Professional Documents
Culture Documents
This PDF is only licensed for individual use when downloaded from forrester.com or reprints.forrester.com. All other distribution prohibited.
forrester.com
For Security & Risk Professionals
8 Vendor Profiles
Challengers
12 Evaluation Overview
14 Supplemental Material
To Stay Relevant, WAFs Must Offer More Than OWASP Top 10 Detection
Web application firewalls (WAFs) initially focused on protecting web applications from common
vulnerabilities like SQL injection, cross-site scripting, and other members of the OWASP Top 10. WAFs
remain a fundamental technology for application security protection, but customer requirements have
changed. While the OWASP Top 10 remains a core use case, customers expect WAFs to provide
protection against an ever-broader spate of application attacks, including API-based attacks, client-
side attacks, and even bots. Furthermore, the adoption of DevSecOps means that WAFs must
integrate with the rest of the application development and security infrastructure and help security
leaders quickly identify and respond to application threats. Organizations want more from their WAF
providers — and the degree of negative feedback from vendor-supplied references in this Forrester
Wave warns that, unless vendors adapt, the WAF market is ripe for disruption.
As a result of these trends, WAF customers should look for providers that:
›› Extend beyond traditional WAF protections. As the range of attacks against web applications
increases, WAF providers that merely focus on protecting against the OWASP Top 10 won’t remain
relevant. Over the past year, organizations such as Hostinger and Xiaomi have been subject to
attacks via their APIs, and attackers have breached thousands of sites, including Macy’s and the
Baseball Hall of Fame, through client-side components.1 The leading WAF providers must provide an
integrated approach to old and emerging attack approaches by supporting OAUTH, allowing users to
import API configuration files in multiple formats, and detecting header and referrer verifications.
›› Offer enriched threat intelligence. Robust protection from zero-day attacks and emerging threats
requires an extensive threat intelligence function combined with the ability to automatically push
new, pretested rules to users. WAF providers must leverage a wide range of external threat feeds
and augment them with a dedicated internal team that proactively identifies threats and applies
machine learning to analyze traffic patterns across the customer base. Customers must ask
WAF vendors not only about threat intelligence sources but about how rapidly that intelligence is
analyzed and fed into new rules.
›› Integrate natively with the software development lifecycle (SDLC). While WAFs live in the
deployment side of the application security landscape, developers and security teams leverage
WAF detections to prioritize additional safeguards in developed code. Firms purchase expensive
threat feeds but often ignore the ones they get for free and that are tailor-made for them — the
attack information from their protection technologies. Developers use this attack data to prioritize
what security flaws to fix first or to add additional production protections when fixes are not
imminent, such as custom WAF rules. Look for providers that offer multiple out-of-the-box (OOTB)
integrations with DevOps tools to fit into the deployment process, alerting and notification tools to
reach application owners, and prerelease scanning tools to create and modify WAF rules.
© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 2
Citations@forrester.com or +1 866-367-7378
For Security & Risk Professionals February 26, 2020
The Forrester Wave™: Web Application Firewalls, Q1 2020
The 10 Providers That Matter Most And How They Stack Up
Evaluation Summary
The Forrester Wave™ evaluation highlights Leaders, Strong Performers, Contenders, and
Challengers. It’s an assessment of the top vendors in the market and does not represent the entire
vendor landscape. You’ll find more information about this market in our “Now Tech: Web Application
Firewalls, Q4 2019.”
We intend this evaluation to be a starting point only and encourage clients to view product evaluations
and adapt criteria weightings using the Excel-based vendor comparison tool (see Figure 1 and see
Figure 2). Click the link at the beginning of this report on Forrester.com to download the tool.
© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 3
Citations@forrester.com or +1 866-367-7378
For Security & Risk Professionals February 26, 2020
The Forrester Wave™: Web Application Firewalls, Q1 2020
The 10 Providers That Matter Most And How They Stack Up
Strong
Challengers Contenders Performers Leaders
Stronger
current
offering
Akamai
Technologies
F5 Advanced WAF
Imperva Cloud
Barracuda Networks WAF
Radware
F5 Silverline
Rohde & Schwarz
Imperva WAF Gateway
Cybersecurity
Amazon
Microsoft Web Services
Weaker
current
offering
Market presence
© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 4
Citations@forrester.com or +1 866-367-7378
For Security & Risk Professionals February 26, 2020
The Forrester Wave™: Web Application Firewalls, Q1 2020
The 10 Providers That Matter Most And How They Stack Up
es
es
ks
ic
gi
AF
rv
or
lo
Se
W
no
et
d
eb
ed
ou
ch
N
W
nc
gh r’s
da
Te
re
C
g
tin
fla
ei te
va
on
cu
a
ai
w res
ab
ud
Ad
am
az
rra
ib
lo
Am
r
Ba
Ak
Fo
F5
Al
C
Current offering 50% 4.07 1.81 1.21 3.18 1.93 3.25
Attack detection 30% 4.40 1.80 1.05 3.90 1.80 4.50
Attack response 20% 3.80 2.40 0.70 3.60 2.40 3.60
Management interface 15% 4.60 2.15 2.40 2.00 2.60 4.40
Zero-day attacks 10% 3.60 1.40 1.10 2.40 1.60 0.50
Reporting and analytics 15% 4.00 1.60 1.30 3.40 1.00 1.90
Feedback loops 10% 3.40 0.90 0.90 2.40 2.10 1.80
© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 5
Citations@forrester.com or +1 866-367-7378
For Security & Risk Professionals February 26, 2020
The Forrester Wave™: Web Application Firewalls, Q1 2020
The 10 Providers That Matter Most And How They Stack Up
ay
ew
AF
y z
at
W
rit ar
G
cu hw
ud
AF
e
lo
se c
lin
er S
gh r’s
C
g
ft
e
er
yb &
tin
ei te
so
ar
rv
rv
lv
C de
w res
dw
ro
Si
pe
pe
h
ic
r
Ro
Ra
Fo
F5
Im
Im
M
Current offering 50% 2.52 3.02 2.34 1.04 2.83 2.06
Attack detection 30% 2.50 3.10 2.30 1.05 2.20 3.60
Attack response 20% 3.60 3.00 3.00 0.70 5.00 2.10
Management interface 15% 1.50 2.80 1.30 1.50 1.80 1.20
Zero-day attacks 10% 2.60 5.00 1.40 0.50 2.40 0.50
Reporting and analytics 15% 3.10 3.00 3.30 1.60 2.50 0.70
Feedback loops 10% 1.00 1.20 2.20 0.70 2.80 2.20
© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 6
Citations@forrester.com or +1 866-367-7378
For Security & Risk Professionals February 26, 2020
The Forrester Wave™: Web Application Firewalls, Q1 2020
The 10 Providers That Matter Most And How They Stack Up
Vendor Offerings
Forrester included 10 vendors in this assessment: Akamai Technologies, Alibaba Cloud, Amazon Web
Services (AWS), Barracuda Networks, Cloudflare, F5 Networks, Imperva, Microsoft, Radware, and Rohde
& Schwarz Cybersecurity (R&S) (see Figure 3). F5 Networks and Imperva had multiple products, which
Forrester evaluated separately to highlight the differences when these products are purchased separately.
Product version
Vendor Product evaluated evaluated
Radware AppWall, Alteon, Cisco WAF, Cisco ACI, AppWall VA, Alteon AppWall 7.5.6,
VA, Cloud WAF Cloud WAF 19.7.3,
Alteon 32.4.00
© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 7
Citations@forrester.com or +1 866-367-7378
For Security & Risk Professionals February 26, 2020
The Forrester Wave™: Web Application Firewalls, Q1 2020
The 10 Providers That Matter Most And How They Stack Up
Vendor Profiles
Our analysis uncovered the following strengths and weaknesses of individual vendors.
Leaders
›› Akamai Technologies offers a cloud-agnostic WAF solution at the edge. Akamai’s WAF,
Kona Site Defender, is one in a suite of security products that also includes DDoS protection, bot
management, and an API gateway available to Akamai’s CDN customers. Akamai has invested
in API protection, with customers able to import Swagger or RAML files into the management
console. The recent acquisition of ChameleonX hints at Akamai’s roadmap for protecting third-
party scripts from Magecart-like attacks.
