Senior Analyst

Mike Small

Mike Small is a distinguished analyst at KuppingerCole. He is recognized as an authority on information security and data privacy in the use of cloud services. He has published extensive research into this area as well as provided consulting services. In his previous career he was the architect for a wide range of leading-edge system software and identity management solutions.

Roles & Responsibilities at KuppingerCole

Mike Small has been a Distinguished Analyst at KuppingerCole for more than 10 years. His current focus is security and risk management in the Cloud.

Background & Education

Mike is a member of the London Chapter of ISACA Security Advisory Group, a Chartered Engineer, a Chartered Information Technology Professional, a Fellow of the British Computer Society, and a Member of the Institution of Engineering and Technology. He has a first class honours degree in engineering from Brunel University.

Areas of coverage

Professional experience

Until 2009, Mike worked for CA (now CA Technologies Inc) where he developed the identity and access management strategy for distributed systems. This strategy led to the developments and acquisitions that contributed to CA‘s IAM product line.

Latest publications

Leadership Compass
Cloud-Native Application Protection Platforms (CNAPP)
January 31, 2024
This report provides an overview of the Cloud-Native Application Protection Platforms (CNAPP) market and a compass to help you find a solution that best meets your needs. It examines solutions that provide an integrated set of security and compliance capabilities designed to protect…
Blog
Threat Detection and Incident Response
January 15, 2024
Proactive Cyber Security needs TDIR Organizations and society in general have become more and more dependent on IT delivered services.  This has increased the potential impact of risks from cyber-attacks.  Cybersecurity needs to meet this challenge by moving beyond the…
Blog
Cyber Security Evolve or Die
December 14, 2023
Why you should Regularly Review your Cyber Security Cyber security is never done – you need to constantly work to improve your organization’s cyber security readiness.  Cyber adversaries never sleep and the geopolitical tensions across the world are raising the…
Advisory Note
Maturity Level Matrix for Cyber Security
December 12, 2023
KuppingerCole Maturity Level Matrices cover the major market segments within cyber security. This matrix aligns with the processes essential to good cyber hygiene as well as the NIST cybersecurity framework. It provides the foundation for rating the current state of your cyber security…
Blog
AWS Announces EU Sovereign Cloud
October 26, 2023
On October 25th, 2023, AWS announced their intention to launch AWS European Sovereign Cloud. This is an important announcement which reflects the impact of EU GDPR regulation and the EU recent Schrems II judgement . What was Announced AWS European Sovereign Cloud will be a new,…
Webinar Recording
Cloud Security Early Warning Systems: From CSPM to CNAPP
October 20, 2023
Cloud computing delivers the benefits of accelerated development without the hardware costs. But the dynamic nature of cloud services and the proprietary security features offered by different cloud service providers make it challenging for customers to manage the risks and to be sure they…
Blog
Cloud Security Alphabet Soup
October 10, 2023
Organizations are exploiting cloud services to accelerate business changes without the need for capital expenditure or lengthy procurement delays to obtain hardware. However, the dynamic nature of cloud services creates new security challenges that need a dynamic approach to governance…
Analyst Chat
Analyst Chat #192: Exploring Cloud Security Posture Management (CSPM)
October 02, 2023
Join Matthias Reinwarth and Senior Analyst Mike Small in a quick chat on the evolution of Cloud Security Posture Management (CSPM). They discuss its proactive approach, the challenges in implementation, and the role of overarching platforms like Cloud Native Application Protection Platforms…
Advisory Note
Cyber Risks from China: How Contract Negotiations Can Mitigate IT Risks
September 04, 2023
China is an important economic partner for most enterprises, but doing business in and with China introduces its own set of risks. This report provides an overview of the major cyber related risks related to doing business with China and outlines the steps to manage and mitigate these risks.
Leadership Compass
Cloud Security Posture Management
July 27, 2023
This report provides an overview of the CSPM (Cloud Security Posture Management) market and a compass to help you find a solution that best meets your needs. It examines solutions that provide a way to continuously identify and control certain risks associated with the use of cloud…
Whitepaper
Zoom Unified Communications Platform Security and Compliance
May 12, 2023
