Customers run into record phone waits as companies grapple with
6

worker safety,” The Washington Post, April 16, 2020 (https://www.washingtonpost.com/technology/2020/04/14/

customer-service-coronavirus/).

See the Forrester report “Optimize User Experience With Passwordless Authentication.”
7

Source: Theodore F. Claypoole, “Deploying an Army of Robots,” The National Law Review, April 30, 2020 (https://www.
8

natlawreview.com/article/deploying-army-robots) and “Beyond COVID-19: Will you define the new normal or watch it
unfold?” EY, April 14, 2020 (https://www.ey.com/en_gl/covid-19/will-you-define-the-new-normal-or-watch-it-unfold).

© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 9
Citations@forrester.com or +1 866-367-7378
FOR SECURITY & RISK PROFESSIONALS June 30, 2020
The Top Security Technology Trends To Watch, 2020
Ten Security And Risk Technologies Will Disrupt Security And Risk Practices

Source: Kathy Gurchiek, “A Few Large Companies Prolong Work from Home to September and Beyond,” SHRM, May
9

6, 2020, (https://www.shrm.org/hr-today/news/hr-news/pages/covid19-a-few-large-companies-prolong-work-from-
home-to-september-and-beyond.aspx).
10
See the Forrester report “Where To Adjust Tech Budgets In The Pandemic Recession.”
11
See the Forrester report “Security For Profit.”

© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 10
Citations@forrester.com or +1 866-367-7378
 forrester.com

We work with business and technology leaders to drive customer-

obsessed vision, strategy, and execution that accelerate growth.

PRODUCTS AND SERVICES

›› Research and tools
›› Analyst engagement
›› Data and analytics
›› Peer collaboration
›› Consulting
›› Events
›› Certification programs

Forrester’s research and insights are tailored to your

role and critical business initiatives.

ROLES WE SERVE
Marketing & Strategy Technology Management Technology Industry
Professionals Professionals Professionals
CMO CIO Analyst Relations
B2B Marketing Application Development
B2C Marketing & Delivery
Customer Experience Enterprise Architecture
Customer Insights Infrastructure & Operations
eBusiness & Channel ›› Security & Risk
Strategy Sourcing & Vendor
Management

CLIENT SUPPORT
For information on hard-copy or electronic reprints, please contact Client Support at
+1 866-367-7378, +1 617-613-5730, or clientsupport@forrester.com. We offer quantity
discounts and special pricing for academic and nonprofit institutions.

160665