In a sea of middling WAF customer references, Akamai stood out among the vendors for its across-
the-board positive reviews, with particularly high marks for attack detection, attack response,
and internal threat intelligence. Customers also appreciated the ability to easily add other Akamai
performance and security products. Some of the customer challenges focused on communication
and relationship — one reference wanted more communication “on when changes are being
made to the underlying rules maintained by Akamai,” while another was frustrated by the frequent
turnover of their account team. Akamai CDN customers are well suited to take advantage of Kona
Site Defender.
›› Imperva Cloud WAF is the more mature of Imperva’s WAF solutions. Previously known as
Incapsula, Cloud WAF is one of two WAF products in Imperva’s portfolio that we evaluated
separately. Imperva offers a full suite of deployment-side application protections — including WAF,
bot management, RASP, DDoS, API security, and analytics solutions — and their go-to-market
approach, called FlexProtect, focuses on solution bundles. In 2019, Imperva introduced a user
community where customers engage with Imperva experts and each other; the community offers
discussion boards, how-to videos, and community blogs.
Ease of use was a common theme among Imperva’s reference customers, who rated the UI highly
and were pleased the product could be both intuitive and effective. However, feedback loops
remain a source of frustration: More than one reference struggles with SIM integration. Customers
seeking a full application security stack and a modern user experience would benefit from
Imperva’s Cloud WAF solution. Note that Cloud WAF is also available as a managed service.
Strong Performers
© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 8
Citations@forrester.com or +1 866-367-7378
For Security & Risk Professionals February 26, 2020
The Forrester Wave™: Web Application Firewalls, Q1 2020
The 10 Providers That Matter Most And How They Stack Up
Barracuda has invested in API security, including JSON payload inspection and YAML file import,
with additional features on the roadmap. Barracuda’s reference customers praised the WAF as
offering good value for the price, appreciated the ease of use, and noted recent improvements in
logging. Top criticisms targeted internal threat intelligence and feedback loops. Customers also
wished for “better centralized logging” and “a more responsive UI.” Given the company’s focus on
the CloudGen and SaaS WAF products, customers looking for a public cloud deployment option
should consider Barracuda.
›› F5 Networks’ Advanced WAF offers rich rulesets and centralized management. F5 offers
two WAF products — Advanced WAF and Silverline — that we evaluated separately. Customers
can deploy Advanced WAF as a hardware appliance, as a virtual appliance, or in public cloud —
Advanced WAF is available in AWS, Azure and Google Cloud. F5’s BIG-IQ platform offers a centralized
management console for all WAF deployments, and the company envisions consolidating its WAF
products on top of a single engine. F5 has shifted its go-to-market to position application security as
the central offering rather than an add-on.
Forrester received limited, mixed feedback on F5’s Advanced WAF. Although customer references
praised F5 Networks’ out-of-the-box ruleset — “I can accomplish almost everything I need
to with default signatures” — and gave high marks for attack detection, attack response, and
management, F5 garnered low grades for internal threat intelligence, reporting, and feedback
loops. F5 Advanced WAF is a good option for customers needing a feature-rich platform and who
are willing to manage it.
Contenders
›› Imperva WAF Gateway offers an on-premises solution with a path to the cloud. One of two
WAF products in Imperva’s portfolio that were evaluated separately, WAF Gateway was formerly
called SecureSphere and provides an on-premises solution for industries and regions not ready
© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 9
Citations@forrester.com or +1 866-367-7378
For Security & Risk Professionals February 26, 2020
The Forrester Wave™: Web Application Firewalls, Q1 2020
The 10 Providers That Matter Most And How They Stack Up
to move to cloud. As with Cloud WAF, Imperva includes WAF Gateway as an option in FlexProtect
solution bundles and gives customers access to experts and peers through the user community.
Imperva’s roadmap includes a unified management console and single WAF sensor for its Cloud
WAF and WAF Gateway offerings.
