Lead Analyst

Paul Fisher

Paul Fisher is a Senior Analyst who researches primarily on cybersecurity and identity and access management (IAM). He also studies trends in AI, IoT and data governance for different industry sectors including automotive. Paul is responsible for managing relevant quantitative research at KuppingerCole.

He has been an IT journalist and analyst since 1991. In that time, he served as editor in chief of several major IT and business titles in the UK. Paul has worked as a communications consultant with IBM, HP Enterprise Security Services, Sky UK and other leading companies on data security and IT projects.

Latest research

Cloud Access Governance
January 26, 2023
Across the globe there has been a significant increase in the adoption of cloud and multi-cloud environments, as businesses scramble to take advantage of digital transformation. With more clouds comes more access and more data spread across expanding IT infrastructures. With a further shift…
Leadership Compass
Privileged Access Management
January 11, 2023
This KuppingerCole Leadership Compass provides an overview of insights on the leaders in innovation, product features, and market reach for Privileged Access Management (PAM). These vendors use a variety of software tools to enable organizations to control, and monitor privileged access to…
Secure Software Supply Chains
January 04, 2023
Major cyber-attacks such as the SolarWinds and Kaseya incidents demonstrate the need to focus significantly more on software supply chain security as well as traditional cyber defense areas. Avoiding the code tampering that occurred in both of those attacks by criminals and internal…
Executive View
Beyond Identity Secure DevOps
November 25, 2022
Organizations that fail to secure access to resources are at risk of suffering from cyberattacks, data loss or compliance failure. As the market grows and business demands become more acute, vendors are innovating to provide secure authentication for dynamic access to resources in the cloud…
Understanding and Managing Privileged Access to Databases and Other Data Resources
October 13, 2022
This Whitepaper analyses the issues surrounding access management, privacy, security and compliance when identities access compute and storage resources, with a special focus on database technologies commonly found in modern enterprises.
Executive View
NETAND HIWARE Privileged Session Management (PSM)
October 13, 2022
As organizations modernize IT and adopt multi-cloud infrastructures to support evolving business processes involving thousands of users and workloads, it’s difficult to know who has access to what data across which platforms. This lack of visibility and security can lead to chronic loss of…

Latest blog posts

A New Pamocracy is Growing Inside Your Organization
March 23, 2023
A New Pamocracy is Growing Inside Your Organization When you were not looking, the number of privileged identities you manage went from thousands to millions OK everybody is doing it right now, so I asked the analyst’s new best friend, Chat GPT , to define Privileged…
Stop attackers enjoying a pick ‘n’ mix attack surface
December 09, 2021
We know that the way forward for business IT is to use multi-hybrid architectures for long term agility of operations. Such architectures will include multiple clouds for new services, on-prem stacks, edge devices, OT integration and much more. But while the need for multi-hybrid is clear,…
Complex Modern Business Needs Trusted IT Partners to Be Secure
October 08, 2021
In today’s business environment, companies have three major challenges – making a profit, finding great people, and staying ahead of the competition. That’s quite enough, but they also have major operational challenges with IT, cyber security, and compliance. For example,…
Microsoft’s Threat Intelligence Play is Good News for Customers in Fight Against Ransomware
July 19, 2021
This week, Microsoft made official its agreement to acquire Threat Intelligence vendor RiskIQ in a deal rumoured to be worth around $500m. It is not an unusual event; Microsoft has absorbed five businesses already in 2021, and usually it is to acquire a discrete technology it deems useful…
PAM Is Changing and You Need to Know Why
April 22, 2021
What is left to say about PAM that has not already been said? Well in my opinion, quite a lot – as I hope you find out when you join me at the forthcoming KCLive Event, Operationalizing Privileged Access Management. I talk to PAM vendors all the time and I believe it is a truly…
Time CISOs Stopped Trying to Speak to the Board?
March 31, 2021
I have been covering cybersecurity issues, first as a journalist then as an analyst, since 2006. In that 15 years I have heard the mantra that security is a boardroom issue hundreds of times. The subject has filled countless conference talks and media articles. It appears that the…

Latest videos

Webinar Recording
Understanding the Privacy Evolution to Get Ahead of the Curve
March 01, 2023
Join privacy experts from KuppingerCole Analysts and OneTrust as they discuss the evolving privacy landscape and how businesses can navigate it successfully, as well as share guidance on how to evolve privacy programs to become embedded in corporate culture and technology. Paul Fisher,…
Webinar Recording
Championing Privileged Access Management With Zero Trust Security
January 20, 2023
A modern approach to securing privileged accounts is to apply the principle of Zero Trust: Never trust, always verify. While Zero Trust is not an off-the-shelf solution, it is modern vendors of PAM solutions that recommend using this security principle to cement the technical capabilities…
Analyst Chat
Analyst Chat #156: CIEM Is Entering the Privileged Access Management Market
January 16, 2023
The PAM market is changing and expanding. Paul Fisher talks about the latest trends for Privileged Access Management, the role of CIEM, mergers and newcomers in this important market segment.
Webinar Recording
Implementing Zero Trust With Privileged Access Management Platforms
December 16, 2022
Among the many approaches to do that, Zero Trust is one where organizations apply the principle of “never trust – always verify”. Since Zero Trust is not a single product or solution, implementing processes that work accordingly can be a challenge to IT teams that want to…
Webinar Recording
Secure DevOps: Key to Software Supply Chain Security
November 30, 2022
It is vital to guarantee application security at the earliest stages in the development lifecycle when source code is most vulnerable, according to Paul Fisher at KuppingerCole and Jasson Casey at Beyond Identity. Join these experts as they discuss the challenges and importance of secure…
Webinar Recording
Implementing Modern and Future-Proof PAM Solutions
October 14, 2022
Privilege Access Management (PAM) is changing, driven by the move of most businesses from on-prem IT applications and infrastructure to the cloud, resulting in a multi-could, multi-hybrid IT environment. This has resulted in a proliferation of privileged identities that need to be…