Blog posts by Mike Small


How Does Using Cloud Services Alter Risk

I am often asked “does using a cloud service alter risk?” I always reply to this question with “well it depends”. Every organization has its own set of circumstances, and the answer needs to take these into account. It is also important to think about how the responsibility for security is shared between the service provider and the customer. This blog outlines the core business risks and what organizations need to consider. Business Risks While much discussion focusses on the technical risks, at the business level there are three distinct cyber risks, and...


Digital Transformation - Multi-Cloud and Multi-Complex

Organizations are going through a digital journey to exploit the digital systems to create new services, get closer to their customers and to improve efficiency. This process has been accelerated by the COVID pandemic where survival depended upon being able to change. This has led to a fragmented IT environment using multiple cloud services as well as on premises and edge. The challenge is now how to manage the complexity this has created. There are now many solutions on the market with acronyms like CSPM, CNAPP, CIEM, CWPP. What are these solutions, and do they really help? Digital...


Prepare, Prevent and Protect

Is your Digital Supply Chain your weakest Link? In the 1950’s the Lyons restaurant chain in the UK built their own computer and wrote all the applications that they needed to manage and optimize their operations. This was called LEO – Lyons’ Electronic Office.  Today, this would be impractical, and all organizations now rely on IT software and services delivered from external suppliers. The creates a supply chain that is very attractive to cyber adversaries because of the leverage it provides.  One compromised component is delivered to many potential...


When will Ransomware Strike? Should you Hope for the Best or Plan for the Worst

Why Backup and Disaster Recover is ever more important In May 2021, the Irish health Service (HSE) was hit by a ransomware attack. According to the BBC this caused substantial cancellations to outpatient services and staff having to resort to paper-based systems. The service was still recovering from this attack four months later and, although it said than 95% of its servers had been recovered it still had an area of its website devoted to giving updates. Ransomware has become a rich vein that is being mined by cyber-criminals . Any organization that has money and time critical...


Log4j – How Well Did You Perform?

Over the past few weeks since this vulnerability was made public much has been written by many on what your organization should do about it.  This is not the end of the story; Apache has already released 3 patches for related vulnerabilities, and you need to be ready for the next one when it arrives. With the beginning of 2022 now is the time to step back and review how well your organization met the challenges that this posed.  What will your new year’s resolutions be? In this blog, I will outline some of the questions that you should ask yourself.  How well did...


A Sovereign Cloud Is About More Than Just Privacy

Using cloud services has now become an essential component of digital transformation.  However, the dominant cloud service providers are not European and, following the recent Schrems II judgment, transferring personal data to these services has become increasingly problematic. This is just one factor behind the increased interest in the idea of the sovereign cloud. The Impact of Globalisation Globalization has provided many benefits allowing nation-states and organizations to obtain what they need, when they need it from wherever it is cheapest. This has reduced the costs for...


Google Cloud Digital Sovereignty Announcement

On September 8 th , 2021 Google and T-Systems announced their intention to build and deliver sovereign cloud services for German enterprises, the public sector, and healthcare organizations.  So, what are a sovereign cloud services and why does this announcement matter? Sovereign Cloud The sovereign cloud is seen as a solution to the risks that arise from the increasing dependence of organizations on cloud services that are owned by foreign entities and delivered from outside of the local jurisdictions.  These risks include loss of critical services through geopolitical...


Cisco Future Hybrid Cloud

In early June 2021 Cisco announced its vision for the Future Cloud. This vision comprises two distinct elements – UCS, a unified hyperscale computing infrastructure and tools to provide end to end observability of hybrid cloud services . Hybrid Management Challenge As organizations adopt a hybrid IT delivery approach this increases the challenges of managing and securing the different elements.  Some of which are delivered as cloud services and some in other ways.  Usually, these different elements need different management and security tools and, where hundreds of...


A Cloud for All Seasons

The Coming Storm On April 28 th , 2021 the European Data Protection Board announced that The Portuguese Data Protection Authority (CNPD) ordered INE (National Institute for Statistics) to suspend the sending of personal data from the Census 2021 to the United States. CNPD has issued a decision addressed to INE for the suspension within 12 hours of any international transfer of personal data to the United States or other third countries without an adequate level of protection in the context of Census 2021 questionnaire. If this were your organization, would it be able to...


Cloud Codes of Conduct Get the EU Green Light, but More Is Still Needed

Green Light On May 20 th , 2021 it was announced that the EU Cloud Code of Conduct had received official approval by the Belgian Data Protection Authority, following the positive opinion issued by the European Data Protection Board.  At the same time, the European Data Protection Board (EDPB) comprised of all the European Data Protection Authorities (DPA) provided a favourable opinion that the CISPE Data Protection Code of Conduct complies with the General Data Protection Regulation (GDPR). This has been a long journey – in 2017 we published a Leadership...

Stay Connected

KuppingerCole on social media

Subscribe to our Podcasts

KuppingerCole Podcasts - listen anywhere

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00