A unified management console would be welcome, since unlike Cloud WAF’s modern UI, WAF
Gateway’s user experience is decidedly out of the mid-2000s. One customer complained, “The
UI has not been updated and feels out of date. It makes management and investigations in the
console very difficult.” Reference customers also criticized feedback loops and struggled with
customer support, but they were enthusiastic about WAF Gateway’s attack detection and response
capabilities. For customers still preferring an on-prem solution and willing to bet on an eventual
cross-sharing of features with Cloud WAF, WAF Gateway remains a viable WAF solution.
Managed services played heavily into customer feedback — references appreciated they didn’t
have to do the work and praised the F5 team’s responsiveness. However, there was some
frustration with feedback loops, particularly around logging and SIM integration. One customer
noted the WAF tool didn’t export all data to their SIM, “so we have to work around getting
necessary log data to the parties that need it.” Customers also hoped to see more-granular
reporting and the ability to generate and export metrics. Customers unable or unwilling to fully
manage a WAF should consider F5 Silverline’s Managed WAF. Those with apps built exclusively on
common tech stacks should investigate Silverline WAF Express.
›› Amazon Web Services combines several services into a complete security solution. AWS
WAF, for detection and protection, and AWS Firewall Manager, for centralized rule management,
are part of an application security suite that also includes AWS Shield for DDoS protection. The
AWS Management Console provides the management UI for all AWS services and closely ties
together the interfaces for WAF, Firewall Manager, and Shield. Customers can deploy AWS WAF for
applications running in EC2, ECS, Lambda, or on-prem.
AWS’s services collate and feed logs to a SIM, manage metrics and alarms, enrich data, build
queries, and create business intelligence reports. This ecosystem has value but also means
customers must implement an array of services to create a fully functioning WAF. Reference
customers appreciated the AWS native experience and the well-documented APIs but expressed
frustration with reporting and zero-day protection. One reference noted, “In order to meaningfully
© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 10
Citations@forrester.com or +1 866-367-7378
For Security & Risk Professionals February 26, 2020
The Forrester Wave™: Web Application Firewalls, Q1 2020
The 10 Providers That Matter Most And How They Stack Up
use the WAF product, you must create your own rules.” AWS WAF is a good fit for customers
seeking an AWS native solution, undaunted by a plethora of cobbled-together services, and that
appreciate API deployment and configuration.
›› Alibaba Cloud WAF leverages Alibaba Cloud’s presence in the China and AP markets. While
Alibaba Cloud WAF has primarily been a cloud offering in China and available to Alibaba Cloud
customers, the company is expanding into Southeast Asia and plans to address hybrid cloud
through deployment options with other public clouds or on-prem. Alibaba Cloud offers 24x7
customer support groups on the Dingtalk communication and collaboration platform.
Alibaba Cloud’s roadmap highlights API security as a top priority, aligning with Forrester’s
observation that Alibaba Cloud’s API protection is limited. APIs were also a theme with reference
customers, who asked for API and mobile SDKs. Otherwise, references had few complaints, and
gave high marks to Alibaba Cloud WAF’s attack detection and defense against zero-day attacks.
Alibaba Cloud WAF is a good option for customers who want a top player in the China and Asia
Pacific regions that prioritizes a responsive service team.
Challengers
›› Microsoft’s Azure WAF is an early-stage product in a mature market. Microsoft first offered
Azure WAF in 2017 as an integration with an Application Gateway to protect public or private
websites. As of mid-2019, Azure WAF also integrates natively with Azure Front Door at the network
edge, combining application security and performance functions. Azure WAF protects applications
within Azure, hosted in other clouds or deployed on-premises. The product integrates with services
such as Azure Log Analytics and Azure Monitor.
Microsoft could only provide limited customer feedback; references appreciated Azure WAF’s
native integration to Azure Resource Manager but wanted to see more OOTB compliance reporting.
One reference noted, “Until recently, the product was still lacking the ability to create custom
policies,” a common feature long supported by enterprise-class vendors. Feature gaps were a
trend in the Azure WAF evaluation, as the product doesn’t: 1) perform data leak protection; 2)
integrate with vulnerability scanners; 3) offer device fingerprinting; or 4) offer protection against
client-side attacks. Customers might consider Azure WAF if they have more-limited feature
requirements and like Azure WAF’s native integrations.
