Senior Analyst

Mike Small

Mike Small is a distinguished analyst at KuppingerCole. He is recognized as an authority on information security and data privacy in the use of cloud services. He has published extensive research into this area as well as provided consulting services. In his previous career he was the architect for a wide range of leading-edge system software and identity management solutions.

Roles & Responsibilities at KuppingerCole

Mike Small has been a Distinguished Analyst at KuppingerCole for more than 4 years. His current focus is security and risk management in the Cloud.

Background & Education

Mike is a member of the London Chapter of ISACA Security Advisory Group, a Chartered Engineer, a Chartered Information Technology Professional, a Fellow of the British Computer Society, and a Member of the Institution of Engineering and Technology. He has a first class honours degree in engineering from Brunel University.

Areas of coverage

Professional experience

Until 2009, Mike worked for CA (now CA Technologies Inc) where he developed the identity and access management strategy for distributed systems. This strategy led to the developments and acquisitions that contributed to CA‘s IAM product line.

Latest research

Advisory Note
Cyber Risks from China: How Contract Negotiations Can Mitigate IT Risks
September 04, 2023
China is an important economic partner for most enterprises, but doing business in and with China introduces its own set of risks. This report provides an overview of the major cyber related risks related to doing business with China and outlines the steps to manage and mitigate these risks.
Leadership Compass
Cloud Security Posture Management
July 27, 2023
This report provides an overview of the CSPM (Cloud Security Posture Management) market and a compass to help you find a solution that best meets your needs. It examines solutions that provide a way to continuously identify and control certain risks associated with the use of cloud…
Zoom Unified Communications Platform Security and Compliance
May 12, 2023
Zoom bietet eine Cloud-basierte Unified Communications-Plattform (UCaaS) für Videokommunikation. UCaaS besitzt viele Vorteile, einschließlich Flexibilität, Leistung und Preis. Organisationen sollten ihre UCaaS-Lösung auf Grundlage von Vertrauenswürdigkeit sowie Kosten- und Effizienzvorteilen…
Leadership Compass
Cloud Backup for Ransomware Protection
March 30, 2023
This report provides an overview of the Cloud Backup for Ransomware Protection market and a compass to help you find a solution that best meets your needs. It examines solutions that provide backup, restore, and disaster recovery of the data held in today’s hybrid IT services into the…
Zoom Unified Communications Platform Security and Compliance
February 16, 2023
Zoom offers a cloud-based unified communications platform (UCaaS) featuring video communications. UCaaS delivers many benefits including flexibility, performance, and price. Organizations should choose and use their UCaaS solution based on trustworthiness as well as the cost and efficiency…
Executive View
ShardSecure Microshard Technology
December 21, 2022
Organizations find themselves at the crossroads of data sovereignty and data privacy, resulting from cloud adoption. This has led to compliance with cross-border data protection laws and regulations becoming an important challenge. Data protection and data sovereignty laws and regulations…

Latest blog posts

UK Data Protection – What Is Changing
March 15, 2023
On March 8 th , 2023, the UK Government introduced a new Data Protection and Digital Information Bill (2) into parliament.  The government announcement of this bill claimed that “British Businesses to Save Billions Under New UK Version of GDPR”.   What does…
How Does Using Cloud Services Alter Risk
August 22, 2022
I am often asked “does using a cloud service alter risk?” I always reply to this question with “well it depends”. Every organization has its own set of circumstances, and the answer needs to take these into account. It is also important to think about how the…
Digital Transformation - Multi-Cloud and Multi-Complex
May 06, 2022
Organizations are going through a digital journey to exploit the digital systems to create new services, get closer to their customers and to improve efficiency. This process has been accelerated by the COVID pandemic where survival depended upon being able to change. This has led to a…
Prepare, Prevent and Protect
April 06, 2022
Is your Digital Supply Chain your weakest Link? In the 1950’s the Lyons restaurant chain in the UK built their own computer and wrote all the applications that they needed to manage and optimize their operations. This was called LEO – Lyons’ Electronic Office. …
When will Ransomware Strike? Should you Hope for the Best or Plan for the Worst
March 31, 2022
Why Backup and Disaster Recover is ever more important In May 2021, the Irish health Service (HSE) was hit by a ransomware attack. According to the BBC this caused substantial cancellations to outpatient services and staff having to resort to paper-based systems. The service was still…
Log4j – How Well Did You Perform?
December 21, 2021
Over the past few weeks since this vulnerability was made public much has been written by many on what your organization should do about it.  This is not the end of the story; Apache has already released 3 patches for related vulnerabilities, and you need to be ready for the next one…

Latest videos

Webinar Recording
Bringing Data Back Under Control
March 15, 2023
Join experts from KuppingerCole Analysts and data security firm ShardSecure as they discuss data confidentiality in the context of modern infrastructures, quantum computing, and data protection regulations. They will also discuss data resilience, why it is important, and how best to achieve…
Webinar Recording
Why Data Resilience Is Key to Digital Transformation
October 21, 2022
As companies pursue digital transformation to remain competitive, they become more dependent on IT services. This increases the potential business impact of mistakes, natural disasters, and cyber incidents. Business continuity planning, therefore, is a key element of digital transformation,…
Analyst Chat
Analyst Chat #145: How Does Using Cloud Services Alter Risk?
October 17, 2022
The question whether using a cloud service alters risk is not simple to answer. Mike Small sits down with Matthias and explains, that every organization has its own set of circumstances, and the answer needs to take these into account. He explains the important factors to look at, and what…
Analyst Chat
Analyst Chat #142: Cyber Resilience: What It Is, How to Get There and Where to Start - CSLS Special
September 26, 2022
A key issue for many companies beyond technical cybersecurity is cyber resilience. This refers to the ability to protect data and systems in organizations from cyber attacks and to quickly resume business operations in the event of a successful attack. Martin Kuppinger, Mike Small, and John…
Webinar Recording
Managing Cyber Risk in a Hybrid Multi-Cloud IT Environment
September 14, 2022
Today’s IT environments blend applications and services from multiple public cloud networks, private clouds and on-prem networks, making it difficult to view and inventory assets deployed across complex hybrid networks, and keep track of the security risks. Organizations need to find…
Webinar Recording
The Changing Scope of the NIS 2 EU Directive
June 15, 2022
The NIS Directive aimed at achieving a common standard of network and information security across all EU Member States, with a focus on operators of essential services, is scheduled for an update. Suppliers of utilities, healthcare, transport, communications, and other services need to know…