Zoom bietet eine Cloud-basierte Unified Communications-Plattform (UCaaS) für Videokommunikation. UCaaS besitzt viele Vorteile, einschließlich Flexibilität, Leistung und Preis. Organisationen sollten ihre UCaaS-Lösung auf Grundlage von Vertrauenswürdigkeit sowie Kosten- und Effizienzvorteilen…
Leadership Compass
Cloud Backup for Ransomware Protection
March 30, 2023
This report provides an overview of the Cloud Backup for Ransomware Protection market and a compass to help you find a solution that best meets your needs. It examines solutions that provide backup, restore, and disaster recovery of the data held in today’s hybrid IT services into the…
Blog
UK Data Protection – What Is Changing
March 15, 2023
On March 8 th , 2023, the UK Government introduced a new Data Protection and Digital Information Bill (2) into parliament.  The government announcement of this bill claimed that “British Businesses to Save Billions Under New UK Version of GDPR”.   What does…
Webinar Recording
Bringing Data Back Under Control
March 15, 2023
Join experts from KuppingerCole Analysts and data security firm ShardSecure as they discuss data confidentiality in the context of modern infrastructures, quantum computing, and data protection regulations. They will also discuss data resilience, why it is important, and how best to achieve…
Whitepaper
Zoom Unified Communications Platform Security and Compliance
February 16, 2023
Zoom offers a cloud-based unified communications platform (UCaaS) featuring video communications. UCaaS delivers many benefits including flexibility, performance, and price. Organizations should choose and use their UCaaS solution based on trustworthiness as well as the cost and efficiency…
Executive View
ShardSecure Microshard Technology
December 21, 2022
Organizations find themselves at the crossroads of data sovereignty and data privacy, resulting from cloud adoption. This has led to compliance with cross-border data protection laws and regulations becoming an important challenge. Data protection and data sovereignty laws and regulations…
Executive View
AWS Elastic Disaster Recovery
November 09, 2022
Data resilience and disaster recovery solutions are an essential element of business continuity plans and, as organizations go through digital transformation and become more dependent upon their IT services, the need for data resilience has grown. These solutions must not only support…
Webinar Recording
Why Data Resilience Is Key to Digital Transformation
October 21, 2022
As companies pursue digital transformation to remain competitive, they become more dependent on IT services. This increases the potential business impact of mistakes, natural disasters, and cyber incidents. Business continuity planning, therefore, is a key element of digital transformation,…
Analyst Chat
Analyst Chat #145: How Does Using Cloud Services Alter Risk?
October 17, 2022
The question whether using a cloud service alters risk is not simple to answer. Mike Small sits down with Matthias and explains, that every organization has its own set of circumstances, and the answer needs to take these into account. He explains the important factors to look at, and what…
Analyst Chat
Analyst Chat #142: Cyber Resilience: What It Is, How to Get There and Where to Start - CSLS Special
September 26, 2022
A key issue for many companies beyond technical cybersecurity is cyber resilience. This refers to the ability to protect data and systems in organizations from cyber attacks and to quickly resume business operations in the event of a successful attack. Martin Kuppinger, Mike Small, and John…
Webinar Recording
Managing Cyber Risk in a Hybrid Multi-Cloud IT Environment
September 14, 2022
Today’s IT environments blend applications and services from multiple public cloud networks, private clouds and on-prem networks, making it difficult to view and inventory assets deployed across complex hybrid networks, and keep track of the security risks. Organizations need to find…
Blog
How Does Using Cloud Services Alter Risk
August 22, 2022
I am often asked “does using a cloud service alter risk?” I always reply to this question with “well it depends”. Every organization has its own set of circumstances, and the answer needs to take these into account. It is also important to think about how the…
Leadership Brief
EU NIS2 Directive
July 28, 2022
Every organization needs to take steps to ensure their cyber resilience and this updated directive provides a useful framework for this. This report provides a summary of the technical obligations that NIS2 places on organizations together with recommended actions. This directive places…
Executive View
Arcserve Unified Data Resilience
July 19, 2022
Data resilience solutions are an essential element of business continuity plans and, as organizations go through digital transformation and become more dependent upon their IT services, the need for data resilience has grown. These solutions must not only support today’s hybrid multi-cloud…