Fellow Analyst

Graham Williamson

Graham grew up in the UK, lived for 20 years in Canada and moved to Australia 30 years ago. His background is in information technology and he has worked in Hong Kong, Singapore, the United States, Saudi Arabia, as well as most states in Australia.

Roles & Responsibilities

Graham is a senior Analyst at KuppingerCole.

He is an Analyst in the areas Dynamic Authorisation Control, Secrets Management and Operational Technology Access Management.

Background & Education

Graham has consulted in the Identity Management sector for 25 yeard and has authored two books on Identity Management.

Graham holds a bachelor of Applied Science degree from the University of Toronto and an MBA degree from Bond University.

Areas of coverage

Professional experience

Graham has practical experience in the identity management and access control industry having completed assignments in the academic, government and large corporate industry sectors across three continents.

Latest research

Market Compass
Cybersecurity for Industrial Control Systems
June 23, 2022
Focus on Operation Technology (OT) is increasing for two reasons: firstly, governments worldwide have, or are threatening to, intervene in cases of compromise of OT infrastructure and secondly, many companies are now investing in IoT (Internet of Things) technology to support their business…
Market Compass
Policy Based Access Management
April 21, 2022
Access control is recognized as the most important component of an organization's cybersecurity protection. For too long access control has been based on static entitlements, but this is changing. Organizations are now increasingly demanding dynamic access control, with decisions made in…
Claroty – Visibility into Vulnerability
January 18, 2022
Organizations are facing a brave new world in which governments are taking a proactive role in constraining cybersecurity risks. Companies with operational infrastructure that is deemed ‘critical’ to social stability can expect legislation to ensure they are adequately protecting their OT…
Governance over hybrid SAP Environments – the ANZ Story
October 21, 2021
Cloud adoption, and migration of on-premise applications to cloud services, is increasingly being undertaken by organisations wanting to leverage the business efficiencies that cloud infrastructure affords. For organisations with SAP environments there are impediments to a smooth journey.…
Executive View
IdentityIQ – SailPoint
August 31, 2020
IdentityIQ continues to provide organizations with a comprehensive solution to their identity management requirements. With the recent advances in predictive identity management, the tool reduces manual intervention and improves accuracy of user entitlements. The latest release adds cloud…
Leadership Brief
Join the dots: Operational Technology and Informational Technology
January 12, 2016
One area of information technology that is typically ignored by IT departments and consultants is industrial control systems. This is unfortunate because these “operational technology” systems have much to benefit from interconnection with IT networks.

Latest blog posts

CrashOverRide or the Need for Putting OT Security at the Center of Attention
April 25, 2022
One of the deplorable components of the Russian aggression toward Ukraine has been resumption of cyber-attacks on the electrical grid. This has highlighted the vulnerability of the electrical distribution network to this kind of attack. The Computer Emergency Response Team of Ukraine…
KuppingerCole Analyst Chat: Making IAM Projects Succeed - The Importance of Project Management
May 04, 2020
Matthias Reinwarth and Graham Williamson are talking about managing IAM projects properly.
KuppingerCole Analyst Chat: Making IAM Projects Succeed - Why You Need a Solution Architecture
April 27, 2020
Matthias Reinwarth and Graham Williamson are talking about designing an IAM project architecture.
Cybersecurity is in Crisis
October 05, 2016
Intel Security recently released an in-depth survey of the cybersecurity industry, looking at causal agents of the low availability of people with training and professional accreditation in computer security. The global report titled “Hacking the Skills Shortage” concludes:…
Comment: Know and Serve Your Customer
September 06, 2016
‘Know your customer’ started as an anti-money laundering (AML) initiative in the financial industry. Regulators insisted that banks establish a customer ‘due-diligence’ processes to ensure that all bank accounts could be traced back to the entities that owned them.…
Stack creep - from the network layer to the application layer
January 12, 2016
Last year saw an unprecedented interest in protection of corporate data. With several high-profile losses of intellectual property organisations have started looking for a better way. For the past 30 years the bastion against data loss has been network devices. We have relied on routers,…

Latest videos

Analyst Chat
Analyst Chat #131: How to protect your OT and IoT from Cybersecurity Threats
July 04, 2022
Graham Williamson has teamed up with John Tolbert to research the current state of the Operational Technology (OT) and Industrial Control Systems (ICS) sectors. They documented the ability of the main industry players to support a coordinated approach to detecting, responding to, and…
Analyst Chat
Analyst Chat #124: Market Compass "Policy-Based Access Management"
May 17, 2022
Shortly before EIC, Graham Williamson and Matthias sat together virtually and discussed the recent publication of the Market Compass on "Policy Based Access Management". In this episode Graham gives a great introduction in this evolved market segment and talks about hybrid and cloud-native…
Webinar Recording
The Machine Monitoring Mandate
April 27, 2022
Governments world-wide are increasingly worried about the social unrest that could result from a cybersecurity compromise of critical infrastructure. This has highlighted the fact that the underlying operational technology (OT) is often inadequately protected, and that this must change.…
Webinar Recording
Policy Based Access Control for Cloud-Native Applications
April 13, 2022
As companies shift to cloud-native applications, the complexity of a microservices framework can be daunting. When applications are built in a cloud-native stack, authorization is also infinitely more complex. Crucially, Open Policy Agent (OPA) decouples policy from code, enabling the…
Analyst Chat
Analyst Chat #104: Edge Computing
November 29, 2021
Senior Analyst Graham Williamson joins Matthias from down under to talk about edge computing. Starting from the definition and relevant use cases, they focus on where the edge brings value. They discuss what the key criteria for a successful deployment are and what needs to be looked at to…
Event Recording
Graham Williamson: Avoiding Plan B – Doing It Right the First Time
October 28, 2021