Fellow Analyst

Graham Williamson

Graham grew up in the UK, lived for 20 years in Canada and moved to Australia 30 years ago. His background is in information technology and he has worked in Hong Kong, Singapore, the United States, Saudi Arabia, as well as most states in Australia.

Roles & Responsibilities

Graham is a senior Analyst at KuppingerCole.

He is an Analyst in the areas Dynamic Authorisation Control, Secrets Management and Operational Technology Access Management.

Background & Education

Graham has consulted in the Identity Management sector for 25 yeard and has authored two books on Identity Management.

Graham holds a bachelor of Applied Science degree from the University of Toronto and an MBA degree from Bond University.

Areas of coverage

Professional experience

Graham has practical experience in the identity management and access control industry having completed assignments in the academic, government and large corporate industry sectors across three continents.

Latest research

Leadership Compass
Secrets Management
April 24, 2023
Secrets Management is a broad subject that covers any protected data or information that must not be divulged to others. In this document the term ‘secret’ refers to a software token, a key pair or a certificate that must be managed and, if divulged, only released to an authorized party.…
Market Compass
Cybersecurity for Industrial Control Systems
June 23, 2022
Focus on Operation Technology (OT) is increasing for two reasons: firstly, governments worldwide have, or are threatening to, intervene in cases of compromise of OT infrastructure and secondly, many companies are now investing in IoT (Internet of Things) technology to support their business…
Market Compass
Policy Based Access Management
April 21, 2022
Access control is recognized as the most important component of an organization's cybersecurity protection. For too long access control has been based on static entitlements, but this is changing. Organizations are now increasingly demanding dynamic access control, with decisions made in…
Claroty – Visibility into Vulnerability
January 18, 2022
Organizations are facing a brave new world in which governments are taking a proactive role in constraining cybersecurity risks. Companies with operational infrastructure that is deemed ‘critical’ to social stability can expect legislation to ensure they are adequately protecting their OT…
Governance over hybrid SAP Environments – the ANZ Story
October 21, 2021
Cloud adoption, and migration of on-premise applications to cloud services, is increasingly being undertaken by organisations wanting to leverage the business efficiencies that cloud infrastructure affords. For organisations with SAP environments there are impediments to a smooth journey.…

Latest blog posts

CrashOverRide or the Need for Putting OT Security at the Center of Attention
April 25, 2022
One of the deplorable components of the Russian aggression toward Ukraine has been resumption of cyber-attacks on the electrical grid. This has highlighted the vulnerability of the electrical distribution network to this kind of attack. The Computer Emergency Response Team of Ukraine…
KuppingerCole Analyst Chat: Making IAM Projects Succeed - The Importance of Project Management
May 04, 2020
Matthias Reinwarth and Graham Williamson are talking about managing IAM projects properly.
KuppingerCole Analyst Chat: Making IAM Projects Succeed - Why You Need a Solution Architecture
April 27, 2020
Matthias Reinwarth and Graham Williamson are talking about designing an IAM project architecture.
Cybersecurity is in Crisis
October 05, 2016
Intel Security recently released an in-depth survey of the cybersecurity industry, looking at causal agents of the low availability of people with training and professional accreditation in computer security. The global report titled “Hacking the Skills Shortage” concludes:…
Comment: Know and Serve Your Customer
September 06, 2016
‘Know your customer’ started as an anti-money laundering (AML) initiative in the financial industry. Regulators insisted that banks establish a customer ‘due-diligence’ processes to ensure that all bank accounts could be traced back to the entities that owned them.…
Stack creep - from the network layer to the application layer
January 12, 2016
Last year saw an unprecedented interest in protection of corporate data. With several high-profile losses of intellectual property organisations have started looking for a better way. For the past 30 years the bastion against data loss has been network devices. We have relied on routers,…

Latest videos

Analyst Chat
Analyst Chat #173: Controlling the Accelerator for Secrets Management
May 22, 2023
Graham Williamson, Fellow Analyst with KuppingerCole, shares his insights and expertise with our host Matthias Reinwarth as they discuss the lessons learned from Graham's research on secrets management. They also explore the concept of "Machine Identity" and why it's important for…
Analyst Chat
Analyst Chat #171: Trends and Predictions for 2023 - FIDO2
May 01, 2023
Graham Williamson and Matthias explore the world of authentication strategies and the impact of FIDO2. They are discussing why shifting left in our authentication strategy is essential and how FIDO2 can help achieve this. They also delve into the impact that FIDO2 holds for enterprise…
Analyst Chat
Analyst Chat #131: How to protect your OT and IoT from Cybersecurity Threats
July 04, 2022
Graham Williamson has teamed up with John Tolbert to research the current state of the Operational Technology (OT) and Industrial Control Systems (ICS) sectors. They documented the ability of the main industry players to support a coordinated approach to detecting, responding to, and…
Analyst Chat
Analyst Chat #124: Market Compass "Policy-Based Access Management"
May 17, 2022
Shortly before EIC, Graham Williamson and Matthias sat together virtually and discussed the recent publication of the Market Compass on "Policy Based Access Management". In this episode Graham gives a great introduction in this evolved market segment and talks about hybrid and cloud-native…
Webinar Recording
The Machine Monitoring Mandate
April 27, 2022
Governments world-wide are increasingly worried about the social unrest that could result from a cybersecurity compromise of critical infrastructure. This has highlighted the fact that the underlying operational technology (OT) is often inadequately protected, and that this must change.…
Webinar Recording
Policy Based Access Control for Cloud-Native Applications
April 13, 2022
As companies shift to cloud-native applications, the complexity of a microservices framework can be daunting. When applications are built in a cloud-native stack, authorization is also infinitely more complex. Crucially, Open Policy Agent (OPA) decouples policy from code, enabling the…