Fellow Analyst

Graham Williamson

Graham grew up in the UK, lived for 20 years in Canada and moved to Australia 30 years ago. His background is in information technology and he has worked in Hong Kong, Singapore, the United States, Saudi Arabia, as well as most states in Australia.

Roles & Responsibilities

Graham is a senior Analyst at KuppingerCole.

He is an Analyst in the areas Dynamic Authorisation Control, Secrets Management and Operational Technology Access Management.

Background & Education

Graham has consulted in the Identity Management sector for 25 yeard and has authored two books on Identity Management.

Graham holds a bachelor of Applied Science degree from the University of Toronto and an MBA degree from Bond University.

Areas of coverage

Professional experience

Graham has practical experience in the identity management and access control industry having completed assignments in the academic, government and large corporate industry sectors across three continents.

Latest publications

Leadership Compass
Policy Based Access Management
February 19, 2024
Efficient, effective management of access controls from infrastructure to applications remains an aspiration for enterprises. The main drivers of this goal include the need for strengthening the cybersecurity posture, efficiency gains in managing access controls, the need for consistency in…
Analyst Chat
Analyst Chat #173: Controlling the Accelerator for Secrets Management
May 22, 2023
Graham Williamson, Fellow Analyst with KuppingerCole, shares his insights and expertise with our host Matthias Reinwarth as they discuss the lessons learned from Graham's research on secrets management. They also explore the concept of "Machine Identity" and why it's important for…
Event Recording
FIDO for the Enterprise - Challenges & Rewards
May 11, 2023
Event Recording
FIDO2: The Train is Leaving the Station
May 11, 2023
The FIDO Alliance is working to change the nature of authentication with open standards that are more secure than passwords, simpler for consumers to use, and easier for service providers to deploy and manage. While initially focused on the consumer space FIDO2 holds advantages for the…
Event Recording
Policy Based Authorization Architecture Considerations
May 10, 2023
Policy Based Authorization is becoming the new normal when it comes to identity-centric access controls. However, there is no standard approach to PBAC deployment that fits all use cases. In this session we will look at PBAC requirements for common use cases such as microservices, cloud,…
Analyst Chat
Analyst Chat #171: Trends and Predictions for 2023 - FIDO2
May 01, 2023
Graham Williamson and Matthias explore the world of authentication strategies and the impact of FIDO2. They are discussing why shifting left in our authentication strategy is essential and how FIDO2 can help achieve this. They also delve into the impact that FIDO2 holds for enterprise…
Leadership Compass
Secrets Management
April 24, 2023
Secrets Management is a broad subject that covers any protected data or information that must not be divulged to others. In this document the term ‘secret’ refers to a software token, a key pair or a certificate that must be managed and, if divulged, only released to an authorized party.…
Analyst Chat
Analyst Chat #131: How to protect your OT and IoT from Cybersecurity Threats
July 04, 2022
Graham Williamson has teamed up with John Tolbert to research the current state of the Operational Technology (OT) and Industrial Control Systems (ICS) sectors. They documented the ability of the main industry players to support a coordinated approach to detecting, responding to, and…
Market Compass
Cybersecurity for Industrial Control Systems
June 23, 2022
Focus on Operation Technology (OT) is increasing for two reasons: firstly, governments worldwide have, or are threatening to, intervene in cases of compromise of OT infrastructure and secondly, many companies are now investing in IoT (Internet of Things) technology to support their business…
Analyst Chat
Analyst Chat #124: Market Compass "Policy-Based Access Management"
May 17, 2022
Shortly before EIC, Graham Williamson and Matthias sat together virtually and discussed the recent publication of the Market Compass on "Policy Based Access Management". In this episode Graham gives a great introduction in this evolved market segment and talks about hybrid and cloud-native…
Webinar Recording
The Machine Monitoring Mandate
April 27, 2022
Governments world-wide are increasingly worried about the social unrest that could result from a cybersecurity compromise of critical infrastructure. This has highlighted the fact that the underlying operational technology (OT) is often inadequately protected, and that this must change.…
CrashOverRide or the Need for Putting OT Security at the Center of Attention
April 25, 2022
One of the deplorable components of the Russian aggression toward Ukraine has been resumption of cyber-attacks on the electrical grid. This has highlighted the vulnerability of the electrical distribution network to this kind of attack. The Computer Emergency Response Team of Ukraine…
Market Compass
Policy Based Access Management
April 21, 2022
Access control is recognized as the most important component of an organization's cybersecurity protection. For too long access control has been based on static entitlements, but this is changing. Organizations are now increasingly demanding dynamic access control, with decisions made in…
Webinar Recording
Policy Based Access Control for Cloud-Native Applications
April 13, 2022
As companies shift to cloud-native applications, the complexity of a microservices framework can be daunting. When applications are built in a cloud-native stack, authorization is also infinitely more complex. Crucially, Open Policy Agent (OPA) decouples policy from code, enabling the…
Claroty – Visibility into Vulnerability
January 18, 2022
Organizations are facing a brave new world in which governments are taking a proactive role in constraining cybersecurity risks. Companies with operational infrastructure that is deemed ‘critical’ to social stability can expect legislation to ensure they are adequately protecting their OT…
Analyst Chat
Analyst Chat #104: Edge Computing
November 29, 2021
Senior Analyst Graham Williamson joins Matthias from down under to talk about edge computing. Starting from the definition and relevant use cases, they focus on where the edge brings value. They discuss what the key criteria for a successful deployment are and what needs to be looked at to…
Event Recording
Graham Williamson: Avoiding Plan B – Doing It Right the First Time
October 28, 2021
Governance over hybrid SAP Environments – the ANZ Story
October 21, 2021
Cloud adoption, and migration of on-premise applications to cloud services, is increasingly being undertaken by organisations wanting to leverage the business efficiencies that cloud infrastructure affords. For organisations with SAP environments there are impediments to a smooth journey.…
Webinar Recording
The Evolution of Access Control
January 27, 2021
The purpose of an identity management system is to support access control to an organization’s sensitive systems and protected resources. Contemporary access control has progressed from static entitlements, still used in many organisations. Not only manual interventions are necessary…
Webinar Recording
Policy-Based Access Control – Consistent Across the Enterprise
October 15, 2020
The evolution of cybersecurity protection demands a more nuanced response to providing access to a company’s sensitive resources. Policy-based access control (PBAC) combines identity attributes and context variables to enable sophisticated granting of access to corporate systems and…
Analyst Chat
Analyst Chat #48: Policy-based and Dynamic Authorization Management
October 05, 2020
Dynamic, risk-based, attribute- and context-related authorizations are becoming increasingly important for many enterprises. Graham Williamson and Matthias Reinwarth take a look at the market sector for dynamic authorization management and policy-based permissions in light of the recent…
Analyst Chat
Analyst Chat #30: Consent Management Done Right
July 13, 2020
Graham Williamson and Matthias Reinwarth talk about consent: what does it mean for identity professionals, service providers or lawyers and how to reconcile all those different views in modern IAM environments.
Analyst Chat
Analyst Chat #10: Making IAM Projects Succeed - The Importance of Project Management
May 04, 2020
Matthias Reinwarth and Graham Williamson are talking about managing IAM projects properly.
Analyst Chat
Analyst Chat #8: Making IAM Projects Succeed - Why You Need a Solution Architecture
April 27, 2020
Matthias Reinwarth and Graham Williamson are talking about designing an IAM project architecture.