›› Cloudflare integrations drive flexible and simple customer experience. Cloudflare WAF
integrates with the rest of its suite, including the CDN, load balancing, smart routing, and bot
management. Cloudflare focuses on implementation, with the intention of users configuring WAF
features through the dashboard, the API, and/or Terraform. To address client-side attacks, data
loss prevention, and other custom rules the WAF doesn’t address natively, Cloudflare implemented
the Workers platform to let customers build custom code at the CDN edge. Cloudflare recently
announced the GraphQL Analytics API, which underpins its Firewall Analytics dashboards and
helps customers query and build their own dashboards.
© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 11
Citations@forrester.com or +1 866-367-7378
For Security & Risk Professionals February 26, 2020
The Forrester Wave™: Web Application Firewalls, Q1 2020
The 10 Providers That Matter Most And How They Stack Up
Since our last WAF evaluation, Cloudflare has also invested in a rule creation interface, reporting,
managed rulesets, and predeployment rule testing — features that do not leapfrog the competition
but bring Cloudflare closer to parity. Reference customers all highlighted ease of use or ease of
implementation — one customer referred to Cloudflare as “intuitively usable.” The biggest criticism
was around Cloudflare’s internal threat intelligence, and there were requests for additional logging
features and integrations. Existing Cloudflare customers looking for seamless integration and a
solid user experience should consider the Cloudflare WAF.
›› R&S offers an on-prem, SaaS, and managed solution for the European market. Rohde &
Schwarz Cybersecurity’s Web Application Firewall is available as an enterprise edition and a
business edition. While the enterprise edition includes all features, the business edition targets
SMBs and is positioned as more of an entry-level WAF that supports fewer form factors, fewer
application types, and fewer features. R&S also recently launched Cloud Protector, a cloud-based
WAF available as SaaS or managed service and hosted in European data centers.
Reference customers rated attack detection highly but gave APIs mixed reviews, with one
reference calling the API “lean.” References spoke positively about R&S’s simplicity and usable
management console — the question is, which one? Between the Cloud Protector management
console, the traditional R&S WAF management application, and the Kibana-based dashboard
and reports, R&S is a tale of multiple UIs. The business and enterprise editions support different
functionality — customers must understand the differences and choose wisely. European
customers and others with data sovereignty concerns will appreciate R&S’s on-prem and EU-
hosted options and regulatory alignment.
Evaluation Overview
We evaluated vendors against 33 criteria, which we grouped into three high-level categories:
›› Current offering. Each vendor’s position on the vertical axis of the Forrester Wave graphic
indicates the strength of its current offering. Key criteria for these solutions include attack
detection; attack response; management interface; protection against zero-day attacks; reporting
and analytics; and feedback loops with developer, SecOps, and prerelease scanning tools.
›› Strategy. Placement on the horizontal axis indicates the strength of the vendors’ strategies. We
evaluated product strategy, market approach, execution roadmap, training and community, and
performance.
›› Market presence. Represented by the size of the markers on the graphic, our market presence
scores reflect each vendor’s installed base and revenue.
© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 12
Citations@forrester.com or +1 866-367-7378
For Security & Risk Professionals February 26, 2020
The Forrester Wave™: Web Application Firewalls, Q1 2020
The 10 Providers That Matter Most And How They Stack Up
Forrester included 10 vendors in the assessment: Akamai Technologies, Alibaba Cloud, Amazon Web
Services, Barracuda Networks, Cloudflare, F5 Networks, Imperva, Microsoft, Radware, and Rohde &
Schwarz Cybersecurity. Each of these vendors has:
›› A comprehensive, enterprise-class WAF tool. All vendors in this evaluation offer a range of WAF
capabilities suitable for security pros. Participating vendors were required to have most of the
following capabilities out of the box: attack detection for web applications, including APIs; ability
to block attacks, including zero-day attacks; the use of machine learning to modify rules; and the
ability to visually report attacks.
›› $10 million or more in global WAF revenue. All vendors in this evaluation earned $10 million or
more in global revenue — no more than 90% revenue attributed to a single region — directly from
WAF capabilities.
›› Interest from or relevance to Forrester clients. Forrester clients often discuss the participating
vendors and products during inquiries and interviews. Alternatively, the participating vendor may, in
Forrester’s judgment, have warranted inclusion because of technical capabilities and market presence.
© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 13
Citations@forrester.com or +1 866-367-7378
For Security & Risk Professionals February 26, 2020
The Forrester Wave™: Web Application Firewalls, Q1 2020
The 10 Providers That Matter Most And How They Stack Up
To help you put research Translate research into Join our online sessions
into practice, connect action by working with on the latest research
with an analyst to discuss an analyst on a specific affecting your business.
your questions in a engagement in the form Each call includes analyst
30-minute phone session of custom strategy Q&A and slides and is
— or opt for a response sessions, workshops, available on-demand.
via email. or speeches.
Learn more.
Learn more. Learn more.
Supplemental Material
Online Resource
We publish all our Forrester Wave scores and weightings in an Excel file that provides detailed product
evaluations and customizable rankings; download this tool by clicking the link at the beginning of this
report on Forrester.com. We intend these scores and default weightings to serve only as a starting
point and encourage readers to adapt the weightings to fit their individual needs.
A Forrester Wave is a guide for buyers considering their purchasing options in a technology
marketplace. To offer an equitable process for all participants, Forrester follows The Forrester Wave™
Methodology Guide to evaluate participating vendors.
© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 14
Citations@forrester.com or +1 866-367-7378
For Security & Risk Professionals February 26, 2020
The Forrester Wave™: Web Application Firewalls, Q1 2020
The 10 Providers That Matter Most And How They Stack Up
In our review, we conduct primary research to develop a list of vendors to consider for the evaluation.
From that initial pool of vendors, we narrow our final list based on the inclusion criteria. We then gather
details of product and strategy through a detailed questionnaire, demos/briefings, and customer
reference surveys/interviews. We use those inputs, along with the analyst’s experience and expertise in
the marketplace, to score vendors, using a relative rating system that compares each vendor against
the others in the evaluation.
We include the Forrester Wave publishing date (quarter and year) clearly in the title of each Forrester
Wave report. We evaluated the vendors participating in this Forrester Wave using materials they
provided to us by December 3, 2019 and did not allow additional information after that point. We
encourage readers to evaluate how the market and vendor offerings change over time.
In accordance with The Forrester Wave™ Vendor Review Policy, Forrester asks vendors to review our
findings prior to publishing to check for accuracy. Vendors marked as nonparticipating vendors in the
Forrester Wave graphic met our defined inclusion criteria but declined to participate in or contributed
only partially to the evaluation. We score these vendors in accordance with The Forrester Wave™ And
The Forrester New Wave™ Nonparticipating And Incomplete Participation Vendor Policy and publish
their positioning along with those of the participating vendors.
Integrity Policy
We conduct all our research, including Forrester Wave evaluations, in accordance with the Integrity Policy
posted on our website.
Endnotes
Source: Daugirdas Jankus, “Security Incident: What We Did to Improve Security of Our Infrastructure,” Hostinger Blog,
1
Source: Pierluigi Paganini, “Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack,” Security Affairs, October
30, 2019 (https://securityaffairs.co/wordpress/93062/hacking/xiaomi-furrytail-pet-feeders-hack.html).
Source: Lee Mathews, “Baseball Hall Of Fame Website Hacked With Credit Card Stealing Malware,” Forbes, August
9, 2019 (https://www.forbes.com/sites/leemathews/2019/08/09/baseball-hall-of-fame-website-hacked-with-credit-
card-stealing-malware/#6274ca825fa4) and Ali Raza, “Macy’s Suffers Data Breach via Infected Payment Portal,”
BeInCrypto, November 21, 2019 (https://news.beincrypto.com/2019/11/20/macys-suffers-data-breach-due-to-
infected-payment-portal/).
© 2020 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. 15
Citations@forrester.com or +1 866-367-7378
forrester.com
Client support
For information on hard-copy or electronic reprints, please contact Client Support at
+1 866-367-7378, +1 617-613-5730, or clientsupport@forrester.com. We offer quantity
discounts and special pricing for academic and nonprofit institutions.
157258